hxxps://www[.]lueftungstechnik-raab[.]de/wp-includes/inc/red_Country/

Analysis

max time kernel
132s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-de
resource tags

arch:x64arch:x86image:win10v2004-20230220-delocale:de-deos:windows10-2004-x64systemwindows
submitted
20/04/2023, 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.lueftungstechnik-raab.de/wp-includes/inc/red_Country/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D305DE31-7D91-4130-870A-7D2102E10C5F}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{75F097B1-D6B0-43D8-88F4-17A5FECEFE47}.catalogItem	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	svchost.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "102"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca13020000000002000000000010660000000100002000000051b608b0084981f00deb86668d7194a723c6a76f9ca67111d4d45bedcbc642a4000000000e80000000020000200000009188f89d016e240660cc76aa215e02d07e921d9ecd5537995aaf2a4352a6556f20000000bca77d2295738795711e33412395951aa4cf0fb7e7f3cd2b10380103161d3707400000006e976148f166d27d9976e2bc94497b2bb42b73511c7f6e3e0fec8566d80c671bab9308dd4ad7df447dc2f730dba3d9ce541b41c82f779047cc7386f684ceec7f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "140"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "939"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31028137"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0d1c0d9a973d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "978"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3536580143"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FDBD9BCE-DF9C-11ED-BDA2-5EB8161D5FD4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "140"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "896"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "978"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "1036"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "102"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1036"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3536580143"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca130200000000020000000000106600000001000020000000bbe74506ff82914b1863986ba7e1d66f9cc4c8d5df1fafa288bc065d060660d9000000000e8000000002000020000000af70656f849ac0c20a701eab90e6d07718e4173236fb71e07c23e6c654b9ae2f2000000016ac2c8e47247248f4949ea51a9f2580c048fd985f8e4caff064b29c732147984000000072933e8b7128ad0e6ffce7689c35297e63e267fdd8578cdd99471d6a9075cebff5024bdc4d5332c91ad73c44336b574a278348e1311d14adb6cd10f2bbb7b129	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\de-DE = "de-DE.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "27"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31028137"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e4d3d9a973d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "1023"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31028137"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3588762934"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "46"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "102"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "896"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "27"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "27"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "140"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "896"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\ = "939"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2m.ma\Total = "939"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1023"	IEXPLORE.EXE

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{61D44899-DB04-4417-84AA-81C634B529CA}	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{388504BA-617F-4E4E-9BF0-9400D1103E5A}	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2964	iexplore.exe
2964	iexplore.exe
3572	IEXPLORE.EXE
3572	IEXPLORE.EXE
3572	IEXPLORE.EXE
3572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3572	2964	iexplore.exe	76
PID 2964 wrote to memory of 3572	2964	iexplore.exe	76
PID 2964 wrote to memory of 3572	2964	iexplore.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.lueftungstechnik-raab.de/wp-includes/inc/red_Country/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3572

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
PID:1152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
028759950e8f2f6ef3ba47147b8696ff

SHA1
97b3679baa9920956cd9524443b0a43bef272fa7

SHA256
82be22866682529ba437516a9bcc4c401c116dd8b9b7eea406a892775c95120f

SHA512
40942c1cd4814ba541285c46e7bdf74dbf1e2e8558bd08d741ddd373da165307b6926705a5a1cc497c37771b526e31362700e278d7eb9a350852c1a0561d9de5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
b3190077c7c84e2cfa647d44e0d7babb

SHA1
da898c8fe5d577196138df0b9857402ff931902a

SHA256
ca611b5f7c0759d63dc8f7d2ad6040bbca506e6d3249d4deb6432a5c8fcb855b

SHA512
f64b904af24f47cfd7967fcbe65adeb4379ae137e8cee5833134edf80729977f417f71b70174da3ac0ee26d34567c072e9f988a687b7d1e3331341cd4911df24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
01a03314269a9961e628b01a9bdb1dde

SHA1
25bd9faf99996ebc6ea88af6fd3b1fce0639e8c5

SHA256
19f066f25eb1b055b1e1f914d8c7b102ca6c3531b48d757bb9d10fe6b13587da

SHA512
2aa469f08411d72e1b1068068e548547f9d905e7afae5f45b80b4382c9edd0a09fdcf9973446d6334f7a90cc5707e7552292e8791da4b86f8e25833a365c28d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
fee8b7e70dc04a2de793a132d57de531

SHA1
486569638689cd8787ffcdd058cc40f8689ba2ec

SHA256
340c8bf1b36a94c24985dc375008cb1f7a2f0d65c4ab6e85066a43af75edebe0

SHA512
a253e214fffffc7c3a472a1e7dc68bc7079b0810071dbad458fc171ee95d5be37856b3731c3e5bdc6e006c040c7a981b11459dacb51a9bb554846b1174aff16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19DEN57H\2m[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19DEN57H\2m[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7s3h6i\imagestore.dat

Filesize
15KB

MD5
0c6168a044836f6b64b945228b41461a

SHA1
dbaa91818ef4ac6499de699b56eb1d635c5fbc98

SHA256
fa72af87f18bbf7b671d28e4a381d4b11c36d82ce38b97a182ab8796189a3e38

SHA512
bd41acf227822ad4b452d48908cc8a138b15cfc6ea60aa1c99344af652fd323093af904f5dada5954234425387df1b4cc4399a276fdedc4df784dc46a9eecf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\206ac7c[1].js

Filesize
3KB

MD5
797e7795b117715e5e15ccbb2c3ef5f1

SHA1
20d8e69b5a0b787d6dfad9fd7a72660c14143f85

SHA256
4db58580293a38f54932e5170e1c9fd0d69a2239a3e75d4c196685b18db4750d

SHA512
4d170a145b3827b3977d253b90701ca8d1d6d2b734626f7c5cb77f9c3a2590436df30551a80a4e39264e5f26e4dcde0c71e718415a134fcb7f7ddb2d33d7280d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\analytics[1].js

Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\clarity[1].js

Filesize
55KB

MD5
5705f8e24923c332c4da15007746b69e

SHA1
f0bbfc3a328663e77cf279550b0a81476146f25a

SHA256
e63cf738c3a577e286765aaa9de59ed4300f6bf8b5d34773d131afd3da456b9c

SHA512
fb7a979d1506b49d21e8afbe751eb3314debe0c141f2811ffc1cdb8314c8933e9deded9d3256c59f9f735c3594b3a5e784dfa5c581379ddf417ea1610deb10c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\css2[1].css

Filesize
993B

MD5
eb3f491435478b562e0467e678c13a51

SHA1
76294b7275388b30ffe36d3f9b68c63fa2aa7266

SHA256
194635e7388bf8032040628258fb364ac2f5dde3224889df2ad5c805e5772d02

SHA512
89ba52f93010d6912eb2519cb3b169b76f9c057f2867c9f7cab46afe4283b74f8e79abbff00f4c7d65dedebf659f40c096d742e9e9134a3bc607d1ff86958dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\gtag[1].js

Filesize
175B

MD5
63213436e12ec5b3d87fc2a7b4a5b143

SHA1
18fe7ab36265ece90c1fdee4f1553170e882a5c1

SHA256
99a4f2a0204fba9482eff0593850b915f6dd2244eb824477be07e4ae085eb1b9

SHA512
c58fdf27a243accac6244cf7b915adba185ef8c13df03a987ae966a6719a1bfc3ecc38a05bf364c917b84a4d8e9175953daad07acc79bded3a7df70e0c5c7421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\js[2].js

Filesize
218KB

MD5
f05a5d479847e9443c2b15b95799a2e7

SHA1
e84e3d2ca59bd1458c106cde24ef7594b4c98807

SHA256
b8eed8c520f4fc11114695004ecc5581777d2d52254a2c0ff67e59922615ae0c

SHA512
d7e081bf14f7eff6363010b1a88b9f82b460878b868b7778c28d1f6175dec3439593faaa9ffe0990dbb11d61c655f03cf9e36cc21f0f09cca0a6c0f962f7911e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\suggestions[1].de-DE

Filesize
18KB

MD5
cc5361b5fdccfc6830217e2eb9972dd8

SHA1
e4a1206d9190eccea3e6a116c954d11da0aeba66

SHA256
afd57b0b6d8166e25bbef7cbc97522677c11c9a930fd4d4a204d1b7ae6258492

SHA512
ef63961bd7f0d3357d352a8f9c8ea57d0271e0fb664b1be179c38cd2d559bbaa4864f64f3521f26f868cc074f97994e2658c6d652021a39dc5207d45411691bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\v52afc6f149f6479b8c77fa569edb01181681764108816[1].js

Filesize
19KB

MD5
d294b48fb7400508953205265f95d2e1

SHA1
fd545d38241c9c56e81f61e45cd239976ecd0b46

SHA256
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

SHA512
8c6093a43a410180c6358479ced2ade0140f19e7f53f482237a6465548bcdf990517cf053a69a7f2305058d82b35df20fd8bb8db535d81687042868e3c57e50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\widgets[1].js

Filesize
91KB

MD5
9e99725b7a4cd730a934afba2a438bb5

SHA1
cca18cd298b243e672b37ba6e6927bec865dd742

SHA256
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

SHA512
8193a927751b6059391767d1bfdf9f790ab722cfa461bd3803ebdda95f62b4b6a849b03598abc6982dcc1b92c05d35b2378fdad26d90eebed9d771d2c94c80cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\widgets[2].js

Filesize
96KB

MD5
e92bd51c447ba1dbd509a1e23d3a8521

SHA1
f1a142e90f2aac1866a3401905078dbdf9a04824

SHA256
aec1273daa6df2443053427acbd188f229d60ed9d83ef9bccba3f8a8f21fc3dc

SHA512
6d810b40bedf007219f48d68204436dd9ac9109d6fdc7dabd97eb47e869fa77e1015ede761f4bd5460edc3148d6ed2a4fc8184ecc056db2f311d35c00287980f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\OneSignalSDK[1].js

Filesize
8KB

MD5
06f50014011c1fcd9e21b6b0481979de

SHA1
3abc04cc0a3ee2e844f2b8bb6e50baa451882aa0

SHA256
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970

SHA512
041f7e1b349df2394165063daec6d2ef0c573851d112bf52d8094d44627bb34646be0284fb2ec26523328cb10a8a5e717eebf72248b325f3b0df12defec52b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\ads[1].js

Filesize
3KB

MD5
a207fdaffd5a5aa4bcebcbd5840799da

SHA1
23c4c352864d1d978fa43a529650f42f15e97824

SHA256
754fd98d3054bdb1ab20e0c5056e125b2ddc0f14992c2e8fbb12b5a0cd212d03

SHA512
5ed39b423346c9bb3030db2598024850ef477d658a862af18093b7b2676ed34df9be206ef2de372f7393f749a7d038501609717a38fe8a828465fbe54296ae24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\ampAnalytic[1].js

Filesize
213B

MD5
9b75fd954e7822a02d4048b9dcb4bd17

SHA1
2e7e9ac02d178d69263215e0f83f254467d31fb5

SHA256
ffdfc591d8628204b0fdbf242ea0a460fb9de5d7201b700e2d5a026759dbd63d

SHA512
627eb49ceee097a39fb43ea607e46720e9513dcd7b478966674211c13083cdba5b33c4a95fcfb05520cd09d930d1af6c23b9c1a600f5613bada81f8d8d34a514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\atrk[1].js

Filesize
4KB

MD5
d89453438fbf10dcf4c13265c40d5160

SHA1
02d5f4e46c94bf34e12b2d773f63f643ea2b3518

SHA256
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

SHA512
3a341cb2331761e58a49df4d8c4f0db333dfa3f4bb263c738cd8411d94f1315ed5cc81796d76e8de1a639aa80a47294f544baca3a979c5880fec9cc5ee1d138d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\clarity[1].js

Filesize
335B

MD5
e0c89cd22d87460f7aa135f515356fbd

SHA1
e27c8650fb7165147f0462676fa5bb0e843e4882

SHA256
7fa38979b260b8046863afde7f5ed8c57cb43513b46129c1c33464d34ea6085b

SHA512
490b074909e2143957d6341c3f7643aff878b59f755aa26b99a3fe94e3f49bee82524b0019bef3c7bcee21a6f355cc7896a8f639ef7b93dff5dcac2178016fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\favicon[1].ico

Filesize
15KB

MD5
89d23044279b3c9d3d394d0d2c7f8e9f

SHA1
13aa0fdbeed2666097c18022e8494f30f33b2dc2

SHA256
d959add8d802a7a7143fa8147ab7fe68c8a89d80f9d4de6b915ee23e69549719

SHA512
002a0baaa2352c6f6e18c20f578e0b64ff52141192525db006d86ab4078f2ef1c91e7ef5fe7f3c13270551a6122e80f716785f81e60fbd19da49b5ca76f687a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\js[1].js

Filesize
218KB

MD5
80f1348bf600eb8a56db40a57fe90b43

SHA1
a01720064150eee9564ae516e3b7f99a5ab11e5a

SHA256
ac2e1e4b3537a847b4cf55600584979a5f4cea0b0b9b7827dcd022aa944b09fe

SHA512
2565e55c977fb681b82a0468a227817325d5c89a83c466a030637a8c7effbf37393d501d47f795755176fea76c221a859d4d6d06ec8382d6d186706c3c62894f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\smartadsettings[1].js

Filesize
304B

MD5
3380e1e0001583bcd549db33abfe753c

SHA1
f7d67fcbbe65b2861239a282c985e6ee1d5845d3

SHA256
35a84f47e05bda3d13c3f610bd344e26e11980512761e296e4c97383023a2204

SHA512
1e5f30ec566becfd18a99581076b4b5bd9bb7d3ab1289b3d684bfe3e14c059fa5be2d416a8b816ff65dff5cde7d2a9dae5f51fd03a3e7baa642c6177f68d6a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\vSC4oVFecTkvtww2xzzNkkv_C9Q[1].js

Filesize
5KB

MD5
8ee4627726cf6e6ce50e855f2cd0a7e6

SHA1
c43fd7ac0d37981cda5dceab40c18a0d89fac3d3

SHA256
569f0615d7b0e6cb50dcf3ea74ce5eaddd77fa8de79d5953db9738b36806f4df

SHA512
61f956050da06d38ef7b9ed88cf27499592902fdd64a5cdabebcebb0ad1e0765aeb8c8e5bca6a668c79c6db3db37b1fec3bbe69d2e87f05858fc549b5c95be2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\132faaa[2].js

Filesize
73KB

MD5
42125f88ca557b7b6dbd8961691d5576

SHA1
7ad43ee28f9b97f2973f4795d14874644ad86918

SHA256
79979a250f234b8b50eea67fc17443658a907f70b5579280e38bbb32c5370405

SHA512
511b0ef769b31449e2e36d558985b315d15ceb5b8a273f588799736ca732998310cc1fa113bed9bd853eb7f7dee332bf3b8ad83d8dc15377ff876822e694513a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\1edf515[2].js

Filesize
100KB

MD5
7149830345fbe95eecd8ce2e6521427e

SHA1
70871cae721645f7d185c89552e3e1e47348f949

SHA256
22cba971c434a4b0609536f7df5d8b2b0673ca17f7a42efdffcdc7f2ca483f6e

SHA512
8ca723b0da16f04dd077225367d243233ceca1f676815fa907deea5a688e94256aadb81f7b2947abcea4d648342e3376a66008f293d5893a00463857b4ced77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\35c92b6[2].js

Filesize
32KB

MD5
ab9ae44e8229f66024216aa07b10a0b6

SHA1
b91a8ee7c18ca81c14b81ef3ddb50f39b52abd5f

SHA256
ffe726e2af15f3e5406e18fa21b717407a8594a2774a47e99cedb7a45a130ea1

SHA512
87320200f27cd489902a6e685ee2d4b423151d6ae5cdc4bceacf2ffc5b09bfb544f225ae2c5b9dad6115e46757135720ab402910f5616466662012948c4e620b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\AlexaCertify[2].js

Filesize
351B

MD5
d5f9dc59a7d0e15b28a09c27db4f72ce

SHA1
239b650ea32882374fa061cdc509f11cef5b0125

SHA256
28408c328d2ca123c9deeafcb35c7347162f701cb3390138f14dec1d45aae1fb

SHA512
a3ec945b0f347669161b3993ec60ed136977f7a9c5d9c895a32bac660c3407a5795afcd1c907d1b03a6047bff0d1cb544dc7b6c06c92b14f183e2daa255dca57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\KFOlCnqEu92Fr1MmWUlvAA[1].woff

Filesize
64KB

MD5
aa462125b8faf7600001e1fe9b47e216

SHA1
9be15ef7af056b9cfc908c3e825a4b755e9569db

SHA256
b588388326a9d3d30442904afd354fbb2f1feeb88ffca342e1c2f0391a692910

SHA512
b9908dc73f8ee43a27e33a211250433436db3494548f53f6bd00fe888d433075b1ba79f17d44985c06073a097a078135edc803f5a0945edc700bb2fc28392a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\KFOmCnqEu92Fr1Me5g[1].woff

Filesize
63KB

MD5
62b936e168110e58e89e70ec82e22755

SHA1
323e6800b4b0ee85b338e9a19ce5b28d4cabed36

SHA256
e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f

SHA512
2394904e6e3b4eb2eb5499297b96dc5f19402fa3ea05173d53144b6e816a476ba10c5f9f99f3443c1eec4406f5e6d87463e3db415e922e82b3229abb005ae9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\a8cd024[1].js

Filesize
241KB

MD5
ba4a6c1d47013d1fc45175ac08807d1b

SHA1
8bee01a7f8fb23905c907f1bfc6a30b85231bd3e

SHA256
eec539b62516be65cc36d172e74aa82187ab1a37ec84ce06966b8abb1d474ccf

SHA512
6ce947ec30d2f686162789eae59daf95777b3e45e097812ecdd0cedc7b59a0ccd8fd9163ee0eff6aedbf292314810c9257b10b6858010f06b7c0f9102e9ff7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\amp-analytics-0.1[1].js

Filesize
109KB

MD5
e440d8c1b41a6d8e6e254f07fa7a8f4c

SHA1
0c8c16b125a65f9dfa4de571b58095df6230078a

SHA256
6f10c144f34886dc3308daae33c63c2d87301d6c716abaee145abe0339883e27

SHA512
392e194b5548f934f94f2a57cdaee0dea22d1981151df84839c4ffb7401f4fd0a8c683f718084b3c89c5c1c3e067407f168468fd45d33aad5b9258477de4f6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\edc0d39[1].js

Filesize
67KB

MD5
ab4dbf1d0a8e5a921cf7443708e3d70e

SHA1
c53a5069b2e0b9fe3cc128a4faf96b36dd28a0a4

SHA256
87adb80bfa76aeddca850885ff708e93786d1479e373ef10c9886b49ba21c8a3

SHA512
8b3adb7896dc4ed65d8c192e0d8a446e14c6d825bddda64ff77da4c643e56ff434ca97013397fb062cd97f3ee7995fcade49952828700be7e7d1ce3ba58c92b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\587e410[1].js

Filesize
1.2MB

MD5
695c3973a8ae5e9aad7ff4ed85eb0db3

SHA1
bee9200bfcee9e2eb7a49164972328e1c0c504ae

SHA256
9fc4717fae519984f845e21d753d97a30ef48ca004682d06370be62b57bda4eb

SHA512
0467469fb8dbbb53a6ca5fa90537309181cca8bf7347fc2e4def758110fcef4332418d8221ec2825b1fea0adc445bbd2230152d791873de8bcaf3fb8e08ecd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\Iura6YBj_oCad4k1rzU[2].woff

Filesize
25KB

MD5
c2f63e0c43104e85d2a82f1910a141bd

SHA1
2dcc126f1196aee26e1b426a40adc512ac3e901e

SHA256
4e7aab9a715220b05b4754a0ffd803adb290d4b6ff27fbcef8b006e6374e4b26

SHA512
c2d73183d7522a666d18a5dddb2589818f1a55b127fc22a23a43bf70e539f85fe0cce8ba822e9ab2da5b1af6f5404181241b5a514aedba2fae6a8fdb0188647c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\Iurf6YBj_oCad4k1l4qkLrU[2].woff

Filesize
26KB

MD5
6a0c7f937ee95cdb9b6d6e0f86222689

SHA1
d09caee60fa26386bd02835987ef0a828ffaa9e3

SHA256
9a94656522332bdc206878c01ab66c6bdd1a6d6696caffe8c667f49cbb23c9f0

SHA512
aecb5fb7550c9b36f980b85367555d9274771b9d00258930034ba6e1291d4b8ed6e73d6721735c42c6e13f5b49a0926e7b32c5dc8805314dbbe0b253f8753e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\Iurf6YBj_oCad4k1l5qjLrU[2].woff

Filesize
25KB

MD5
a1b2d7ec2ab72b5a4c53cc9c043a50f9

SHA1
84a2da94412c27427a2ab2b32c6a54224e31ce9a

SHA256
7cbfdd9b545f19e563b4e7912b791d021c9287c7b1ab15830bc1576c956ee920

SHA512
befc61326d67906d74eb4bc8e8c1806b8172163f7df678b9bcf2132f633de6bd9746c429690a6d7c94b5c0ae5d32e12106fbfc09c8d08868a00908f776b7a91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\analytics[1].js

Filesize
452B

MD5
bc37382d2b5a0df590dba6cb11b6de6f

SHA1
ac416ac01aa0434a71dc24858ecfc963d2f5d5b4

SHA256
84ec4d46a42112e855a36f2f59b40897451ad769a6ae92385f1dacf467dfc9c1

SHA512
5e0c695c483874840da81c10a22fc52c1c60a614bc9d200149d8b668343b8196d2de38378ef48e6dce6b46c8c32e24dd7d6ba82f02d2698fba81997ba8b94120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\ef9fa14[1].js

Filesize
613KB

MD5
a64727fad77bae81b1806e0cab746fbb

SHA1
289cfbcb201a1e62169c654d7702f4a036101691

SHA256
11acfbf713462fba4b9905acf4998d0509bdce684871a86088658617aa51da45

SHA512
94faa352050d56c77d5b95b554683b1c5244a48c8812f77d64c55fc40ebe825c6c4468faba3fa27ca5e0a4f44e88b4cda93b792251e6ad71d8d178a31b6ca045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\ima3[1].js

Filesize
360KB

MD5
b7ffff67a744ef7c5740f6c257b73f03

SHA1
095d56c06804d73cba2b2c478078c30700d32ba4

SHA256
063026f4b53590355c8fe91c99d30755f6f893aa3c7a0c09abc9771717382785

SHA512
b6d7979428d2a80ac8f9f54a1e8e4673f6734111f7b295ace08f816e51781c7002e14c2c9a2c98699411c75da9bdef4873e757fd1ec3556003b54f64c418f31e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\smart[1].js

Filesize
103KB

MD5
8d79859ba7dc2b07bd99f28caa696ca5

SHA1
f2c8fa352a513b2cb39bc2d057c3d14296234de7

SHA256
50b1e0d2f1350394189f0e16b1854d52f74f0e9eb959591877f40adde0b5f897

SHA512
4afcc9dbc8492a9b8724e9fdf8255a209ea1af7bbcb08a6127d76f0eb95f0fba420b936df2087603d7ca39854e378ce88b9d41e98b4e20e87272d5e6028e2594

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads