cfffd9f4babb8f88516b887a0044422b2ddfd96e341067495c82180457a8129c

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c01644bf30569669b3ca4f7894f3d8be.exe
Size

407KB
MD5

c01644bf30569669b3ca4f7894f3d8be
SHA1

282ebb49b9762a0270be76c0b7d1b8406a0e9d1e
SHA256

cfffd9f4babb8f88516b887a0044422b2ddfd96e341067495c82180457a8129c
SHA512

7430787023237a1c25455d40cea7b418789032249ef22cd7487ec9956b8b48ba30a1d0ccae982a5f3541348c6a684a658bf39c9f768d60d7e3c5df4c0e86a44b
SSDEEP

12288:WHeQ+GvIIunqtkwHkGM24mLFuuCmJYxCIQKbfgwXz:lHGvP2qtVM21FuupIbfg8

Score

7^/10

adware stealer

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
4612	regsvr32.exe
4612	regsvr32.exe
4612	regsvr32.exe
4612	regsvr32.exe
4612	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\ = "TBSB07800"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\NoExplorer = "1"	regsvr32.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Search Toolbar\version.txt	c01644bf30569669b3ca4f7894f3d8be.exe
File opened for modification	C:\Program Files (x86)\Search Toolbar\basis.xml	c01644bf30569669b3ca4f7894f3d8be.exe
File created	C:\Program Files (x86)\Search Toolbar\basis.xml	c01644bf30569669b3ca4f7894f3d8be.exe
File opened for modification	C:\Program Files (x86)\Search Toolbar\icons.bmp	c01644bf30569669b3ca4f7894f3d8be.exe
File opened for modification	C:\Program Files (x86)\Search Toolbar\Search.dll	c01644bf30569669b3ca4f7894f3d8be.exe
File opened for modification	C:\Program Files (x86)\Search Toolbar\favicon.ico	c01644bf30569669b3ca4f7894f3d8be.exe
File created	C:\Program Files (x86)\Search Toolbar\version.txt	c01644bf30569669b3ca4f7894f3d8be.exe
File created	C:\Program Files (x86)\Search Toolbar\tbhelper.dll	c01644bf30569669b3ca4f7894f3d8be.exe
File created	C:\Program Files (x86)\Search Toolbar\favicon.ico	c01644bf30569669b3ca4f7894f3d8be.exe
File created	C:\Program Files (x86)\Search Toolbar\icons.bmp	c01644bf30569669b3ca4f7894f3d8be.exe
File created	C:\Program Files (x86)\Search Toolbar\Search.crc	c01644bf30569669b3ca4f7894f3d8be.exe
File opened for modification	C:\Program Files (x86)\Search Toolbar\Search.crc	c01644bf30569669b3ca4f7894f3d8be.exe
File opened for modification	C:\Program Files (x86)\Search Toolbar\tbhelper.dll	c01644bf30569669b3ca4f7894f3d8be.exe

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\Default Visible = "yes"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Software\Microsoft\Internet Explorer\Main	c01644bf30569669b3ca4f7894f3d8be.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	c01644bf30569669b3ca4f7894f3d8be.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe = "0"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B} = 00	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\ButtonText = "Search Toolbar"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\MenuText = "Search Toolbar"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\HotIcon = "C:\\ProgramData\\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\\favicon.ico"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\ClsidExtension = "{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\Icon = "C:\\ProgramData\\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\\favicon.ico"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\MenuStatusBar = "Search Toolbar"	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.IEToolbar\CurVer\ = "TBSB07800.IEToolbar.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFBB809A-BF7B-415B-8240-1554B83AE9BC}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0\ = "Toolbar3 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.IEToolbar.1\CLSID\ = "{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.IEToolbar\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.TBSB07800\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib\ = "{4509D3CC-B642-4745-B030-645B79522C6D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.IEToolbar\CLSID\ = "{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\ = "TBSB07800 Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFBB809A-BF7B-415B-8240-1554B83AE9BC}\ = "IToolbarObj"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFBB809A-BF7B-415B-8240-1554B83AE9BC}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\InprocServer32\ = "C:\\Program Files (x86)\\Search Toolbar\\Search.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB07800	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\ = "IPosBHO"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32\ThreadingModel = "both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB07800\CLSID\ = "{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID\ = "URLSearchHook.ToolbarURLSearchHook"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.TBSB07800\CLSID\ = "{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.TBSB07800\CurVer\ = "TBSB07800.TBSB07800.3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID\ = "URLSearchHook.ToolbarURLSearchHook.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB07800\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\VersionIndependentProgID\ = "Toolbar3.TBSB07800"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\TypeLib\ = "{C5900357-FD1B-43BD-9607-2800DC2ABBD9}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB07800.IEToolbar\ = "IE Toolbar"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Search Toolbar\\"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFBB809A-BF7B-415B-8240-1554B83AE9BC}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D35C00AE-C4B0-49C3-BA4B-BAB2083F43F7}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1\ = "ToolbarURLSearchHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32\ = "C:\\Program Files (x86)\\Search Toolbar\\tbhelper.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\TypeLib\ = "{77AA25E8-6083-4949-A831-9CB11861DC10}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D64939BE-CE77-4AA3-AAF3-CDA6A49E288B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB07800.1\CLSID\ = "{5A9CB3A2-F85A-4823-A8E2-ED8EA758A9DF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C5900357-FD1B-43BD-9607-2800DC2ABBD9}\1.0\0\win32\ = "C:\\Program Files (x86)\\Search Toolbar\\Search.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 4612	880	c01644bf30569669b3ca4f7894f3d8be.exe	94
PID 880 wrote to memory of 4612	880	c01644bf30569669b3ca4f7894f3d8be.exe	94
PID 880 wrote to memory of 4612	880	c01644bf30569669b3ca4f7894f3d8be.exe	94

C:\Users\Admin\AppData\Local\Temp\c01644bf30569669b3ca4f7894f3d8be.exe
"C:\Users\Admin\AppData\Local\Temp\c01644bf30569669b3ca4f7894f3d8be.exe"
1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\Search Toolbar\Search.dll"
  2⤵
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Search Toolbar\Search.crc

Filesize
94B

MD5
1bf1a9f9e04ebf61b5565b0f60f3c956

SHA1
2dabb5a49b18d6ed809caf67d0b99a0e8ae58dc7

SHA256
6fc305ed1593725ef6b9f9ea730b1ce498917f2d8d723536521f2e42b05171af

SHA512
a017f782ff5b38759297334e18be0ccb1b91cb0ad2bd35ec75764fde5ec902ededc1c7b2d09497c07d942962c747a1e35cb9e848032e0a368edf457a5c76cd27

Download Submit
C:\Program Files (x86)\Search Toolbar\Search.dll

Filesize
1.4MB

MD5
7cdb99015f9908949f3abf768b0bd74a

SHA1
90b30754e209300c36501467175cae255e78c263

SHA256
7c4964728fb9611e47b72ef9a88b4be0fbe7e6bc2d67dae5578555a4278a9837

SHA512
1619032d586be906bafd1001b17db31002d9c8d9bb0d5f7eaa3134050dea38016dcaf181af7a55c13f987f2b39538b06c6e4a3c9732bc5ed894d61fe8f8fed33

Download Submit
C:\Program Files (x86)\Search Toolbar\basis.xml

Filesize
9KB

MD5
670026417872d151a7fcfb328c566f2c

SHA1
2d0e7ce3a8c22051dcd7ac2de8b78bf48d964f05

SHA256
2f62930b00441eda5b916c62579cb231823d841fc92f34a2ed70e61345563f5e

SHA512
3bec85a6cae6ca6533e8113334577fe7db1ddd8899e6e0d3a58deb01276fab0c32b9f0d8310217d29c3ec9296d1d2f348ca84dbeec7ff12e8b808cde6a751474

Download Submit
C:\Program Files (x86)\Search Toolbar\favicon.ico

Filesize
3KB

MD5
4dae1d267f3ea87dd8c62908e5806723

SHA1
30e9f876060fc1e92c27151618d44177cf7d81a8

SHA256
4a5366af8de5e51f95a85beb103a23a038698d896c711100bc5a5e7b40dc40a8

SHA512
16e274b1ac9961bb27c6cff0d2c3f1fbf4ea8c920c7fc5494056a926ce115d83e79637c26fc48c4208686f9c39aa440a60ca8ee6077f3233e9f17afb9ed9d317

Download Submit
C:\Program Files (x86)\Search Toolbar\icons.bmp

Filesize
29KB

MD5
8acf9a416de7da93d2fc078a5185e2aa

SHA1
f60f6d7441ab419885acdb476425f0d3fbb4e3ac

SHA256
b9b83978810375d44aa59825b25e1fb30ac9a89540ac9dbc9bb17f1e6355f4e9

SHA512
fd2f2636b95ed0b762262737d824303a024359465f3d03624ea36e7a7b16df2bdf11639315a8288411a35808065c500b014c875ac7178d942c8a35f0be7c47a3

Download Submit
C:\Program Files (x86)\Search Toolbar\tbhelper.dll

Filesize
212KB

MD5
b129142d44de68285e59910d0f2e177e

SHA1
dafb6f3a9b70a4bbb27f1e1c1285ec2f7baafe5f

SHA256
8fe57c4dbad49c1816973466e6f80b4637e06d8f38d95d153b7ed0cffe5e4d8c

SHA512
4b2580b7592b01d338996031e5fcc156d80d6abdb533c217026e411e739d301c701ec5624c507091d0b3014abda2f563a2d17ad79661f3230530d4ab4f620a1d

Download Submit
C:\Program Files (x86)\Search Toolbar\version.txt

Filesize
48B

MD5
444858334b44d82e16931bb2080a0611

SHA1
f4fc9f2c0b459e2255e1abf34247347a0783a64b

SHA256
fa727aea315e009921a14f33fc393e7b9ed79d6002458cbce661981b1ec42e75

SHA512
b3361e60b52a32872299a2bcbdd00eecdbc745bc72d10a908d559e54a0146bf12c5c9929a8f3f80e6c77bf077a610dff83e79177e368c6ee4f31d476a81be230

Download Submit
memory/4612-18-0x0000000002410000-0x0000000002448000-memory.dmp

Filesize
224KB

Download
memory/4612-22-0x00000000027C0000-0x00000000027F8000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads