d58e89fb349366c78287a046823e7392261ca8d6d9b0e93c9a867308986b4398

Analysis

max time kernel
120s
max time network
145s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WinDjView.exe
Size

1.6MB
MD5

af976095d656221e4004791ec4c57d61
SHA1

11e818c53098cf17ac8cece9e92fd8f26ac7e3d9
SHA256

c86aeee03608384226cbb98db0c92050b45b9538ddaf2be4528e5961a5078dcd
SHA512

83407089de986726a0819ce755b8e2b44a9bd0ed71d0eb2fb62db863aa004ed931e3cb076c445342ea5d201c4818265cd7ceff387e97dab97a787119782bacc0
SSDEEP

24576:Q+lcwLUkgAoNQAx3uMU67k4+Nm4ctzTVzK827rUJjqlKsSZuT:R7gy6X+EzA827Y8lK5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000ad1da79a83d3acc467b6f4b6a96440bd9e54a0b621a6b11f0acf35ab53e6bc55000000000e8000000002000020000000e6e445aaac74d71a7382c8401854aa0e127f90b644d24a2b0cd71407df4b0c61200000008d4747a90901162c6ff2b13d53d3df9059a78cce2145db2930d2cc9932f1269a40000000329dfbdd05542564b7fa0ca4f3388d0317c667d2b00fa1b14602e7aa170ea3bc3793d402742cbc4e7b0423ef4656105ce724f5f35af2d5ed76f18128cfa8bce3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1004"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425393961"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "118"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "1004"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20bbf90f32c6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d54b0b280e460727647dac2e8e34b5d3a53fe87fd76ff6de4a94380ad62da606000000000e8000000002000020000000d72ff1c84c019c65bd239eed07c992079258d2b8ece0f8b1a457cb859f6e908190000000f16fca105e5ef8b480c8d11be2696e7d546d2993819e44ea5f057f2f1783ae731a4b26db8cbcd2ffd38b92a7e559c17b3c2dff3fc6e65616b71c43e9468ee6e0e0c130aac9c31c8d2d246929c63a9a8ce8ade5585101c6938e5a112ffffa1343efb8c19c8be5e802ff2f2309fb0067dad422455f20765a034c7fa75f64bfe80d7468218719e13eedeb30790fc9231f6940000000578e5487ebd72a7fbe0111f2aaba8c048a9219807983a2c19d64371fab3f397a6b7081a27f68aa4c65bc827f397eb3934bc8bfd00bb09b134d6fd0d4ae609059	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "104"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "118"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "1004"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39DA76A1-3225-11EF-91AC-F2A35BA0AE8D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "150"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "855"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "855"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "89"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "61"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io\Total = "61"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "118"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "855"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\windjview.sourceforge.io\ = "89"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\sourceforge.io	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89"	IEXPLORE.EXE

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\ = "[open(\"%1\")]"	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\IfExec	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.djvu	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\ = "DjVu Document"	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinDjView.exe\" \"%1\""	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.djvu\ = "DjVu.Document"	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.djv	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.djv\ = "DjVu.Document"	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\DefaultIcon	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\Application\ = "WinDjView"	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\IfExec\ = "[rem open]"	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\command	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\Topic	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\Topic\ = "System"	WinDjView.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinDjView.exe,0"	WinDjView.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DjVu.Document\shell\open\ddeexec\Application	WinDjView.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	WinDjView.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	WinDjView.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	WinDjView.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	WinDjView.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1612	iexplore.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1884	WinDjView.exe
1884	WinDjView.exe
1884	WinDjView.exe
1884	WinDjView.exe
1884	WinDjView.exe
1612	iexplore.exe
1612	iexplore.exe
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1612	1884	WinDjView.exe	31
PID 1884 wrote to memory of 1612	1884	WinDjView.exe	31
PID 1884 wrote to memory of 1612	1884	WinDjView.exe	31
PID 1884 wrote to memory of 1612	1884	WinDjView.exe	31
PID 1612 wrote to memory of 1864	1612	iexplore.exe	32
PID 1612 wrote to memory of 1864	1612	iexplore.exe	32
PID 1612 wrote to memory of 1864	1612	iexplore.exe	32
PID 1612 wrote to memory of 1864	1612	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\WinDjView.exe
"C:\Users\Admin\AppData\Local\Temp\WinDjView.exe"
1⤵
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://windjview.sourceforge.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
3ec90eeb674da16ecbe139055bd596e7

SHA1
ff7cdbba96c965a69ab7f45895b04abc67607dd5

SHA256
0fd0941a46d55152adbd56dcca2b6bb57b1eba8f5ccdcf75807edd4d1dd6b93c

SHA512
7d5ec940b3981989b8d3d89a582972b84fe986ce0791ca2791cd2b503723f5bfc4d9b4e814b77bd3185bd19f24c59f97d73ebc82ea4ab6f3fdbb935848c8bfe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
aff169c365449f5c7c6784f31558966c

SHA1
93e5cc7d9276ffb914414b6c6d6e37712546e04b

SHA256
6bbf8eb1c7172ce1476b85a90b35e8372139e6d60b2bab8d6d096a3f3265b2d2

SHA512
3c2a518e3b676a41dc89b867af6ad15b8932e7c49e9e3b4c70c40ef2bbd650d4c96dc3bc86589225b4696beedd84ca90aff60e200240e368d11b8ddff5e3d2f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
44ef8d87c9b7d0ff99d6bb304d642b0c

SHA1
609bf8b8a4dc3998dabfc4a49032152d429d8b69

SHA256
2f4bf9835003a56c47ccd3532c2d5db50cb9bbda02c11e9e1bed1a6dc0e2101d

SHA512
be0c759ac8eb3df9a2e4bcb9f26e7c8c882543ebe49d39de09f4df3822c4984e07dbfe9eb330f89704bec781406e1b42a883977058b26b933915b245e2522d92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c94ca214e00d71fcc2611458fedbdc79

SHA1
6788372e1e80ec37830f187f80a94442f0b0f032

SHA256
55c0908b974dd60a034f2a300f6e0642bf3a7a0d23a8adefa76557fa2071a653

SHA512
e6f5f989b063b824e12cc4febeeeeb924af216419aa81dcba8ccfcd1dfcb45128881f5118b60efc8de849030d022e656a8b1e105993920b0153f690e250d6d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
153d970a73ac2676b4f4c4f0a5731e80

SHA1
99915e3f15f945fa028322c66badc63902b113ba

SHA256
9c8ca67c19a2579d8c1c1de42bd1e6c3acee7928c3b0b2b49ab28c471602686d

SHA512
33400ef363bafc72bddbbf1edc210eebe6cedf557567dbf52d82a3f56ee03a9a6f27cce161f841a3a9bdc56e4834040a2d2fb5daaffb8e4e68a3285320f71a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18c21834d259d13762c1ab2cfa549b87

SHA1
bc810cb849b8278e7d66131f2226e500a64e11d6

SHA256
a005e28d3f39f48dea88a8ff1a35b580eab09a17de1a7be9ca5dd8354c2e3f8b

SHA512
d951c2604d5f2a0ede0936240f0467b87e6bd8c80217561ec0f3cbb29ab96ebe5f5c9e9e184b0c30f094234928527b7c0bc49f2ba13121120b2a8021843088e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab07a9741bef3fad25b2b6b71829dfb4

SHA1
49ecaf693924dc482e7a9b8443196d850a71a239

SHA256
bcc45428a8337512ed04a253a86a79fbf391ee91160a16c420bffbb14aca16aa

SHA512
dcae4ca5c1bb5de5964acc5c85deca982678723b27bdb80c43e948502312c415653b6a0e57bb9b774a97a8eb981e990b8052fa4230e739e5b0a15b4f1b055f99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e27ea2bd1299376001a7742c84e52fcd

SHA1
1b34e596598eca2e49cc69d1b09922adf3def48a

SHA256
db005328fefeca03d6f2673719f63eba49ae4c731d9d0087ce9e107ae41c951f

SHA512
59e2c8886b067d8ce2379f028658dff791c6433e257ca474f4a6002edecb99908846155f4df86d83695e6193ffda29d9660ac32e879193247ff0644868fd4c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e47bda071c397af29010a97df57e6332

SHA1
cea06cf0199fb6d5dce70f9b07a8e958fd15db03

SHA256
e3e42637093193099be345b788c9f773059f1bd81e5c4fb6a9ffd9003f3032ff

SHA512
b484cec71f59a2e98850c48db83bf38dfc645253af19292eb4d7b2a9847300207452df36c349468077e78c1ed2750891f44e0bf5856b207e80b6467a5cd35a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1722121b2cf064e9707ed130e54b39d6

SHA1
93d62db0a88276de7b515a2b71f8ec135565c45d

SHA256
87999179b1c23ef022194e5f90595a2cbd26dfd0b7a65b33c9f0a7320a074db5

SHA512
3a75ae84806ce2fde70591dd7f498959d8ff34e7f96e6c5d2d0fb044eff9383fa1fd5e9684e5678d304da9d63b8f0884ad5be2d47732eca9dafebc6ba5d9d1f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a991b5b5625bbdb9c42ecb06489bfd8f

SHA1
5d8c0004a15cd496e0a085f25c53d160fbff5a87

SHA256
24b41c8fd4ecf3749f1ab4765a91d402a9e1a73b25ad3b0bbadd5c3df160a750

SHA512
e148fbd0c631c204ef404994144addb7cb243e05f79f2b1f523a523bb9e57db5e81e6d702e0b83c51a45f25470bc8aa6989f9f4ba30d0368a677dd04d22696bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
044b9272d1ebd9d9902afb7cd17e8256

SHA1
7ad4187441a1e9b8f529e75c007c7bf1cf8d30e6

SHA256
d67261c6164ed52ea779e5353ef579ae635e484fc86ca8236d3499a56202c08f

SHA512
6ed87a9b1439d220c921c3d161f8b355e45e6d7cc0002161cbd798ca3ba0805759bc7427e9209d7c5c61419a70d78a57c382021bf2f86062062932cc178590ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76a5441f43d3f6d42f61a815eb66cef3

SHA1
3dcb6627f8f103a004652bb3d26f4d02f945762d

SHA256
907d1498502cac42b1f6c64e26c8195266828630482290495ef72bd6980ffc1b

SHA512
683a3a89cf880719b1fc189654b9f1f74dd60f6b20028c3d82a06e6e11c0518a4dc057deb49e8ffc18c46d1b08f4ddea9400668aced7104e52639fec615aefc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0afd436931bc5870ce78f3a6ee4b5de6

SHA1
17c60dc7d40c065bec52efa8a7e9ac34075dc700

SHA256
af6b543d9bd1a9d83075e6e7bf06dec6a8f8d658f877f2b485f9a293197f2c3d

SHA512
e4772ea27a643ffde05b61f1349a215172d70938a4101ac61ddc4c8036e20c1bb648995cfc03d45d23ac2ebf79629d159a112756f01709dcbeb166a43e252060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04a2d4ce64715e1d17413256771ea74f

SHA1
54331728c08ea12a50186063fca86fd6db0b7f63

SHA256
07d76c7367c7cbae017e2d18f59cc35cb15dce8aa86359dbdcf8538568b7331c

SHA512
2db72eabbc434589884a4c6d59f76977e5ecd972772b4f5f1b07c2763e0c15d234885ae88fdd61737c8a791145f14da8da77bf4f17195c1d08c32c846b7efcbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fe97bdd5b9be196b839866e5e25ee34

SHA1
e4b89c6c5b79fa602f7638d20784401c0dd7ec30

SHA256
ed9c0adac91e43d14acf56afae578b29fb2f3d0903fd6fe593c1c1c03384e223

SHA512
c714d4adb6c859ad61bd7cacc776d6013e62022f4cc134d109f137fc9ac29883c3f5247fd107cb87e8fd632cf012bdeaba02d10d125b7c96d00175b604a254d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08bdc921d4ba9765f494457d2130012b

SHA1
4fdd656620d4105614334048d3bbba1f6064c751

SHA256
b5da6aea9574749e30ff838cf2f25697d41854bf4e61303ad66b6616990a1402

SHA512
15d55d1777421d31a81522e1775f8fadbf198d015fe510affe88b0df88b7b4cee7dc30b4d473a7bb390dac4a2d792eca0708ce36efd93db57ad660a093463a27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdce78833ae5488d0a827a5d0d11c9f4

SHA1
0f563e5d1abe34ad6926155f382f06003a67defd

SHA256
1d5233ebde3c268d5da811689ede39653a486411ec002bf1219815384eb7d85d

SHA512
36a8a1d579f4132ae6f7ac9bccce4c241bbdf049f6a64534c06e824ccc41b8619611b0c3aacb36c227f02ad6f9c88058c594eda2b3db6f1337cdecbd3135111b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16ce515702d962a97157cd216453ccce

SHA1
2965ded7f322eda5ac36fa74139eadec10b9ce34

SHA256
0c5549c5f0e3f7aa29829ff9f45df4993b02d654db4a0aefff94c8119eea6d1d

SHA512
d29a51e9bc618b88bfe4b39f0a96fa2569f472a5ba068a5ac032287e7f5a942e3e3d4ca752994d0ec3890f23ce650267ca228a9ab158f3717bf6820bd858d693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc8efb60673a3146afa69ccae4787d1f

SHA1
b4edd393ff9cc2eee94e914b73dca9cec3b55ee9

SHA256
0cde9b36bae978a51fddb474a81570a30154d25fa1dbbd6cc344b1acb0057b14

SHA512
150b769e9018c1ed4b132fe4897263dd13f993339929eece6a4f0434f5e09ec5a8b7519f47acdd172467613ae450ffeba2183d02679e810b8799ac0f479da0a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
06d9b8de40bdb9962371a9b879c1f543

SHA1
f0b5f20f5ff4944af8e2b58603ccabdcdde24698

SHA256
4e3fb459d6ae95555f322c0d9f3e685049c77e8bad4b88374ec992ac7ea8a829

SHA512
67728c60678de76eff8cb26fa78d3602fd003a7c730963905ad4011f089941f4516f356fb5cc42e21b54019d74fa63252b58afd2b67a2f79f489929efe1931be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c2ffb165ae6f80c74bf301df775a322b

SHA1
a9a6bc2bc09f23666baca6054b73469e1698df2e

SHA256
da87c7634395b1e51f2182c0dd5cbfe86ebf39fa2ea4c2e6804dfd1bc3cd8060

SHA512
f6eff9786b02407ec82df9a5941f09527b7a3cc40eca18a290c5bf58950b3632a1f18b2891efd6863cd167455b914266465ff825346d6606fa197147d49d687b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Q7FCKW3Z\windjview.sourceforge[1].xml

Filesize
175B

MD5
2f6b146034ca83f4b46f5cb930becfe7

SHA1
dd993f23077450a1876ad14c41d34c53002f7087

SHA256
9bb9451e7c73de4320bd260646409d1718ddbc592377e4a675fff91101e65e18

SHA512
3b310b20de91b604663647753fffe2a135a49e8a59c37382477a59a3c71fe35163e45cd25370327bfed2a3c0b1cd81d68fabee6c1748e1e087e91e2ada4fc06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Q7FCKW3Z\windjview.sourceforge[1].xml

Filesize
356B

MD5
a33aa1c967aab02a3c93315fbe1028b1

SHA1
f53d254f20b0aa99b4301890fc15caa414a6e8ae

SHA256
1def6c1b8644358507d09985d14e7203db2efad58cff2f7f62d488cbdfc3698e

SHA512
6cc3434091be9e53b7369d78445cc0f239bdd0f4db9b9f77b33eeddb9b62117a740cd429a45b854bbe98bd60ef6889a7d9c6dd6e458d8a5a96c599b0a04de7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Q7FCKW3Z\windjview.sourceforge[1].xml

Filesize
547B

MD5
6a1b6018f3ce6b7f0275df1cf52b0540

SHA1
be8e4a6f2e1a6f618aecabc9cb328b045301e89a

SHA256
16922b850a653896b3f576bae9369ca4ab3858b4b5daf41d1bf7119d7fe27660

SHA512
67bca9f0b0591d26a443275d8a7f8976cb9516652be1e1123ed979b462974e33a707308995cac2bafe7f6741d414e5fb38ea0d0c51c945dd92ffc0c624d850b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Q7FCKW3Z\windjview.sourceforge[1].xml

Filesize
2KB

MD5
04995d75daaf30cf9bf8d3301a48d74a

SHA1
fed3b6fbbd2caf3bc6b6cb84ca2aa923fcb546e2

SHA256
856467f99edb87bf0df3b754de58a55af918f25616e4eea3add950fd8c86587c

SHA512
8eacd32599a3aea4680887ef481e61c73f88ffc24e23381bc5526f8d56e66c00bfa535856d4fcc68153789891a257d81dc0caf1f23aa11c5c2c3d13b33369b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat

Filesize
12KB

MD5
86cea8ae7f8c4873fa0a557b5eb87bec

SHA1
66b6801cca1ade7daff79681f7c17a5da58d6135

SHA256
1ee0974bb96c4d4c0060d32a5eba4abcd33061b09f4f4b36bb621f2214b68131

SHA512
47e46ca1c9d41048ed01c7b03fc808ad4ce263dc10b8502a43cfdf6993e4af7b0a8256ffb1b8845de4129a21af948d9dd06e575342bed622cbc54556664c89ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\favicon[1].ico

Filesize
14KB

MD5
d058fee3e115582fc082f03a14d6fdb7

SHA1
f6b09214f50481c126c3d73e75d44574b8292e54

SHA256
4784943e3678d0b2e49f833929f66560c1bb54f27d400794ae5f021053794ff7

SHA512
9b02e763f008b29184b82c76d3e173ce2d058a421ed704024ed8f84bb7e92de9acf0e3c024f9b790ea63da0db3adfa958d0e1cf1503b4873fbabc6b0bf13cac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39EC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads