Analysis Report https://www.corona-impftermine.net/

Overview

General Information

Sample URL:	https://www.corona-impftermine.net/
Analysis ID:	423643
Infos:
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains capabilities to detect virtual machines

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49761 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: www.corona-impftermine.net

Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: http://getbootstrap.com)
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: b979d43d3560770a058a4e5c8365a89b7a34bd97[1].js.3.dr	String found in binary or memory: http://jeffry.in)
Source: jquery-ui.min[1].js.3.dr	String found in binary or memory: http://jqueryui.com
Source: widget-frame[1].js.3.dr	String found in binary or memory: http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating
Source: widget-frame[1].js.3.dr	String found in binary or memory: http://paulirish.com/2011/requestanimationframe-for-smart-animating/
Source: 2D85F72862B55C4EADD9E66E06947F3D.3.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: analytics[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: init[1].js.3.dr	String found in binary or memory: https://app.stackbit.com
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/If4Zr2ttuL_7uT0wdXVMydXgy_Nja4zvrsxqDp6LlQb7RMEdm67uWKgfvm7NECHzJIYx40X
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/LfekFXXO2DQSrc3ldOK4ODQ_elHefA0r6trM-qwkMHrTlH1dZMnG3fGqkm_0LtpGUipVaY7
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/W64IsBmmsFuC9_GQAxZjWJM2xi_VDAdUZWx5uPYuDtdljMogWKJ6Ml4ZIRjw9UiHxwGyP00
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/lCVK3nG1WQZ2PlqPX2EgfYssz-2u_Ih8AK1GV_WiJLXKs8fTJCLPFTELhERyPjmktublhsE
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://coronavirus.nrw/neues/
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://d33wubrfki0l68.cloudfront.net/011e84784814d6cc0b2d8fe255786117680fc476/557b6/images/majestic
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://d33wubrfki0l68.cloudfront.net/bundles/b979d43d3560770a058a4e5c8365a89b7a34bd97.js
Source: W7YU039Z.htm.3.dr	String found in binary or memory: https://d33wubrfki0l68.cloudfront.net/css/f32e8963c988162755fb15c930cba39355a7da17/_next/static/css/
Source: augsburg[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Lora:ital
Source: corona_impftermine_muc[1].htm.3.dr, corona_impftermine_nue[1].htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787weuyJF.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787z5vCJF.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Ckqs.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFkqs.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: b979d43d3560770a058a4e5c8365a89b7a34bd97[1].js.3.dr	String found in binary or memory: https://github.com/dollarshaveclub/reframe.js#readme
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://onlinetermine.zollsoft.de/patientenTermine.php?uniqueident=607feb7a343fb
Source: telegram[1].css.3.dr	String found in binary or memory: https://osx.tlgr.org/updates/site/artboard.png)
Source: telegram[1].css.3.dr	String found in binary or memory: https://osx.tlgr.org/updates/site/artboard_2x.png);
Source: analytics[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_agb
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_ber
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_cgn
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_dus
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_ffm
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_hh
Source: augsburg[1].htm.3.dr, munchen[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_muc
Source: augsburg[1].htm.3.dr, nurnberg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_nue
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_str
Source: analytics[1].js.3.dr	String found in binary or memory: https://tagassistant.google.com/
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://telegram.org/apps
Source: corona_impftermine_nue[1].htm.3.dr	String found in binary or memory: https://tttttt.me/cdn4/file/P7FovyAGrMzdIdkvULg3nvuBJd0NxOw5MKIMZjgd-15vXz4c8tE0SMtW6-lkZjh3t1CaK2iD
Source: corona_impftermine_hh[1].htm.3.dr	String found in binary or memory: https://tttttt.me/cdn4/file/WMPWzsM8W37tnne6-j1xjcoxulxwfB2wwds_UyVJOQ8yH9ng3jtjihpzXs1AWj23fkkYir6-
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/10
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/11
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/12
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/13
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/14
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/15
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/16
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/17
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/18
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/19
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/20
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/21
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/22
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/3
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/4
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/5
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/6
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/7
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/8
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/9
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, corona_impftermine_hh[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_hh
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/570
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/571
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/572
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/573
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/574
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/575
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/576
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/577
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/578
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/579
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/580
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/581
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/582
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/583
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/584
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/585
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/586
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/587
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/588
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/589
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, corona_impftermine_nue[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_nue
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://web.tel.onl/
Source: init[1].js.3.dr	String found in binary or memory: https://widget.stackbit.com
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.baden-wuerttemberg.de/de/service/presse/pressemitteilung/pid/priorisierung-in-arztpraxen
Source: W7YU039Z.htm.3.dr	String found in binary or memory: https://www.buymeacoffee.com/maxritter
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/#content
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/$Corona
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/.
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/Root
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/augsburg/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/augsburg/6Corona
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/augsburg/z
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/content
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/contentUser
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/h
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/4Corona
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/x
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/z
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.corona-impftermine.net/images/Download.png
Source: W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/images/corona.jpg
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/imprint
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/.corona-impftermine.net/munchen/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/4Corona
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/x
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/nurnberg/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/nurnberg/6Corona
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/privacy-policy
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/terms-and-conditions
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/gemeinschaftspraxis/aichach/aerzte-aichach?pid=practice-115296
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/gemeinschaftspraxis/muenchen/fuchs-hierl?pid=practice-25230
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/medizinisches-versorgungszentrum-mvz/muenchen/medizinisches-versorgungszentr
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/praxis/muenchen/hausarztpraxis-dr-grassl?pid=practice-116543
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/praxis/muenchen/hausarztpraxis-muenchen?pid=practice-106858
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.generateprivacypolicy.com/).
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.kvberlin.de/fuer-patienten/corona/corona-impfungen
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.kvhessen.de/coronavirus/coronaimpfungen/
Source: augsburg[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.kvhh.net/de/praxis/aktuelle-meldungen.html
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.maxritter.net/
Source: augsburg[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.stmgp.bayern.de/presse/holetschek-priorisierung-fuer-corona-impfungen-in-arztpraxen-aufg
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.termsandconditionsgenerator.com/)
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.wissenschaft.de
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_agb
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_ber
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_cgn
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_dus
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_ffm
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_hh
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr, munchen[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_muc
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr, nurnberg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_nue
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_str

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49761 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@5/56@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A1F8618-BD75-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6164:120:WilError_01

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5FDD67D587003693.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5792 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5792 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Windows\System32\OpenWith.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains capabilities to detect virtual machines

Source: C:\Windows\System32\OpenWith.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: OpenWith.exe, 0000000D.00000003.495953389.0000023CE5AA6000.00000004.00000001.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}vr

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.225.84.15	d33wubrfki0l68.cloudfront.net	United States	16509	AMAZON-02US	false
95.216.186.40	tlgr.org	Germany	24940	HETZNER-ASDE	false
149.154.164.24	cdn4.telesco.pe	United Kingdom	62041	TELEGRAMRU	false
206.189.50.60	www.corona-impftermine.net	United States	14061	DIGITALOCEAN-ASNUS	false
3.65.48.84	widget.stackbit.com	United States	16509	AMAZON-02US	false
104.16.95.65	cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
tlgr.org	95.216.186.40	true
tttttt.me	95.216.186.40	true
www.corona-impftermine.net	206.189.50.60	true
cloudflareinsights.com	104.16.95.65	true
static.cloudflareinsights.com	104.16.95.65	true
cdn4.telesco.pe	149.154.164.24	true
xn--r1a.website	95.216.186.40	true
d33wubrfki0l68.cloudfront.net	13.225.84.15	true
widget.stackbit.com	3.65.48.84	true
x1.i.lencr.org	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.corona-impftermine.net/augsburg/	false	unknown
https://www.corona-impftermine.net/hamburg/	false	unknown
https://www.corona-impftermine.net/nurnberg/	false	unknown

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49761 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: www.corona-impftermine.net

Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: http://getbootstrap.com)
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: b979d43d3560770a058a4e5c8365a89b7a34bd97[1].js.3.dr	String found in binary or memory: http://jeffry.in)
Source: jquery-ui.min[1].js.3.dr	String found in binary or memory: http://jqueryui.com
Source: widget-frame[1].js.3.dr	String found in binary or memory: http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating
Source: widget-frame[1].js.3.dr	String found in binary or memory: http://paulirish.com/2011/requestanimationframe-for-smart-animating/
Source: 2D85F72862B55C4EADD9E66E06947F3D.3.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: analytics[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: init[1].js.3.dr	String found in binary or memory: https://app.stackbit.com
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/If4Zr2ttuL_7uT0wdXVMydXgy_Nja4zvrsxqDp6LlQb7RMEdm67uWKgfvm7NECHzJIYx40X
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/LfekFXXO2DQSrc3ldOK4ODQ_elHefA0r6trM-qwkMHrTlH1dZMnG3fGqkm_0LtpGUipVaY7
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/W64IsBmmsFuC9_GQAxZjWJM2xi_VDAdUZWx5uPYuDtdljMogWKJ6Ml4ZIRjw9UiHxwGyP00
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://cdn4.telesco.pe/file/lCVK3nG1WQZ2PlqPX2EgfYssz-2u_Ih8AK1GV_WiJLXKs8fTJCLPFTELhERyPjmktublhsE
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://coronavirus.nrw/neues/
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://d33wubrfki0l68.cloudfront.net/011e84784814d6cc0b2d8fe255786117680fc476/557b6/images/majestic
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://d33wubrfki0l68.cloudfront.net/bundles/b979d43d3560770a058a4e5c8365a89b7a34bd97.js
Source: W7YU039Z.htm.3.dr	String found in binary or memory: https://d33wubrfki0l68.cloudfront.net/css/f32e8963c988162755fb15c930cba39355a7da17/_next/static/css/
Source: augsburg[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Lora:ital
Source: corona_impftermine_muc[1].htm.3.dr, corona_impftermine_nue[1].htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787weuyJF.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787z5vCJF.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Ckqs.woff)
Source: css2[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFkqs.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: b979d43d3560770a058a4e5c8365a89b7a34bd97[1].js.3.dr	String found in binary or memory: https://github.com/dollarshaveclub/reframe.js#readme
Source: bootstrap.min[1].css.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://onlinetermine.zollsoft.de/patientenTermine.php?uniqueident=607feb7a343fb
Source: telegram[1].css.3.dr	String found in binary or memory: https://osx.tlgr.org/updates/site/artboard.png)
Source: telegram[1].css.3.dr	String found in binary or memory: https://osx.tlgr.org/updates/site/artboard_2x.png);
Source: analytics[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_agb
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_ber
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_cgn
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_dus
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_ffm
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_hh
Source: augsburg[1].htm.3.dr, munchen[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_muc
Source: augsburg[1].htm.3.dr, nurnberg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_nue
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://t.me/corona_impftermine_str
Source: analytics[1].js.3.dr	String found in binary or memory: https://tagassistant.google.com/
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://telegram.org/apps
Source: corona_impftermine_nue[1].htm.3.dr	String found in binary or memory: https://tttttt.me/cdn4/file/P7FovyAGrMzdIdkvULg3nvuBJd0NxOw5MKIMZjgd-15vXz4c8tE0SMtW6-lkZjh3t1CaK2iD
Source: corona_impftermine_hh[1].htm.3.dr	String found in binary or memory: https://tttttt.me/cdn4/file/WMPWzsM8W37tnne6-j1xjcoxulxwfB2wwds_UyVJOQ8yH9ng3jtjihpzXs1AWj23fkkYir6-
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/10
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/11
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/12
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/13
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/14
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/15
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/16
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/17
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/18
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/19
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/20
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/21
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/22
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/3
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/4
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/5
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/6
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/7
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/8
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_agb/9
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, corona_impftermine_hh[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_hh
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/570
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/571
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/572
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/573
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/574
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/575
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/576
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/577
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/578
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/579
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/580
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/581
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/582
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/583
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/584
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/585
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/586
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/587
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/588
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_muc/589
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, corona_impftermine_nue[1].htm.3.dr	String found in binary or memory: https://tttttt.me/corona_impftermine_nue
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://web.tel.onl/
Source: init[1].js.3.dr	String found in binary or memory: https://widget.stackbit.com
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.baden-wuerttemberg.de/de/service/presse/pressemitteilung/pid/priorisierung-in-arztpraxen
Source: W7YU039Z.htm.3.dr	String found in binary or memory: https://www.buymeacoffee.com/maxritter
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/#content
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/$Corona
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/.
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/Root
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/augsburg/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/augsburg/6Corona
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/augsburg/z
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/content
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/contentUser
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/h
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/4Corona
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/x
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/hamburg/z
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.corona-impftermine.net/images/Download.png
Source: W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/images/corona.jpg
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/imprint
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/.corona-impftermine.net/munchen/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/4Corona
Source: ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/munchen/x
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DFF1CF27BECECB5F3A.TMP.1.dr	String found in binary or memory: https://www.corona-impftermine.net/nurnberg/
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.corona-impftermine.net/nurnberg/6Corona
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/privacy-policy
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.corona-impftermine.net/terms-and-conditions
Source: corona_impftermine_agb[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/gemeinschaftspraxis/aichach/aerzte-aichach?pid=practice-115296
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/gemeinschaftspraxis/muenchen/fuchs-hierl?pid=practice-25230
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/medizinisches-versorgungszentrum-mvz/muenchen/medizinisches-versorgungszentr
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/praxis/muenchen/hausarztpraxis-dr-grassl?pid=practice-116543
Source: corona_impftermine_muc[1].htm.3.dr	String found in binary or memory: https://www.doctolib.de/praxis/muenchen/hausarztpraxis-muenchen?pid=practice-106858
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.generateprivacypolicy.com/).
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.kvberlin.de/fuer-patienten/corona/corona-impfungen
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.kvhessen.de/coronavirus/coronaimpfungen/
Source: augsburg[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.kvhh.net/de/praxis/aktuelle-meldungen.html
Source: augsburg[1].htm.3.dr, hamburg[1].htm.3.dr, nurnberg[1].htm.3.dr, munchen[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.maxritter.net/
Source: augsburg[1].htm.3.dr, W7YU039Z.htm.3.dr	String found in binary or memory: https://www.stmgp.bayern.de/presse/holetschek-priorisierung-fuer-corona-impfungen-in-arztpraxen-aufg
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.termsandconditionsgenerator.com/)
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://www.wissenschaft.de
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_agb
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_ber
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_cgn
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_dus
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_ffm
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_hh
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr, munchen[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_muc
Source: {4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat.1.dr, augsburg[1].htm.3.dr, nurnberg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_nue
Source: augsburg[1].htm.3.dr	String found in binary or memory: https://xn--r1a.website/s/corona_impftermine_str

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 206.189.50.60:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.84.15:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.65.48.84:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.164.24:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.186.40:443 -> 192.168.2.6:49761 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@5/56@11/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A1F8618-BD75-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6164:120:WilError_01

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5FDD67D587003693.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5792 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5792 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Windows\System32\OpenWith.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains capabilities to detect virtual machines

Source: C:\Windows\System32\OpenWith.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: OpenWith.exe, 0000000D.00000003.495953389.0000023CE5AA6000.00000004.00000001.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}vr

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

ID:	423643
Product:	CloudBasic
Start time:	09:20:52
Start date:	25.05.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	data	E419AD112571CBB67C14E4CED1322129	E5321CAA9F2DE9BF66B72B3306DA51BE6A7250F7	1D6C1CC637095B227D226ECEB60C61B7969A53612FA74743C667967E5E1421EF
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 59863 bytes, 1 file	BD3E93AD23BB0CA00C44D8774C63E84F	03FB85A6B46615FAEB2D3E29FBC399593D7B5D15	3526E251E631B67BC547442F85BFE5DD97A109CBC0189F04E1BD40D988EE18B5
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	2F2070DDCA87113D184595C04FA48C0A	FF9F1B29799709D99F4A08F45E4B99D87675D2C8	8CDE5D886D51A38BE01B3A2F08F060A391C9CCABE78733E675D1A7986E8971DB
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	F874BD1F540D11B0C180ED798BB7E121	B70A02B017CD220E21FAE4146DC0393CB4295985	8E877E29AD79B3C7CE9CFBEA05A26841A029EF649190538CB3CC49A25078782A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\www.corona-impftermine[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A1F8618-BD75-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	7F9BF70450521B5E1BAB457AE1DCCD65	3B5194509607AEE53AA68CBD0E348DC659D01D44	9AFB50F3F8F1D90890136C2683CF664B7836A692DA01902E638AEB4F1838791F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A1F861A-BD75-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	19F6AB2AA118F5A38952EF512F030925	AEF3EBAC613BABDAB5C3B8BFA388A80E3A7D073A	A1D9C6E2FCD5F68B1A76F284CF357A6AF214270C353877BC8C9E251EFE367CA7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50983A8B-BD75-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	CB1D5D2D16FD57F61C70A52D15244854	2928E150BC71551DFBC5FEECCA80A73884159DDC	578A298C520C3114D83A2700A1EBBF04A8CB3D06EC77737A97E533AD11419CC2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat	data	96C7427A43DDC4B2F74B5383FCDADF1A	D1C13F0361F96EC314EF24DCDF379C2B9C2FF79D	CE15074C98C698225F4B6EC2B101EB0F0F246FB84A74D4B9D5BDF470A312A02D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\S0BWZ157.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, frames 3	33F329887C30D8950003B7AB881E8402	442DCA298CA4CDB34467D578E6784AD8123C0426	B98BC5284B18DEF121A47A7106C04DCE6515128BFC11A50E71873603FF4111E5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\beacon.min[1].js	ASCII text, with very long lines, with no line terminators	3BC9671B61A2CEC10EC5D9C65BD2074E	37B185BDBF3482AE94ADD386D6C0B41DCEA351CB	198EEDF9D8A1AD8D85E2D631EA8667A47A66B7CE838847359045BEB4E8F3A635
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\corona_impftermine_muc[1].htm	HTML document, UTF-8 Unicode text, with very long lines	97A9936D2F731B194E8842244FBA9605	0690E1ADAEF6B7E2875EE3A6024BEC8A67EAB84A	6CC530AE63D4FC477ACEDF817FB5A2E228DF0FD220A7CD5C4AABC40FB78B02E9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css2[1].css	ASCII text	ED976DB7ADAEBC5B28B9285CB7E0C609	3B5E5C8EF2F2B7DEF46B2E78A6740DDD3DB8AEDB	247AA5B17C4A9A5549A9F7881F6BFBCA8E99BC6098F460C7C3F49575510AE23F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[1].css	ASCII text	67A7912F5FB9605F40B01A6AAC341D57	19272A97FDE0596D8ABDEFED18B201E5E077C300	64FC8DAD1EF311A568BE67CDCEA4C9D9823F00AB8539E0ECD2BA33E1D1B3B964
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\hamburg[1].htm	HTML document, UTF-8 Unicode text, with very long lines	693025B84D9963220DDB7F41784CFF0F	10DEC42382FA4769CD84A3E5CA3A983574077757	D2F6090948EC9D1F6AA4F62B2B37FC3882C594F22879AE93753D755BAFD1E7D9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\jquery-ui.min[1].js	ASCII text, with very long lines	FCF956F8FD2371FEF081125FBD1CD1B0	59DC043C3191C85C23244CC5B09F422585296ABF	EB46D82EF6F86859F18E379660E0F45B85C6F69FA97111905F0C125A08506376
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\munchen[1].htm	HTML document, UTF-8 Unicode text, with very long lines	D5608EDF2E84186494FBEA29643069A0	59CEA1BD24A9BD5E42F6750AD3D3EB18078A7A30	C6DFB17C420765DA3352CFAFF1188B344F4263D36D2DB306DA3A53E461A35CFE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\tgsticker[1].js	ASCII text	A994D2F95F1CB8F75FB890B729516839	C0E8476E73753C6529B6A3E02C10CA8803788845	7AF53D7077C16F6AD9EFD63A975749C4835CE6E495C337FA4176F15ED385F80B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\widget-frame[1].css	assembler source, ASCII text, with very long lines	68E6986BC07CDF467F81DCA2A0DC4D60	F665C8EFF8D5B3CFEF32D181CD8430C729B2EA6F	D73EFE70BE2927BA40FB4617468FFA04712439F55DD935568313CE4A09320418
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\widget-frame[1].js	UTF-8 Unicode text, with very long lines	41D9BA1330DBD6BCE65BF5290A10211E	E2852877E63C6C3AB2FF1C640016155143C66628	7A519E16536569F67D43F1431D5A925C90BCF02B100CA2192260507DAD070916
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\06e00db3ad673e94378c[1].css	ASCII text, with very long lines, with no line terminators	AEF437146D02279B374936D91B791999	F32E8963C988162755FB15C930CBA39355A7DA17	424FE02D861393EC0B598678EF3F7FA4B7C840D549B9C97E7F96828743AE161C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Arrow_1x[1].png	PNG image data, 8 x 12, 8-bit/color RGBA, non-interlaced	5BD43F48F3411D4DF3CA18B291269E25	7D7A23DBEDC370B4C60615D2BC956AA112060F40	3B2212EF1C4D336FBD7983A732D88FA83423A25453209F02F18AB878218D505D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\DTS50CAQ.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x160, frames 3	ABB102E751D2C4962A28BE7F805EF620	100AB737142622C0CD8B5108E366D06C3A1A3544	C0655445D5FBEECDF2C5EFD3DFD62781BB6C9750FAC2B22D4CB30F884DED1B87
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\E299A5[1].png	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	73F6A8C324FC3CBFD0FF53F01A303FA6	F7E500B162D67A9FA7A281577FCA89DA25E68F25	540A8623C08E30373564916BD3B032123FB1B9974D0E430DAA8719BDAB60AE0C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\b979d43d3560770a058a4e5c8365a89b7a34bd97[1].js	ASCII text, with very long lines	2F3ED7C4108CC0BB865C1392C242B7D0	B979D43D3560770A058A4E5C8365A89B7A34BD97	DFA5868B703E984D6D84711A4D4338BF5C073260BECF2BB6F03A6D824BBF9456
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\be74a27e28e7536c49244db9a205121ebc71e0d9[1].js	ASCII text, with very long lines	A45769C3077808E86F330B4001B23ABA	BE74A27E28E7536C49244DB9A205121EBC71E0D9	DCB0F46E837F7821AB0537F949B8626619B82E15820153365FE93B0EDBC8C7EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].css	ASCII text, with very long lines	C2656E265EF58A9CC9F4B70B15DA5FB9	85C5EBDB89D4574D72688C2650D4B84B9B09770A	F1D083FFAA644C708F11DB29707AA57C19246E6D32643B03FEE3F82C17B224B3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\corona[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1250x650, frames 3	D74ACCAC575AE64E6555F93DE5CF2B50	23A83DC287005A1BF14F577ED891C5B7A0F884F5	5049DF08B5D6FFC14AEB22A8E6B3C8B742B34F7065DDF603801310FAC74D711E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\corona_impftermine_agb[1].htm	HTML document, UTF-8 Unicode text, with very long lines	C0EFEA7053664384A71619DF229652DE	3253EFBBA5EBDDDEEAED5A7219E28E2BA5AAB984	08403F7D82E77CE14AC3F3D35E6DB5C4EAFDA4501C661898FF0FFA0102F2F0C8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\majestic-octopus[1].png	PNG image data, 1494 x 224, 8-bit/color RGB, non-interlaced	0A2A243CA6431D7DDC0A6B8FD052E440	011E84784814D6CC0B2D8FE255786117680FC476	907EE21301B7351FA35CC6EEB5063C51A4460BA2D7E11797B3CE9B99678D08A6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\polyfills-fa276ba060a4a8ac7eef[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	85057EA5C52BB02A6BE4FCCC0CFC015D	17B4F4EF85574526E9BB7AE9C78BFFABE26B0E99	55BE819EE91320D2EE025BDA40DD363BAB281C9395DB00AFB3F726E2E939C1B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\0QI6MX1D_JOuGQbT0gvTJPa787weuyJF[1].woff	Web Open Font Format, TrueType, length 56868, version 1.1	157315714887E2D69FFB9F6A3E3145EC	FE07E44F6ED00C231BD9468BDBCDB5F289314FD8	6C57A2969DC53695979E2FCA37D35E4F15913AEED5688E84F8681C52BF7B1C0B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\0QI6MX1D_JOuGQbT0gvTJPa787z5vCJF[1].woff	Web Open Font Format, TrueType, length 57768, version 1.1	7539F03619F5DC85A432980B7B450021	489A394B14434955F8620891B7BF392B4FF355DA	5B462AA803F595F15FA660103FD141A5A8CF1498FAFF3693DA398A8378FB93AC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Ckqs[1].woff	Web Open Font Format, TrueType, length 61340, version 1.1	1B9568024582152E9E74AF37D48DD6BD	BFD34BB13814126AF2454136A4C25073CD0C37A8	E760AC48568E3A552C87B1E153DB96A82E12940F0F7B2A7C33C6BD33F1FED5A5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFkqs[1].woff	Web Open Font Format, TrueType, length 61540, version 1.1	38A9B97FC84C74D4FE3590E1CB139704	AB25883B16E8C5FF88A300D3065FE021A092AA20	AA56B82317347E39F791C7975C00CD0BF1C51B6CD90F925A3D4334D42748FD37
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\analytics[1].js	ASCII text, with very long lines	6DF1787C4BE82D1BB24F8BFFA10C7738	3634E839429E462E49C5F42B75FBFB4BA318AF6D	2CB09C7B3E19BFC41743CA3624EF81C3258D56525647FEAC76AA757E0292627A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\augsburg[1].htm	HTML document, UTF-8 Unicode text, with very long lines	57A674D976CE0B11C572BB8B69303F00	E08B846558DE23DDA2370155A48983B4FB41C1B7	2B52D6E1506E328229D24A62DF48292F0BF75CC410D027482F32F910084686D0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\corona_impftermine_hh[1].htm	HTML document, ASCII text, with very long lines	04BE7D66AC6B68DB557612364B7BAD5B	85801F40B24345AC43F9D56A0DA618A58916DB86	972B7F88C0A81B2FF17B7CE6B0797CA7174CD5CC86C67F0A125EB78AC8CAC6D1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\nurnberg[1].htm	HTML document, UTF-8 Unicode text, with very long lines	F2306222DF9BF5E63F4C60D7F618A057	BBF6576F98C724CBEEB040B9647439B7AB75CB01	9F3BC41D5242B45B10F71A7BCF77EFBC3FAB2DBF091B18961279657DC0FA440F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\telegram-web[1].css	ASCII text, with very long lines	F39F05A7730D83C2B724E1E113A29E16	00C8E55038BC934212E73F0798E2E7325966E759	2892A779CEE25C3A681F6C8D4C779F0E8632741AEC6485A87DA48000D84B96C5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\telegram-web[1].js	ASCII text	497DC99EEA741A8ACC1F98E9E7FE7604	D573CADDA161B2C5566E68B0584370A65250DD07	0F661B180CB5EC06A2458D8BE5C013A37ABE06A0D446945709010132CA813D15
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\telegram[1].css	ASCII text, with very long lines	EF37148841BB7A7DEC7B4D4AF1A63504	162F85A8C2DF9D9A9F0873723C2642A2E4D0AEA4	5B9398BCAF041C4ED994C96AD2BECE7F60025417797254D34EDCF22D98B6BA00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\7c883d82dc35c1abaf98cbc00c7fda239ba0d096[1].js	ASCII text, with very long lines	676B59957ED81CE19B9A407C85587004	7C883D82DC35C1ABAF98CBC00C7FDA239BA0D096	D3DBD097D392D7CEB24719281DE0AC49E4793FC9D5BE822DE3111AA11FCCB1B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\Download[1].png	PNG image data, 225 x 225, 8-bit colormap, non-interlaced	B4D0B7BDB3297FF446E7B2C7F05831F3	3AF8FF792AC113107F5A2A1BD4AF2F93DE1382B1	155114DCE95D6969A85AC0B65B47AE5B65EC397CFEF676B380FD3E2808773255
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HFJ43SQZ.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x160, frames 3	ABB102E751D2C4962A28BE7F805EF620	100AB737142622C0CD8B5108E366D06C3A1A3544	C0655445D5FBEECDF2C5EFD3DFD62781BB6C9750FAC2B22D4CB30F884DED1B87
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20532, version 1.1	DA2721C68B4BC80DB8D4C404F76B118C	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20396, version 1.1	68D6DABFE54E245E7D5D5C16C3C4B1A9	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\W7YU039Z.htm	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators	B6A61770ED9FDD8256C86C89094338B5	D5967C4413311C2C9EAF58FF401CFB9B23F3EA76	B2787B90EE5543FBFB46209051E2529F33E431100DF7CF9B21C08F2157E20DD7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\corona_impftermine_nue[1].htm	HTML document, UTF-8 Unicode text, with very long lines	270DBB135731A787DD43C45205EB5FF4	CC14F8FEF8D90488143B852E9C8B9865762E69EB	C0A0A1A3B5D9D4A24330EE668D99DB0D09351A50E7C68760E4625C77797DAAD9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\css[1].css	ASCII text	9C9679FCBB922B0C21F98BC20203B3F5	01B69CF7821C2593D0004433600145AAF2D23199	7A2780E564582B20A74BD95E9DE66D7E88C1CE67021C9F31C130B159730BDB9A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\init[1].js	ASCII text, with very long lines	9AB88387EB3734FF2004580E2089D592	C6019F14655B5A8A594E830619661F6D7A2C9615	D57457AD6CBB585B9446283DFE53D43FC330EE07EC2DAA6FE39138ADEC5E766B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery.min[1].js	ASCII text, with very long lines	8101D596B2B8FA35FE3A634EA342D7C3	D6C1F41972DE07B09BFA63D2E50F9AB41EC372BD	540BC6DEC1DD4B92EA4D3FB903F69EABF6D919AFD48F4E312B163C28CFF0F441
C:\Users\user\AppData\Local\Temp\~DF5FDD67D587003693.TMP	data	A1A8947B99A7EE27E727C192C4C418B6	2E5B6CE3C45AEA5B4F8556A74C902AA99A720959	5A38041BEC98BE1C326C9531A6BFB779A165C4533121A4418C9ED131C6B7F81E
C:\Users\user\AppData\Local\Temp\~DFDFE4C505CF6BDA58.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFF1CF27BECECB5F3A.TMP	data	55B4CA4167EF2A175F323F1171EEA42B	B3766D0FCEA6F1FD95447840DFB9A015A98BB89B	7CAE436A8292E76C73593AD0F740308BF764BC455E46CA5281D1E19E65E35060

Analysis Report https://www.corona-impftermine.net/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs