Analysis Overview
SHA256
83367ce33863af52ce81d9b38745ed60e9cd1bdfc364412a04af99528f416ce2
Threat Level: Shows suspicious behavior
The file 102e4609c2b5713678938f7233bc9c59_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Registers COM server for autorun
Executes dropped EXE
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
Installs/modifies Browser Helper Object
Drops file in Program Files directory
Unsigned PE
Suspicious use of WriteProcessMemory
System policy modification
Modifies Internet Explorer settings
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 09:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 09:23
Reported
2024-05-03 09:26
Platform
win7-20231129-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\102e4609c2b5713678938f7233bc9c59_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndlkccngholfmdlemknbiomneemlmgl\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\NoExplorer = "1" | C:\Windows\system32\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dat | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dat | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.tlb | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.tlb | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.tlb" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CurVer\ = "YoutubeAdblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.dll" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID\ = "YoutubeAdblocker.1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CurVer | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ = "IRegistry" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CurVer\ = "YoutubeAdblocker.1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CLSID\ = "{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID\ = "YoutubeAdblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Implemented Categories | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Programmable | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.dll" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0\CLSID\ = "{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Programmable | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} = "1" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\102e4609c2b5713678938f7233bc9c59_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\102e4609c2b5713678938f7233bc9c59_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe
"C:\Users\Admin\AppData\Local\Temp/00294823/F2ewBn.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll"
Network
Files
\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe
| MD5 | 6223a19e77e3b9b4f633e8863ee1cf40 |
| SHA1 | ee5ec9cffb59790d553f5a3394ad5808e1e37446 |
| SHA256 | d4041f6772da83d968fcf13181a9004ba69f89effc3a69bee019ab44b5ad1f46 |
| SHA512 | 66c99f26af2895142c61d75025f9343cc132883f79a513b47c18da1f9eb2582971eeee0610779e20d51d378fda854bf4c5a51434a0f0425054a7d059f764bcb3 |
C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.dat
| MD5 | 46228b8fb45b59527aecdf3ed1a97f58 |
| SHA1 | 5db2bc4028068ce2c7556c4d2dfc25b709407297 |
| SHA256 | 0a193647a6298766f576eab80d26e5713f5fdf0749f774c742ba033e6847e3de |
| SHA512 | 24196bbaf514dddc0c998a092d622408052d76b8ec395ae045cb33f976a82c5b7626e3757c48314e924534e2fd72fda7425e4df99a14c61d7fe6d3bfb35f7036 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\background.html
| MD5 | f77262e87e7d0fe8132ddbe0083d84ec |
| SHA1 | 7f702080941ec7c8287d7cd260fa017f7b904212 |
| SHA256 | 30d1df7bc4e7ba737cf89a350a861e1b91eab9dcb6aea1cfee029d5a1e670583 |
| SHA512 | be7b4fe06b8f4cf920da4358a49c8a3581b10bf67f0c9af3af039b19711b8ca5aad171c6d2883fc7449153699aac03fd580949de25f5373dbe7872c19787d9df |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\content.js
| MD5 | 5f9891607f65f433b0690bae7088b2c1 |
| SHA1 | b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de |
| SHA256 | fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b |
| SHA512 | 76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\lsdb.js
| MD5 | 209b7ae0b6d8c3f9687c979d03b08089 |
| SHA1 | 6449f8bff917115eef4e7488fae61942a869200f |
| SHA256 | e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704 |
| SHA512 | 1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\manifest.json
| MD5 | e2832fbedae560495781610b5c511afa |
| SHA1 | 95f9c6fe1ea5a6ee009bce1e9c215ef53fb5c108 |
| SHA256 | 6e03e688a9f7cc23a788e004cea4c87ee73e36c1053d2fb34a214bcc597f3ea2 |
| SHA512 | 2e206b58d02a88d21cb0cd74d5523b9f07f4558b4af9a19936befb256c2dc868107ab1716849e09b665721d1ac7b01ba6762bb54822596e39a4cdad763c68cb9 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\MzZVwP.js
| MD5 | 8e398cf605a7149462b845f88192371a |
| SHA1 | 41e92627634ed02bc56764101ee6b2defc4ab9a5 |
| SHA256 | 8211e1f3cf385c2587e40941679a3f723ffd56ad81ad4f66cb3d580559f14c27 |
| SHA512 | 178b480c9ad084ec24f6ba3aca40286a69c535350534bcc6e97d1bafefd46c80b873c7b96c05573d30028b45327c494be68c3913b5cc82a1353b7b82b065f006 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\sqlite.js
| MD5 | e01bbcaa478aeded50e5db9f601a74c9 |
| SHA1 | 697ba20e3cd92a5f53c6ca65da7bf7600735cbbf |
| SHA256 | ea00222f327abaadec50edfa195d3824435abdbb4e485218aab25400dd1bef34 |
| SHA512 | eb5eb5474342f782917f8a9c7017d56d79f7bf45509c4a981c82c51226759253f573d768a6819ad77ca5bec6f1800e383e251e7b97f89a30f35f2bdc8c9a2f9b |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js
| MD5 | 1b53c596cfb1aa2209446ff64c17dabd |
| SHA1 | 2542da14728dcdbe1763f1ee39fe9ceae38ad414 |
| SHA256 | a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f |
| SHA512 | be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030 |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest
| MD5 | 5653f7a2e87d1348aff4477552400cae |
| SHA1 | a594b78d56f3aa135ce11f8e566f6b59dcfcf176 |
| SHA256 | 52ec35f862a08c4d4950090baa6cfb148abc42f1f693340a50b77500f74fbdb6 |
| SHA512 | b357ee84d8e7c1a432e38d7eaf32e7d463b04e98d56f3ab9de270d33b5423263d26fe61480d05900cd2f0a62d1bbf9d11270ce13956f99451ce7f154a2a601cc |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js
| MD5 | 3b339e48c947092c6c139411277c5c98 |
| SHA1 | b5cf52974cf52ca48fb67a7b8710c604e49c4724 |
| SHA256 | 13bdb25dca14b05c4254fb0d557e9264dc163a11391796028a61342e1c5248de |
| SHA512 | e3b28de222c77d3fb5bad155f8e3fd5e5e1c30613f083e0c331dcc688ad53ee24ce45bc695cdc2892ae58b22aaeb16d47387d9ec0713462308ead17f22469e47 |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf
| MD5 | e8d570b25eb683ce6fcd0a935bfde69d |
| SHA1 | 45d31d86c547548b8cae43a6b6af36f0b1c75787 |
| SHA256 | 46ffba4a465890639fca60c1f22ec484d91b746d73c5f24cf64a77671efcbf40 |
| SHA512 | 1eb7b2279844b23f11be9ac35e38e879ad57541b4d68014f49ce2a5e0b4fb652e9d885cbb241755716a7e1b473601c487df502a4600356820ecb90997202ba1a |
C:\Users\Admin\AppData\Local\Temp\00294823\hY6bh.dll
| MD5 | 9afeb7fa65aa31c6b871237d14a8fb94 |
| SHA1 | 58f99ae9ea22f56f28b6c5fa798bda3109f297f6 |
| SHA256 | 4cb847c3d1b5b9ae746e3725ae26b756c4eb980c93faf2a5963a030e9db2874a |
| SHA512 | 311655752677bad1e397ef2f03608ee9819157d211b65cb3b4d81a11b70c32fdd07a6e38c7b276e66ad7953f7549d1c881a0fd97ec82621365a4c2ec23dca855 |
C:\Users\Admin\AppData\Local\Temp\00294823\hY6bh.tlb
| MD5 | 9f260bfcd1ef83627ceb2792ee3324f5 |
| SHA1 | 078164529ae639e5ff9cf0e4003a82259c2aace8 |
| SHA256 | 8ce97c40c3fea5c0a6446b3e647cdb0d1d38eb0a07c40a91a8df4ad0517b2526 |
| SHA512 | 3e3fa6af779fdda2ecd4e75cfb7b09eae69352eb39560fecbeae750130a111aa099a11d91dce90ab2a7dc11a9fe25d3898c65da8de7fb5729398cdb8260dcd6f |
C:\Users\Admin\AppData\Local\Temp\00294823\hY6bh.x64.dll
| MD5 | 410bb7e2c88f92de31b83a173e173e2d |
| SHA1 | ff40233a038f80b7b1513431d6a9632e8f0e39f0 |
| SHA256 | afd8e3c979685360c26ff618eb85e0b788f7d9b743fc4e52b9337c242e5bf8d3 |
| SHA512 | d5a2727ac2936f189e4247852f147efe93f4473c690abb046c0e38cd8371198c601ae3ec41b04f389da208090c110b7d7ccc903bd3ae9f6ec1b926d5461fdd1e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 09:23
Reported
2024-05-03 09:26
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndlkccngholfmdlemknbiomneemlmgl\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\NoExplorer = "1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dll | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.tlb | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.tlb | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File created | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dat | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\YoutubeAdblocker\hY6bh.dat | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\CLSID\ = "{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.tlb" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Implemented Categories | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID\ = "YoutubeAdblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0\CLSID\ = "{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0\ = "YoutubeAdblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker\ = "YoutubeAdblocker" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ = "C:\\Program Files (x86)\\YoutubeAdblocker\\hY6bh.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{36C02C6B-020C-26EF-C2C1-559D1BA9D14F} = "1" | C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\102e4609c2b5713678938f7233bc9c59_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\102e4609c2b5713678938f7233bc9c59_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe
"C:\Users\Admin\AppData\Local\Temp/00294823/F2ewBn.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\YoutubeAdblocker\hY6bh.x64.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.exe
| MD5 | 6223a19e77e3b9b4f633e8863ee1cf40 |
| SHA1 | ee5ec9cffb59790d553f5a3394ad5808e1e37446 |
| SHA256 | d4041f6772da83d968fcf13181a9004ba69f89effc3a69bee019ab44b5ad1f46 |
| SHA512 | 66c99f26af2895142c61d75025f9343cc132883f79a513b47c18da1f9eb2582971eeee0610779e20d51d378fda854bf4c5a51434a0f0425054a7d059f764bcb3 |
C:\Users\Admin\AppData\Local\Temp\00294823\F2ewBn.dat
| MD5 | 46228b8fb45b59527aecdf3ed1a97f58 |
| SHA1 | 5db2bc4028068ce2c7556c4d2dfc25b709407297 |
| SHA256 | 0a193647a6298766f576eab80d26e5713f5fdf0749f774c742ba033e6847e3de |
| SHA512 | 24196bbaf514dddc0c998a092d622408052d76b8ec395ae045cb33f976a82c5b7626e3757c48314e924534e2fd72fda7425e4df99a14c61d7fe6d3bfb35f7036 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\background.html
| MD5 | f77262e87e7d0fe8132ddbe0083d84ec |
| SHA1 | 7f702080941ec7c8287d7cd260fa017f7b904212 |
| SHA256 | 30d1df7bc4e7ba737cf89a350a861e1b91eab9dcb6aea1cfee029d5a1e670583 |
| SHA512 | be7b4fe06b8f4cf920da4358a49c8a3581b10bf67f0c9af3af039b19711b8ca5aad171c6d2883fc7449153699aac03fd580949de25f5373dbe7872c19787d9df |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\content.js
| MD5 | 5f9891607f65f433b0690bae7088b2c1 |
| SHA1 | b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de |
| SHA256 | fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b |
| SHA512 | 76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\lsdb.js
| MD5 | 209b7ae0b6d8c3f9687c979d03b08089 |
| SHA1 | 6449f8bff917115eef4e7488fae61942a869200f |
| SHA256 | e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704 |
| SHA512 | 1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\manifest.json
| MD5 | e2832fbedae560495781610b5c511afa |
| SHA1 | 95f9c6fe1ea5a6ee009bce1e9c215ef53fb5c108 |
| SHA256 | 6e03e688a9f7cc23a788e004cea4c87ee73e36c1053d2fb34a214bcc597f3ea2 |
| SHA512 | 2e206b58d02a88d21cb0cd74d5523b9f07f4558b4af9a19936befb256c2dc868107ab1716849e09b665721d1ac7b01ba6762bb54822596e39a4cdad763c68cb9 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\MzZVwP.js
| MD5 | 8e398cf605a7149462b845f88192371a |
| SHA1 | 41e92627634ed02bc56764101ee6b2defc4ab9a5 |
| SHA256 | 8211e1f3cf385c2587e40941679a3f723ffd56ad81ad4f66cb3d580559f14c27 |
| SHA512 | 178b480c9ad084ec24f6ba3aca40286a69c535350534bcc6e97d1bafefd46c80b873c7b96c05573d30028b45327c494be68c3913b5cc82a1353b7b82b065f006 |
C:\Users\Admin\AppData\Local\Temp\00294823\gndlkccngholfmdlemknbiomneemlmgl\sqlite.js
| MD5 | e01bbcaa478aeded50e5db9f601a74c9 |
| SHA1 | 697ba20e3cd92a5f53c6ca65da7bf7600735cbbf |
| SHA256 | ea00222f327abaadec50edfa195d3824435abdbb4e485218aab25400dd1bef34 |
| SHA512 | eb5eb5474342f782917f8a9c7017d56d79f7bf45509c4a981c82c51226759253f573d768a6819ad77ca5bec6f1800e383e251e7b97f89a30f35f2bdc8c9a2f9b |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js
| MD5 | 1b53c596cfb1aa2209446ff64c17dabd |
| SHA1 | 2542da14728dcdbe1763f1ee39fe9ceae38ad414 |
| SHA256 | a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f |
| SHA512 | be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030 |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest
| MD5 | 5653f7a2e87d1348aff4477552400cae |
| SHA1 | a594b78d56f3aa135ce11f8e566f6b59dcfcf176 |
| SHA256 | 52ec35f862a08c4d4950090baa6cfb148abc42f1f693340a50b77500f74fbdb6 |
| SHA512 | b357ee84d8e7c1a432e38d7eaf32e7d463b04e98d56f3ab9de270d33b5423263d26fe61480d05900cd2f0a62d1bbf9d11270ce13956f99451ce7f154a2a601cc |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js
| MD5 | 3b339e48c947092c6c139411277c5c98 |
| SHA1 | b5cf52974cf52ca48fb67a7b8710c604e49c4724 |
| SHA256 | 13bdb25dca14b05c4254fb0d557e9264dc163a11391796028a61342e1c5248de |
| SHA512 | e3b28de222c77d3fb5bad155f8e3fd5e5e1c30613f083e0c331dcc688ad53ee24ce45bc695cdc2892ae58b22aaeb16d47387d9ec0713462308ead17f22469e47 |
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf
| MD5 | e8d570b25eb683ce6fcd0a935bfde69d |
| SHA1 | 45d31d86c547548b8cae43a6b6af36f0b1c75787 |
| SHA256 | 46ffba4a465890639fca60c1f22ec484d91b746d73c5f24cf64a77671efcbf40 |
| SHA512 | 1eb7b2279844b23f11be9ac35e38e879ad57541b4d68014f49ce2a5e0b4fb652e9d885cbb241755716a7e1b473601c487df502a4600356820ecb90997202ba1a |
C:\Users\Admin\AppData\Local\Temp\00294823\hY6bh.dll
| MD5 | 9afeb7fa65aa31c6b871237d14a8fb94 |
| SHA1 | 58f99ae9ea22f56f28b6c5fa798bda3109f297f6 |
| SHA256 | 4cb847c3d1b5b9ae746e3725ae26b756c4eb980c93faf2a5963a030e9db2874a |
| SHA512 | 311655752677bad1e397ef2f03608ee9819157d211b65cb3b4d81a11b70c32fdd07a6e38c7b276e66ad7953f7549d1c881a0fd97ec82621365a4c2ec23dca855 |
C:\Users\Admin\AppData\Local\Temp\00294823\hY6bh.tlb
| MD5 | 9f260bfcd1ef83627ceb2792ee3324f5 |
| SHA1 | 078164529ae639e5ff9cf0e4003a82259c2aace8 |
| SHA256 | 8ce97c40c3fea5c0a6446b3e647cdb0d1d38eb0a07c40a91a8df4ad0517b2526 |
| SHA512 | 3e3fa6af779fdda2ecd4e75cfb7b09eae69352eb39560fecbeae750130a111aa099a11d91dce90ab2a7dc11a9fe25d3898c65da8de7fb5729398cdb8260dcd6f |
C:\Users\Admin\AppData\Local\Temp\00294823\hY6bh.x64.dll
| MD5 | 410bb7e2c88f92de31b83a173e173e2d |
| SHA1 | ff40233a038f80b7b1513431d6a9632e8f0e39f0 |
| SHA256 | afd8e3c979685360c26ff618eb85e0b788f7d9b743fc4e52b9337c242e5bf8d3 |
| SHA512 | d5a2727ac2936f189e4247852f147efe93f4473c690abb046c0e38cd8371198c601ae3ec41b04f389da208090c110b7d7ccc903bd3ae9f6ec1b926d5461fdd1e |