Analysis Overview
SHA256
20802dbd7a6399c0788d2a99ea9cfb299b3d5b4fc27268ee4d3cdad3b78f3959
Threat Level: Shows suspicious behavior
The file 6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Registers COM server for autorun
Executes dropped EXE
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
Installs/modifies Browser Helper Object
Drops file in Program Files directory
Unsigned PE
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
System policy modification
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-24 06:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-24 06:57
Reported
2024-05-24 07:00
Platform
win10v2004-20240426-en
Max time kernel
135s
Max time network
105s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ = "C:\\Program Files (x86)\\Adblocker\\91q.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ = "Adblocker" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ = "Adblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\NoExplorer = "1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adblocker\91q.tlb | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.tlb | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.dat | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.dat | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.x64.dll | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.x64.dll | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.dll | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.dll | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CurVer | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CLSID | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Programmable | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ = "IRegistry" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\VersionIndependentProgID\ = "Adblocker" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Programmable | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\Program Files (x86)\\Adblocker\\91q.tlb" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CurVer\ = "Adblocker.1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID\ = "Adblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ = "IRegistry" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CurVer\ = "Adblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\ = "Adblocker" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Adblocker" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ = "C:\\Program Files (x86)\\Adblocker\\91q.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0\CLSID | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0\ = "Adblocker" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CLSID\ = "{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} = "1" | C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe
"C:\Users\Admin\AppData\Local\Temp/28397003/30e0.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Adblocker\91q.x64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Adblocker\91q.x64.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.226:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 226.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 208.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\28397003\30e0.exe
| MD5 | b2618483d2b505447782784d83fc3c6b |
| SHA1 | 5805f72466a86ab72fd328bdafbe20784a02cfbc |
| SHA256 | 94553457b3d86e4527651df80e3aa28a0815f9a985e4909a7d0b344fb057ea69 |
| SHA512 | b4b60df94f5a4ef16778ba76d504ead9d8f3fb5e9dd3f5e3d5f4108936572ff42e4a54cef61244761df0c9461511f33c0204adfa45ff97b89f4edc38757fc734 |
C:\Users\Admin\AppData\Local\Temp\28397003\30e0.dat
| MD5 | 923e60e9d2f9bca9269444ff59b867bc |
| SHA1 | 2ad85895c594d4efb4cc06b3ba91189ccb43f6a2 |
| SHA256 | f3a011d262eb975489d3426c2661b8de858a59cc9bec052f3d467788c73a067d |
| SHA512 | f6534cbc7919a92d0b566e2ac62a195f75426487da9f0cbc6c834e812379779704a117d09d2b7dfec47bb6b1dd4e1a4f4b31a6e7b5721fd8bdf0521dc076ee6c |
C:\Users\Admin\AppData\Local\Temp\28397003\nfminohdmmapkakbegbgpiajbjdneaoe\Iu3eN.js
| MD5 | 48df0e24dc7d630e4341cbe47c7d29fa |
| SHA1 | 7a20bf2b7b5552e8f6a326c0e557b1494b8294a9 |
| SHA256 | 1159746016bb4c518e56d1810765c08ec2f3d429a6e7edc512d43d55279edde0 |
| SHA512 | 192ba84a60ac7e84ccc3e1ddcf37b83280b2be14df20d8f0e5b1a69382a314ff08bbc7a2d153c4f0c78704a217e484d35cbc017c7ac83ee821ad9666e4ee3706 |
C:\Users\Admin\AppData\Local\Temp\28397003\nfminohdmmapkakbegbgpiajbjdneaoe\content.js
| MD5 | 07139eaa9d1fd2d7c3b47ef37578bbbd |
| SHA1 | 782122104e812fc11b30f38f47d142c6de7a2cec |
| SHA256 | 4307187a58cde5dca07316df4b950fda6381391af8b63ee8be31cbcff65ad1e0 |
| SHA512 | 3cab09b0a43f9587c4f70d9bac6f8b9da3de34cf5e739ffd6336ce297500f84486487dd0bf4194e5d523bbb9e4cda209d16050ca8e53d07c5af3496fd78d88ed |
C:\Users\Admin\AppData\Local\Temp\28397003\nfminohdmmapkakbegbgpiajbjdneaoe\background.html
| MD5 | c0c4948dab582878ec0564c46166bda1 |
| SHA1 | 92c6df67d7f3865d25b1c139ae20e3710a19d4e8 |
| SHA256 | c08e9a1b0eaf74c54e1c012590f706b1bedae8fdeb1e1964357aec5d1d9fd14d |
| SHA512 | 3c4c74c05f2286e5db20e2fd4fe7c400df3d657d595a1b49afec48b22187300d8b6c9827f1463db362679ed6cdfd72f1415d8e735f3710f3bda516057438def2 |
C:\Users\Admin\AppData\Local\Temp\28397003\nfminohdmmapkakbegbgpiajbjdneaoe\manifest.json
| MD5 | 12da9defacf7555da51406c40f6a7319 |
| SHA1 | 6bec535c8f7ba012046c43ffdce58c5602a9ed61 |
| SHA256 | 2250ebd3138423759f8ba2fcf4eb09180cdb206b5c755128b892626512bd3162 |
| SHA512 | 3adeb9112d447760f687556f3795633182918bb9c84ce100fcaf4fc5bcf17caa08f4d461db4ad6fc718233b0df0bcb5f89e2629b3764737de1f9f474e4b3780f |
C:\Users\Admin\AppData\Local\Temp\28397003\nfminohdmmapkakbegbgpiajbjdneaoe\lsdb.js
| MD5 | 0a4c526d7ab529d15a4bee9e218bca79 |
| SHA1 | 62180ed7a558bb3c3347a81e030c8414d0c4807e |
| SHA256 | dfe75314a9d6e0a3e74b4932c58e81ce8ffeb0fd83af0663a4818698f9f056d1 |
| SHA512 | 2a78ffa0755f9c44c82ccfd2bf36a08c6d80afd46fae152317b0a285220ff8666cbef0e5bb15582bf0e6955432b3c276a44b15f9c1ead76f0b0969e95c9dfda0 |
C:\Users\Admin\AppData\Local\Temp\28397003\[email protected]\chrome.manifest
| MD5 | 9eb9821da9d821d6d6137c90aeb1121a |
| SHA1 | 6c360d8e80031e13bd695f02c47463c3d28c190e |
| SHA256 | c8df63e332b04b7ca8aac5ad567a6b22e059751e670aeef534233c18163dc434 |
| SHA512 | 5918e2edb22ecc121a049c1a4fab81b34a6737d4c4f0ab1555c0593ac691199d069b0ea186288dee60b45eafa0a41d804efe8538ce53f46a788c3b5e66414972 |
C:\Users\Admin\AppData\Local\Temp\28397003\[email protected]\bootstrap.js
| MD5 | df13f711e20e9c80171846d4f2f7ae06 |
| SHA1 | 56d29cda58427efe0e21d3880d39eb1b0ef60bee |
| SHA256 | 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4 |
| SHA512 | 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e |
C:\Users\Admin\AppData\Local\Temp\28397003\[email protected]\content\bg.js
| MD5 | 0b4b8d7bb080c85d0ee70988d3cd2c8f |
| SHA1 | f07b4eddce3ba358a8bc3378a35c83f048bf7b34 |
| SHA256 | c5178fb809724b5e34dc2e9ee9e331af4c453bd5094b3e1160124b52bb5cdea8 |
| SHA512 | 13bf071e40e58bb9498aeac5b2de29d8c8ba8b41c78b668fa1ddfc9d9752e4d4dbe123b04634b989a8b33980592a62dfc2fcd1b903aa751c7982bc700ea27e99 |
C:\Users\Admin\AppData\Local\Temp\28397003\[email protected]\install.rdf
| MD5 | bfe3aeb0c60d0286cef66e8e2f10e640 |
| SHA1 | a6ff855cd7e492a33dcd52779fdbe8b4ce6ac67d |
| SHA256 | 01972e468827776d2ca4975eb0a81fcf3719ef072863bb3b2f0fae75727a71c7 |
| SHA512 | ef83ea92d9cabf68c1f6bb0a165009c191106063bad4a78fb68360270013f5e048d64ad3ebe5f53e147c3e179626c1e9fdbca92b4cce58158f7cb9d4f9e12162 |
C:\Users\Admin\AppData\Local\Temp\28397003\91q.dll
| MD5 | ffe3f0c62f2fede9890b18d73724fd97 |
| SHA1 | 0dafa42039405f8d49a6790180194076bd57c833 |
| SHA256 | 2ec40c7a7808d8aeee27eb8db1ed36424dd7d692e6d2043b20b3c75e8dd2b4d8 |
| SHA512 | 84fb90d2214beae1e0c90b2d4a8678c8a55792daf60e70c441d6b5e279ae7ab5e03f49c401e14b7610189f4e885095f7f569add030254656c0e7e41f75eb8bfc |
C:\Users\Admin\AppData\Local\Temp\28397003\91q.tlb
| MD5 | 8d10c52cfa044ccdcfff4e0b5775babd |
| SHA1 | 3b2c872ab3237d7b74377032ed7a5239c82df766 |
| SHA256 | af8efa41494e63e07553fed5bd5df73cf55c160de292ea2a2ee0568cf12e0156 |
| SHA512 | 123d5af4dec8a370a1176fe50998be5a97d3bc46ed7dd9fa365f8f4fc669785b4ed3cb0b65b266095edd3dc3512a4a1d916c035d6184e8e134617502b90f9700 |
C:\Users\Admin\AppData\Local\Temp\28397003\91q.x64.dll
| MD5 | 0231aebb8155fd069d17eab6a679cc1e |
| SHA1 | 61cb4b5228e6253863391ef3346c2f9920dbc554 |
| SHA256 | fde9e3251cc1237aa3b2ad89acfb5691e8fee5a434989d9a9308ab41b774b672 |
| SHA512 | 42c61873d4287d4a7fb17760fc9e9902723d8c74b21be92ddf6a949b1d6170894abbab9e03680a1518c997decf58ccafc351a5ed619e6515532379663e4f5434 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-24 06:57
Reported
2024-05-24 07:00
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ = "C:\\Program Files (x86)\\Adblocker\\91q.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File created | C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ = "Adblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\NoExplorer = "1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ = "Adblocker" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.tlb | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.dat | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.dat | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.x64.dll | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.x64.dll | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.dll | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adblocker\91q.dll | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| File created | C:\Program Files (x86)\Adblocker\91q.tlb | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration | C:\Windows\system32\regsvr32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\ = "Adblocker" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\VersionIndependentProgID\ = "Adblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0\CLSID | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CurVer\ = "Adblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Programmable | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ = "Adblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0\CLSID\ = "{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CLSID | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\ = "Adblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker.1.0\ = "Adblocker" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CLSID\ = "{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CurVer\ = "Adblocker.1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\ProgID\ = "Adblocker.1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\InprocServer32\ = "C:\\Program Files (x86)\\Adblocker\\91q.dll" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CurVer | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Adblocker" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Adblocker.Adblocker\CLSID\ = "{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64\ = "C:\\Program Files (x86)\\Adblocker\\91q.x64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\Program Files (x86)\\Adblocker\\91q.dll" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{9B482BA6-0CBF-D98B-F6DA-A51E955AD016} = "1" | C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe
"C:\Users\Admin\AppData\Local\Temp/1f304a16/30e0.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Adblocker\91q.x64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Adblocker\91q.x64.dll"
Network
Files
\Users\Admin\AppData\Local\Temp\1f304a16\30e0.exe
| MD5 | b2618483d2b505447782784d83fc3c6b |
| SHA1 | 5805f72466a86ab72fd328bdafbe20784a02cfbc |
| SHA256 | 94553457b3d86e4527651df80e3aa28a0815f9a985e4909a7d0b344fb057ea69 |
| SHA512 | b4b60df94f5a4ef16778ba76d504ead9d8f3fb5e9dd3f5e3d5f4108936572ff42e4a54cef61244761df0c9461511f33c0204adfa45ff97b89f4edc38757fc734 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\30e0.dat
| MD5 | 923e60e9d2f9bca9269444ff59b867bc |
| SHA1 | 2ad85895c594d4efb4cc06b3ba91189ccb43f6a2 |
| SHA256 | f3a011d262eb975489d3426c2661b8de858a59cc9bec052f3d467788c73a067d |
| SHA512 | f6534cbc7919a92d0b566e2ac62a195f75426487da9f0cbc6c834e812379779704a117d09d2b7dfec47bb6b1dd4e1a4f4b31a6e7b5721fd8bdf0521dc076ee6c |
C:\Users\Admin\AppData\Local\Temp\1f304a16\nfminohdmmapkakbegbgpiajbjdneaoe\background.html
| MD5 | c0c4948dab582878ec0564c46166bda1 |
| SHA1 | 92c6df67d7f3865d25b1c139ae20e3710a19d4e8 |
| SHA256 | c08e9a1b0eaf74c54e1c012590f706b1bedae8fdeb1e1964357aec5d1d9fd14d |
| SHA512 | 3c4c74c05f2286e5db20e2fd4fe7c400df3d657d595a1b49afec48b22187300d8b6c9827f1463db362679ed6cdfd72f1415d8e735f3710f3bda516057438def2 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\nfminohdmmapkakbegbgpiajbjdneaoe\content.js
| MD5 | 07139eaa9d1fd2d7c3b47ef37578bbbd |
| SHA1 | 782122104e812fc11b30f38f47d142c6de7a2cec |
| SHA256 | 4307187a58cde5dca07316df4b950fda6381391af8b63ee8be31cbcff65ad1e0 |
| SHA512 | 3cab09b0a43f9587c4f70d9bac6f8b9da3de34cf5e739ffd6336ce297500f84486487dd0bf4194e5d523bbb9e4cda209d16050ca8e53d07c5af3496fd78d88ed |
C:\Users\Admin\AppData\Local\Temp\1f304a16\nfminohdmmapkakbegbgpiajbjdneaoe\Iu3eN.js
| MD5 | 48df0e24dc7d630e4341cbe47c7d29fa |
| SHA1 | 7a20bf2b7b5552e8f6a326c0e557b1494b8294a9 |
| SHA256 | 1159746016bb4c518e56d1810765c08ec2f3d429a6e7edc512d43d55279edde0 |
| SHA512 | 192ba84a60ac7e84ccc3e1ddcf37b83280b2be14df20d8f0e5b1a69382a314ff08bbc7a2d153c4f0c78704a217e484d35cbc017c7ac83ee821ad9666e4ee3706 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\nfminohdmmapkakbegbgpiajbjdneaoe\lsdb.js
| MD5 | 0a4c526d7ab529d15a4bee9e218bca79 |
| SHA1 | 62180ed7a558bb3c3347a81e030c8414d0c4807e |
| SHA256 | dfe75314a9d6e0a3e74b4932c58e81ce8ffeb0fd83af0663a4818698f9f056d1 |
| SHA512 | 2a78ffa0755f9c44c82ccfd2bf36a08c6d80afd46fae152317b0a285220ff8666cbef0e5bb15582bf0e6955432b3c276a44b15f9c1ead76f0b0969e95c9dfda0 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\nfminohdmmapkakbegbgpiajbjdneaoe\manifest.json
| MD5 | 12da9defacf7555da51406c40f6a7319 |
| SHA1 | 6bec535c8f7ba012046c43ffdce58c5602a9ed61 |
| SHA256 | 2250ebd3138423759f8ba2fcf4eb09180cdb206b5c755128b892626512bd3162 |
| SHA512 | 3adeb9112d447760f687556f3795633182918bb9c84ce100fcaf4fc5bcf17caa08f4d461db4ad6fc718233b0df0bcb5f89e2629b3764737de1f9f474e4b3780f |
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\content.js
| MD5 | 57352f594c705ef7c32bce068184e2d4 |
| SHA1 | 8add6a8b6b50762a48d20c3e9cacadb08e48e6da |
| SHA256 | bec8eab839d932f41de91a426082e7e401d748354bd86108f48cffda86db016c |
| SHA512 | 2ad590ee04360b8c7d59d1bc4222bcbbcdef00af3e82331ff07a4dcc6a006262b2ae3e1a6fa0f0fc3db758d11f1cb1f9f03ca7e8e6b891f464f4a82836deb254 |
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\Iu3eN.js
| MD5 | cb6a90852222a9c154a0169d9cbff50f |
| SHA1 | 5f9c673dd06ef3a06f90573713afb7026f609d73 |
| SHA256 | 411225f4d38e129ffd2f6f60182ae73978f7e3e22a77c3e4a47d717a6bd2f4de |
| SHA512 | 947204a8fa0e548f896aef7af4907d62595076aa4659300684c514f6092b40d3c68440e2eceb025859b90837feeaa44fb2d9ab42c05278df87da4ffd7f08f164 |
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfminohdmmapkakbegbgpiajbjdneaoe\1.0\lsdb.js
| MD5 | 69cb310684520930070f1e3071bad401 |
| SHA1 | 7e19a987f18dc71d10e2d276719a311844b568e1 |
| SHA256 | 20c2ea20f45d91d21443d09f7b23ae41c7f103281799d49c041b1e00df9a2aba |
| SHA512 | 7824667d0cabd9d2f89fd3a35a1f949c38c08f80fc81d061166c3a7f6b2099404921bee71760ac86ec1768b9b082926b9369f9ad1991a401be6516f4d3b6f225 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\[email protected]\bootstrap.js
| MD5 | df13f711e20e9c80171846d4f2f7ae06 |
| SHA1 | 56d29cda58427efe0e21d3880d39eb1b0ef60bee |
| SHA256 | 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4 |
| SHA512 | 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e |
C:\Users\Admin\AppData\Local\Temp\1f304a16\[email protected]\chrome.manifest
| MD5 | 9eb9821da9d821d6d6137c90aeb1121a |
| SHA1 | 6c360d8e80031e13bd695f02c47463c3d28c190e |
| SHA256 | c8df63e332b04b7ca8aac5ad567a6b22e059751e670aeef534233c18163dc434 |
| SHA512 | 5918e2edb22ecc121a049c1a4fab81b34a6737d4c4f0ab1555c0593ac691199d069b0ea186288dee60b45eafa0a41d804efe8538ce53f46a788c3b5e66414972 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\[email protected]\content\bg.js
| MD5 | 0b4b8d7bb080c85d0ee70988d3cd2c8f |
| SHA1 | f07b4eddce3ba358a8bc3378a35c83f048bf7b34 |
| SHA256 | c5178fb809724b5e34dc2e9ee9e331af4c453bd5094b3e1160124b52bb5cdea8 |
| SHA512 | 13bf071e40e58bb9498aeac5b2de29d8c8ba8b41c78b668fa1ddfc9d9752e4d4dbe123b04634b989a8b33980592a62dfc2fcd1b903aa751c7982bc700ea27e99 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\[email protected]\install.rdf
| MD5 | bfe3aeb0c60d0286cef66e8e2f10e640 |
| SHA1 | a6ff855cd7e492a33dcd52779fdbe8b4ce6ac67d |
| SHA256 | 01972e468827776d2ca4975eb0a81fcf3719ef072863bb3b2f0fae75727a71c7 |
| SHA512 | ef83ea92d9cabf68c1f6bb0a165009c191106063bad4a78fb68360270013f5e048d64ad3ebe5f53e147c3e179626c1e9fdbca92b4cce58158f7cb9d4f9e12162 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\91q.dll
| MD5 | ffe3f0c62f2fede9890b18d73724fd97 |
| SHA1 | 0dafa42039405f8d49a6790180194076bd57c833 |
| SHA256 | 2ec40c7a7808d8aeee27eb8db1ed36424dd7d692e6d2043b20b3c75e8dd2b4d8 |
| SHA512 | 84fb90d2214beae1e0c90b2d4a8678c8a55792daf60e70c441d6b5e279ae7ab5e03f49c401e14b7610189f4e885095f7f569add030254656c0e7e41f75eb8bfc |
C:\Users\Admin\AppData\Local\Temp\1f304a16\91q.tlb
| MD5 | 8d10c52cfa044ccdcfff4e0b5775babd |
| SHA1 | 3b2c872ab3237d7b74377032ed7a5239c82df766 |
| SHA256 | af8efa41494e63e07553fed5bd5df73cf55c160de292ea2a2ee0568cf12e0156 |
| SHA512 | 123d5af4dec8a370a1176fe50998be5a97d3bc46ed7dd9fa365f8f4fc669785b4ed3cb0b65b266095edd3dc3512a4a1d916c035d6184e8e134617502b90f9700 |
C:\Users\Admin\AppData\Local\Temp\1f304a16\91q.x64.dll
| MD5 | 0231aebb8155fd069d17eab6a679cc1e |
| SHA1 | 61cb4b5228e6253863391ef3346c2f9920dbc554 |
| SHA256 | fde9e3251cc1237aa3b2ad89acfb5691e8fee5a434989d9a9308ab41b774b672 |
| SHA512 | 42c61873d4287d4a7fb17760fc9e9902723d8c74b21be92ddf6a949b1d6170894abbab9e03680a1518c997decf58ccafc351a5ed619e6515532379663e4f5434 |