Malware Analysis Report

2024-12-08 02:50

Sample ID 240818-br2ljazhmn
Target 2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid
SHA256 eeebce767c195af9e37d544a4df5fbbfa2106bb8ac34a5906ac4480f1b3977cb
Tags
floxif backdoor discovery trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eeebce767c195af9e37d544a4df5fbbfa2106bb8ac34a5906ac4480f1b3977cb

Threat Level: Known bad

The file 2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid was found to be: Known bad.

Malicious Activity Summary

floxif backdoor discovery trojan upx

Floxif, Floodfix

Detects Floxif payload

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-18 01:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-18 01:23

Reported

2024-08-18 01:26

Platform

win7-20240708-en

Max time kernel

146s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 windowsforum.kr udp
US 8.8.8.8:53 5isohu.com udp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 www.google.com tcp
KR 211.115.207.231:443 windowsforum.kr tcp
US 8.8.8.8:53 www.aieov.com udp
US 96.126.123.244:80 www.aieov.com tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
US 96.126.123.244:80 www.aieov.com tcp
US 96.126.123.244:80 www.aieov.com tcp
US 96.126.123.244:80 www.aieov.com tcp
US 96.126.123.244:80 www.aieov.com tcp
US 96.126.123.244:80 www.aieov.com tcp

Files

memory/2376-3-0x0000000010000000-0x0000000010030000-memory.dmp

\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

\Users\Admin\AppData\Local\Temp\CyberArticle\259440083.dll

MD5 afeada1c96da250c149a65078792fea9
SHA1 05edf45f6a100a72a5117910ad1fe910aae5c618
SHA256 db5d3594ab06b3d458a1472959ba1f703e98104ba94fde6b953697fa83b0a601
SHA512 70437bb78f950855c9b1d1597318755c58c8d4f430211aaa9d8829a49bcd11d993b3589cf1581e65ab7c1b40dd94a8b6f1706d9e5f55ee17bb021e2914ee33c3

memory/2376-10-0x0000000076E40000-0x0000000076EDD000-memory.dmp

memory/2376-11-0x00000000753C0000-0x0000000075460000-memory.dmp

memory/2376-12-0x0000000075C30000-0x0000000075C87000-memory.dmp

memory/2376-14-0x0000000074EE0000-0x0000000074F31000-memory.dmp

memory/2376-15-0x0000000075640000-0x000000007579C000-memory.dmp

memory/2376-16-0x0000000075210000-0x000000007529F000-memory.dmp

memory/2376-13-0x00000000761A0000-0x0000000076DEA000-memory.dmp

memory/2376-17-0x0000000077030000-0x0000000077154000-memory.dmp

memory/2376-19-0x0000000074AE0000-0x0000000074BCB000-memory.dmp

memory/2376-20-0x0000000074AA0000-0x0000000074AD2000-memory.dmp

memory/2376-21-0x00000000750E0000-0x000000007510D000-memory.dmp

memory/2376-18-0x0000000075D20000-0x0000000075F35000-memory.dmp

memory/2376-22-0x0000000075490000-0x00000000755AD000-memory.dmp

memory/2376-26-0x0000000076110000-0x000000007618B000-memory.dmp

memory/2376-27-0x0000000075C30000-0x0000000075C87000-memory.dmp

memory/2376-25-0x00000000753C0000-0x0000000075460000-memory.dmp

memory/2376-24-0x0000000000400000-0x000000000074C000-memory.dmp

memory/2376-23-0x00000000748E0000-0x0000000074A13000-memory.dmp

memory/2376-38-0x0000000074AA0000-0x0000000074AD2000-memory.dmp

memory/2376-37-0x0000000074AE0000-0x0000000074BCB000-memory.dmp

memory/2376-36-0x0000000075D20000-0x0000000075F35000-memory.dmp

memory/2376-35-0x0000000074C00000-0x0000000074C09000-memory.dmp

memory/2376-34-0x0000000077030000-0x0000000077154000-memory.dmp

memory/2376-33-0x0000000075210000-0x000000007529F000-memory.dmp

memory/2376-32-0x0000000075640000-0x000000007579C000-memory.dmp

memory/2376-31-0x0000000074DD0000-0x0000000074DEC000-memory.dmp

memory/2376-41-0x00000000750E0000-0x000000007510D000-memory.dmp

memory/2376-57-0x00000000750E0000-0x000000007510D000-memory.dmp

memory/2376-56-0x00000000752F0000-0x00000000753BC000-memory.dmp

memory/2376-55-0x0000000074AA0000-0x0000000074AD2000-memory.dmp

memory/2376-54-0x0000000075D20000-0x0000000075F35000-memory.dmp

memory/2376-53-0x0000000077030000-0x0000000077154000-memory.dmp

memory/2376-52-0x0000000075210000-0x000000007529F000-memory.dmp

memory/2376-51-0x0000000074EE0000-0x0000000074F31000-memory.dmp

memory/2376-50-0x0000000074C10000-0x0000000074DAE000-memory.dmp

memory/2376-49-0x0000000075C30000-0x0000000075C87000-memory.dmp

memory/2376-48-0x0000000076110000-0x000000007618B000-memory.dmp

memory/2376-47-0x00000000753C0000-0x0000000075460000-memory.dmp

memory/2376-46-0x0000000076E40000-0x0000000076EDD000-memory.dmp

memory/2376-45-0x0000000000400000-0x000000000074C000-memory.dmp

memory/2376-44-0x00000000748E0000-0x0000000074A13000-memory.dmp

memory/2376-43-0x0000000075B70000-0x0000000075BF3000-memory.dmp

memory/2376-40-0x00000000752F0000-0x00000000753BC000-memory.dmp

memory/2376-29-0x00000000761A0000-0x0000000076DEA000-memory.dmp

memory/2376-30-0x0000000074EE0000-0x0000000074F31000-memory.dmp

memory/2376-28-0x0000000074C10000-0x0000000074DAE000-memory.dmp

memory/2376-62-0x0000000000400000-0x000000000074C000-memory.dmp

memory/2376-61-0x00000000748E0000-0x0000000074A13000-memory.dmp

memory/2376-60-0x0000000075B70000-0x0000000075BF3000-memory.dmp

memory/2376-58-0x0000000075490000-0x00000000755AD000-memory.dmp

memory/2376-77-0x0000000076E40000-0x0000000076EDD000-memory.dmp

memory/2376-76-0x0000000000400000-0x000000000074C000-memory.dmp

memory/2376-75-0x00000000748E0000-0x0000000074A13000-memory.dmp

memory/2376-74-0x0000000075B70000-0x0000000075BF3000-memory.dmp

memory/2376-72-0x0000000075490000-0x00000000755AD000-memory.dmp

memory/2376-71-0x00000000752F0000-0x00000000753BC000-memory.dmp

memory/2376-70-0x0000000074AA0000-0x0000000074AD2000-memory.dmp

memory/2376-69-0x0000000075D20000-0x0000000075F35000-memory.dmp

memory/2376-68-0x0000000074C00000-0x0000000074C09000-memory.dmp

memory/2376-67-0x0000000077030000-0x0000000077154000-memory.dmp

memory/2376-66-0x0000000074EE0000-0x0000000074F31000-memory.dmp

memory/2376-65-0x0000000074C10000-0x0000000074DAE000-memory.dmp

memory/2376-64-0x0000000075C30000-0x0000000075C87000-memory.dmp

memory/2376-63-0x00000000753C0000-0x0000000075460000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e.htm

MD5 a97ceb621c180bb8bb788a85f7e78eb1
SHA1 8efaf67734281ed4ef74c8364f74f6aaf8289668
SHA256 46d53b4fe2a54568fcee410be92fb136891e88efdf87e723c462f1555fb15a08
SHA512 e5ea480fbbb307e4e8914955532edc5667a8a3c3fb93f8f2da5d0c0bf0b2600bf45fcd5ff89910644f8691be6e91fa074ff2dea255aaf5542c3cdee455a1491a

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\font_awesome.min[1].css

MD5 32b2027c26f0262fbbc377ce2c2e915a
SHA1 e30c4ed7938cbcc450d222f1aa075486ebb6fe3d
SHA256 483be7b8b80501d7daea32ab87dd591e4d4626867fed639d189cf715d70c3f1d
SHA512 69952bde28509a6810c029991bb484d1ef6b23898de040018c061400da4d41794ab37d94752536d59848489e174f26bf4cf780fc3f7d440864b9ad364c007ab9

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\popup[1].css

MD5 3df1a00d8297455d2e198375be4e0969
SHA1 ca95aaf5b4168c30e7c346e731ecf52c46f415af
SHA256 57279b7325946c62dbd119c15520593597b911080500791ed0da15b22dcb5dd3
SHA512 c157cb0ccd15cc43200d38a72cb7c3d296f1d3f293b1b10843a2ebe9541c5c08f2263a903d8354a38f00264b4c0ae42cd9691a9f6419f0426af6943ac7efa8b4

C:\Users\Admin\AppData\Local\Temp\A1D26E2\BD95830948.tmp

MD5 cb78fc42c72c20d3a8400b430cb42be1
SHA1 e2f8ed1d8eebc329055453e3704828e8f48e5b4e
SHA256 f18d4c3f87a526d270f8cdc8e98280c47e9a044d5af06c7932f8b94a6548770c
SHA512 46bd1a19f950103ad3b6df4bd54a5fa26719e6951f8b4847ebf0508d9eb3e2a892a0c31c0b1c7b09fba34667eded210acbf767762e705d701121438fae1ea31d

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\b862828b4574300942dd61c3e74e402a.css

MD5 34a2cca7a930daac7432c5786111d179
SHA1 112d4913484dfc68093019551c984a917b975da9
SHA256 6a38380905de1009a317d98bb3454c285036552cc895b30dd8933ed1738b4cd3
SHA512 0b260481c2016a0da5acfde19fcdea3ca235424e82f6460d2f9c62593f011ba441ad2b70dc93442035174609bcd97fd45075c2408d91516eb82b2395607915f8

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neat_side[1].css

MD5 7bef2b47a4c844d6af1214915399c8b7
SHA1 2f65fb557daeca30ad7b7a54f4d1f9a602c272cc
SHA256 59565fbb39fc2ebf446bef60f809e34f61d30c6bf7c57d6f819faec51883d6f5
SHA512 0f8405ea0c00baa0dcf4534a17577cee46584a2e07c09c0723e84505503f99c23ee698d9cd3e00b897918556a56892463dc0c03256b1675dcb65082b372d4ed4

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neat_side_list[1].css

MD5 72da8ae782f9e0c2dd1291fa8c865a7c
SHA1 7ec98c8c17b1279898b41827178ab7b21f622fff
SHA256 5ae6cd8dd528686d8d2c4cd21e2dffea79bd939f0b04fe55a6ac3d94efef6b9b
SHA512 f0c27b8f2f2307a6e1b65d8631e5945d32559438a645144ee6e854248ba9911f9684085a38529558e411a4a015c1b63cf6c55ee3be4ea9d434b5367418687e7a

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neatSign[1].css

MD5 2a4798c66224342e38e36270702ebdc1
SHA1 9973f3b3c126d15c37f619aac8f497894353cad8
SHA256 b53e694f9b794cc26d872a175643bc41024fb328be52ff8efd9f8d950d341a6d
SHA512 dd50a35de021ab06f112f14386ef807a6b72a637be4d95536ecec297f41f0c57017ff1685aa8a7fdbd6d931f1a6b7fddd131d51ccdcc33163fb97e0205950538

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\4fb02e6bbfff7d0f030ac7943dfdedf6.css

MD5 487111ea34689a672c1a74fc3890f0f7
SHA1 cb9e104b533f36a49a303baa53e54f68ce0eb53b
SHA256 dcb783d6398699f3206235a7a4e967b08287c07aca2c57734fa816fabbfa269b
SHA512 d7c9a14e8310912bbff33ab1be0c8acc4d1eee44d4de2143f80d90ff27d7cc5c1d3b6078a12a9cb424a150fdb6bb6414b623dbcaed98fdec1c2b933145d93102

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neat_news_ticker[1].css

MD5 fc215d9e1dc7bdcf895d8ed93a989ae2
SHA1 8bf777979710104178f3dd0fafad8fc108510e0a
SHA256 a4ab1b8dc3b0e42ba7b9a2187a84184898c8cce62481e5933655f1babd82c8f6
SHA512 6f7bfe8f5a771d006f183f07403ac87cf9ce9502f4e5c6cc39432a6214be7dbd14772d414543e9ae8ec803dbda476ad5388e7cf20102c204adef693a313c5ab5

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\style[1].css

MD5 c86db50edce0518f0490bb4a8e0a80aa
SHA1 73030c612fb0c77a8884f146a1ba5585c6343a31
SHA256 1728f00ab1c8f6c4d8a6fa08d274a5fd1be0796084a450f007986e35cfc16b9f
SHA512 14b22e1624a3e71cb722bf127eb7e22dc203a272cc31dc94144135eabf5d4644b8fa4dcae560dd175e382f4bee8d8ab712bc0800b645a581f335103d51599309

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\colorset3[1].css

MD5 ac429eb7d246cd3ea94c1cde6ac12fea
SHA1 d7e64444dee1f83f970d1f49f3730c45cca7faf2
SHA256 0e4eb9846d11ff0e6fc3e4697d91af892766e00db56969ddab414ad73a36a63a
SHA512 0ea260e0d71589fc04d369686c401aabd9b010fc178804ffc109359d2fb4c277dfd71c12dc67af375c93f2055f125871c83bfc723516d3c03a9c31449adff4e1

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\layout[1].css

MD5 b2c4ab66b8e72453e98b1f2b5ef089e0
SHA1 5de2100ffcbc2dd9cf9e95b2469a65b83ecd84e5
SHA256 0ba6ecadf3bdb2e2a531039aa3e40b82d98671617af1b58b213ac27dec08d6c1
SHA512 30b19a0399e74892eabef23381e3da0902fab0126ba4d14800c94c971d77656aa7a79f4f72bc023258b76d4a279f828489fcdbc1c4cda6013ea5f487d7ddef35

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\cameron.responsive[1].css

MD5 47c0263ff9d1c78ff7e0715b086f67ed
SHA1 61c166c7c3d40bc2fa25651acabaf34f1a899709
SHA256 f78ff3783bd9f18a41160e81844eb54aa591794bd86d919a96fc569328e19c0b
SHA512 efefff3223afcc3ab05ccc53871b2741ef4dc7fe9869206cac74e11521c6e58de763790a122180649396c91c8bf864b5075d338586148f1cf519f7631ca56ad7

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\white[1].css

MD5 7c7fda80428730fa1aae2501d6f556df
SHA1 5ce3c15e2467d3229e8ebe7bd43633c18ce4cff1
SHA256 a07446ca4e02b630e46ee6878a203f4af16c6d550dc3829346f8e3bc1fe00ba4
SHA512 5eda5dd1d44726202489ca2eb80bc99e08b01f7371c8c063c874037b47472cd7de7ea62f17ad1360619770384a6848db56bce00d55978d76ae921afc0d701d5b

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\board[1].css

MD5 598e64332d83d95164e21fa84076341c
SHA1 42d67b8b8a377fa865bf76c3940fee56bf37230a
SHA256 b59b97010c253d788c507a95ef12a29471687806e76bca25b4d5e18f7fe35ca4
SHA512 d69a8304e424d056edb68a64dbf2ce4ad7e9614eafba4a5f44b90e452e32b51100aab0e706fd02efcdf212c598099f566930c47fad88d91e4e7e3c1ad494ee7c

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\jquery_ui.min[1].css

MD5 0c4d9cfd7962b5795625dd6ab589df10
SHA1 c0f98abb13e68df880723699abb22d72ae8fa62f
SHA256 6e0a0c6a53c7b49fe4bbe3a74d10a1430de01e0a60cfcb620a4aa7689fa72441
SHA512 d9e9482b42a7c5d2512d1b0469d9354b7c0dc61a03618c0fa921a4ccb9394fb59f9b55a1093a6f097cca1d2ba3b8ffd9e37d38a7a83138478d384081e0e6baa5

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\addvote[1].css

MD5 bf2ccc8ef868a054530763a8d0805eac
SHA1 d5ecac9deef4968867d11a5dc7c438d29d37bda9
SHA256 c2a9ef98109abb4d430d3b30b2dce5cc7c885aac1a34047427e234c21079710b
SHA512 3e1464a803c59852552011e0a7a2b124c0c14b526f55951b608c7e3fb4bdeb1081fe789ef2201894342a5cba3eea10bdb474c893469aab9b434d317fce615a65

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\xe.min[1].css

MD5 ca3b9fbe7da07bf49b15b5156329eb6b
SHA1 665435835c0002ab898fd2042691cbb699d62ae0
SHA256 732aa6f00f3b28dde0c0fa897f0cbbc75037ed12d99c728e15cc303a2b984610
SHA512 a933e8af94c068c0cdb19f8d3cbe014a324c936ae5abb5bb68f3545977d09dcbc0498683358be8605af9d56bf3c6278a0bffdffe4bbbd9a313cd37538a1f622b

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\adsT8KV3FZV.htm

MD5 8067babdc089e806cffcc31d3897d033
SHA1 9cebce3299dd109e71091f2ba7a80a96d4a0a09e
SHA256 034ad09418746742325943de37cdd9d7cfb4a3007a1041c093a4b494d682aa2a
SHA512 99e6dded4f05c95c863c6d8ace344b22580b0a072d4e46268bb70e2fa88cebe4ed232b5bd2a26524d79ffcced76dee51c6cda210491380f9b7f1bfc18661979c

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\adsKZKLGLIV.htm

MD5 72e4a627d3209519f28b76a080fa9ee3
SHA1 ced6c618da9620117762d0d73a938c20af13b4e6
SHA256 9922dbb5f4b25d7e89f02fc040c626db99f928175d346bd7f7bb3e53c6f24f49
SHA512 6dd8b704a6104d47ed02835df9fac953585f45129b20052fecdf32a4990cad4010509c04744f69bafefd72592de59c2ca1fb2fe4236099d51dfed5f558ba2184

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\adsHO078J4B.htm

MD5 eed1363669f634d4ec193e61159a45f5
SHA1 f792d68fd2791f775059bae87b62481b5480083b
SHA256 b595e7150e244ca0969df34746a5bbba2a21e6ac54268d4f25b5675854960e51
SHA512 f8f005815cdacda0ab341d024204019e9f015b2a7a76183f2d47a31af12ebb7fabda53219e64688d56bb9e2437a01d07b3ebc1fb4a31619d8a471b64059a1bf3

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\NoScript_about-blank.htm

MD5 c2c3fa8f68f63b05a16db3f957ef8b2b
SHA1 09006b2cb99b8f12e346dc224573ff5713b372ab
SHA256 ef598e5e4066eb0ed90966551687decff9543c0f4e77f580697a45063a3c7ac1
SHA512 47757d4bf04cf5d8f35999db6ca4ec41d8a17eb3961e90ab17d2cae385eb79b8e597b2cafe22467410b8a124d468d45709cd47f7c68f034ddbe6d32ba6bae347

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\NoScript_javascript.htm

MD5 9c66400739105f819a2998bc2d44e080
SHA1 e96db9b5d8c20ca627cd6d7bab54511d0a0b4786
SHA256 cebef4d6c2468938d3b6a451a5a5ef7eb78352106408d0873c5522177c676653
SHA512 4fe4905020a979d4478655448df89049050bf8f29ab06dfe3046ce15b6db20d878d6ad9dcfd16f3f9924c5430b4f0777592cb0fa85239a853641279f570830b9

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\adsO1YCNQK8.htm

MD5 9989d807635e3f324798a94ecb4362f9
SHA1 ef714b481ccc63aeb680d27c8bdc2502d5461afa
SHA256 d5a939dba61d12d32638940a741e7c757528e2bf322260834594c16226cf993a
SHA512 ebf6287c3d3776891a55666014a6b0cc3d2199459d4b7fb543642dbaa4829112721f78fa941a61657c2ecda7581d37e4866b50fffb343afd6db2d8724cb3bc25

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\redir[1].htm

MD5 c91c9608f9ae472e1795271dc647fcf9
SHA1 a4c68f88021894b4168ac6be77240770ed0f34d5
SHA256 9a43a7cd5ac1bb3a65d9f7e7173d5adb8dae2a60bf7f0ac9b5d493f02c147d14
SHA512 dba84eedb47fc1c28910c20fb69d5f97ce9fc8f2c8e646eafbf580e2faab6451f857fca93e53db1d3856ac8a788658045b84e492692150471de4022cb2e2f2f8

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\cookie_push_onload[1].htm

MD5 f3d06bbf5ef01094427f4226acc000a6
SHA1 258eb61f7b88557371881e8977df69afcf49ce72
SHA256 b6e22ed18d9809101692363df6285c1b927307ae1f01ccc8763c24739ba3acff
SHA512 881ecee882a8061ff2741b81f1e11c41fbb6297114c907d473271f074ba05b929d82dcbfa217b4e14bd68dcca54de9b5a1a6f0b28d4dec5e1fc8bb8c65879ec0

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\aframe[1].htm

MD5 d207cae04ce93f486362881eb3863d34
SHA1 db706d9af4c0668d1facfa9586831b3cf7f80a3b
SHA256 d7103f809f80be7861f964986492946526d5a5d5e04b29ac7a68efc833f672d4
SHA512 d82c4fcfadac55132414f188e89bc39d6127995c459b74a637a0d7d077753d4b2974dbdd2151973899e30bc8c494ae650458a804e18d61ef5acb80f550f821f3

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\zrt_lookup[1].htm

MD5 4da2560dcfae00f7b93716fc35de4e43
SHA1 080a8802b6aee4f30c792f3f0d1ebec61c16a361
SHA256 f299b4e3fa838d93f9da86f8be63959090748c0e36bc4f1c9bc9029d659919e1
SHA512 ddab92003f6340e2895ad7bc2a5628958627941a67425cc2d49c5903cea972622af5aa984a2ee49a543c04bff9c13e94b3080a5375bc4d44df790bfd4764f8ac

memory/2376-741-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files\Common Files\System\symsrv.dll.000

MD5 1130c911bf5db4b8f7cf9b6f4b457623
SHA1 48e734c4bc1a8b5399bff4954e54b268bde9d54c
SHA256 eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1
SHA512 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-18 01:23

Reported

2024-08-18 01:26

Platform

win10v2004-20240802-en

Max time kernel

141s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-08-18_f18b5295296fafbf85f893bb7ac71ccd_floxif_icedid.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1380 -ip 1380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 2364

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.msdn.microsoft.com udp
AU 20.70.246.20:80 www.msdn.microsoft.com tcp
US 8.8.8.8:53 www.aieov.com udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 windowsforum.kr udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 235.20.33.45.in-addr.arpa udp
US 8.8.8.8:53 20.246.70.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 www.google.com tcp
KR 211.115.207.231:443 windowsforum.kr tcp
KR 211.115.207.231:443 windowsforum.kr tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 231.207.115.211.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/1380-4-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CyberArticle\240632281.dll

MD5 afeada1c96da250c149a65078792fea9
SHA1 05edf45f6a100a72a5117910ad1fe910aae5c618
SHA256 db5d3594ab06b3d458a1472959ba1f703e98104ba94fde6b953697fa83b0a601
SHA512 70437bb78f950855c9b1d1597318755c58c8d4f430211aaa9d8829a49bcd11d993b3589cf1581e65ab7c1b40dd94a8b6f1706d9e5f55ee17bb021e2914ee33c3

memory/1380-14-0x0000000075D10000-0x0000000075D8A000-memory.dmp

memory/1380-16-0x0000000075D10000-0x0000000075D8A000-memory.dmp

memory/1380-15-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-17-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-22-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-29-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-32-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-33-0x00000000758E0000-0x000000007598F000-memory.dmp

memory/1380-31-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-28-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-27-0x0000000075460000-0x0000000075485000-memory.dmp

memory/1380-38-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-41-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-50-0x0000000074530000-0x00000000745A4000-memory.dmp

memory/1380-56-0x0000000074530000-0x00000000745A4000-memory.dmp

memory/1380-61-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-60-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-59-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-58-0x00000000758E0000-0x000000007598F000-memory.dmp

memory/1380-57-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-55-0x0000000075460000-0x0000000075485000-memory.dmp

memory/1380-53-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-52-0x00000000758E0000-0x000000007598F000-memory.dmp

memory/1380-51-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-49-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-54-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-47-0x00000000758E0000-0x000000007598F000-memory.dmp

memory/1380-46-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-45-0x0000000074530000-0x00000000745A4000-memory.dmp

memory/1380-44-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-43-0x0000000076590000-0x0000000076673000-memory.dmp

memory/1380-42-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-48-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-34-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-40-0x00000000758E0000-0x000000007598F000-memory.dmp

memory/1380-39-0x00000000759A0000-0x0000000075A7C000-memory.dmp

memory/1380-37-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-36-0x0000000076590000-0x0000000076673000-memory.dmp

memory/1380-35-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-26-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-25-0x0000000075D10000-0x0000000075D8A000-memory.dmp

memory/1380-24-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-23-0x0000000075460000-0x0000000075485000-memory.dmp

memory/1380-21-0x0000000075D10000-0x0000000075D8A000-memory.dmp

memory/1380-20-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-19-0x0000000075D10000-0x0000000075D8A000-memory.dmp

memory/1380-30-0x0000000075460000-0x0000000075485000-memory.dmp

memory/1380-18-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-72-0x00000000759A0000-0x0000000075A7C000-memory.dmp

memory/1380-73-0x00000000758E0000-0x000000007598F000-memory.dmp

memory/1380-84-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-85-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-83-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-82-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-81-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-80-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-79-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-78-0x0000000074530000-0x00000000745A4000-memory.dmp

memory/1380-77-0x0000000074BD0000-0x0000000074BFC000-memory.dmp

memory/1380-76-0x0000000076590000-0x0000000076673000-memory.dmp

memory/1380-75-0x0000000074C80000-0x0000000074E90000-memory.dmp

memory/1380-71-0x0000000000400000-0x000000000074C000-memory.dmp

memory/1380-74-0x00000000767C0000-0x0000000076D73000-memory.dmp

memory/1380-62-0x0000000074530000-0x00000000745A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e.htm

MD5 a97ceb621c180bb8bb788a85f7e78eb1
SHA1 8efaf67734281ed4ef74c8364f74f6aaf8289668
SHA256 46d53b4fe2a54568fcee410be92fb136891e88efdf87e723c462f1555fb15a08
SHA512 e5ea480fbbb307e4e8914955532edc5667a8a3c3fb93f8f2da5d0c0bf0b2600bf45fcd5ff89910644f8691be6e91fa074ff2dea255aaf5542c3cdee455a1491a

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\font_awesome.min[1].css

MD5 32b2027c26f0262fbbc377ce2c2e915a
SHA1 e30c4ed7938cbcc450d222f1aa075486ebb6fe3d
SHA256 483be7b8b80501d7daea32ab87dd591e4d4626867fed639d189cf715d70c3f1d
SHA512 69952bde28509a6810c029991bb484d1ef6b23898de040018c061400da4d41794ab37d94752536d59848489e174f26bf4cf780fc3f7d440864b9ad364c007ab9

memory/1380-350-0x00000000753A5000-0x00000000753A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neat_side_list[1].css

MD5 72da8ae782f9e0c2dd1291fa8c865a7c
SHA1 7ec98c8c17b1279898b41827178ab7b21f622fff
SHA256 5ae6cd8dd528686d8d2c4cd21e2dffea79bd939f0b04fe55a6ac3d94efef6b9b
SHA512 f0c27b8f2f2307a6e1b65d8631e5945d32559438a645144ee6e854248ba9911f9684085a38529558e411a4a015c1b63cf6c55ee3be4ea9d434b5367418687e7a

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neatSign[1].css

MD5 2a4798c66224342e38e36270702ebdc1
SHA1 9973f3b3c126d15c37f619aac8f497894353cad8
SHA256 b53e694f9b794cc26d872a175643bc41024fb328be52ff8efd9f8d950d341a6d
SHA512 dd50a35de021ab06f112f14386ef807a6b72a637be4d95536ecec297f41f0c57017ff1685aa8a7fdbd6d931f1a6b7fddd131d51ccdcc33163fb97e0205950538

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\4fb02e6bbfff7d0f030ac7943dfdedf6.css

MD5 487111ea34689a672c1a74fc3890f0f7
SHA1 cb9e104b533f36a49a303baa53e54f68ce0eb53b
SHA256 dcb783d6398699f3206235a7a4e967b08287c07aca2c57734fa816fabbfa269b
SHA512 d7c9a14e8310912bbff33ab1be0c8acc4d1eee44d4de2143f80d90ff27d7cc5c1d3b6078a12a9cb424a150fdb6bb6414b623dbcaed98fdec1c2b933145d93102

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neat_news_ticker[1].css

MD5 fc215d9e1dc7bdcf895d8ed93a989ae2
SHA1 8bf777979710104178f3dd0fafad8fc108510e0a
SHA256 a4ab1b8dc3b0e42ba7b9a2187a84184898c8cce62481e5933655f1babd82c8f6
SHA512 6f7bfe8f5a771d006f183f07403ac87cf9ce9502f4e5c6cc39432a6214be7dbd14772d414543e9ae8ec803dbda476ad5388e7cf20102c204adef693a313c5ab5

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\style[1].css

MD5 c86db50edce0518f0490bb4a8e0a80aa
SHA1 73030c612fb0c77a8884f146a1ba5585c6343a31
SHA256 1728f00ab1c8f6c4d8a6fa08d274a5fd1be0796084a450f007986e35cfc16b9f
SHA512 14b22e1624a3e71cb722bf127eb7e22dc203a272cc31dc94144135eabf5d4644b8fa4dcae560dd175e382f4bee8d8ab712bc0800b645a581f335103d51599309

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\colorset3[1].css

MD5 ac429eb7d246cd3ea94c1cde6ac12fea
SHA1 d7e64444dee1f83f970d1f49f3730c45cca7faf2
SHA256 0e4eb9846d11ff0e6fc3e4697d91af892766e00db56969ddab414ad73a36a63a
SHA512 0ea260e0d71589fc04d369686c401aabd9b010fc178804ffc109359d2fb4c277dfd71c12dc67af375c93f2055f125871c83bfc723516d3c03a9c31449adff4e1

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\layout[1].css

MD5 b2c4ab66b8e72453e98b1f2b5ef089e0
SHA1 5de2100ffcbc2dd9cf9e95b2469a65b83ecd84e5
SHA256 0ba6ecadf3bdb2e2a531039aa3e40b82d98671617af1b58b213ac27dec08d6c1
SHA512 30b19a0399e74892eabef23381e3da0902fab0126ba4d14800c94c971d77656aa7a79f4f72bc023258b76d4a279f828489fcdbc1c4cda6013ea5f487d7ddef35

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\cameron.responsive[1].css

MD5 47c0263ff9d1c78ff7e0715b086f67ed
SHA1 61c166c7c3d40bc2fa25651acabaf34f1a899709
SHA256 f78ff3783bd9f18a41160e81844eb54aa591794bd86d919a96fc569328e19c0b
SHA512 efefff3223afcc3ab05ccc53871b2741ef4dc7fe9869206cac74e11521c6e58de763790a122180649396c91c8bf864b5075d338586148f1cf519f7631ca56ad7

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\white[1].css

MD5 7c7fda80428730fa1aae2501d6f556df
SHA1 5ce3c15e2467d3229e8ebe7bd43633c18ce4cff1
SHA256 a07446ca4e02b630e46ee6878a203f4af16c6d550dc3829346f8e3bc1fe00ba4
SHA512 5eda5dd1d44726202489ca2eb80bc99e08b01f7371c8c063c874037b47472cd7de7ea62f17ad1360619770384a6848db56bce00d55978d76ae921afc0d701d5b

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\board[1].css

MD5 598e64332d83d95164e21fa84076341c
SHA1 42d67b8b8a377fa865bf76c3940fee56bf37230a
SHA256 b59b97010c253d788c507a95ef12a29471687806e76bca25b4d5e18f7fe35ca4
SHA512 d69a8304e424d056edb68a64dbf2ce4ad7e9614eafba4a5f44b90e452e32b51100aab0e706fd02efcdf212c598099f566930c47fad88d91e4e7e3c1ad494ee7c

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\jquery_ui.min[1].css

MD5 0c4d9cfd7962b5795625dd6ab589df10
SHA1 c0f98abb13e68df880723699abb22d72ae8fa62f
SHA256 6e0a0c6a53c7b49fe4bbe3a74d10a1430de01e0a60cfcb620a4aa7689fa72441
SHA512 d9e9482b42a7c5d2512d1b0469d9354b7c0dc61a03618c0fa921a4ccb9394fb59f9b55a1093a6f097cca1d2ba3b8ffd9e37d38a7a83138478d384081e0e6baa5

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\addvote[1].css

MD5 bf2ccc8ef868a054530763a8d0805eac
SHA1 d5ecac9deef4968867d11a5dc7c438d29d37bda9
SHA256 c2a9ef98109abb4d430d3b30b2dce5cc7c885aac1a34047427e234c21079710b
SHA512 3e1464a803c59852552011e0a7a2b124c0c14b526f55951b608c7e3fb4bdeb1081fe789ef2201894342a5cba3eea10bdb474c893469aab9b434d317fce615a65

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\popup[1].css

MD5 3df1a00d8297455d2e198375be4e0969
SHA1 ca95aaf5b4168c30e7c346e731ecf52c46f415af
SHA256 57279b7325946c62dbd119c15520593597b911080500791ed0da15b22dcb5dd3
SHA512 c157cb0ccd15cc43200d38a72cb7c3d296f1d3f293b1b10843a2ebe9541c5c08f2263a903d8354a38f00264b4c0ae42cd9691a9f6419f0426af6943ac7efa8b4

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\b862828b4574300942dd61c3e74e402a.css

MD5 34a2cca7a930daac7432c5786111d179
SHA1 112d4913484dfc68093019551c984a917b975da9
SHA256 6a38380905de1009a317d98bb3454c285036552cc895b30dd8933ed1738b4cd3
SHA512 0b260481c2016a0da5acfde19fcdea3ca235424e82f6460d2f9c62593f011ba441ad2b70dc93442035174609bcd97fd45075c2408d91516eb82b2395607915f8

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\neat_side[1].css

MD5 7bef2b47a4c844d6af1214915399c8b7
SHA1 2f65fb557daeca30ad7b7a54f4d1f9a602c272cc
SHA256 59565fbb39fc2ebf446bef60f809e34f61d30c6bf7c57d6f819faec51883d6f5
SHA512 0f8405ea0c00baa0dcf4534a17577cee46584a2e07c09c0723e84505503f99c23ee698d9cd3e00b897918556a56892463dc0c03256b1675dcb65082b372d4ed4

C:\Users\Admin\AppData\Local\Temp\CyberArticle\4b34db911a1b098234e0c65f03f3569e_files\xe.min[1].css

MD5 ca3b9fbe7da07bf49b15b5156329eb6b
SHA1 665435835c0002ab898fd2042691cbb699d62ae0
SHA256 732aa6f00f3b28dde0c0fa897f0cbbc75037ed12d99c728e15cc303a2b984610
SHA512 a933e8af94c068c0cdb19f8d3cbe014a324c936ae5abb5bb68f3545977d09dcbc0498683358be8605af9d56bf3c6278a0bffdffe4bbbd9a313cd37538a1f622b

memory/1380-380-0x0000000075390000-0x00000000753F3000-memory.dmp

memory/1380-414-0x0000000075390000-0x00000000753F3000-memory.dmp

memory/1380-413-0x0000000010000000-0x0000000010030000-memory.dmp