Analysis Overview
SHA256
b0ec1a3337595b0b1c44b50dab3b0f78a180dc2656eac35c64212d941b8df17e
Threat Level: Shows suspicious behavior
The file 7648fe40e71c619b3dd53843e81145a3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Installs/modifies Browser Helper Object
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 22:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 22:35
Reported
2024-10-27 22:37
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe | N/A |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CouponAlert_2p Browser Plugin Loader = "C:\\PROGRA~2\\COUPON~1\\bar\\1.bin\\2pbrmon.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieuser.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc}\AppName = "2pSlSrch.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94}\AppName = "2pSrchMn.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\UrlSearchHooks | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556}\AppName = "2pimpipe.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d}\AppName = "2pmedint.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c}\AppName = "2pSkPlay.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460}\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin\CLSID\ = "{c2df3856-676c-41dc-a73b-facbdf8e81e9}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}\1.0 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1\CLSID\ = "{def07acd-bcea-4269-933a-4087d20842bb}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}\ = "ITemplateXMLElement" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.ScriptButton\CurVer | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1\CLSID\ = "{2d205adf-c992-4eda-99c3-096e13f38ab4}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}\TypeLib\ = "{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin\CurVer | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin\ = "Pseudo Transparent Plugin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}\ = "_ITemplateBarSettingsEvents" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}\TypeLib\ = "{7924FD2B-877C-4395-A063-A88AB887EA6D}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}\TypeLib\ = "{53CA18E7-5223-4358-9FD9-97C62C66C5BD}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}\TypeLib\ = "{D7CE22AF-CCB3-423F-84D5-4D77152181F3}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.FeedManager\CurVer\ = "CouponAlert_2p.FeedManager.1" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578}\InprocServer32\ = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin\\2pdyn.dll" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999}\Version\ = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c}\Version\ = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton\ = "Bar Button Class" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab}\ = "CouponAlert_2p HTML" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}\ = "_ITemplateBarSettingsEvents" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu\CurVer | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}\ = "It8PseudoTransparent" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c}\Control | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c}\MiscStatus | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}\1.0 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.MultipleButton\CurVer | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin.1\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23b38049-323f-443d-9732-f454e5b15b72}\MiscStatus\1\ = "131473" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{411b1946-3277-4a7f-9f60-745266360613}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2pSetup.exe
"C:\Users\Admin\AppData\Local\Temp\2pSetup.exe"
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
"C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe" -remove
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
"C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe" -install
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe
"C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe"
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe
"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe" 2ptpinst.dll,#5
Network
Files
\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
| MD5 | a787e3fbc688c71cf530f951e1629da6 |
| SHA1 | dcf03b6bc8b5780f9fafc1f5e008a50e4a1f30db |
| SHA256 | e63fd19af8bdd92476a365dc9b7a0f312c14a2f9595d6788c3700350b36084c7 |
| SHA512 | 94280e21a65805164be83a234a9918bca190f6ebcb0803203b5611a79b53a3f5f3b05cbb06ad944175e61b9175e1de023c1cef9c11d0f846e69148c2fbb3b983 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll
| MD5 | bef8418e2bb907705989694fa04a4f3a |
| SHA1 | f1acca6a112aab18be7c4a38e3ebb042960d57c0 |
| SHA256 | f8dc25c92591c9a921fd367739180b0ddf602f4075d73cd669981bcb1a55cd0a |
| SHA512 | c549c655f29abb91e65a3e445a0a28c65e78c82e6aa7c1fc99de2e5e3d3a2a4bc342e64e5f7c80b33a12b47131b74a537847e2446c632960825cf4fdd7e3e96f |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
| MD5 | 5afbf0822a1353e409b84f406ab6c275 |
| SHA1 | b57a215306698751f73a4fec91330aa2739594ea |
| SHA256 | 63020f4bb854913dcddeb0b0bd9469751a4861273391127ce041671ffe776dc5 |
| SHA512 | bbee841572d868e51a0bb0685da0630a5708c3f444bfb352bd8093c747fa42d1367d99c57c8eed002e2b1db216c1396da1fe3f48eda78390ec6cf11117938ea7 |
\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
| MD5 | c0bebcb3dfc2edb4c296f1802766e1ff |
| SHA1 | 42191afd20e6359b4c5678acb96ecb03091d17e5 |
| SHA256 | 39189db0555c346d801a918f2f4e1c1a11a279123f9c23a984e1de2d7d70c888 |
| SHA512 | 4ed63a2a792909df0ed07d5c2db2fbd6c14515d3e00c0618b710f4571fb42b91eada8af0d5d260b98f3035f72260fdc59e747470a51bfe75c5bb3b6b4183dddc |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll
| MD5 | 209d8fffc7ba17b5edf69a558b220f5e |
| SHA1 | 3e8e000fff561708b23495ae87bdd4bffb1f9e43 |
| SHA256 | 56951b5eb91204eda94ae882da53a97a23b9e0accdff44b359a2dae210d10eef |
| SHA512 | 9df7533a9daba33c808b3fb40b63741f54619d5f933a40890fae124aecc1439cf3799253512cba50a897c57e1fd15f587449caa8101bf23756e435dd2712f617 |
\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe
| MD5 | ba4695385687403aa1820346c88dfa8a |
| SHA1 | e7d0f5a1b1d842341a4f0e863f9280a02d7471d6 |
| SHA256 | 2b2a045e70225cd04c7596d61e0950f103dc3745483b3b54032e85ea33db3b97 |
| SHA512 | 942f6a9d5a41036e15d71b7b93a4f0438447c4ebe053e22a4926e5fc13dc912de44df2a203ea0f28a858d7337d7a4bfa4b26127fe5d401d0db76ba0479a87536 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll
| MD5 | 79f32577d7ce7035054e987310187440 |
| SHA1 | 58416d1488eed6f47ad78a7d0c62b854fe09b895 |
| SHA256 | 3140555e504168d849baa4d7cdf0f8f7fea2a7806d02dcde39afa8f56c72d6e3 |
| SHA512 | d3e00f991fe41b365f3ed39f40babbb8ec8e4932b2e91395f7f5830a31b9cf6d2e1c28ac5c0816f63e874edf389974152de7676333aaec95543c37aea5afa5b5 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll
| MD5 | 7e8b85dd3007138116d279c014ab070a |
| SHA1 | d6d69499bf74bb3f49b082cfef30ebc28e19454e |
| SHA256 | 04f1d61353078eec7174b0dc53ad6307615f5841523be566e935d428c70c3bad |
| SHA512 | 342162246f576e85b52c82324f6c520174f21823b8bcdcf52926c56dee313ea7c028f9934f916e6d42d3368a5371ae4e8fb4c9578b02ea32963a4304d2927769 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll
| MD5 | d10a7cc5638f78f173901891caa0ea5f |
| SHA1 | 1d965ff58ad75e94bd00d9a1781a7f7610c1123f |
| SHA256 | 92243e4c5b7f4df7491917b78bb09a02f986a7e8e79448e48a8f26eb895396a6 |
| SHA512 | 12886949d010e89adcfc0d75e2f81bbcc2a8be770be96f1e27ee380c79d1e93d02eed738431c18baa9a9020e732545e5390d02d41237b52c565141585ffa874f |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll
| MD5 | 8d5dfbad16f8a6c928fcbb84c6cda655 |
| SHA1 | 46d0ac5e455e6b40951b04867aaf21f793e38783 |
| SHA256 | bdf16d30334874de3710dc2b37a493a1845d396d96f9c80d67d2c589866f4b71 |
| SHA512 | 4737730d149fac4e7569ba8ed804cdd1d8c2b347011746901ddaa922331ecf95c80854029490b802099ba8e0aabba5269dad89a0cd481500b425c9c9a751ea74 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll
| MD5 | dbb37c245084bfa6d149d6490a3def6c |
| SHA1 | 46469fd95dcbe9018dd5c20457c6b80f882b06f0 |
| SHA256 | b14bee662471d747f7c94a62d45c6426934faeb5a597b2ea092bd621253f45b3 |
| SHA512 | 904f04fbbcdd50b3e30620c4e4be477a21c0c3639e54651a929daa4e4700f486112edfeba5496213b6c14732a45205581a93bdabbe9ede27c84e6ed31b1d7339 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll
| MD5 | 078142e03762f182c420dcec5bf57522 |
| SHA1 | f715f1c82fa9311405cb7d50bb506dd4a08bcfa3 |
| SHA256 | 9e196cc00408096c7bf61a3bb7615182432b15e9476f86e8e556c7dbeec3597f |
| SHA512 | 23a3ad0ab94e064f45f317352beaa615040d74f1fd3a20ef29d8d1e53a2b0cfcec5f359de688185f3695682dc22ef51ba04001d175d016504335acb4e1e889a2 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll
| MD5 | 64451f703e38ce8ce558916d1b3b298c |
| SHA1 | 88278506406f9125daff32f8e8459574fe8f38df |
| SHA256 | 9c9c071529d43298873a129c695508edc52a83e528ac0266fc58707faf2e58df |
| SHA512 | 559e61be7b7a7d3000e523f6b208805e6908bbfd7fd123b4b869f5ee95337d76fb36e5807a1dcbee3a5379ae9a2f5dbce52be7efbf31c241051c9d9c13af05ca |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll
| MD5 | 3470b060c813074d7ba1e06c019ec03c |
| SHA1 | c388e332081ca424274b92f53429e1ddee8e5775 |
| SHA256 | 584b0adfb7daf42504cc7a443f031f1463fbe19b63de8334fc8f18acdf3b1865 |
| SHA512 | 806a2ea5d5b703d4cac8973312da485497c14431b9c1b1a1a9e15f6423215961f1a2d54a429a4aca6f67435f2a3348dea426b86293b46c62af10b7953639bf38 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll
| MD5 | f807dad358658e35e6f0fea173a6b4cf |
| SHA1 | 0fb2d953de4f1cbc548b6e5525580663c1896295 |
| SHA256 | b61bc01059e4e9d8dad5a971a071fec40e7b21ee13155de14604da02f997f1bb |
| SHA512 | f2002553b415e92874254d07ba44a20104df027443c93b6df7f8240c18d9218b648b4a02c0545ffd2d92ae8b487b59af21bfac5dda5d3e68b2bbb6f06f7ee2a8 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll
| MD5 | 196c4d88c7c780fc2dc83393512883de |
| SHA1 | 6343f5711789bfb866e18a172828eb7d45606a62 |
| SHA256 | ee57dff1e8d60a585c5ee37a52f5c825b75740359fddb5006bb913bb156cadfd |
| SHA512 | be685fa9d87c0b7521176fd6bffa37206d068f4efceafc5996bb5ff2f44d49e451a1ba02a28f30c5a6a0cd79c3ccd22da06e3ab7752dcb2f75ab979f56347e89 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll
| MD5 | c1b14848de571fc85c73c79c80bc1d1a |
| SHA1 | b133d05665047306caa7765db6da69660acaa50d |
| SHA256 | b78b1161f3537108d573df6d695225e27b460e9afdedcdae714ecb99b25d7cdb |
| SHA512 | e52478f47841b393d7f917349b22f128cf2c2d4caa1bee02c51a3ba7103579d49d1f243664ae0e099f3fb89b5269b2f6e7188d3a9b234bddb533249eec3c54cc |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll
| MD5 | 05de9983317fe259ad8c88c7880ebeb3 |
| SHA1 | 919d95dafc2ff2580952b8dd14ab8471a73eb4e6 |
| SHA256 | e35c66f120064017cf47255faee3dbf959bbd9ae182db647becf7d4da0bba53a |
| SHA512 | 7b2a72955ed6637aef4df3af5cd20f9bd7afe4a3bb926d9353b1da8848628ba07fccf03056074f1208c1a04aafbd437000c817759f25e2c042f0f01f24ca8c11 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll
| MD5 | 05b1f48b706799cf55cd8b52a7462f8f |
| SHA1 | 003efc04aa08e9f1e59aee6199acf5c1863b6818 |
| SHA256 | 3974ea1583ee359c187b2e052985b022656acbbaa156cd030bb02cf7c68c2627 |
| SHA512 | 206ecbb1e2de89765e08a5f6f6bcd1012424129a72ec88e248bd38f182dfdf34cc85c8b3d4bdefcbf3163b7998064d2d1ee123b6e1b43b5658b13c13dfc47144 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll
| MD5 | 7396779ccb97fe1db173857422226451 |
| SHA1 | 0f7bc5793f586751eb47485a03c0afc8e3d7ab3f |
| SHA256 | 5e8d884b7bc5f19ef56469e3804998832b281ba1d7b16101acf957046b3b1ef2 |
| SHA512 | 0130a673a8655e2452ea5f4d52973dfce453090eca40d864e18fa33840d02038dafe07d45bb844c39438dc8bc83bad75687203ab9b3469d04bcc886faf724193 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll
| MD5 | 25ac933b59ff336367bd6e28562de857 |
| SHA1 | 41ce69a759faccc49bdb85b1f4f2a84e2ccd1e6e |
| SHA256 | 5750ed2046caa1ac617254f7c1e4cea3ea8f01bb7eaefcf5a668b49d716640d8 |
| SHA512 | 816ae02a00148589d5be0bf9246220fbb94a5029880e918d307cf8134d74c3d1883e177ee61d2cfcdd9eb01151a86770c60d14197109ffe71f852edcf2e08f76 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll
| MD5 | c77e6a85934d428844473c9763747fe9 |
| SHA1 | 31c04d3314cb73be5d623f1bb709f54816ce27a9 |
| SHA256 | d3f4cddd3f6865c97d75613e4aa0185e5b42e75f44e2c0f0480cfba7f9176a1a |
| SHA512 | 4ddb51d796dd34635e802bcce03e90eddcf62795f0f1b11a96e6099e4ad963f59fc6d0ab178640a6015ffce44d23231627f3ae9c94bef95cfb7e0a2507aaf0c8 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
| MD5 | 05cb544850086b21597f3580b01e66fa |
| SHA1 | e1363223d3524141eb87aa65bd15606fc0031845 |
| SHA256 | a33efa0b4cbabee12981cc49a96b9144b94a893100abe158b1e055677a7dc4dc |
| SHA512 | c1b1c7898e07b8ed50255c3e277cc44f61eae53b46943d0e04e43e05be72b1865124d3395424bba85755510fd1f71bd4b11312577729cf2325beb4bb41a8be16 |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll
| MD5 | 01acc19c649d35ae3e049095d77fe5bb |
| SHA1 | edf0fc52a8cc56f8aa68f05cb5610f37c1f6546a |
| SHA256 | bad75288a411654a815184bf6e140771ed1da28fbf2392da7c002e8785700e0d |
| SHA512 | 8400b6db578440027fe3417ede304a82aacd3025b0e7f433873e4001e3c25e6951d733ee803de13ef271336b24680de4a197258eed731c0d3bf796e4f3a73e6e |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe
| MD5 | ede9efd100fed6f723ef26eef67f5bc7 |
| SHA1 | 97401b6d2967a2dfb2ba0605d84e8abd7368450e |
| SHA256 | c4ac82da7e7eb1e5e7854571305897a8ae6a2f5704a3116ed8454188d9df3eb5 |
| SHA512 | 7570b96fc89e03daaf8d52caa0aacabb3ec626619678dba75d63d5482ff0a479be002fac3c7d5523f873c84f317aea44a3008d702f4c99cd3ded490dfc80f21a |
\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll
| MD5 | af4987ef966a6270b5e99fafee9c9fa8 |
| SHA1 | 2c3a0790e3638e61e711e3b97a6058b24ea49e57 |
| SHA256 | 9113c634fcdc656a47fedd35a43fd768f6234501e1f12c63c17a599b218e6bee |
| SHA512 | c4323519b534623e84568eb3fd1f61c1c268f22491dfc4bd689eb3af02f466c78c171afb016220d5c086ae8139bc160add0d3bb867f6dbfa4f6d41205b2fdfc9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-27 22:35
Reported
2024-10-27 22:37
Platform
win10v2004-20241007-en
Max time kernel
141s
Max time network
138s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CouponAlert_2p Browser Plugin Loader = "C:\\PROGRA~2\\COUPON~1\\bar\\1.bin\\2pbrmon.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{60E91567-EF8A-4520-BCE2-83ABA5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieuser.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| File created | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556}\AppName = "2pimpipe.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d}\AppName = "2pmedint.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c}\AppName = "2pSkPlay.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94}\AppName = "2pSrchMn.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965dcf-718f-4148-becf-5a2b466f4556} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225f6c9-cf64-4d6d-ae8a-169779fd7b4d}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\UrlSearchHooks | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc}\AppName = "2pSlSrch.exe" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6f99d2ae-5c90-43c2-a2fe-81dbe512e2fc}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2af08e71-3657-462f-898c-f7e791948f94}\AppPath = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16fe2505-f2a0-4782-b035-af0e5188c02c} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4}\ = "Disable Addon Rebuttal Control" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23b38049-323f-443d-9732-f454e5b15b72}\VersionIndependentProgID\ = "CouponAlert_2p.SettingsPlugin" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b}\TypeLib\ = "{79583de9-d0c2-44ef-ae0d-cbfa16c2a785}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a}\ProgID\ = "CouponAlert_2p.ToolbarPlugin.1" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IMsiDe1egate.Application.1\CLSID\ = "{0002DF01-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin\\" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c}\Version\ = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}\ = "ITemplatePopupMenu" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{def07acd-bcea-4269-933a-4087d20842bb}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c}\Programmable | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}\ = "ITemplateBarMenu" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}\TypeLib\ = "{D7CE22AF-CCB3-423F-84D5-4D77152181F3}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3}\1.0 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}\ = "ISessionData" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin\CurVer | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{411b1946-3277-4a7f-9f60-745266360613}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.ToolbarPlugin\CurVer\ = "CouponAlert_2p.ToolbarPlugin.1" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{411b1946-3277-4a7f-9f60-745266360613}\InprocServer32\ = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin\\2pdatact.dll" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Software | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}\ = "IRadioSettings" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a}\ProgID | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2}\ | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}\TypeLib\ = "{D7CE22AF-CCB3-423F-84D5-4D77152181F3}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}\ = "ITemplateBarMenu" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}\ = "IDataCtrl" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1\CLSID | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\CouponAlert_2p\\bar\\1.bin\\" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743}\VersionIndependentProgID\ = "CouponAlert_2p.Radio" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c}\MiscStatus\1\ = "131473" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.MultipleButton | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1\ = "CouponAlert_2p HTML Menu" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu\CLSID\ = "{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}" | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2pSetup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2pSetup.exe
"C:\Users\Admin\AppData\Local\Temp\2pSetup.exe"
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
"C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe" -remove
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
"C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe" -install
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbarsvc.exe
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe
"C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe"
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe
"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pHighIn.exe" 2ptpinst.dll,#5
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
| MD5 | a787e3fbc688c71cf530f951e1629da6 |
| SHA1 | dcf03b6bc8b5780f9fafc1f5e008a50e4a1f30db |
| SHA256 | e63fd19af8bdd92476a365dc9b7a0f312c14a2f9595d6788c3700350b36084c7 |
| SHA512 | 94280e21a65805164be83a234a9918bca190f6ebcb0803203b5611a79b53a3f5f3b05cbb06ad944175e61b9175e1de023c1cef9c11d0f846e69148c2fbb3b983 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll
| MD5 | bef8418e2bb907705989694fa04a4f3a |
| SHA1 | f1acca6a112aab18be7c4a38e3ebb042960d57c0 |
| SHA256 | f8dc25c92591c9a921fd367739180b0ddf602f4075d73cd669981bcb1a55cd0a |
| SHA512 | c549c655f29abb91e65a3e445a0a28c65e78c82e6aa7c1fc99de2e5e3d3a2a4bc342e64e5f7c80b33a12b47131b74a537847e2446c632960825cf4fdd7e3e96f |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
| MD5 | 5afbf0822a1353e409b84f406ab6c275 |
| SHA1 | b57a215306698751f73a4fec91330aa2739594ea |
| SHA256 | 63020f4bb854913dcddeb0b0bd9469751a4861273391127ce041671ffe776dc5 |
| SHA512 | bbee841572d868e51a0bb0685da0630a5708c3f444bfb352bd8093c747fa42d1367d99c57c8eed002e2b1db216c1396da1fe3f48eda78390ec6cf11117938ea7 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
| MD5 | c0bebcb3dfc2edb4c296f1802766e1ff |
| SHA1 | 42191afd20e6359b4c5678acb96ecb03091d17e5 |
| SHA256 | 39189db0555c346d801a918f2f4e1c1a11a279123f9c23a984e1de2d7d70c888 |
| SHA512 | 4ed63a2a792909df0ed07d5c2db2fbd6c14515d3e00c0618b710f4571fb42b91eada8af0d5d260b98f3035f72260fdc59e747470a51bfe75c5bb3b6b4183dddc |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll
| MD5 | 209d8fffc7ba17b5edf69a558b220f5e |
| SHA1 | 3e8e000fff561708b23495ae87bdd4bffb1f9e43 |
| SHA256 | 56951b5eb91204eda94ae882da53a97a23b9e0accdff44b359a2dae210d10eef |
| SHA512 | 9df7533a9daba33c808b3fb40b63741f54619d5f933a40890fae124aecc1439cf3799253512cba50a897c57e1fd15f587449caa8101bf23756e435dd2712f617 |
C:\PROGRA~2\COUPON~1\bar\1.bin\2pbrmon.exe
| MD5 | ba4695385687403aa1820346c88dfa8a |
| SHA1 | e7d0f5a1b1d842341a4f0e863f9280a02d7471d6 |
| SHA256 | 2b2a045e70225cd04c7596d61e0950f103dc3745483b3b54032e85ea33db3b97 |
| SHA512 | 942f6a9d5a41036e15d71b7b93a4f0438447c4ebe053e22a4926e5fc13dc912de44df2a203ea0f28a858d7337d7a4bfa4b26127fe5d401d0db76ba0479a87536 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll
| MD5 | 79f32577d7ce7035054e987310187440 |
| SHA1 | 58416d1488eed6f47ad78a7d0c62b854fe09b895 |
| SHA256 | 3140555e504168d849baa4d7cdf0f8f7fea2a7806d02dcde39afa8f56c72d6e3 |
| SHA512 | d3e00f991fe41b365f3ed39f40babbb8ec8e4932b2e91395f7f5830a31b9cf6d2e1c28ac5c0816f63e874edf389974152de7676333aaec95543c37aea5afa5b5 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll
| MD5 | 7e8b85dd3007138116d279c014ab070a |
| SHA1 | d6d69499bf74bb3f49b082cfef30ebc28e19454e |
| SHA256 | 04f1d61353078eec7174b0dc53ad6307615f5841523be566e935d428c70c3bad |
| SHA512 | 342162246f576e85b52c82324f6c520174f21823b8bcdcf52926c56dee313ea7c028f9934f916e6d42d3368a5371ae4e8fb4c9578b02ea32963a4304d2927769 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll
| MD5 | d10a7cc5638f78f173901891caa0ea5f |
| SHA1 | 1d965ff58ad75e94bd00d9a1781a7f7610c1123f |
| SHA256 | 92243e4c5b7f4df7491917b78bb09a02f986a7e8e79448e48a8f26eb895396a6 |
| SHA512 | 12886949d010e89adcfc0d75e2f81bbcc2a8be770be96f1e27ee380c79d1e93d02eed738431c18baa9a9020e732545e5390d02d41237b52c565141585ffa874f |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll
| MD5 | 8d5dfbad16f8a6c928fcbb84c6cda655 |
| SHA1 | 46d0ac5e455e6b40951b04867aaf21f793e38783 |
| SHA256 | bdf16d30334874de3710dc2b37a493a1845d396d96f9c80d67d2c589866f4b71 |
| SHA512 | 4737730d149fac4e7569ba8ed804cdd1d8c2b347011746901ddaa922331ecf95c80854029490b802099ba8e0aabba5269dad89a0cd481500b425c9c9a751ea74 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll
| MD5 | dbb37c245084bfa6d149d6490a3def6c |
| SHA1 | 46469fd95dcbe9018dd5c20457c6b80f882b06f0 |
| SHA256 | b14bee662471d747f7c94a62d45c6426934faeb5a597b2ea092bd621253f45b3 |
| SHA512 | 904f04fbbcdd50b3e30620c4e4be477a21c0c3639e54651a929daa4e4700f486112edfeba5496213b6c14732a45205581a93bdabbe9ede27c84e6ed31b1d7339 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll
| MD5 | 078142e03762f182c420dcec5bf57522 |
| SHA1 | f715f1c82fa9311405cb7d50bb506dd4a08bcfa3 |
| SHA256 | 9e196cc00408096c7bf61a3bb7615182432b15e9476f86e8e556c7dbeec3597f |
| SHA512 | 23a3ad0ab94e064f45f317352beaa615040d74f1fd3a20ef29d8d1e53a2b0cfcec5f359de688185f3695682dc22ef51ba04001d175d016504335acb4e1e889a2 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll
| MD5 | 64451f703e38ce8ce558916d1b3b298c |
| SHA1 | 88278506406f9125daff32f8e8459574fe8f38df |
| SHA256 | 9c9c071529d43298873a129c695508edc52a83e528ac0266fc58707faf2e58df |
| SHA512 | 559e61be7b7a7d3000e523f6b208805e6908bbfd7fd123b4b869f5ee95337d76fb36e5807a1dcbee3a5379ae9a2f5dbce52be7efbf31c241051c9d9c13af05ca |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll
| MD5 | 3470b060c813074d7ba1e06c019ec03c |
| SHA1 | c388e332081ca424274b92f53429e1ddee8e5775 |
| SHA256 | 584b0adfb7daf42504cc7a443f031f1463fbe19b63de8334fc8f18acdf3b1865 |
| SHA512 | 806a2ea5d5b703d4cac8973312da485497c14431b9c1b1a1a9e15f6423215961f1a2d54a429a4aca6f67435f2a3348dea426b86293b46c62af10b7953639bf38 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll
| MD5 | f807dad358658e35e6f0fea173a6b4cf |
| SHA1 | 0fb2d953de4f1cbc548b6e5525580663c1896295 |
| SHA256 | b61bc01059e4e9d8dad5a971a071fec40e7b21ee13155de14604da02f997f1bb |
| SHA512 | f2002553b415e92874254d07ba44a20104df027443c93b6df7f8240c18d9218b648b4a02c0545ffd2d92ae8b487b59af21bfac5dda5d3e68b2bbb6f06f7ee2a8 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll
| MD5 | 196c4d88c7c780fc2dc83393512883de |
| SHA1 | 6343f5711789bfb866e18a172828eb7d45606a62 |
| SHA256 | ee57dff1e8d60a585c5ee37a52f5c825b75740359fddb5006bb913bb156cadfd |
| SHA512 | be685fa9d87c0b7521176fd6bffa37206d068f4efceafc5996bb5ff2f44d49e451a1ba02a28f30c5a6a0cd79c3ccd22da06e3ab7752dcb2f75ab979f56347e89 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll
| MD5 | c1b14848de571fc85c73c79c80bc1d1a |
| SHA1 | b133d05665047306caa7765db6da69660acaa50d |
| SHA256 | b78b1161f3537108d573df6d695225e27b460e9afdedcdae714ecb99b25d7cdb |
| SHA512 | e52478f47841b393d7f917349b22f128cf2c2d4caa1bee02c51a3ba7103579d49d1f243664ae0e099f3fb89b5269b2f6e7188d3a9b234bddb533249eec3c54cc |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll
| MD5 | 05de9983317fe259ad8c88c7880ebeb3 |
| SHA1 | 919d95dafc2ff2580952b8dd14ab8471a73eb4e6 |
| SHA256 | e35c66f120064017cf47255faee3dbf959bbd9ae182db647becf7d4da0bba53a |
| SHA512 | 7b2a72955ed6637aef4df3af5cd20f9bd7afe4a3bb926d9353b1da8848628ba07fccf03056074f1208c1a04aafbd437000c817759f25e2c042f0f01f24ca8c11 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll
| MD5 | 05b1f48b706799cf55cd8b52a7462f8f |
| SHA1 | 003efc04aa08e9f1e59aee6199acf5c1863b6818 |
| SHA256 | 3974ea1583ee359c187b2e052985b022656acbbaa156cd030bb02cf7c68c2627 |
| SHA512 | 206ecbb1e2de89765e08a5f6f6bcd1012424129a72ec88e248bd38f182dfdf34cc85c8b3d4bdefcbf3163b7998064d2d1ee123b6e1b43b5658b13c13dfc47144 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll
| MD5 | 7396779ccb97fe1db173857422226451 |
| SHA1 | 0f7bc5793f586751eb47485a03c0afc8e3d7ab3f |
| SHA256 | 5e8d884b7bc5f19ef56469e3804998832b281ba1d7b16101acf957046b3b1ef2 |
| SHA512 | 0130a673a8655e2452ea5f4d52973dfce453090eca40d864e18fa33840d02038dafe07d45bb844c39438dc8bc83bad75687203ab9b3469d04bcc886faf724193 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll
| MD5 | 25ac933b59ff336367bd6e28562de857 |
| SHA1 | 41ce69a759faccc49bdb85b1f4f2a84e2ccd1e6e |
| SHA256 | 5750ed2046caa1ac617254f7c1e4cea3ea8f01bb7eaefcf5a668b49d716640d8 |
| SHA512 | 816ae02a00148589d5be0bf9246220fbb94a5029880e918d307cf8134d74c3d1883e177ee61d2cfcdd9eb01151a86770c60d14197109ffe71f852edcf2e08f76 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll
| MD5 | c77e6a85934d428844473c9763747fe9 |
| SHA1 | 31c04d3314cb73be5d623f1bb709f54816ce27a9 |
| SHA256 | d3f4cddd3f6865c97d75613e4aa0185e5b42e75f44e2c0f0480cfba7f9176a1a |
| SHA512 | 4ddb51d796dd34635e802bcce03e90eddcf62795f0f1b11a96e6099e4ad963f59fc6d0ab178640a6015ffce44d23231627f3ae9c94bef95cfb7e0a2507aaf0c8 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
| MD5 | 05cb544850086b21597f3580b01e66fa |
| SHA1 | e1363223d3524141eb87aa65bd15606fc0031845 |
| SHA256 | a33efa0b4cbabee12981cc49a96b9144b94a893100abe158b1e055677a7dc4dc |
| SHA512 | c1b1c7898e07b8ed50255c3e277cc44f61eae53b46943d0e04e43e05be72b1865124d3395424bba85755510fd1f71bd4b11312577729cf2325beb4bb41a8be16 |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll
| MD5 | 01acc19c649d35ae3e049095d77fe5bb |
| SHA1 | edf0fc52a8cc56f8aa68f05cb5610f37c1f6546a |
| SHA256 | bad75288a411654a815184bf6e140771ed1da28fbf2392da7c002e8785700e0d |
| SHA512 | 8400b6db578440027fe3417ede304a82aacd3025b0e7f433873e4001e3c25e6951d733ee803de13ef271336b24680de4a197258eed731c0d3bf796e4f3a73e6e |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe
| MD5 | ede9efd100fed6f723ef26eef67f5bc7 |
| SHA1 | 97401b6d2967a2dfb2ba0605d84e8abd7368450e |
| SHA256 | c4ac82da7e7eb1e5e7854571305897a8ae6a2f5704a3116ed8454188d9df3eb5 |
| SHA512 | 7570b96fc89e03daaf8d52caa0aacabb3ec626619678dba75d63d5482ff0a479be002fac3c7d5523f873c84f317aea44a3008d702f4c99cd3ded490dfc80f21a |
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll
| MD5 | af4987ef966a6270b5e99fafee9c9fa8 |
| SHA1 | 2c3a0790e3638e61e711e3b97a6058b24ea49e57 |
| SHA256 | 9113c634fcdc656a47fedd35a43fd768f6234501e1f12c63c17a599b218e6bee |
| SHA512 | c4323519b534623e84568eb3fd1f61c1c268f22491dfc4bd689eb3af02f466c78c171afb016220d5c086ae8139bc160add0d3bb867f6dbfa4f6d41205b2fdfc9 |