Malware Analysis Report

2024-09-22 16:47

Sample ID 240404-y7d7haab63
Target c1f266588c8062a8298e45e60e5bf565_JaffaCakes118
SHA256 26be141d5d5d25cb277e5be51f1ab728c41d987484ecb8b2555fc85d242e84e2
Tags
babadeda cryptbot crypter loader spyware stealer discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

26be141d5d5d25cb277e5be51f1ab728c41d987484ecb8b2555fc85d242e84e2

Threat Level: Known bad

The file c1f266588c8062a8298e45e60e5bf565_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

babadeda cryptbot crypter loader spyware stealer discovery

CryptBot

Babadeda Crypter

Babadeda

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Blocklisted process makes network request

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Enumerates connected drives

Drops file in Windows directory

Enumerates physical storage devices

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-04-04 20:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-04 20:25

Reported

2024-04-04 20:28

Platform

win7-20240221-en

Max time kernel

118s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

CryptBot

spyware stealer cryptbot

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI763E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7729.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI78A1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f767265.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBAC0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767262.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f767262.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI75C0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI77D6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767265.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2180 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2448 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe
PID 2448 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe
PID 2448 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe
PID 2448 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe C:\Windows\SysWOW64\cmd.exe
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe C:\Windows\SysWOW64\cmd.exe
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe C:\Windows\SysWOW64\cmd.exe
PID 2788 wrote to memory of 972 N/A C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe C:\Windows\SysWOW64\cmd.exe
PID 972 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 972 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 972 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 972 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2EF1C781D79FB1A53D51055381D7D9A4 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1712002920 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 56803FFE5EB14D1CD9DC713324C2F8BB

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe

"C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\CCkPWpMr & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 4

Network

Files

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\decoder.dll

MD5 454418ebd68a4e905dc2b9b2e5e1b28c
SHA1 a54cb6a80d9b95451e2224b6d95de809c12c9957
SHA256 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409
SHA512 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\adv2.msi

MD5 bfd6d65846436c788f1d3844ddd3b5d1
SHA1 1f80453086be437e94fe06b59d4b3ef6627f5d0d
SHA256 9eb9febc1bd10833601a2a0f7da7b6381c7d6b10517da70b9deb2c435830254e
SHA512 93b7e36d5d47b43f1dbe3073a8140fd251e9a41f67b7abbec75c6c5a80794a3e7386b3657fcf576688e8ebd94ec6be8732bb530ec8a862fe650dde5a2918c3cb

C:\Users\Admin\AppData\Local\Temp\Cab621F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar6260.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\MSI6D7D.tmp

MD5 3d24a2af1fb93f9960a17d6394484802
SHA1 ee74a6ceea0853c47e12802961a7a8869f7f0d69
SHA256 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88
SHA512 f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

C:\Users\Admin\AppData\Local\Temp\MSI6EF4.tmp

MD5 0be6e02d01013e6140e38571a4da2545
SHA1 9149608d60ca5941010e33e01d4fdc7b6c791bea
SHA256 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3
SHA512 f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

C:\Users\Admin\AppData\Local\Temp\Cab712A.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c32e88334bbd32d18b4c61eff5cdeba2
SHA1 a690963e9d94495bc59ff20818423a7733623486
SHA256 f14d378cec54395f282cd1fd3723c45e10581dbfb596bad46b35abf3ff736669
SHA512 79dd89c7647c30ef489f8d5c17428d4bef4fbd5ce8bbfcc8dba9ee433dcea3d3019edb3e1cd25205fbaf8a454360df6a54d906596e89900b67b701068d72d970

C:\Users\Admin\AppData\Local\Temp\Tar71C9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0aa32cfac7f45dc847411efcd6b58598
SHA1 4cd7a9de6c6f0d36572eaa3d6b5bd21086d6df0a
SHA256 fc4d65953963987249e02009c9092059af42dc3fe99c989419165b8a193e0017
SHA512 3030f80b913ac07b52592d4e66c4e5fac03ce7593462b42c6037e7a057e714bf64103d588ef3ecb2a0f93c40a04d90258695e36b49607350c2e73abfc91f9af2

C:\Windows\Installer\MSI78A1.tmp

MD5 2a6c81882b2db41f634b48416c8c8450
SHA1 f36f3a30a43d4b6ee4be4ea3760587056428cac6
SHA256 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805
SHA512 e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\ue32ctmn20.dll

MD5 ac083ac90ffaf56bc088dcad9d54dcd1
SHA1 1875e63037e8f8e21e6e8fb9cb56ca594b418831
SHA256 be70e4b579d34a9f712d32a54ec59917dd1074cd0a06c8b90a4ba1cfbb31ec67
SHA512 f95bed8b5fadab1bee5dc5832e95e7393d4cae424a0a556933c131da8484a667df7b66b740202d07f0f866a3df31db87c071f241398099bd678bb2efa4baa2a3

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\fmod_controller.exe

MD5 4039fff45e6d256b50efd4221b17ff8a
SHA1 bd61e6caa86b8468bf2c6783a310ae8fa704bb63
SHA256 49baafe9295647ba39119db2fb30410a9f241f8ac229c8780f03690ebea4617a
SHA512 88e9ef0a14ee70647097348b2f01d4fc50214c24dde23c7c8c33c8f8e58d8f7a8924fd8f4940d4cafce0fd7619d987fd136d56fb37dcee3151495104dbdd5f93

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\log

MD5 fd88c733b5820b0cdfeafc3d751386c5
SHA1 d881d034e66e79df4784461cd3c58f4cb0699247
SHA256 c551709bbcf31c92f9af06a632773ae86dbfb17c80bd565c4f315a8034261b06
SHA512 9bab0e7812d9451b6ed0a50fd8976e8fae29b42fdb7c900e21082ef424763ac8f7b81835bc2b18cb25b0cebf9996577e74612bb8c82f646122ca6ca7a42a0bd7

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\ChangeLog

MD5 61b5298a4f6b7b33ae8d26ea6b76280f
SHA1 fda284cf4780a5e7b4337ef1075db1b05a89ec2f
SHA256 7238705dc4c5cc59cf320e6eddcae520c65b217afe9f8ef32437a34cad12174d
SHA512 e14d5e1e49a59ef71ef1e3ed6d65aac54f2ec005f27ae145c285dce71552c2773092f0d7e606e86520aa4f88a8ac3216b3a7a9510e5a7db1dbdd2bd739e64b54

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Qt5Svg.dll

MD5 7b80103c5e287dc427a6e9435ab05f35
SHA1 272f90165ff6d440e2d4ce21f69eeb44ac8a5c9b
SHA256 25ad9cf13bbef3b7f7f99c8effc25aedd20dcf8b2455e4b685ebb27d510f9ecc
SHA512 522037c7aa50cbf122d1e11e1b0284afe7b7f77dc6f1fafd89d803816e8ab92a98b8f9a14c2cca45bcc475405f4b6c89ba9da3973572982a903d38fd6bfff2cd

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Qt5Xml.dll

MD5 2d7b4de29e353a852df47f79f5f878a1
SHA1 1f26edde5f9ed6bace9c843d4dc4257045abe956
SHA256 13eb7cbdcee32f08aeaca83f7beea41212cd22cd4b028572ea46b209394c88b5
SHA512 5a9dc9a2304c8e6c28a78786425e1f4e921b36e8ff44a802adcb19ed582a694a03679b38d342ef0e1b29e1e4deb94d696458865ed9799621f0bfc776da44cca3

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\README.txt

MD5 7539e219a0d2331524b97605c4fe641d
SHA1 718d7c209915ff4944a81ef38701542d63ea30e2
SHA256 3f169438204953468391d382ca1813c54a0301b733c59bef9178c2d55e9e7e0b
SHA512 c8886ba4445e612bedb7c9f8b8b7044c016ea45ad5f80b1a9082707a2b7c5334bfe6b7ac8df4c2f603d0bfd1dbb727691d65e3a6c14acc78104b869c9bb97dca

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\WindowsInput.pdb

MD5 50e869af7b21aecb7598627f9d90e3ff
SHA1 e1b081b0619d8a63070d2d0e78c0ce760c919e6e
SHA256 ab913e1b256c09628963e9bc1c20c8c20ef29b408289a4b2655293f3fd4e7127
SHA512 72ba511de08f0aa7abd3962d4e047adbe137d7048a251490b88a9ba97a6b96227b3f74a444a6c636331dadc5b32ccbf59d93b087045fdddcf80170fa52a0d7c1

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\ZetaLongPaths.dll

MD5 09374c4581177a8c866b866f108c8958
SHA1 05f861bd4d4c038e8181e83a46e6e93bc04ca5df
SHA256 8af34db2c25f4387b878b2311ef60e74c4f83774c779689393199ecdb039baa2
SHA512 2099c97a43c59592c3af3ccd45551a883ca9654fbb1a1b98e4241693b60ef982f688a55488f394476cedcacb850a18361002179d383ea3a93bb98b31a5c0371b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Warden.dll

MD5 59391cfbee2a880611a8a77582f2824c
SHA1 41f8bc228a5988668ec8556cff1e9cfb107ecb98
SHA256 24f05a73da2e34c4ad3c67779cae8214c9f0e3e19a217f6a917e8d42abc42669
SHA512 a145c844186db28194417094e191e0f1cd225067ffb44dca32ef46bf70ef72145bd0132e6cf7f5d20c49e2ed94c8058c7ca4a6744cabf866ee5b97f2e568a4ab

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Microsoft.Win32.Primitives.dll

MD5 5b2b93ee8801c83b4e652c7fbabf8c83
SHA1 89a8df867ccdf916881234db9de45ed4c57e5b0b
SHA256 7a1462297eb910a44c35062e021723b5553346407dc52cf013e78c8be032331a
SHA512 1d3f06f8bd04e6b85748e09bdd1e5bc6ee14f4bfdc9cf426fa76d3a268fa537557d7ad4fede1ca2e263a2462272bdb294c9d907e6f7579c60cbaaf1db41a41e9

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\netstandard.dll

MD5 3501cf072f2a0aa167efb5e2370efc1e
SHA1 1de11fb25075e81250c4c47ad80265cc98c44c3e
SHA256 dad6aa523b80f2bbfb2b3838ade29ce6f4a7a634f66df50484f05a63905df60d
SHA512 66f5a62a3c8cfcd1b55f65b48134cd1ea7766c165722b303b73a50609ce8546d678acac292c999d5932112ec195a890ebb3645f5e44bb2c2ed951fa09b6cf53c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.AppContext.dll

MD5 82e7fd917dfd1bda64ab990606d90bdd
SHA1 ab92034645c77737b6ef482e18296e896bea3751
SHA256 f0857a7c3737b0e80d9b4a9a986acb69b0d18d1fe0adc3b1e05d81f02ceb103b
SHA512 81ab0c3a10d64cdb0bb03ff65a10c3333d5ee91f21404acec41eb638a9eae77d38f00f18758d4cf8480910905d677349c71e762bb44a1ff4068084d5205c6f51

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.NonGeneric.dll

MD5 a3fdfde8c2f6259a3da55919679dda3d
SHA1 a36bc9fd0fd5319a36c523ae0c565e6670e6a403
SHA256 0f63c8b909689effec4c17122ff4336a14cc9c296be28d6172a11c5d8bdd2ffe
SHA512 4a917ec7f626d85cd24ed5518f29bf8acc546d34b8f86a2cd00634b54ccb5c9bc7725707ffb42c08d3ff008abfa5ffef07df3263c13c0796ed7e8f98c6200832

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.dll

MD5 4a264d07346dc69303bbe6e26e049883
SHA1 e093758cec19749f1d92b280b42aee86d4224fdc
SHA256 e256940626e265de760586937ce5ed2a45d9b91c96e1fa768f719682505db5c2
SHA512 d6cf4024cee7679b73f1b9aef749728a3c0851934016ab391315c955689dfa3595a8f6e2a9580244ace991895b4e255a65977490264258bb9f3c98f9370b33c5

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.Concurrent.dll

MD5 939cb89fbb0da435b9528d9edb3feab0
SHA1 3825f2b13d43f34330bc278aeeefbbbfd95239cc
SHA256 9c887cfd9e21e9ee31ab8232248059b677f9a3086b033d38fbad053b4f20bc25
SHA512 4159cf39f29198942245e3a16a67e8b3fe54e871af407291204b5f5df2a76c2829680ba0d5bea261e31335bab2b6b8afa5a895bf635e515c94059a122dd36a1d

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.Specialized.dll

MD5 f72152d834fbbb9c0d70a2822e0b68cf
SHA1 49eca7ac3d34ce69a1d48c0be56cdd13995adbb3
SHA256 ce3dd8b3cb2bfbbe5cdd1a339e593ad604f6bb6eb4f981555a3f53257609c8e5
SHA512 3b8018450aa7676a35fdc8bea1997d67e45e945522bd7ac963ef0ccf574aa6df67dbd85c8773d704b0daab05b20f6d79c2ce2a42f10610f73a303246d44078bf

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.ComponentModel.dll

MD5 4f167e1cf791cefa55fde1949dde7d2f
SHA1 08badaf0444ca34230d82af4590f44c7ade78533
SHA256 df1a7bc429159db17be8c79a2dc56c0fa54c6a7e5174d5082f7ece9b67a4f982
SHA512 d804f60f3d2b5891eaa38ff683194924a705aba371c872e8bfef2325c90b7bf910851cbe89cdfd0a66cb1bf801bc25c92830b37947a7e60df8fe6bdcb53de15c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Console.dll

MD5 564d1a61bae30f01c20a5808e8f7a82f
SHA1 e6039eb23d3a10ff31e40851ef0dd594c5689712
SHA256 1ca9706a4593bcc3b232efb14d2497812ab1797bf112b16665c6674c42fdc061
SHA512 c546a8d4dc852d133baf576e81bfca16763ca0e94c964d657cedbbf3153c64fdbea79329fd2a9d7ff04a0f28720a61e6d0255f8db91ed91dca2f56aaec5b5f4c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Data.Common.dll

MD5 689b12c7a06ce496f0fe12fef990b3f6
SHA1 01b2a93bc4ca69818d3bc9a7b5dca58cdb5380cb
SHA256 aa69eebe18cf7f7b19d8523703c73e4d2639affc76babbfb2ce93664bbf06329
SHA512 b4fa3f0b9949626f7db9e6dd5259c52683a2e0fccffec222b1bb8ba086d7098cf580f887456753e80a95d248748ab59fcad59eea68204d37879af099cadcc3f3

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.Debug.dll

MD5 cf668ba196134d611d7b4fac0b571e8d
SHA1 2a960aef8bc74c7893dd225398298ce8b912ab10
SHA256 2769f8bb522846338bbe9aafb10381f64fcbdfbc6929a848463b8b9857f1d4fd
SHA512 302ca14e3c1985f34656c48dc175951d27dac6696724f9db33c0097314aba677f244421677ca1a5949a7d7a11077a0f564142d1136998127c216616f42abed5f

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.FileVersionInfo.dll

MD5 54ba6e35897cd238118b745c84d579e6
SHA1 07a9a5f273a65796ae77416a0d35905e949e3257
SHA256 a354569ac90b53002c7e447d72795013eb20c391d01b73197688057d07bcaa42
SHA512 2f2fb02c76bc1af89a6d97b8c0b9c2a6b176f912d2d76e3acfb5d5cf4741e58f6dd1335bdaf626c7bc92c256eb353d534f718b59e4e52bded9907e604115a5f4

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.TextWriterTraceListener.dll

MD5 2967113593429927e7938d95b5d3471c
SHA1 34a84e6878172df939f9748279490e1eb4533926
SHA256 d8631076802f2e9b690998c65d8e7f0bede7a772b3c04e7cba5f3391c395a9e1
SHA512 502295d8eec6acd1c7e7f4f6759bbbfbb452b7581b9e10cabf0b9735737e0baa61bba0e32bb4688f0ba43fef445e5728c7001a9a364118c13eac3d3332f13e3c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.Tools.dll

MD5 bd36e482e5cfde3c791e62143dc5deb1
SHA1 32fb1bd024be0b7a2af182739fd384bd74610844
SHA256 d9562ec4dc0430ff3ab66a5d0238b72402ebdb17ceb31eebdb1daf91768c7d4d
SHA512 6e128b3bf3850c1972fd8fc8cee4d82ecb7dc98fe7c5a8b887523011dc270dccbb99a0d5496954c7a156ae3c92ff3435d30c0a87768e2dbcbbf8672b9e68cfce

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.Tracing.dll

MD5 e338e2a9e8e3325d696dd18f46a6d82b
SHA1 eb907bd53f78b91e5fcf27fd76050bd682d80e0c
SHA256 5052b3701850537611da44858a0a8feb4b4cc936cd5bbb95b64cea4a987e5860
SHA512 ed015b37851138a2e503bce8671ac81d158948cfc3e8cde9ab751c8264cfb1da56b1f02fd281921b3b0e1c1f42b7b5cf97360c7ee263555e21fc51ea0162c4f2

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Drawing.Primitives.dll

MD5 61b6fc62c4003ce711377a97cede84f5
SHA1 3b8f870b0da16bd6bdc6104aa44d036b24b61ac0
SHA256 2ff0d64f6d9bb38e15208c4d632c767a669a68e6b41adb0f27d99528b801ee3b
SHA512 611707f5d54dfffcbe5cb58204c925cab6ba488ffbd82a5c5efae9d1cfd10cd32205e5d05ead2cf7f8a3f5b392ca7538060a87695be40535d6657542b2043ab0

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Globalization.dll

MD5 a25d659fff26c73b2f34ba6b92c84551
SHA1 69e6bf884f40d6d78e3c4f5f1d0103a666931619
SHA256 f4e9f919b625dcc6e2a5d0c76308543c71b7c3a6314a138058e7fa9f3426b3ea
SHA512 7f5632cf8aaa380e1f7c76b54c1efb5cac0412647a0f2e1986af07ed9dcf89b8c4563178ce79e54ef283e487706f61c156bffdd5a4b42317b39d74a92e236bb4

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.Compression.ZipFile.dll

MD5 c4c4e310f604a98404f756bbd2d1fa6d
SHA1 2991e215a479ea048cb53f328b740db610547b75
SHA256 1209835143aa950e64cb9d28c565fae7f7df5278c013af621f4e689527279bfc
SHA512 f498f05bb85381cf9f91cc0a60eaab8a4798772ce18cf8c53329061fa461582a970b37d3578a800c80d8c87d8954d976213ee587894de51ac1ebd79422ab0f1b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.dll

MD5 18a32afb2c4d9638bb0bddc1dee60788
SHA1 1e76b32a88cb2fb7bd0caf962636058426dd6230
SHA256 f534d81c3f035c5b91c303096c4dc5b4d46f6d75ad5568eaee92cc9dc6aa75f3
SHA512 48121a28644b8d46b2ffa129dbc3061712eb6377c6b1d76df577fb9929cd1c48bb0deecb5bab1f43293918f3b7f453b880b4fcefc15019b4dd290ae36cb71c88

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.dll

MD5 5e1824522e05f3612bd8c4f599763a86
SHA1 3372d225504cf30df6d3fd0e9b70f07ba34a8166
SHA256 ebfaa7aac28863225ca4e55305c2627239841d7e0070fa4567e1aea6eca6fdcf
SHA512 10234a737a12f25ba52b64a78cb9fb457fe10f83707a0fdc85b0ce357c6ec3846774cdf7476f427828476d12639382d2f20e5e69f863b6d5a98461ffae91e239

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.DriveInfo.dll

MD5 ab0b6870db47e35d54bd1809b4c60466
SHA1 09beb5e11a689205694dc3ee3bdf6a66b6eebfb0
SHA256 f09acd2d42983a7683e34c772e73c02f542450b681852836f2472d6977b764e7
SHA512 ed24b929666268e6a959bc2331e46cbaadc7a9b38e3da10078ae5d8ffff77a9d8d1757a0bad1fbc699156bc4471948f008b624c2a6c4eb35b58fe4758eb4199b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.Primitives.dll

MD5 f764b511af044c89927070d413f54197
SHA1 fe6726705fb76bb64c11c787599cb044799a3f6c
SHA256 00762994e600cd4db1ef21c7161d808ddc409cadeca547ef49553f3a4d920ed8
SHA512 08dbc68b3ed5b519828537fe1c97158eff6754dcb219001c65c1ae344b2d8bbd6e3ac19c2d34977a23f36da3a67df8f9e94b10780cbfb826bd4e448960d765bf

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.Watcher.dll

MD5 6ac5596f4aeb88842716640ae1047045
SHA1 fbf23bf89732b8b32cbc123830f20b2c2147ea60
SHA256 f875e323e57d704f1b17c84c7bc50f0d1ffcb0bed08c5f6af74a60fccc04c3bb
SHA512 ecb1f8d458e3f6b14d9086772f2f0ed33bf00f7f9b778f6896eaa45e38bbef493184f2296ab14588f3eacd698a5a96fb8adee6fb944a1553d50713bf5227ffce

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.IsolatedStorage.dll

MD5 f37c2957428bade9781b58f1fc32b576
SHA1 94ad0c9e7b3fc0b3c56ac7574f429a43e6db67fe
SHA256 b7bdb4930cfd82361b2f59c164aac4687798c72e3d0e0c73d21ca7516f19adc0
SHA512 301494cd941a5e4aef6ad7d6f02edb13d183625d18f240a37bb9b7971d166ba4c8c38da11c05a9d9080defa0ab1a7057dda47e98eeebafda01035339e380624b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.MemoryMappedFiles.dll

MD5 a58039e022feca900e6db589672c7ad8
SHA1 804333e184d8c7f306bedd5a86e9134461c0226a
SHA256 841403493c0b651bb2d78d0befe912d438ee60e406806cad21b9a30f227323b4
SHA512 1c4cecaf1579f0a67ba18d0b7ad50edd2afdf16c98770e801affaca358a977bd2108327723d4173d95b5c86fe8bd6cf0bb6aa2dce69c84ee5c83049ec07ad88b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.Pipes.dll

MD5 004cc9cbffb46f50c1f037002c3655ce
SHA1 86947f12790e70bafd4c3f72cad8e386a6015d04
SHA256 0f387e9591a5613ef02da3c6d32abce4f9c3e1e577a3ffd0cef85c345a3fa1df
SHA512 69d1545c912d82d6ec1eb928e16e0c1d45c9a04e980adfa77f7a764a7f5b642c91b9e74ffa3e5a33343453bcaedf0aca31258f78495cc3c10e771ae1e917e7ac

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.UnmanagedMemoryStream.dll

MD5 64abb65b37b941b10b119ef32531b50a
SHA1 9cf171c463f11575fe0a7a507101da6177cd10fc
SHA256 a0c98af8925ac0ab86c1f768f9ccac1cbcf19027b23814f64860d3f28b686fb7
SHA512 a5708fec9d02449409a931b8fd998fc27f6c7ea2a0f32a7a73707550ec298cdbf5ab9ee13388c5a01f6f3ff9e99fddfe8cf563c6f8e55f1ceb55139c1178efeb

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Linq.dll

MD5 6d6917bae13e128f00d95da1fd3f191e
SHA1 4c5ae1e9e7e4c8147f913c350a9b4561ca3f1851
SHA256 dc9ea055006a22a2faaa81b37d48a8ab1c98127b158181fd894388bd6c2049f4
SHA512 eabf0f2fdf1f29f425f04198c920451bb686a900931b9dfe418b62252c7d025936784fa0251fc7fb25809e4933c8e1f872b8290870c8afa2b24177750a24e105

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Linq.Parallel.dll

MD5 0f96d351df2db95d86d9615372df8872
SHA1 b300ac53ccebc21cff5ae5c2d3c4478b1c9db93e
SHA256 c1972d6526d942152b3c205f87cf6628bf4f8fd88a981fe013b198a4900e2a4a
SHA512 09fc6384f93da497ac0d51065da592f6b83ef488f44e684fd9593e5045b8c9ad184d4f2fd9c2a2193f816db7b7496988c41e9710c16709b8a9aeeadea3ea7996

C:\Config.Msi\f767266.rbs

MD5 4ddf2faedc0b5f875f8d87691a5b59ee
SHA1 50a1ab894bf91777625bec9c6492f5da58667c28
SHA256 b88fecd339c29a272ce8dcf359b0817b272941ca109e593499e4d24b8e27d1b5
SHA512 3dd32eb7a8125c4d7b7b9748a95565fbc21c674468376c0dedbfadf155efaffdc9113953ab0a1175aaa2b2bc1e73d4aa0fb751440cd45f067513c278c2bfaa05

memory/2788-471-0x0000000001070000-0x0000000001395000-memory.dmp

memory/2788-477-0x0000000001070000-0x0000000001395000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-04 20:25

Reported

2024-04-04 20:27

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e573bc1.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{FC82C7AA-8D6F-4F46-9F6E-B206500AC18E} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3CAD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e573bc1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3C7D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3C3E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4106.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3CCD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3CFD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D2D.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2472 wrote to memory of 2948 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2472 wrote to memory of 2948 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2472 wrote to memory of 2948 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4800 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 4800 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 4800 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe C:\Windows\SysWOW64\msiexec.exe
PID 2472 wrote to memory of 3940 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2472 wrote to memory of 3940 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2472 wrote to memory of 3940 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2472 wrote to memory of 4104 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe
PID 2472 wrote to memory of 4104 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe
PID 2472 wrote to memory of 4104 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7A9BCA46D93E91D87CE92B7EEDBB1041 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\c1f266588c8062a8298e45e60e5bf565_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1712021729 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1B1D9322A4DA3225E4AF6958AC2A1EC2

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe

"C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor\fmod_controller.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 17.192.122.92.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 139.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 cemnek45.top udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\decoder.dll

MD5 454418ebd68a4e905dc2b9b2e5e1b28c
SHA1 a54cb6a80d9b95451e2224b6d95de809c12c9957
SHA256 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409
SHA512 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\adv2.msi

MD5 bfd6d65846436c788f1d3844ddd3b5d1
SHA1 1f80453086be437e94fe06b59d4b3ef6627f5d0d
SHA256 9eb9febc1bd10833601a2a0f7da7b6381c7d6b10517da70b9deb2c435830254e
SHA512 93b7e36d5d47b43f1dbe3073a8140fd251e9a41f67b7abbec75c6c5a80794a3e7386b3657fcf576688e8ebd94ec6be8732bb530ec8a862fe650dde5a2918c3cb

C:\Users\Admin\AppData\Local\Temp\MSI3A0C.tmp

MD5 3d24a2af1fb93f9960a17d6394484802
SHA1 ee74a6ceea0853c47e12802961a7a8869f7f0d69
SHA256 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88
SHA512 f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

C:\Users\Admin\AppData\Local\Temp\MSI3A7B.tmp

MD5 0be6e02d01013e6140e38571a4da2545
SHA1 9149608d60ca5941010e33e01d4fdc7b6c791bea
SHA256 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3
SHA512 f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

C:\Windows\Installer\MSI3D2D.tmp

MD5 2a6c81882b2db41f634b48416c8c8450
SHA1 f36f3a30a43d4b6ee4be4ea3760587056428cac6
SHA256 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805
SHA512 e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\ue32ctmn20.dll

MD5 ac083ac90ffaf56bc088dcad9d54dcd1
SHA1 1875e63037e8f8e21e6e8fb9cb56ca594b418831
SHA256 be70e4b579d34a9f712d32a54ec59917dd1074cd0a06c8b90a4ba1cfbb31ec67
SHA512 f95bed8b5fadab1bee5dc5832e95e7393d4cae424a0a556933c131da8484a667df7b66b740202d07f0f866a3df31db87c071f241398099bd678bb2efa4baa2a3

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\fmod_controller.exe

MD5 4039fff45e6d256b50efd4221b17ff8a
SHA1 bd61e6caa86b8468bf2c6783a310ae8fa704bb63
SHA256 49baafe9295647ba39119db2fb30410a9f241f8ac229c8780f03690ebea4617a
SHA512 88e9ef0a14ee70647097348b2f01d4fc50214c24dde23c7c8c33c8f8e58d8f7a8924fd8f4940d4cafce0fd7619d987fd136d56fb37dcee3151495104dbdd5f93

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\log

MD5 fd88c733b5820b0cdfeafc3d751386c5
SHA1 d881d034e66e79df4784461cd3c58f4cb0699247
SHA256 c551709bbcf31c92f9af06a632773ae86dbfb17c80bd565c4f315a8034261b06
SHA512 9bab0e7812d9451b6ed0a50fd8976e8fae29b42fdb7c900e21082ef424763ac8f7b81835bc2b18cb25b0cebf9996577e74612bb8c82f646122ca6ca7a42a0bd7

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Qt5Xml.dll

MD5 2d7b4de29e353a852df47f79f5f878a1
SHA1 1f26edde5f9ed6bace9c843d4dc4257045abe956
SHA256 13eb7cbdcee32f08aeaca83f7beea41212cd22cd4b028572ea46b209394c88b5
SHA512 5a9dc9a2304c8e6c28a78786425e1f4e921b36e8ff44a802adcb19ed582a694a03679b38d342ef0e1b29e1e4deb94d696458865ed9799621f0bfc776da44cca3

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Net.Ping.dll

MD5 83fef456fd132f60466b1b89ad1794a5
SHA1 bd3a21ad93645f3b2000ad2713b63286f1f5892c
SHA256 651831ed441ef64e9525488f84f0d5dd9de0a613b47f3a45ddebf6171c4af49c
SHA512 b50382b10f05914e7f55dc70fae0ea8fa452ba68085dc7ad252b9ffc9ec67b1c28d27dd865966415a744a434758ef48e204d8448bc24059c8205eea2ad512c72

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Net.NameResolution.dll

MD5 9c8d0ba0d5584d68b837b2b868329895
SHA1 40986bf1baad251e5f0354479f4d6cae5cf51ab7
SHA256 f9a37021de5dd66a31fd9028918fee72dbefcf3dc031104947d9292689e3297f
SHA512 157458c0822ed6250dc15586fb52d35f9df6004352081982cefa250aeb0dc5ef3b59055019bb10dc20ea54c44d9cf5047daf993e95fc700521a89996e55e51b2

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Linq.Queryable.dll

MD5 ca8e88c21162e658b052f2427bf50fbc
SHA1 a173dfdd43baac0bbc27e95c271459de5c31523b
SHA256 04be42169d031482a422e1491701cac004e26094816ed472872436aedcdcacad
SHA512 b94e92cd99ca4545e4b99e85e6ab65eba2e92ee1c16e96087a3653f7eb7db5dc571e4f2ad031c5c130c6783f639397592527609e6d956ffb09e88913ae2c7c53

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Linq.Parallel.dll

MD5 0f96d351df2db95d86d9615372df8872
SHA1 b300ac53ccebc21cff5ae5c2d3c4478b1c9db93e
SHA256 c1972d6526d942152b3c205f87cf6628bf4f8fd88a981fe013b198a4900e2a4a
SHA512 09fc6384f93da497ac0d51065da592f6b83ef488f44e684fd9593e5045b8c9ad184d4f2fd9c2a2193f816db7b7496988c41e9710c16709b8a9aeeadea3ea7996

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Linq.dll

MD5 6d6917bae13e128f00d95da1fd3f191e
SHA1 4c5ae1e9e7e4c8147f913c350a9b4561ca3f1851
SHA256 dc9ea055006a22a2faaa81b37d48a8ab1c98127b158181fd894388bd6c2049f4
SHA512 eabf0f2fdf1f29f425f04198c920451bb686a900931b9dfe418b62252c7d025936784fa0251fc7fb25809e4933c8e1f872b8290870c8afa2b24177750a24e105

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.UnmanagedMemoryStream.dll

MD5 64abb65b37b941b10b119ef32531b50a
SHA1 9cf171c463f11575fe0a7a507101da6177cd10fc
SHA256 a0c98af8925ac0ab86c1f768f9ccac1cbcf19027b23814f64860d3f28b686fb7
SHA512 a5708fec9d02449409a931b8fd998fc27f6c7ea2a0f32a7a73707550ec298cdbf5ab9ee13388c5a01f6f3ff9e99fddfe8cf563c6f8e55f1ceb55139c1178efeb

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.Pipes.dll

MD5 004cc9cbffb46f50c1f037002c3655ce
SHA1 86947f12790e70bafd4c3f72cad8e386a6015d04
SHA256 0f387e9591a5613ef02da3c6d32abce4f9c3e1e577a3ffd0cef85c345a3fa1df
SHA512 69d1545c912d82d6ec1eb928e16e0c1d45c9a04e980adfa77f7a764a7f5b642c91b9e74ffa3e5a33343453bcaedf0aca31258f78495cc3c10e771ae1e917e7ac

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.MemoryMappedFiles.dll

MD5 a58039e022feca900e6db589672c7ad8
SHA1 804333e184d8c7f306bedd5a86e9134461c0226a
SHA256 841403493c0b651bb2d78d0befe912d438ee60e406806cad21b9a30f227323b4
SHA512 1c4cecaf1579f0a67ba18d0b7ad50edd2afdf16c98770e801affaca358a977bd2108327723d4173d95b5c86fe8bd6cf0bb6aa2dce69c84ee5c83049ec07ad88b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.IsolatedStorage.dll

MD5 f37c2957428bade9781b58f1fc32b576
SHA1 94ad0c9e7b3fc0b3c56ac7574f429a43e6db67fe
SHA256 b7bdb4930cfd82361b2f59c164aac4687798c72e3d0e0c73d21ca7516f19adc0
SHA512 301494cd941a5e4aef6ad7d6f02edb13d183625d18f240a37bb9b7971d166ba4c8c38da11c05a9d9080defa0ab1a7057dda47e98eeebafda01035339e380624b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.Watcher.dll

MD5 6ac5596f4aeb88842716640ae1047045
SHA1 fbf23bf89732b8b32cbc123830f20b2c2147ea60
SHA256 f875e323e57d704f1b17c84c7bc50f0d1ffcb0bed08c5f6af74a60fccc04c3bb
SHA512 ecb1f8d458e3f6b14d9086772f2f0ed33bf00f7f9b778f6896eaa45e38bbef493184f2296ab14588f3eacd698a5a96fb8adee6fb944a1553d50713bf5227ffce

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.Primitives.dll

MD5 f764b511af044c89927070d413f54197
SHA1 fe6726705fb76bb64c11c787599cb044799a3f6c
SHA256 00762994e600cd4db1ef21c7161d808ddc409cadeca547ef49553f3a4d920ed8
SHA512 08dbc68b3ed5b519828537fe1c97158eff6754dcb219001c65c1ae344b2d8bbd6e3ac19c2d34977a23f36da3a67df8f9e94b10780cbfb826bd4e448960d765bf

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.DriveInfo.dll

MD5 ab0b6870db47e35d54bd1809b4c60466
SHA1 09beb5e11a689205694dc3ee3bdf6a66b6eebfb0
SHA256 f09acd2d42983a7683e34c772e73c02f542450b681852836f2472d6977b764e7
SHA512 ed24b929666268e6a959bc2331e46cbaadc7a9b38e3da10078ae5d8ffff77a9d8d1757a0bad1fbc699156bc4471948f008b624c2a6c4eb35b58fe4758eb4199b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.FileSystem.dll

MD5 5e1824522e05f3612bd8c4f599763a86
SHA1 3372d225504cf30df6d3fd0e9b70f07ba34a8166
SHA256 ebfaa7aac28863225ca4e55305c2627239841d7e0070fa4567e1aea6eca6fdcf
SHA512 10234a737a12f25ba52b64a78cb9fb457fe10f83707a0fdc85b0ce357c6ec3846774cdf7476f427828476d12639382d2f20e5e69f863b6d5a98461ffae91e239

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.dll

MD5 18a32afb2c4d9638bb0bddc1dee60788
SHA1 1e76b32a88cb2fb7bd0caf962636058426dd6230
SHA256 f534d81c3f035c5b91c303096c4dc5b4d46f6d75ad5568eaee92cc9dc6aa75f3
SHA512 48121a28644b8d46b2ffa129dbc3061712eb6377c6b1d76df577fb9929cd1c48bb0deecb5bab1f43293918f3b7f453b880b4fcefc15019b4dd290ae36cb71c88

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.IO.Compression.ZipFile.dll

MD5 c4c4e310f604a98404f756bbd2d1fa6d
SHA1 2991e215a479ea048cb53f328b740db610547b75
SHA256 1209835143aa950e64cb9d28c565fae7f7df5278c013af621f4e689527279bfc
SHA512 f498f05bb85381cf9f91cc0a60eaab8a4798772ce18cf8c53329061fa461582a970b37d3578a800c80d8c87d8954d976213ee587894de51ac1ebd79422ab0f1b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Globalization.dll

MD5 a25d659fff26c73b2f34ba6b92c84551
SHA1 69e6bf884f40d6d78e3c4f5f1d0103a666931619
SHA256 f4e9f919b625dcc6e2a5d0c76308543c71b7c3a6314a138058e7fa9f3426b3ea
SHA512 7f5632cf8aaa380e1f7c76b54c1efb5cac0412647a0f2e1986af07ed9dcf89b8c4563178ce79e54ef283e487706f61c156bffdd5a4b42317b39d74a92e236bb4

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Drawing.Primitives.dll

MD5 61b6fc62c4003ce711377a97cede84f5
SHA1 3b8f870b0da16bd6bdc6104aa44d036b24b61ac0
SHA256 2ff0d64f6d9bb38e15208c4d632c767a669a68e6b41adb0f27d99528b801ee3b
SHA512 611707f5d54dfffcbe5cb58204c925cab6ba488ffbd82a5c5efae9d1cfd10cd32205e5d05ead2cf7f8a3f5b392ca7538060a87695be40535d6657542b2043ab0

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.Tracing.dll

MD5 e338e2a9e8e3325d696dd18f46a6d82b
SHA1 eb907bd53f78b91e5fcf27fd76050bd682d80e0c
SHA256 5052b3701850537611da44858a0a8feb4b4cc936cd5bbb95b64cea4a987e5860
SHA512 ed015b37851138a2e503bce8671ac81d158948cfc3e8cde9ab751c8264cfb1da56b1f02fd281921b3b0e1c1f42b7b5cf97360c7ee263555e21fc51ea0162c4f2

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.Tools.dll

MD5 bd36e482e5cfde3c791e62143dc5deb1
SHA1 32fb1bd024be0b7a2af182739fd384bd74610844
SHA256 d9562ec4dc0430ff3ab66a5d0238b72402ebdb17ceb31eebdb1daf91768c7d4d
SHA512 6e128b3bf3850c1972fd8fc8cee4d82ecb7dc98fe7c5a8b887523011dc270dccbb99a0d5496954c7a156ae3c92ff3435d30c0a87768e2dbcbbf8672b9e68cfce

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.TextWriterTraceListener.dll

MD5 2967113593429927e7938d95b5d3471c
SHA1 34a84e6878172df939f9748279490e1eb4533926
SHA256 d8631076802f2e9b690998c65d8e7f0bede7a772b3c04e7cba5f3391c395a9e1
SHA512 502295d8eec6acd1c7e7f4f6759bbbfbb452b7581b9e10cabf0b9735737e0baa61bba0e32bb4688f0ba43fef445e5728c7001a9a364118c13eac3d3332f13e3c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.FileVersionInfo.dll

MD5 54ba6e35897cd238118b745c84d579e6
SHA1 07a9a5f273a65796ae77416a0d35905e949e3257
SHA256 a354569ac90b53002c7e447d72795013eb20c391d01b73197688057d07bcaa42
SHA512 2f2fb02c76bc1af89a6d97b8c0b9c2a6b176f912d2d76e3acfb5d5cf4741e58f6dd1335bdaf626c7bc92c256eb353d534f718b59e4e52bded9907e604115a5f4

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Diagnostics.Debug.dll

MD5 cf668ba196134d611d7b4fac0b571e8d
SHA1 2a960aef8bc74c7893dd225398298ce8b912ab10
SHA256 2769f8bb522846338bbe9aafb10381f64fcbdfbc6929a848463b8b9857f1d4fd
SHA512 302ca14e3c1985f34656c48dc175951d27dac6696724f9db33c0097314aba677f244421677ca1a5949a7d7a11077a0f564142d1136998127c216616f42abed5f

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Data.Common.dll

MD5 689b12c7a06ce496f0fe12fef990b3f6
SHA1 01b2a93bc4ca69818d3bc9a7b5dca58cdb5380cb
SHA256 aa69eebe18cf7f7b19d8523703c73e4d2639affc76babbfb2ce93664bbf06329
SHA512 b4fa3f0b9949626f7db9e6dd5259c52683a2e0fccffec222b1bb8ba086d7098cf580f887456753e80a95d248748ab59fcad59eea68204d37879af099cadcc3f3

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Console.dll

MD5 564d1a61bae30f01c20a5808e8f7a82f
SHA1 e6039eb23d3a10ff31e40851ef0dd594c5689712
SHA256 1ca9706a4593bcc3b232efb14d2497812ab1797bf112b16665c6674c42fdc061
SHA512 c546a8d4dc852d133baf576e81bfca16763ca0e94c964d657cedbbf3153c64fdbea79329fd2a9d7ff04a0f28720a61e6d0255f8db91ed91dca2f56aaec5b5f4c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.ComponentModel.dll

MD5 4f167e1cf791cefa55fde1949dde7d2f
SHA1 08badaf0444ca34230d82af4590f44c7ade78533
SHA256 df1a7bc429159db17be8c79a2dc56c0fa54c6a7e5174d5082f7ece9b67a4f982
SHA512 d804f60f3d2b5891eaa38ff683194924a705aba371c872e8bfef2325c90b7bf910851cbe89cdfd0a66cb1bf801bc25c92830b37947a7e60df8fe6bdcb53de15c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.Specialized.dll

MD5 f72152d834fbbb9c0d70a2822e0b68cf
SHA1 49eca7ac3d34ce69a1d48c0be56cdd13995adbb3
SHA256 ce3dd8b3cb2bfbbe5cdd1a339e593ad604f6bb6eb4f981555a3f53257609c8e5
SHA512 3b8018450aa7676a35fdc8bea1997d67e45e945522bd7ac963ef0ccf574aa6df67dbd85c8773d704b0daab05b20f6d79c2ce2a42f10610f73a303246d44078bf

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.NonGeneric.dll

MD5 a3fdfde8c2f6259a3da55919679dda3d
SHA1 a36bc9fd0fd5319a36c523ae0c565e6670e6a403
SHA256 0f63c8b909689effec4c17122ff4336a14cc9c296be28d6172a11c5d8bdd2ffe
SHA512 4a917ec7f626d85cd24ed5518f29bf8acc546d34b8f86a2cd00634b54ccb5c9bc7725707ffb42c08d3ff008abfa5ffef07df3263c13c0796ed7e8f98c6200832

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.dll

MD5 4a264d07346dc69303bbe6e26e049883
SHA1 e093758cec19749f1d92b280b42aee86d4224fdc
SHA256 e256940626e265de760586937ce5ed2a45d9b91c96e1fa768f719682505db5c2
SHA512 d6cf4024cee7679b73f1b9aef749728a3c0851934016ab391315c955689dfa3595a8f6e2a9580244ace991895b4e255a65977490264258bb9f3c98f9370b33c5

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.Collections.Concurrent.dll

MD5 939cb89fbb0da435b9528d9edb3feab0
SHA1 3825f2b13d43f34330bc278aeeefbbbfd95239cc
SHA256 9c887cfd9e21e9ee31ab8232248059b677f9a3086b033d38fbad053b4f20bc25
SHA512 4159cf39f29198942245e3a16a67e8b3fe54e871af407291204b5f5df2a76c2829680ba0d5bea261e31335bab2b6b8afa5a895bf635e515c94059a122dd36a1d

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\System.AppContext.dll

MD5 82e7fd917dfd1bda64ab990606d90bdd
SHA1 ab92034645c77737b6ef482e18296e896bea3751
SHA256 f0857a7c3737b0e80d9b4a9a986acb69b0d18d1fe0adc3b1e05d81f02ceb103b
SHA512 81ab0c3a10d64cdb0bb03ff65a10c3333d5ee91f21404acec41eb638a9eae77d38f00f18758d4cf8480910905d677349c71e762bb44a1ff4068084d5205c6f51

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\netstandard.dll

MD5 3501cf072f2a0aa167efb5e2370efc1e
SHA1 1de11fb25075e81250c4c47ad80265cc98c44c3e
SHA256 dad6aa523b80f2bbfb2b3838ade29ce6f4a7a634f66df50484f05a63905df60d
SHA512 66f5a62a3c8cfcd1b55f65b48134cd1ea7766c165722b303b73a50609ce8546d678acac292c999d5932112ec195a890ebb3645f5e44bb2c2ed951fa09b6cf53c

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Microsoft.Win32.Primitives.dll

MD5 5b2b93ee8801c83b4e652c7fbabf8c83
SHA1 89a8df867ccdf916881234db9de45ed4c57e5b0b
SHA256 7a1462297eb910a44c35062e021723b5553346407dc52cf013e78c8be032331a
SHA512 1d3f06f8bd04e6b85748e09bdd1e5bc6ee14f4bfdc9cf426fa76d3a268fa537557d7ad4fede1ca2e263a2462272bdb294c9d907e6f7579c60cbaaf1db41a41e9

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Warden.dll

MD5 59391cfbee2a880611a8a77582f2824c
SHA1 41f8bc228a5988668ec8556cff1e9cfb107ecb98
SHA256 24f05a73da2e34c4ad3c67779cae8214c9f0e3e19a217f6a917e8d42abc42669
SHA512 a145c844186db28194417094e191e0f1cd225067ffb44dca32ef46bf70ef72145bd0132e6cf7f5d20c49e2ed94c8058c7ca4a6744cabf866ee5b97f2e568a4ab

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\ZetaLongPaths.dll

MD5 09374c4581177a8c866b866f108c8958
SHA1 05f861bd4d4c038e8181e83a46e6e93bc04ca5df
SHA256 8af34db2c25f4387b878b2311ef60e74c4f83774c779689393199ecdb039baa2
SHA512 2099c97a43c59592c3af3ccd45551a883ca9654fbb1a1b98e4241693b60ef982f688a55488f394476cedcacb850a18361002179d383ea3a93bb98b31a5c0371b

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\WindowsInput.pdb

MD5 50e869af7b21aecb7598627f9d90e3ff
SHA1 e1b081b0619d8a63070d2d0e78c0ce760c919e6e
SHA256 ab913e1b256c09628963e9bc1c20c8c20ef29b408289a4b2655293f3fd4e7127
SHA512 72ba511de08f0aa7abd3962d4e047adbe137d7048a251490b88a9ba97a6b96227b3f74a444a6c636331dadc5b32ccbf59d93b087045fdddcf80170fa52a0d7c1

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\SilkenMermaid Software\Smart Text AI Processor 5.2.13.5\install\00AC18E\Qt5Svg.dll

MD5 7b80103c5e287dc427a6e9435ab05f35
SHA1 272f90165ff6d440e2d4ce21f69eeb44ac8a5c9b
SHA256 25ad9cf13bbef3b7f7f99c8effc25aedd20dcf8b2455e4b685ebb27d510f9ecc
SHA512 522037c7aa50cbf122d1e11e1b0284afe7b7f77dc6f1fafd89d803816e8ab92a98b8f9a14c2cca45bcc475405f4b6c89ba9da3973572982a903d38fd6bfff2cd

C:\Config.Msi\e573bc4.rbs

MD5 eadcd692b403bd0730f05884a6d0706b
SHA1 61dc7f929cdc711d7c60d6a80f82e455a66a3a17
SHA256 06edd73b97bd7900a7a20432999057a681e6cac22799f473dd560435345d2460
SHA512 615ac92ddabda17e3f69bc06095a50e572919fc3aa0cf9b4d08ae470d25c2e0ae646633fd9b187918665ab957eff76578e9f5e6078eb6b07fc386d6e43c18f28

memory/4104-409-0x0000000000E90000-0x00000000011B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LFxFMyoK\_Files\_Information.txt

MD5 84994a0efc967962a510fea0996d2774
SHA1 2cff5144f694e3e53da9df4fb4300f81d58f13e0
SHA256 f53d0e6c8c5fa3821de19e27b0aa7e9b57fbf976b9458b83c0a24a9de13d510e
SHA512 5b38a2942b0c2f1007517ffbacc783cbac9f4b4534a89881ea529c8c3b9d73876e29bfd91c6642edb7d13f89767abb4461f80f3275606141dfe3aeb8bd669792

C:\Users\Admin\AppData\Local\Temp\LFxFMyoK\_Files\_Screen_Desktop.jpeg

MD5 a5c50ff45641952a1da7cdd0d3958835
SHA1 4a3e9bdd790dc154cb978b7ab0beb762d717b650
SHA256 079d69a67d9f89a0abc7cd233d3f2455ce61f693cbb8d28ccd152c1b00779ed0
SHA512 d46a16c8180eeb556d3c56634da011dbf2db413b12f03aa8baf5c0d99051047e37f695d69a6b13af34cfd3559aa73ca75b4ba535c66eb0bdb24c76b732e514a6

C:\Users\Admin\AppData\Local\Temp\LFxFMyoK\_Files\_Information.txt

MD5 d0721938bb7ad80ccd07d6e5c04c238e
SHA1 294c2a047622559b1b2969fa928c62ee55643e1b
SHA256 355631eb05c57ceb31f0c883d9ad7a10086c86d45a4b9019f85e58068b15bbbc
SHA512 457a738f72b6400f7b9cb1479cd326f7bd3671ab3bf03312e8a8ff6a690bb545e5ad721ef98fc4ecb3cf94658ca48a558c881b28cb81648422202f1e911b90f9

C:\Users\Admin\AppData\Local\Temp\LFxFMyoK\_Files\_Information.txt

MD5 98c61dfd354a9cf8bac340ca42bf2cd0
SHA1 d044c72912532c6ee7b40ed043ff8507476afe44
SHA256 71e04ac00b9a943ddc2b4b26fa93b6c2ff43a6f5e4597617e3ddf79d551f3d0b
SHA512 4094daf5e882ca124a3ea99f8eff3e7ab9bc1011974206669509ab35ee06d15a9bd145b5e693206e911b2dba41488f1fa8e327536f404e1da8f81ec65360ef3f

C:\Users\Admin\AppData\Local\Temp\LFxFMyoK\QGelZTCAQQMq.zip

MD5 8c998140185ed702ef368503b2fe4f53
SHA1 249554a7ac71c7613af472a2ae13269aafb97e4d
SHA256 05a9f9f8e7b98189bb6444262db5b361893fec683768b417dbfe17d611cc953d
SHA512 82dc2ee8f644cc22b0c6d5cee741d255f028d84669a07581a01092e3ead859e399555b8d59ad3dc1800b5b02844d146622b1f97083052247d7aef355620e760a