6fb424df170206a28a96e8234701bdf0bbc4642c9257bae68194650a1a92972b

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65dd5595a227f633a79747be3731f163_JaffaCakes118.exe
Size

7.8MB
MD5

65dd5595a227f633a79747be3731f163
SHA1

43a94bc86441874c6897042ee11caef250b26268
SHA256

6fb424df170206a28a96e8234701bdf0bbc4642c9257bae68194650a1a92972b
SHA512

e6a79fd649e2cf50bb408b761b435e230c1bc271487a45ebcc883ea025b41efbdfe2c722031efe6dc61a46adb4f480a47d1023f4565a07da5a0a60b28fe2a56e
SSDEEP

196608:aG5k/h3pNMT4gUdpYX8E8S6dsAYiMCQFB5g:v5mh3pppw8E8S6655g

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

installer.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	installer.exe

Executes dropped EXE 2 IoCs

Processes:

installer.exeGenericSetup.exe

pid process

2208 installer.exe
4736 GenericSetup.exe

Loads dropped DLL 25 IoCs

Processes:

GenericSetup.exe

pid	process
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe

Checks for any installed AV software in registry 1 TTPs 5 IoCs

Security Software Discovery

T1518.001

Processes:

GenericSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	GenericSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

installer.exeGenericSetup.exe

pid	process
2208	installer.exe
2208	installer.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe
4736	GenericSetup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

GenericSetup.exe

description pid process

Token: SeDebugPrivilege 4736 GenericSetup.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

GenericSetup.exe

pid process

4736 GenericSetup.exe

description	pid	process
Token: SeDebugPrivilege	4736	GenericSetup.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

65dd5595a227f633a79747be3731f163_JaffaCakes118.exeinstaller.exe

description	pid	process	target process
PID 4160 wrote to memory of 2208	4160	65dd5595a227f633a79747be3731f163_JaffaCakes118.exe	installer.exe
PID 4160 wrote to memory of 2208	4160	65dd5595a227f633a79747be3731f163_JaffaCakes118.exe	installer.exe
PID 4160 wrote to memory of 2208	4160	65dd5595a227f633a79747be3731f163_JaffaCakes118.exe	installer.exe
PID 2208 wrote to memory of 4736	2208	installer.exe	GenericSetup.exe
PID 2208 wrote to memory of 4736	2208	installer.exe	GenericSetup.exe
PID 2208 wrote to memory of 4736	2208	installer.exe	GenericSetup.exe

C:\Users\Admin\AppData\Local\Temp\65dd5595a227f633a79747be3731f163_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65dd5595a227f633a79747be3731f163_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4160

C:\Users\Admin\AppData\Local\Temp\7zS040860D7\installer.exe
.\installer.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.exe" C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS040860D7\BundleConfig.json

Filesize
2KB

MD5
2eeacb35af978d98bfc6fa6c7646942c

SHA1
799f29caac701d5b67d3e5f35e92ff4e4ff09310

SHA256
43cc236476523572c27cb72c59611a999846cf6c5bc945167150fa2301b900a5

SHA512
4997eb6c6d3b73e774fafc75cbcd9444e0ba2e6d5d8be6bce7ef24ccdf830b40bdce7ca8af1270eb034b185f7f38d4acd9408914b1e2871337ac9db7807e3e3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Carrier.ZIP

Filesize
4.9MB

MD5
ea977e061e05aa62e9c70a243b44e96f

SHA1
765b17bd6f54a209940a4044ba9113030a299b61

SHA256
707537ba1a9a37bff70184991d831c21f579bb8104a9259f37c0fe9bea5d1df8

SHA512
f0aa19a50a6466331984a3707c0eef5da15ae88c13f16dc97584617f455041c9452f30dfce36d6bc1508e8d3a22ff0bc84ef695af9800d3e3b3fc1939c70bd51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\DevLib.Services.dll

Filesize
214KB

MD5
9fa43d7f20ba6d4e9d9a0d47584e1505

SHA1
12f20403305be941cbc53e3d10da76671ef3e345

SHA256
0a6fac467940894465ceece47806cf14e680a845d67b9bc391e35a5162b91170

SHA512
344b8e32e8ba5f91edda1bf1476e98fb544ed7051226a2c2bbdf90b695ba49371803173b40974959a2e6c4b82c6fd957173351b13dee573c2812690d8d2e758d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\DevLib.dll

Filesize
72KB

MD5
bb82fddcdf5924c9375f8bd3b333fd1b

SHA1
9fa5c288a5cc13435e8f880835bc66035e60c073

SHA256
7cdcf00d0b9bd734864a60b4d8f5bc318e1660ddf6ed00ac2745f5f13da46951

SHA512
ff28875ab9c25daa418f9ad875a9d0bf3c2e578845949b07d20ac7845c37a8ab1118d93fe41c27f46d3644f4270af5ac807f51423451718ffe50b58278442ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\ExternalResource.XML

Filesize
1KB

MD5
d8d210cc56a8d52065010b63953c457d

SHA1
e8b7bd9039f1248ec5d2ae2dafc12b38e971c686

SHA256
7f78bd0fa8e44e6f8362770745cb5812f2b575f5a5b3d979180245b96c55cabb

SHA512
74f208e7ef088d9433bde5c1a19ae8d1ec6ac3f123b2f7bf8667b841282ea8bcc146a79f0281b015b5daab8288fc65530a9f307e1480e54a36ab83b5acc71509

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.dll

Filesize
120KB

MD5
bc37a966c6463011d52523b958e3b14c

SHA1
0cb56605a8cd7dda26910b13aa18cc85fe081c70

SHA256
1b9061baa81f3482416a6eb085bb15202e699b4916ceff1b81600db0337311b0

SHA512
984293c6bf1d2285f2e5547f8bca725d34693945228d6b7b192135baef42552d4347b87c1dfda423cbd4e24be25f6c65c88b58ffbb8a91a0b080eac4b387603d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.exe

Filesize
19KB

MD5
a0a2c3e73809a99deebb8a01260dde84

SHA1
5db8b645e73790641ad313e0b4d403a0b3e9b952

SHA256
121a8d8ca983ced2a21000ae815e973161c8a86f8f1307d3c01fa59e5727db9b

SHA512
ea7802cf4b50f9565a099f48033d3eac8aaed1bd20b5a368c5d74264b498a284ed2c77c944c0a6850b313bca86b666d35332c0e6a03b6b95453b04911e734879

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.exe.config

Filesize
1KB

MD5
d8b647033179f18b7bd01518746fbfb5

SHA1
62cdade9b6dbaf13456ebf8dffba544091f995f8

SHA256
388e965dd296e3fb0841e891d9d09f32f8fc2dc52cd1fad26cc0fb5d48866435

SHA512
19de33468a29ad2839baabe969c00762cea7f8f6a39e8b3e78e14c2f807923d7328792409e9ec3b51d863a323871a61a88d61c3b0011e0e5636968a9ca9cffb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\GenericSetup.exe.config

Filesize
2KB

MD5
ab4fb3b00de2b0e378db60f3f119bf47

SHA1
0dbe7374df7c9e53c5f6924dcedc5ee020ef52cc

SHA256
3b1b9a25234c7749d2b3d4022fb5c58ebecdc689fb30892e71575bec7a479e82

SHA512
5f508f787b4a36b0b38dc4ec3e9c41e017131b906e623a4999c8223fa7a7d8f3049516236b1fa7e891983ddc71d7fc839d07ead84ba36a6e4a619fdd30d8efbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\H2OSciter.dll

Filesize
139KB

MD5
369e5a11e2ad5aea8f0e035c36f850fd

SHA1
b3d0f5a10f6acd90abd3ea8ff209c0b67e9ab060

SHA256
6e2e1016b820bd3bcc34fb40674ecaa62579781ecfe66e7a9fc44bba0faabdba

SHA512
898877a9cab84235a16df1cc7b0eae90130448113079a76b777a74ed4ee194e11ee13864f1afc3126445decfba3a5c3dff5120add307ee2bf733246028c15cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\HtmlAgilityPack.dll

Filesize
162KB

MD5
2cdc8f7c7bbc9c48a9ed7ffe950a4d15

SHA1
0934102926a0fc4c238d5816772b873c4ae5f519

SHA256
4571488de9f5a9567b40e5d030d210c1cbacf6f1801cf0fa9dd6795315b6604b

SHA512
787072065cb27e81500caa87068a5ce2a304e56e5c391a7d11329d3ffb7eaf89f2f9c50e393f6af58ac64e61341245c58d09179f42268a3727dde563a5ae9c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Microsoft.Win32.TaskScheduler.dll

Filesize
303KB

MD5
9e4b0ad21fcc600a5abf2ad505c1cae3

SHA1
0d657cf3510a5d944cbc5ee9b67c59ff53a13e66

SHA256
c08bcd4d3743d4bfa7381b41c6583677f29bc71c0c2c17e8974895ebb88271ab

SHA512
a047a0b6dcc636f81efbcd789225492f81997a9d8092c08ec30dfbbebdb6d2d53d1806068a2594ffb3dcb0776cc14979953925d40dc229e20253e7894a362ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\MyDownloader.Core.dll

Filesize
68KB

MD5
f8b728288637e4de11fd6ca44b6b1022

SHA1
1f36c62f234bd89fb89eeb3a546ccc8dfb9d14a4

SHA256
096d911a7779d6f16cc120bda33218a4bbc54e9c5b81bf45dce08beb5c5fe696

SHA512
933963d4209fe70de614107da1e50d2d44c1f24facd4cca8c4ef5941476c7e2c1060235bd327411acc7ec5cfff3970314670190c16476be05f0f12517519ebf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\MyDownloader.Extension.dll

Filesize
180KB

MD5
1e32a5ce4b3dc1102e9536bfbd9a4457

SHA1
5460b314d725a4ff19afb7dc14a9a7b8fc2252da

SHA256
ddd4b9af3e2fe61195050959e4c2adfeed0ba0801b826444c820808d84587e0c

SHA512
c57d7ee0a15da56c767876fa2d21d92e237dd474f1e914c8382c8e482f82f8e05eb0d4bd9158689d66f9ac246e44edfc5480f487a964246684997ba90aca0458

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Newtonsoft.Json.dll

Filesize
481KB

MD5
1c473905477e3f71c03dca2f0801c931

SHA1
e314937e9341fff0bb9efbdb5c7d9fc663f6c104

SHA256
4029b53b21b9e66838de4b3d5bcd40dfb15b337f60483af46adb1d5ea0843e53

SHA512
09f399c49db507b81c0edb2c65bea849768e5ea9f743daf9290d88ae9625dab1ee3381e209c1149e582f9050db1e88074f497c973ce9de951f9e9cdb3d53fc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\OfferServiceBLL.dll

Filesize
95KB

MD5
69dff925e1cfacd39ac662c6bd31ced8

SHA1
904c920a03379a6ee50364884ff27e76ee9c2fd2

SHA256
265e72602c4857d788bc5930b26cebab9f34c97daa2d8143cc7d4922bba67b9b

SHA512
60defb2b36fd32328784d3f6bc6ec3bf67b6ba5b2c59342aa018e1e7b93d7a91494d8203dbf4200ac227ca2488364892b6dc940e147741a74e6ca73e5209071f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\OfferServiceSDK.dll

Filesize
28KB

MD5
ac705598c0ce48b0a1cbab2f8bfaf2ad

SHA1
e63e09d771bbdddbb675df8f6145aed48867d3a5

SHA256
9d76d933a0b0b6a813a7b66aa37e6c47330d055d6dc949bf15ef7ca3cc01bcd3

SHA512
81f89868f5fbc6dff4c5167b9f9a80dee03bd713dbd7e3c1a57af9cba418c472d143f88ea30e4ece1e0f8b09806543334de224b88166d80a61f1371807992379

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\InstallingPage.html

Filesize
1KB

MD5
b606e9b227b5e5984039e8dbc2e8aa1a

SHA1
6efa884434f84b31caddd83b022fb12ddb56e441

SHA256
58c0ae7d58302321140dd65c7f4b2db13a698afe6abac5c4024f7ef328adb437

SHA512
cb9687027ec7ac9f20aee0dd030da84bae24867a1ff33cf647d6438bb4ea8ebf169162709a71098f5d4e16bb4c98092e612f87aa905c6bdc01d266d3951915c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\LaunchCarrierPage.html

Filesize
8KB

MD5
1a820c6d824a96bb7ba39825534aaabd

SHA1
e20cf448da453f9f49a3d367fb3e8f59e38375e8

SHA256
7298e88af3fda7ba7fd2ace6665105f35b145c5fc8c5221a42143e1c593acb50

SHA512
d2c84a7939130c5d8262fe5f26fb969e02a78228a45b0c0c10d6feb07c53b3e85b3880ed624d74b51110415948e3b6f57c0232766f221ebb42dd55a2d8764a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\OfferPage.html

Filesize
1KB

MD5
0a01c96662ee3d320af2814495cba2bb

SHA1
c0e34392fbd4c36754f8d242beaa65ca2543a08a

SHA256
2d758368d6f4054b33144bbad1defec20523322f393ed204b1d9200cd3424cd5

SHA512
776c530eb0f4c42383ba1742d374f8ea302d72cce88bdeee663773893b1e7bc8bb3bd6e01cde5eff7d1a75ba6fee4e2735c5f66d72e3c4e7344d18f72aa55822

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\ScanningPage.html

Filesize
1KB

MD5
4fa1afc9d36c2fc1012f5bf81cfcd238

SHA1
1ba175bbf25c03293304788ef6e3692b05293f07

SHA256
30b483216a928d8ef9b95620edf50dca44b4786a526907ecd2923d8cba9f85b1

SHA512
3c387adb9c2527e80e394cbe266f0961de05963e9b3fd63b07ec325aeb0361fa99d4b101bfd574e1b09d4a5a7eb1aa3db502b7460eb2e0e952d8faa0ba13a1c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\WelcomePage.html

Filesize
2KB

MD5
ff0da7a1f75dedb6d7f72aad55b140cd

SHA1
ac1932539017e8429fc0761aba220092dd9aaec3

SHA256
4da5988274ab700a4466fb4b3b38b469abc1e3c5596eeb1d61472480cfb50973

SHA512
1145d2927acc6c9d6e6230ef4c4a9d9bfda5009c980e8f86e5c987c574916215409a60780ed808b5066516ecbe577222485168cd5778e94815966ec3766c3016

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\images\loader.gif

Filesize
16KB

MD5
2b26f73d382ab69f3914a7d9fda97b0f

SHA1
a3f5ad928d4bec107ae2941fa6b23c69d19eedd0

SHA256
a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643

SHA512
744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\images\warning48x48.png

Filesize
749B

MD5
d3361cf0d689a1b34d84f483d60ba9c9

SHA1
d89a9551137ae90f5889ed66e8dc005f85cf99ff

SHA256
56739925aada73f9489f9a6b72bfaaa92892b27d20f4d221380ba3eae17f1442

SHA512
247cf4c292d62cea6bf46ac3ab236e11f3d3885cd49fdd28958c7493ebb86ace45c9751424f7312f393932d0a7165e2985f56c764d299b7e37f75457eef2d846

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\style.css

Filesize
10KB

MD5
4d94b8a8639401063d6de63e851d2234

SHA1
26490f8854e908fba601f1869675b51e8b4be035

SHA256
00aea040d0bbcd52c1874668cf2f66a0e94c09340063dec20e6aa94425d61fc7

SHA512
62fc7719d02385b38c654f26121d2876ad4b6da024bf914222e93c83ed99cb14b00cb99def2d8abdc840b0041ea50827e5e20edfc05e425faeebee01ecdbc288

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\tis\Config.tis

Filesize
102B

MD5
fb1c09fc31ce983ed99d8913bb9f1474

SHA1
bb3d2558928acdb23ceb42950bd46fe12e03240f

SHA256
293959c3f8ebb87bffe885ce2331f0b40ab5666f9d237be4791ed4903ce17bf4

SHA512
9ae91e3c1a09f3d02e0cb13e548b5c441d9c19d8a314ea99bcb9066022971f525c804f8599a42b8d6585cbc36d6573bff5fadb750eeefadf1c5bc0d07d38b429

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\tis\EventHandler.tis

Filesize
10KB

MD5
e40d7878d88d2d55119e2d28a994653e

SHA1
1f4578cf29341d564b15db5bbe2d1f089e658f93

SHA256
2dbb0a6c28f1a4c199b3090aa17147bd4f784458b0663bcb75e18c17090101b7

SHA512
8ac24cd4e91367f51e968e0570220de42431df46150fc640fd7877856f9b020a34ef44c9f925273ede48bbf7c958c88220873a43ac04fa2e8961dff34d105cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\tis\Log.tis

Filesize
1014B

MD5
cef7a21acf607d44e160eac5a21bdf67

SHA1
f24f674250a381d6bf09df16d00dbf617354d315

SHA256
73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7

SHA512
5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\tis\TranslateOfferTemplate.tis

Filesize
2KB

MD5
551029a3e046c5ed6390cc85f632a689

SHA1
b4bd706f753db6ba3c13551099d4eef55f65b057

SHA256
7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8

SHA512
22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Resources\tis\ViewStateLoader.tis

Filesize
11KB

MD5
cfa267db7e3295c099f9ae454fd23331

SHA1
0d2a2f1594ed90b428cf9ee5a7d736c626398e46

SHA256
5ea24e0cb28ea1f50cc2beef1eb0c1b9ba2a5099b63f66f2a4ee2ed60cfe30fd

SHA512
44bad550b78bf8feae395d629440547ada4887bb06d02f3add0342f21cd42b098f0b2a44a535c0b3816b50c31c99e0ad383b5df89aa3e0401a489bc1243302a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\Shared.dll

Filesize
221KB

MD5
00847986556c2428891caae5c5237324

SHA1
94c60ac459adc77238548e81334ac80e342894ff

SHA256
762d43120263226885c62080361af0a8bbfbfeb7f9342020c97161bce343972c

SHA512
0a03e1125cdb8471ec02a298104747d76a269203c7fe069979fe3526b88dd9dc71bee3e54c5861f8843542924c2afe7ab3fc53ea330bb2d468bf74e7480c43c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\de\DevLib.resources.dll

Filesize
21KB

MD5
22190a0628193bce17edefeea121e141

SHA1
505d3a789cb26cd2b531d1331b40d663d413edcd

SHA256
91d4d13e9535fde490174e725155b87f3074c6ad7166ba3c1bbcd7f74ad642f2

SHA512
ce2e545200a1aab928bca58731a5cba0a410140e72bf571ab35c8fb4e984603e0eb64923a0dba29a1118b3225691dad362411ee1c1b0e098b30a8bae38663f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\en\DevLib.resources.dll

Filesize
17KB

MD5
cd3558a2fe7639cf36ac9e48258d7956

SHA1
09bc84ceca1bf32b34470d52ea5af460dca7612b

SHA256
6bfaff18ecba33f7dd960555ffe5bfc950c760bbef41eba5cf9f10907bccd6f2

SHA512
c7c06d19cbecbc672660c0d55d661a66a045758342742d67cdb014c6df46fc8660b89916b0ffc8060057fb41a416b6e2fc38a207ec555ad79282576213f224b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\es\DevLib.resources.dll

Filesize
21KB

MD5
ea3322e8e8bbb200eef5d76dad841d83

SHA1
b98a717099f90ce2d1a31623e6501ba18899c5bb

SHA256
4d08d1726fab0a1bb4256164dfd29aab522f03f6df8eb8a67386e06c4a4cf3dc

SHA512
ab11b334dafd264efafefc616d259d2111e3b80553280bdb73cbce4588ffd1cbd1cfbb917ddbb9e1a85a4d78257ad98250a59f72fae2ccfb2d3a21f2170798a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\fr\DevLib.resources.dll

Filesize
21KB

MD5
699721831f6d45dc651dc8add543a450

SHA1
55f69950f654d8e15c9529293c049007362fa374

SHA256
2f039fb7e69fdd44f6b52f30e4f7b2cdd6744037f681ce74750e4b3ff90ebfcb

SHA512
6bf7f384511352fa8ebb7d88a2a2b0bf80a56d0daae5ab1cb94322e67c1260f575e161ea6b8e115dc1a1af62d8a784b7956312612706b881e91329cafa3e4ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\installer.exe

Filesize
1.6MB

MD5
a35a77b6c99e23a75785d20abc7d9b71

SHA1
34c26bdbe84dc9b25d9dae10e9add111eec371c8

SHA256
c68dd3882caa6a46945d01bec60e933637e040e8e01a86ceb858a0a42c521a90

SHA512
c09cbb416ebd0a3f4cee4905a57d4188b7dfe50c72e42e72ec46bd905a1b7702eab0890d9fa13ef420deffacf5e23a851777026291e525a5ef95ba30538de97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\it\DevLib.resources.dll

Filesize
21KB

MD5
cf105783da81fd2a5210d275d04b5bb7

SHA1
bfe2bfc13b8bd8d5d257b68255a5c12a71641576

SHA256
ad280458c8e666894b27d81f682acec9d1d973d9a01aec20407d441f06ac02b9

SHA512
42f1d7c1748ee8491cfac89dbbc82eb3f75124b39cf24ac0cd5e176e511512b9c1eb57269807c3d1b12f6f24569704aca801ad7a06c4aec190f7e93a6d4f81b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\pt\DevLib.resources.dll

Filesize
21KB

MD5
9b2c62b693743a5936c777ef8dddf9fe

SHA1
6180a29a275928535198495e176ffa82ea28b4f2

SHA256
4b96bc58f767f76f53e3b02c7576514321301b7bdcbd4eaa7142640cffefb124

SHA512
2373718e6260f127e3486fd9f7563344d68bf0b7c8425ea4c461b633c28f2a7d31d95726a2a2fb281d20eecb2cd6183577ce6f5f1ff7ef78b9da2a2d01ff16c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\ru\DevLib.resources.dll

Filesize
22KB

MD5
e0382ec79b4264028fa17661f2604baa

SHA1
34ec864a4a3e7361b2db88541a5b0bd63b56838b

SHA256
c6db731cf0416cf93199e92a78927264877ccb451e93d99fece1bcdd2c8917e3

SHA512
19cae8310f848a07bcceff7a7613194ac49ea9da4b66f5f951d9ee47e5109c6a65e9cd5735d3237730c65eae8dbd1a8fe7f13b752779d8c8842de015c072bb7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS040860D7\sciter32.dll

Filesize
5.1MB

MD5
a53a5c5065e0575c630d407f03adaae9

SHA1
d14b0005c02b132ea36a2a68235fc83c277b6dd0

SHA256
430925638bd411f541764cfe33308f0a8de7398e3420bbe7110b7b0915ef86f7

SHA512
1a586ace723104bd28c1b1026864a28d218ec17fd080d82aaa55042b5dc6bfad281c7f8369b12b79a2675a42da974991ee0ac08f066828a40dcc4ac75579ab2d

Download Submit
memory/4736-143-0x00000000056D0000-0x0000000005736000-memory.dmp

Filesize
408KB

Download
memory/4736-151-0x0000000005E60000-0x00000000061B4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-129-0x0000000004FF0000-0x0000000005012000-memory.dmp

Filesize
136KB

Download
memory/4736-132-0x0000000005460000-0x000000000549A000-memory.dmp

Filesize
232KB

Download
memory/4736-135-0x0000000005420000-0x0000000005446000-memory.dmp

Filesize
152KB

Download
memory/4736-138-0x00000000054A0000-0x00000000054B6000-memory.dmp

Filesize
88KB

Download
memory/4736-141-0x00000000054C0000-0x00000000054DC000-memory.dmp

Filesize
112KB

Download
memory/4736-125-0x00000000732DE000-0x00000000732DF000-memory.dmp

Filesize
4KB

Download
memory/4736-144-0x00000000732D0000-0x0000000073A80000-memory.dmp

Filesize
7.7MB

Download
memory/4736-147-0x0000000005D20000-0x0000000005D58000-memory.dmp

Filesize
224KB

Download
memory/4736-150-0x0000000005DE0000-0x0000000005E5C000-memory.dmp

Filesize
496KB

Download
memory/4736-126-0x00000000006B0000-0x00000000006B8000-memory.dmp

Filesize
32KB

Download
memory/4736-152-0x00000000067B0000-0x0000000006D54000-memory.dmp

Filesize
5.6MB

Download
memory/4736-155-0x00000000072B0000-0x00000000072B8000-memory.dmp

Filesize
32KB

Download
memory/4736-156-0x0000000007380000-0x0000000007412000-memory.dmp

Filesize
584KB

Download
memory/4736-159-0x000000000AE70000-0x000000000AE9E000-memory.dmp

Filesize
184KB

Download
memory/4736-162-0x000000000AEA0000-0x000000000AEB2000-memory.dmp

Filesize
72KB

Download
memory/4736-163-0x000000000AE50000-0x000000000AE5A000-memory.dmp

Filesize
40KB

Download
memory/4736-164-0x000000000C1C0000-0x000000000C1EC000-memory.dmp

Filesize
176KB

Download
memory/4736-165-0x00000000732DE000-0x00000000732DF000-memory.dmp

Filesize
4KB

Download
memory/4736-166-0x00000000732D0000-0x0000000073A80000-memory.dmp

Filesize
7.7MB

Download