Malware Analysis Report

2025-08-06 00:20

Sample ID 240528-aszynagg85
Target 7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118
SHA256 c6a4c995b5c7de3b6ca71fdbe784f9cc817352b8b551333b71f2f217aaf5cac5
Tags
discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

c6a4c995b5c7de3b6ca71fdbe784f9cc817352b8b551333b71f2f217aaf5cac5

Threat Level: Likely benign

The file 7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

discovery

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates physical storage devices

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-28 00:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 00:29

Reported

2024-05-28 00:31

Platform

win7-20240220-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe"

Signatures

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2192 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe
PID 2464 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe

.\installer.exe

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe" C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 flow.lavasoft.com udp
US 104.16.149.130:80 flow.lavasoft.com tcp
US 104.16.149.130:80 flow.lavasoft.com tcp
US 8.8.8.8:53 sos.adaware.com udp
US 8.8.8.8:53 flow.lavasoft.com udp
US 104.16.149.130:443 flow.lavasoft.com tcp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 104.16.212.94:443 sos.adaware.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\installer.exe

MD5 8b4eafb46db7f783ac9a921ae5698aad
SHA1 2555db08960ec0490caf3cbf55ceef09f3c73f81
SHA256 c1b9914cd9cc5c59a39165516c4dbe08a5ca052ccba764f1cff709ace9c01f92
SHA512 b27d9a29fc85fa16a84d55af8717544eb24ff26dc08bea770499b97da1ef643e14d7f8087b386646be5136d979690119555aa7356723b4ca059cccb99f25bc5f

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\BundleConfig.json

MD5 5f38cfc9c2df24538846437c7de0c401
SHA1 1c36d18c3ef6e78e6fb0b4bf3d6b537613667007
SHA256 9d0e4a3d973dd2cae1b40727450b948d2c5e93c6b778de8a251c6ad6128b2023
SHA512 988685224c6fd17b68b89c17623b573b782b73558ad1ff4c71a888898e1115e75a34e166f10c1c05d7c46a26149d4441ca870212f5aae434f8b5059f877dd43e

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\tis\TranslateOfferTemplate.tis

MD5 551029a3e046c5ed6390cc85f632a689
SHA1 b4bd706f753db6ba3c13551099d4eef55f65b057
SHA256 7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8
SHA512 22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\style.css

MD5 f09fe15a4a96ffd098bb80e8c00170da
SHA1 4729ba687c65122fdf5fd05c66a81319175db1e7
SHA256 9d2a4a15b4dc63227030508ae887ff791ede19fc195c53775bbc74d44aef915e
SHA512 5471143b8e99a3153cf627a38de40924ff1df4827e23136faf9af9600b755b9e80b5079ee68a385dc4e0d0d084785bd8b641a6f314e50df3df5591b8ddfca906

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\OfferPage.html

MD5 2158d02f1257d0da655cecade355903e
SHA1 efe8ba4ed82cc54a299773f31deeafe1e1cf01f8
SHA256 4b45923f6cbdeb3ef4f889d523dd2711b9e97a42d7bf199de0040515d2db6741
SHA512 5c8d1c80b59b552ce6fa2d6e4304f8698f7fd3d32642add24e03f961f8a8a1a5c006ef8b4788b2a0ef1be27a167895bc65ee620a396a4103e8fc6bec9b645531

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Carrier.exe

MD5 6b1fb11a182bc546ee42bae06572b426
SHA1 c0d71666d5dfef86bc2f3652fe25234e4a0ed695
SHA256 deabdf3b080b0f1b4bf0ead798c412e988f0d1a67c970839aa2ef6ffd817de4d
SHA512 8a4e004dabaadc8fbfeaa2f3e2764f93b3dff692405708e5eef778216973a8a2939ec53c6e189c7ec055da2ab17409c377d6bc93ba4ac1c41391a2a596041251

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\OfferServiceSDK.dll

MD5 84da816b0a343e04c4cef48b45fc088c
SHA1 66b56c472a1346541bc60eb357a36867e314e511
SHA256 3284916c2b024acd1ccdf2419adbeb1b3de9428eaa19204121d34d8d61955877
SHA512 5864fb5ee7f33dbb71850885633c5b2f82e113d35a9f3fd185cab12cddcb8fae3f0d302be9a846f660726a3618ce6942cb80ff5377f0a7bf1b5ce2d1e8b1f546

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\OfferServiceBLL.dll

MD5 263dbd623c9c27c35993a9ec623f4211
SHA1 e8bc5d5bf8746b9c99dace132c82a6cdf3d165e1
SHA256 d51e6f9105314be58c1e6d657e48846ee4c5f2efbb6fee48dc6f685df1ba5aef
SHA512 3ed508a6f93678efb5865b745a4b49802d9d1d43a7e2dc06990fb6edb88706f32c20200aed5248dca76448d5986b2154a70d3d1bff5c38330eeb2f5f64b04afb

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Newtonsoft.Json.dll

MD5 79cafa428cd9d8b4a4f74d6ec18c1e02
SHA1 1ffa9baff85e4f71e2f29135d9724ada9c730cc1
SHA256 928ea6bb2a2b0c959199af8208dd6a306e192de2818954cf600bed4ada52328e
SHA512 af935b2a59b126848c60c646a72b34891f013e517db6b6ce1adde5c4b0d489031a3f57be963a533f8ca460118d1c64c4d8c3ea6edaab33b4c7acd5647b7f4ee7

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\MyDownloader.Extension.dll

MD5 e8c8b28733d2d60531a3ae904c8b1e9b
SHA1 07243a4f63cc9b37b0203604fd062477e8bf1649
SHA256 b2b452eca0a6206e67bc600799989814eb2fcd89a52b03e6e5ae25ff054f5625
SHA512 39224a47a4bc2d499bcb69ad4ed4625c04d3763d862acbf2493e9cdcf93e6b10b9673604686e3914c020807c0d5dcb487c5046836766a4f4bda007dd2b408987

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\MyDownloader.Core.dll

MD5 34ff03a01837b97aeaef8345afefc9a5
SHA1 66ce976a379c9584239c0969d2f90a6e8a435403
SHA256 c0bc72d84c5fa36760b253a7ff137e5c368287a404b193b8a146a6c407c43723
SHA512 97f4f471465c111bc41122c661f633475384a19b6f18e834a4d142d1e30b1dff76be227bb5cd8bb431d797361e0fd2ed36f7dbd5b536ce09d404e555e82ee76d

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Microsoft.Win32.TaskScheduler.dll

MD5 98206b3b905bd7871174c44fbda71a6e
SHA1 2a3d75afef3efba0e3f5c1d48249aed40e49ad37
SHA256 3e4c76609c2e0f228ee3e5aefd86aab7acbac0ea61a96c4ec0cb1b637d086e8d
SHA512 1c717480f87a4ae47befa8e147f91b24eac9d649eb8185615a6bfa14778b496c90662a47c45ca9f7516ea0eb1424f51289600fc338362dc1de9b6a4fcaa6793c

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Shared.dll

MD5 0e9d5d5c92e1763dc01a3dcd0c8241be
SHA1 1a5745158aa6157a70ef3a3adda828192814ea8f
SHA256 b7d68590a49ad0aed405246ff81e5d09342338c5b45a9aa7fb1dd2d26a93c76c
SHA512 ded4144f8576beb0edebeb0a89e2480567869f4ae2532ccce84492afd636a0ca1da64a6ef3262e7785f557953d83b2416213e3a79981b52dcc39e64202267ead

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\sciter32.dll

MD5 54104474209f9909b77ffc02deb8985a
SHA1 bf680cec69e6dc2a5b1fdccb99a8f6cf1942242a
SHA256 f366da99fe8083b8e522f7e38c8b23593d2931d688e7bbf7dc2445051b2dd586
SHA512 69d900bf71e6d881b821ed77bb94d9b90316d6323341b5edb213af20678d8347b8902c5b3208880ce5d1c4de9db18d668d2288c89e96305a576a49c0ee5293f1

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\HtmlAgilityPack.dll

MD5 0168657080154bfe2220f32d88631076
SHA1 8fba17d977ab14f3e1a51345a8173e4d9af828de
SHA256 13da78dcd297b7d97212942b55a6d289ee8fbbf06581b93ed50e933bb2f4c8f6
SHA512 75128c4963ff1e7c52a4fb041f6f2d35c4aeaad3b97004741d6ac9a0930ca933ba25ed394a1092a2d6ca877ebfa0395a81ce03a8c7963aa3678c433985c4d121

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\H2OSciter.dll

MD5 142ec220bc2240cedc5cf4e96b58ccbc
SHA1 64bb895bf4faec485875fc43d9212132dd63b0e5
SHA256 42d78476e955afbb9862c6a8c2e77cdb715708d531d0815f538bde88e2336f05
SHA512 4c1a0e78ab7a40ba2c3e663c105ea081ab31e79f85aebc66d7b7cff4a0a0b8096f8e008fa72bfa07c6db4397cfca15f4c7831466862bedde5aede1c88db9371d

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe.config

MD5 c5bb4979ee79c1a681c76afea65c95ed
SHA1 d1714ece77da71e377011b9a689af2e0675bb036
SHA256 54f1667525366c3c0f21949b406f62097ff9c5b4982a188a1ae5a3b61ae9a59c
SHA512 de0e8e036a0dcc5cf5f3cd6e7b33a0479b6311c6ad6c98a919c14f6318acbe57404830a2a1bfaa53b5850824a8fbf93227a5e02c846f53420e7c2b7fa799b0dd

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe

MD5 a29b364e01d79ce8e450f4c9c1008f58
SHA1 d5d2494861006a4a3dae3b0af41779ce92d2c662
SHA256 fc8a15d8fc7196f1dd808c952ed9abebdea3ee765ed91a431104a0ee259cf906
SHA512 2ddfc6941dd77bfeb207daaa8b7d041e66a012605588b7216520863b8a785e5d4779ed90ad5e22bd79302df88c3a4fcce02933ad2e5630a2b82db911f323a5fe

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.dll

MD5 1bc626723c4482a3a13f06ca7faddf57
SHA1 a67f7bd83a75f2c1f529acaeb43110305d262180
SHA256 be228d3e4df7b43fc5bd750cf34c830ce6e325728e0896dbf8163205e159fb12
SHA512 b77b29fdfd16a7f8f6351d877002ec3317bb71525e9bfa576802b535edbc8b7be6185f5386aef1a23c962ee2bd9d0ae97876e7d969c2a099c6c9f0314721ae41

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\DynActsBLL.dll

MD5 22aced717a9e1fa40ff2b5bdd36f4823
SHA1 d1e2575fb535f052f43f0056f04ab721d02be3e7
SHA256 b625121769b7f1fa2b3ce192ae2f54d6727546c9a1aa603238fec9d93313ce18
SHA512 bd348f0e260f1ac239e903c45cfa2f6099193e266f0337b2373e08ac83e9c839f641af7aa06583a39ed3bcdaeb63f0043f159ff6a27ada727345e8f8219abc1d

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\DevLib.Services.dll

MD5 0f1c6f0756f0bac14ff4024544afc7ff
SHA1 20a8efc87f4dc848e5f6116d9020cd0e16858335
SHA256 5f93f3cc59470e1f80d06b8dffdfb43cc8adb1cfb86d023c6b9cb30d64a26d84
SHA512 3d822a3313fb9cca9349ed9ac3e96389b774407fbd8a1a2e0b7da5524a05d8800e94929c7386937251ada35b83ac19a010f85fcce5dfca3099ff993e5a942c6e

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\DevLib.dll

MD5 3a3dee5d86985c6beb5650b655135171
SHA1 3924b1ff1856ee6620ee13b23a5ea1c7144818aa
SHA256 974672169f074077959ac497352763e2cc3b788291205cd65819cb7d5ad6b586
SHA512 102aca4c82004eb0373b8fe3d29457f96e5dec9e25cc532f5e89ce933c10439aa24cc8af173950330d3ba9737bc61701a07460929d150ef2ec6a420f4d48294a

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\app.ico

MD5 16ae96f774d7b320336d27ef5005c519
SHA1 d23c8230072c7389ba6bc4e2b5e0334635057fd5
SHA256 177d0fd51a0e0e660c88efeb9cbe199c2a65ad76501ae0b5b45e2e209636cc92
SHA512 d4592efd80b58d5feae0f1463ddf88baecfcd46bfca293ab8632ff5d5d4362c44037a90c279a05219c567beccbcf42a9dd82358e1b8d15f9846149fb0b3079b5

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\ru\DevLib.resources.dll

MD5 500d807021e584437a070469313cdb75
SHA1 3b3d9eaabeec9271950bcffd9796a19add0c2118
SHA256 fe3cadc5f9e27ab13c3e329b812de7a89fe07e8d6ff9baf77e7f1c9b63e85b1a
SHA512 19d72073a4d9e5c697c6340a12c6e42ddc34cc3953c2904a0fde4160037339e1a5a79ef50c501f37f89a0f982f2c053f10b24da6c9a27b94fe82c44eddcf433d

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\WelcomePage.html

MD5 04dcc34779d6688bc7b7149343d2d644
SHA1 418a08f1f4ebc8a7b6aff77eeb90de3570756c04
SHA256 ea8164d3eb798fa22564e7cf0ef4d9108a257b93abcedf4a4c542f83f1d52cdc
SHA512 8fea94a7ee8db864d82ee8ee9c33da35f08ced47234cecb91c4b82bf26c570e84a1a51cbbc826a56662f2029c42b75fbb4ef2735df12de2267b7d0d322263d83

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\LicensePage.html

MD5 4411dfef54d64804c01ed356d845ec50
SHA1 b73a1089fa30b2765d6e28fc8dd6e8e399055015
SHA256 4f3a556565d1249c83717596a81f3df353acc9c98d3822e5fe2fe0c31944afde
SHA512 ba7aac3ce3ae07afac3b3b8e9b456b620a446dd1ce4bd7a85bade07d4ac3642229af6b4811abce579fb6067594dd16d4634619bd5bc598ad5540799510934fdf

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\InstallingPage.html

MD5 7a642c8ad2070c35816bc2f774a9fea6
SHA1 7bd003ac10b5cc6f7a5544a1961ad64990577656
SHA256 6ea1e5b457ffa149a4b9ad55d9cb6c4acab2dd9775ab0e41a80b6412c73cd333
SHA512 376d463627167533c0dc4a36421eaada825c496a25cecd58c829426c8351a7700dbba84c2967e746c512ec4d542e68e287c812108a1020f2f80d2ff132600b78

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\FinishPage.html

MD5 6b260c9f7b0f8b256dbaf5d84ccc450f
SHA1 6da8e082ab60af6346a5e3153ce02c3a0c17673a
SHA256 ecd3a905ce8f0871073735676ed438b43fc7ae287c9a613964c5acb3139178a6
SHA512 0520af4372ad6ec9f9554ca29509306cf55d37be04dd54a09d5b87efd04a70455ee1bdd142a92dc6b47c4c88e5b6e4cab9e3e036c2cf74702c0d988d2c3ba799

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\tis\ViewStateLoader.tis

MD5 ef47b355f8a2e6ab49e31e93c587a987
SHA1 8cf9092f6bb0e7426279ac465eb1bbee3101d226
SHA256 e77239dbdcc6762f298cd5c216a4003cf2aa7b0ef45d364dd558a4bd7f3cdb25
SHA512 3957dfc400f1a371acadb2a2bc196177f88863908542f68e144bdd012b54663c726e2e0cc5f25356b16012deee37f7e931ebaa21292c7688ac8becbdd96775fc

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\tis\Log.tis

MD5 cef7a21acf607d44e160eac5a21bdf67
SHA1 f24f674250a381d6bf09df16d00dbf617354d315
SHA256 73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7
SHA512 5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\tis\EventHandler.tis

MD5 0cdeed0a5e5fd8a64cc8d6eaa7a7c414
SHA1 2ae93801a756c5e2bcfda128f5254965d4eb25f8
SHA256 8ef25a490d94a4de3f3d4a308c106b7435a7391099b3327e1fdfde8beef64933
SHA512 0bbcf56acf4e862e80af09d33c549cb5b549be00257cfb877c01d2a43eb3d8ac44683078ff02cde5a77c92ec83aeda111d5d3be631015b0aab2de39b87a4dc4c

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\tis\Config.tis

MD5 fb1c09fc31ce983ed99d8913bb9f1474
SHA1 bb3d2558928acdb23ceb42950bd46fe12e03240f
SHA256 293959c3f8ebb87bffe885ce2331f0b40ab5666f9d237be4791ed4903ce17bf4
SHA512 9ae91e3c1a09f3d02e0cb13e548b5c441d9c19d8a314ea99bcb9066022971f525c804f8599a42b8d6585cbc36d6573bff5fadb750eeefadf1c5bc0d07d38b429

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\images\yt-logo.png

MD5 db9e0d8427b61dd47d8d3c1198c6df25
SHA1 3021df462f13903c48a9b36fab5347e53cb1f4a3
SHA256 77f904a1beef0ca429a82f2ccaeb7d7fccb9cf863d06ffcf69880b0fd1f8e75b
SHA512 525cb09b3a714d3652121e4fa06dfb17ce00567cc45478e4001fbe2f1d4a0f54136b07793081558661a3f3f2623d82b760ffd1beac347e6ff4a863e986a54efa

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\images\warning48x48.png

MD5 d3361cf0d689a1b34d84f483d60ba9c9
SHA1 d89a9551137ae90f5889ed66e8dc005f85cf99ff
SHA256 56739925aada73f9489f9a6b72bfaaa92892b27d20f4d221380ba3eae17f1442
SHA512 247cf4c292d62cea6bf46ac3ab236e11f3d3885cd49fdd28958c7493ebb86ace45c9751424f7312f393932d0a7165e2985f56c764d299b7e37f75457eef2d846

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\images\logo.png

MD5 685bf22829c5655f63366bcc9ac57288
SHA1 864873c2547187050bb5cefb34353eb55f1bd611
SHA256 e77808746cdd7da7c8d661138f38ecc9e3f5a4d976659e6c34965bb4080982ed
SHA512 206970594d590e5f33d4eab564bc45f9003f2f4bf1808566c76bec0509e92223be37278b7102e6dbbba8c25e198674c4d344644c8ad195282cd976ffe24ee0d7

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\images\loader.gif

MD5 2b26f73d382ab69f3914a7d9fda97b0f
SHA1 a3f5ad928d4bec107ae2941fa6b23c69d19eedd0
SHA256 a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643
SHA512 744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\Resources\images\header-logo-new.png

MD5 c8de7fca0801dd260820fe12b68849c6
SHA1 c39558782b731e99dd8c7038942da8a05755fa05
SHA256 146b7015dc6a1b6ac6fe33aca4292bfcf0490b175dc3011d27839bcf630c4578
SHA512 5ef89ede33bc968a3979574625aed10610d4514957b99d6f37459a91828fe67eef45f17a3a4476d321a6d385a28b9661662e476a6b4fae4586a9b8071057a7f5

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\pt\DevLib.resources.dll

MD5 48ce08b8516db5fe1d98f39ec58e614a
SHA1 b86087abbf923be8e639088a4212262ff2f2ba12
SHA256 872bb45697c55eb281b26a8a096f49014cc41f08418a5b39580611bec1237ea6
SHA512 9d95115efc62b32fdc8635b6a25abdf36475d585e51ed4d660c4ad2473a8f399da658ed49e31d47c9e596f599f6371c75717209edf1614dd503eac9cc2378099

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\it\DevLib.resources.dll

MD5 c17f20528df8873c7a471f25fabee630
SHA1 dc90b0eb8b9b2bd799c617f0a50b94e66c22bcd5
SHA256 4a75125da73790abeba2976c1fd1208972438c5249fe165f282b2adca2cc9838
SHA512 cb59f861f252e833c5cf9da89ee3a44a552e61dcd6b9ed29b5e72696218a959b2b2ca4d012e1482e2270899c26f03d728fa63099615a76917defd331bbdaf034

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\fr\DevLib.resources.dll

MD5 f21298d1d72aab969d5acdcf4f41b0f5
SHA1 648ecf9458e0188de3524630ae4ecee83c5aa3f6
SHA256 3ca6351ba6f517b1a9fea9d50a6328775b939d468e5912185852659fa01dee6d
SHA512 947d16468bab297e84c63f46050efe004d4560d6fdf845e405bc543c4ba9ed76b36540e86cb218080002611ad12d07a8687f42a285021986013a1a67b639f9d4

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\es\DevLib.resources.dll

MD5 d1e9b352cd35f903cd96e084a5b60cf6
SHA1 ac3c8287e05731a888600064ae5c5b52f3beb845
SHA256 bcb2b521967214d65926aa5c170079e56ea594bf93c18febd95acc63e532e4b7
SHA512 34059f44ef89d24913093af718deb2133ac0e031ae3d02daf10905483c6cdfa6de6a5a0c44a58cf56338ca663afd3684a19b8e99b9bc0b2ccbaf7740069fd805

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\en\DevLib.resources.dll

MD5 0588278afc8d31ab77d940e4a7874d52
SHA1 2dcb4c6aad97d19aa380fe7d3d544e934aea70fd
SHA256 057715f3188f50fe75d20a65479ade35524637faae00391fc81e4389a41dacda
SHA512 613ae09ff0e527457d1510d9c92b517197bbd2883656ad0e914dd780e1e805888f3ce4cc9a9dd26e8929a07cf7930bfa8c13cf7f50d9ab765da7a0f13ebd8413

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\de\DevLib.resources.dll

MD5 feaa53b17999602217d45e9da852ec5e
SHA1 1da7686c00492c4c3ce15f38e5afe3b8114031b9
SHA256 e9bb7931c1ec49646da7bf8730483a1aaff4170f1aff6229be85baae7fb522aa
SHA512 422d88dcba0100a68c8461a1fd10c1a59ed6501cde5c1f2a3cc9f06e4761a6453c4d4f327cf7e0a564e8d69c8cd214a17c8e98e82aed1353825d9fe258815533

C:\Users\Admin\AppData\Local\Temp\7zS0981FC26\GenericSetup.exe.config

MD5 925e9c8a812cbc080c5a95fc2d314659
SHA1 180d376fefa8f3156a34abc00247c621a4362f40
SHA256 bf42b111b8a020582d17718ee4013b8adbe58cb0a0e05425b9ad2c875486966d
SHA512 18f61dcaa46be259124067be863c7d41d02c63d0660a85a6304ff3d4ccbd850512b3cbee56c545d915a448b9a7b2f2f15a2e546f0b4e0d211ad65b114c3dfefd

memory/1868-140-0x0000000000210000-0x000000000025E000-memory.dmp

memory/1868-139-0x000000007472E000-0x000000007472F000-memory.dmp

memory/1868-143-0x00000000002C0000-0x00000000002E4000-memory.dmp

memory/1868-155-0x00000000006D0000-0x00000000006EC000-memory.dmp

memory/1868-152-0x00000000006B0000-0x00000000006C6000-memory.dmp

memory/1868-149-0x0000000000600000-0x0000000000626000-memory.dmp

memory/1868-146-0x0000000000530000-0x000000000056C000-memory.dmp

memory/1868-161-0x0000000005A70000-0x0000000005AEC000-memory.dmp

memory/1868-159-0x0000000002030000-0x000000000206C000-memory.dmp

memory/1868-162-0x0000000004830000-0x0000000004838000-memory.dmp

memory/1868-165-0x0000000005610000-0x000000000561A000-memory.dmp

memory/1868-164-0x0000000004C70000-0x0000000004C82000-memory.dmp

memory/1868-163-0x00000000055E0000-0x000000000560E000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar28EB.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8879ebbe5e6e0b7cee53befe510e6c24
SHA1 bcc7e2c492bd1cbfbef32bf7c75b404893fa53e4
SHA256 98faff517fb29ec5eacc85a323a7e85c285b70b291f1d881dd9cdba346011f00
SHA512 44000264c856172accb505b8ca56567481efb5915c68b0e78b78f03f1afe640adcfb2e88bcd68ea128539aa66ab557f1b3fc208b0f37f29695f04a48dcaaaf93

memory/1868-258-0x0000000005DF0000-0x0000000005E1C000-memory.dmp

memory/1868-259-0x000000007472E000-0x000000007472F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 00:29

Reported

2024-05-28 00:31

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\installer.exe N/A

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7b150af3716ef820a2686be1bbc7ecf6_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\installer.exe

.\installer.exe

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe" C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 flow.lavasoft.com udp
US 104.16.148.130:80 flow.lavasoft.com tcp
US 104.16.148.130:80 flow.lavasoft.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 130.148.16.104.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 flow.lavasoft.com udp
US 104.16.149.130:443 flow.lavasoft.com tcp
US 8.8.8.8:53 sos.adaware.com udp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 130.149.16.104.in-addr.arpa udp
US 8.8.8.8:53 94.212.16.104.in-addr.arpa udp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\installer.exe

MD5 8b4eafb46db7f783ac9a921ae5698aad
SHA1 2555db08960ec0490caf3cbf55ceef09f3c73f81
SHA256 c1b9914cd9cc5c59a39165516c4dbe08a5ca052ccba764f1cff709ace9c01f92
SHA512 b27d9a29fc85fa16a84d55af8717544eb24ff26dc08bea770499b97da1ef643e14d7f8087b386646be5136d979690119555aa7356723b4ca059cccb99f25bc5f

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\BundleConfig.json

MD5 5f38cfc9c2df24538846437c7de0c401
SHA1 1c36d18c3ef6e78e6fb0b4bf3d6b537613667007
SHA256 9d0e4a3d973dd2cae1b40727450b948d2c5e93c6b778de8a251c6ad6128b2023
SHA512 988685224c6fd17b68b89c17623b573b782b73558ad1ff4c71a888898e1115e75a34e166f10c1c05d7c46a26149d4441ca870212f5aae434f8b5059f877dd43e

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\de\DevLib.resources.dll

MD5 feaa53b17999602217d45e9da852ec5e
SHA1 1da7686c00492c4c3ce15f38e5afe3b8114031b9
SHA256 e9bb7931c1ec49646da7bf8730483a1aaff4170f1aff6229be85baae7fb522aa
SHA512 422d88dcba0100a68c8461a1fd10c1a59ed6501cde5c1f2a3cc9f06e4761a6453c4d4f327cf7e0a564e8d69c8cd214a17c8e98e82aed1353825d9fe258815533

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\en\DevLib.resources.dll

MD5 0588278afc8d31ab77d940e4a7874d52
SHA1 2dcb4c6aad97d19aa380fe7d3d544e934aea70fd
SHA256 057715f3188f50fe75d20a65479ade35524637faae00391fc81e4389a41dacda
SHA512 613ae09ff0e527457d1510d9c92b517197bbd2883656ad0e914dd780e1e805888f3ce4cc9a9dd26e8929a07cf7930bfa8c13cf7f50d9ab765da7a0f13ebd8413

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Shared.dll

MD5 0e9d5d5c92e1763dc01a3dcd0c8241be
SHA1 1a5745158aa6157a70ef3a3adda828192814ea8f
SHA256 b7d68590a49ad0aed405246ff81e5d09342338c5b45a9aa7fb1dd2d26a93c76c
SHA512 ded4144f8576beb0edebeb0a89e2480567869f4ae2532ccce84492afd636a0ca1da64a6ef3262e7785f557953d83b2416213e3a79981b52dcc39e64202267ead

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\sciter32.dll

MD5 54104474209f9909b77ffc02deb8985a
SHA1 bf680cec69e6dc2a5b1fdccb99a8f6cf1942242a
SHA256 f366da99fe8083b8e522f7e38c8b23593d2931d688e7bbf7dc2445051b2dd586
SHA512 69d900bf71e6d881b821ed77bb94d9b90316d6323341b5edb213af20678d8347b8902c5b3208880ce5d1c4de9db18d668d2288c89e96305a576a49c0ee5293f1

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\OfferServiceSDK.dll

MD5 84da816b0a343e04c4cef48b45fc088c
SHA1 66b56c472a1346541bc60eb357a36867e314e511
SHA256 3284916c2b024acd1ccdf2419adbeb1b3de9428eaa19204121d34d8d61955877
SHA512 5864fb5ee7f33dbb71850885633c5b2f82e113d35a9f3fd185cab12cddcb8fae3f0d302be9a846f660726a3618ce6942cb80ff5377f0a7bf1b5ce2d1e8b1f546

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\OfferServiceBLL.dll

MD5 263dbd623c9c27c35993a9ec623f4211
SHA1 e8bc5d5bf8746b9c99dace132c82a6cdf3d165e1
SHA256 d51e6f9105314be58c1e6d657e48846ee4c5f2efbb6fee48dc6f685df1ba5aef
SHA512 3ed508a6f93678efb5865b745a4b49802d9d1d43a7e2dc06990fb6edb88706f32c20200aed5248dca76448d5986b2154a70d3d1bff5c38330eeb2f5f64b04afb

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Newtonsoft.Json.dll

MD5 79cafa428cd9d8b4a4f74d6ec18c1e02
SHA1 1ffa9baff85e4f71e2f29135d9724ada9c730cc1
SHA256 928ea6bb2a2b0c959199af8208dd6a306e192de2818954cf600bed4ada52328e
SHA512 af935b2a59b126848c60c646a72b34891f013e517db6b6ce1adde5c4b0d489031a3f57be963a533f8ca460118d1c64c4d8c3ea6edaab33b4c7acd5647b7f4ee7

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\MyDownloader.Extension.dll

MD5 e8c8b28733d2d60531a3ae904c8b1e9b
SHA1 07243a4f63cc9b37b0203604fd062477e8bf1649
SHA256 b2b452eca0a6206e67bc600799989814eb2fcd89a52b03e6e5ae25ff054f5625
SHA512 39224a47a4bc2d499bcb69ad4ed4625c04d3763d862acbf2493e9cdcf93e6b10b9673604686e3914c020807c0d5dcb487c5046836766a4f4bda007dd2b408987

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\MyDownloader.Core.dll

MD5 34ff03a01837b97aeaef8345afefc9a5
SHA1 66ce976a379c9584239c0969d2f90a6e8a435403
SHA256 c0bc72d84c5fa36760b253a7ff137e5c368287a404b193b8a146a6c407c43723
SHA512 97f4f471465c111bc41122c661f633475384a19b6f18e834a4d142d1e30b1dff76be227bb5cd8bb431d797361e0fd2ed36f7dbd5b536ce09d404e555e82ee76d

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Microsoft.Win32.TaskScheduler.dll

MD5 98206b3b905bd7871174c44fbda71a6e
SHA1 2a3d75afef3efba0e3f5c1d48249aed40e49ad37
SHA256 3e4c76609c2e0f228ee3e5aefd86aab7acbac0ea61a96c4ec0cb1b637d086e8d
SHA512 1c717480f87a4ae47befa8e147f91b24eac9d649eb8185615a6bfa14778b496c90662a47c45ca9f7516ea0eb1424f51289600fc338362dc1de9b6a4fcaa6793c

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\HtmlAgilityPack.dll

MD5 0168657080154bfe2220f32d88631076
SHA1 8fba17d977ab14f3e1a51345a8173e4d9af828de
SHA256 13da78dcd297b7d97212942b55a6d289ee8fbbf06581b93ed50e933bb2f4c8f6
SHA512 75128c4963ff1e7c52a4fb041f6f2d35c4aeaad3b97004741d6ac9a0930ca933ba25ed394a1092a2d6ca877ebfa0395a81ce03a8c7963aa3678c433985c4d121

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\H2OSciter.dll

MD5 142ec220bc2240cedc5cf4e96b58ccbc
SHA1 64bb895bf4faec485875fc43d9212132dd63b0e5
SHA256 42d78476e955afbb9862c6a8c2e77cdb715708d531d0815f538bde88e2336f05
SHA512 4c1a0e78ab7a40ba2c3e663c105ea081ab31e79f85aebc66d7b7cff4a0a0b8096f8e008fa72bfa07c6db4397cfca15f4c7831466862bedde5aede1c88db9371d

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe.config

MD5 c5bb4979ee79c1a681c76afea65c95ed
SHA1 d1714ece77da71e377011b9a689af2e0675bb036
SHA256 54f1667525366c3c0f21949b406f62097ff9c5b4982a188a1ae5a3b61ae9a59c
SHA512 de0e8e036a0dcc5cf5f3cd6e7b33a0479b6311c6ad6c98a919c14f6318acbe57404830a2a1bfaa53b5850824a8fbf93227a5e02c846f53420e7c2b7fa799b0dd

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe

MD5 a29b364e01d79ce8e450f4c9c1008f58
SHA1 d5d2494861006a4a3dae3b0af41779ce92d2c662
SHA256 fc8a15d8fc7196f1dd808c952ed9abebdea3ee765ed91a431104a0ee259cf906
SHA512 2ddfc6941dd77bfeb207daaa8b7d041e66a012605588b7216520863b8a785e5d4779ed90ad5e22bd79302df88c3a4fcce02933ad2e5630a2b82db911f323a5fe

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.dll

MD5 1bc626723c4482a3a13f06ca7faddf57
SHA1 a67f7bd83a75f2c1f529acaeb43110305d262180
SHA256 be228d3e4df7b43fc5bd750cf34c830ce6e325728e0896dbf8163205e159fb12
SHA512 b77b29fdfd16a7f8f6351d877002ec3317bb71525e9bfa576802b535edbc8b7be6185f5386aef1a23c962ee2bd9d0ae97876e7d969c2a099c6c9f0314721ae41

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\DynActsBLL.dll

MD5 22aced717a9e1fa40ff2b5bdd36f4823
SHA1 d1e2575fb535f052f43f0056f04ab721d02be3e7
SHA256 b625121769b7f1fa2b3ce192ae2f54d6727546c9a1aa603238fec9d93313ce18
SHA512 bd348f0e260f1ac239e903c45cfa2f6099193e266f0337b2373e08ac83e9c839f641af7aa06583a39ed3bcdaeb63f0043f159ff6a27ada727345e8f8219abc1d

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\DevLib.Services.dll

MD5 0f1c6f0756f0bac14ff4024544afc7ff
SHA1 20a8efc87f4dc848e5f6116d9020cd0e16858335
SHA256 5f93f3cc59470e1f80d06b8dffdfb43cc8adb1cfb86d023c6b9cb30d64a26d84
SHA512 3d822a3313fb9cca9349ed9ac3e96389b774407fbd8a1a2e0b7da5524a05d8800e94929c7386937251ada35b83ac19a010f85fcce5dfca3099ff993e5a942c6e

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\DevLib.dll

MD5 3a3dee5d86985c6beb5650b655135171
SHA1 3924b1ff1856ee6620ee13b23a5ea1c7144818aa
SHA256 974672169f074077959ac497352763e2cc3b788291205cd65819cb7d5ad6b586
SHA512 102aca4c82004eb0373b8fe3d29457f96e5dec9e25cc532f5e89ce933c10439aa24cc8af173950330d3ba9737bc61701a07460929d150ef2ec6a420f4d48294a

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Carrier.exe

MD5 6b1fb11a182bc546ee42bae06572b426
SHA1 c0d71666d5dfef86bc2f3652fe25234e4a0ed695
SHA256 deabdf3b080b0f1b4bf0ead798c412e988f0d1a67c970839aa2ef6ffd817de4d
SHA512 8a4e004dabaadc8fbfeaa2f3e2764f93b3dff692405708e5eef778216973a8a2939ec53c6e189c7ec055da2ab17409c377d6bc93ba4ac1c41391a2a596041251

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\app.ico

MD5 16ae96f774d7b320336d27ef5005c519
SHA1 d23c8230072c7389ba6bc4e2b5e0334635057fd5
SHA256 177d0fd51a0e0e660c88efeb9cbe199c2a65ad76501ae0b5b45e2e209636cc92
SHA512 d4592efd80b58d5feae0f1463ddf88baecfcd46bfca293ab8632ff5d5d4362c44037a90c279a05219c567beccbcf42a9dd82358e1b8d15f9846149fb0b3079b5

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\ru\DevLib.resources.dll

MD5 500d807021e584437a070469313cdb75
SHA1 3b3d9eaabeec9271950bcffd9796a19add0c2118
SHA256 fe3cadc5f9e27ab13c3e329b812de7a89fe07e8d6ff9baf77e7f1c9b63e85b1a
SHA512 19d72073a4d9e5c697c6340a12c6e42ddc34cc3953c2904a0fde4160037339e1a5a79ef50c501f37f89a0f982f2c053f10b24da6c9a27b94fe82c44eddcf433d

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\WelcomePage.html

MD5 04dcc34779d6688bc7b7149343d2d644
SHA1 418a08f1f4ebc8a7b6aff77eeb90de3570756c04
SHA256 ea8164d3eb798fa22564e7cf0ef4d9108a257b93abcedf4a4c542f83f1d52cdc
SHA512 8fea94a7ee8db864d82ee8ee9c33da35f08ced47234cecb91c4b82bf26c570e84a1a51cbbc826a56662f2029c42b75fbb4ef2735df12de2267b7d0d322263d83

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\style.css

MD5 f09fe15a4a96ffd098bb80e8c00170da
SHA1 4729ba687c65122fdf5fd05c66a81319175db1e7
SHA256 9d2a4a15b4dc63227030508ae887ff791ede19fc195c53775bbc74d44aef915e
SHA512 5471143b8e99a3153cf627a38de40924ff1df4827e23136faf9af9600b755b9e80b5079ee68a385dc4e0d0d084785bd8b641a6f314e50df3df5591b8ddfca906

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\OfferPage.html

MD5 2158d02f1257d0da655cecade355903e
SHA1 efe8ba4ed82cc54a299773f31deeafe1e1cf01f8
SHA256 4b45923f6cbdeb3ef4f889d523dd2711b9e97a42d7bf199de0040515d2db6741
SHA512 5c8d1c80b59b552ce6fa2d6e4304f8698f7fd3d32642add24e03f961f8a8a1a5c006ef8b4788b2a0ef1be27a167895bc65ee620a396a4103e8fc6bec9b645531

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\LicensePage.html

MD5 4411dfef54d64804c01ed356d845ec50
SHA1 b73a1089fa30b2765d6e28fc8dd6e8e399055015
SHA256 4f3a556565d1249c83717596a81f3df353acc9c98d3822e5fe2fe0c31944afde
SHA512 ba7aac3ce3ae07afac3b3b8e9b456b620a446dd1ce4bd7a85bade07d4ac3642229af6b4811abce579fb6067594dd16d4634619bd5bc598ad5540799510934fdf

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\InstallingPage.html

MD5 7a642c8ad2070c35816bc2f774a9fea6
SHA1 7bd003ac10b5cc6f7a5544a1961ad64990577656
SHA256 6ea1e5b457ffa149a4b9ad55d9cb6c4acab2dd9775ab0e41a80b6412c73cd333
SHA512 376d463627167533c0dc4a36421eaada825c496a25cecd58c829426c8351a7700dbba84c2967e746c512ec4d542e68e287c812108a1020f2f80d2ff132600b78

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\FinishPage.html

MD5 6b260c9f7b0f8b256dbaf5d84ccc450f
SHA1 6da8e082ab60af6346a5e3153ce02c3a0c17673a
SHA256 ecd3a905ce8f0871073735676ed438b43fc7ae287c9a613964c5acb3139178a6
SHA512 0520af4372ad6ec9f9554ca29509306cf55d37be04dd54a09d5b87efd04a70455ee1bdd142a92dc6b47c4c88e5b6e4cab9e3e036c2cf74702c0d988d2c3ba799

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\tis\ViewStateLoader.tis

MD5 ef47b355f8a2e6ab49e31e93c587a987
SHA1 8cf9092f6bb0e7426279ac465eb1bbee3101d226
SHA256 e77239dbdcc6762f298cd5c216a4003cf2aa7b0ef45d364dd558a4bd7f3cdb25
SHA512 3957dfc400f1a371acadb2a2bc196177f88863908542f68e144bdd012b54663c726e2e0cc5f25356b16012deee37f7e931ebaa21292c7688ac8becbdd96775fc

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\tis\TranslateOfferTemplate.tis

MD5 551029a3e046c5ed6390cc85f632a689
SHA1 b4bd706f753db6ba3c13551099d4eef55f65b057
SHA256 7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8
SHA512 22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\tis\Log.tis

MD5 cef7a21acf607d44e160eac5a21bdf67
SHA1 f24f674250a381d6bf09df16d00dbf617354d315
SHA256 73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7
SHA512 5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\tis\EventHandler.tis

MD5 0cdeed0a5e5fd8a64cc8d6eaa7a7c414
SHA1 2ae93801a756c5e2bcfda128f5254965d4eb25f8
SHA256 8ef25a490d94a4de3f3d4a308c106b7435a7391099b3327e1fdfde8beef64933
SHA512 0bbcf56acf4e862e80af09d33c549cb5b549be00257cfb877c01d2a43eb3d8ac44683078ff02cde5a77c92ec83aeda111d5d3be631015b0aab2de39b87a4dc4c

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\tis\Config.tis

MD5 fb1c09fc31ce983ed99d8913bb9f1474
SHA1 bb3d2558928acdb23ceb42950bd46fe12e03240f
SHA256 293959c3f8ebb87bffe885ce2331f0b40ab5666f9d237be4791ed4903ce17bf4
SHA512 9ae91e3c1a09f3d02e0cb13e548b5c441d9c19d8a314ea99bcb9066022971f525c804f8599a42b8d6585cbc36d6573bff5fadb750eeefadf1c5bc0d07d38b429

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\images\yt-logo.png

MD5 db9e0d8427b61dd47d8d3c1198c6df25
SHA1 3021df462f13903c48a9b36fab5347e53cb1f4a3
SHA256 77f904a1beef0ca429a82f2ccaeb7d7fccb9cf863d06ffcf69880b0fd1f8e75b
SHA512 525cb09b3a714d3652121e4fa06dfb17ce00567cc45478e4001fbe2f1d4a0f54136b07793081558661a3f3f2623d82b760ffd1beac347e6ff4a863e986a54efa

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\images\warning48x48.png

MD5 d3361cf0d689a1b34d84f483d60ba9c9
SHA1 d89a9551137ae90f5889ed66e8dc005f85cf99ff
SHA256 56739925aada73f9489f9a6b72bfaaa92892b27d20f4d221380ba3eae17f1442
SHA512 247cf4c292d62cea6bf46ac3ab236e11f3d3885cd49fdd28958c7493ebb86ace45c9751424f7312f393932d0a7165e2985f56c764d299b7e37f75457eef2d846

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\images\logo.png

MD5 685bf22829c5655f63366bcc9ac57288
SHA1 864873c2547187050bb5cefb34353eb55f1bd611
SHA256 e77808746cdd7da7c8d661138f38ecc9e3f5a4d976659e6c34965bb4080982ed
SHA512 206970594d590e5f33d4eab564bc45f9003f2f4bf1808566c76bec0509e92223be37278b7102e6dbbba8c25e198674c4d344644c8ad195282cd976ffe24ee0d7

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\images\loader.gif

MD5 2b26f73d382ab69f3914a7d9fda97b0f
SHA1 a3f5ad928d4bec107ae2941fa6b23c69d19eedd0
SHA256 a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643
SHA512 744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\Resources\images\header-logo-new.png

MD5 c8de7fca0801dd260820fe12b68849c6
SHA1 c39558782b731e99dd8c7038942da8a05755fa05
SHA256 146b7015dc6a1b6ac6fe33aca4292bfcf0490b175dc3011d27839bcf630c4578
SHA512 5ef89ede33bc968a3979574625aed10610d4514957b99d6f37459a91828fe67eef45f17a3a4476d321a6d385a28b9661662e476a6b4fae4586a9b8071057a7f5

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\pt\DevLib.resources.dll

MD5 48ce08b8516db5fe1d98f39ec58e614a
SHA1 b86087abbf923be8e639088a4212262ff2f2ba12
SHA256 872bb45697c55eb281b26a8a096f49014cc41f08418a5b39580611bec1237ea6
SHA512 9d95115efc62b32fdc8635b6a25abdf36475d585e51ed4d660c4ad2473a8f399da658ed49e31d47c9e596f599f6371c75717209edf1614dd503eac9cc2378099

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\it\DevLib.resources.dll

MD5 c17f20528df8873c7a471f25fabee630
SHA1 dc90b0eb8b9b2bd799c617f0a50b94e66c22bcd5
SHA256 4a75125da73790abeba2976c1fd1208972438c5249fe165f282b2adca2cc9838
SHA512 cb59f861f252e833c5cf9da89ee3a44a552e61dcd6b9ed29b5e72696218a959b2b2ca4d012e1482e2270899c26f03d728fa63099615a76917defd331bbdaf034

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\fr\DevLib.resources.dll

MD5 f21298d1d72aab969d5acdcf4f41b0f5
SHA1 648ecf9458e0188de3524630ae4ecee83c5aa3f6
SHA256 3ca6351ba6f517b1a9fea9d50a6328775b939d468e5912185852659fa01dee6d
SHA512 947d16468bab297e84c63f46050efe004d4560d6fdf845e405bc543c4ba9ed76b36540e86cb218080002611ad12d07a8687f42a285021986013a1a67b639f9d4

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\es\DevLib.resources.dll

MD5 d1e9b352cd35f903cd96e084a5b60cf6
SHA1 ac3c8287e05731a888600064ae5c5b52f3beb845
SHA256 bcb2b521967214d65926aa5c170079e56ea594bf93c18febd95acc63e532e4b7
SHA512 34059f44ef89d24913093af718deb2133ac0e031ae3d02daf10905483c6cdfa6de6a5a0c44a58cf56338ca663afd3684a19b8e99b9bc0b2ccbaf7740069fd805

C:\Users\Admin\AppData\Local\Temp\7zS091E9E47\GenericSetup.exe.config

MD5 05e98d8b9a3f2b9119d83fc6cf248571
SHA1 7e57e0d1d5838cdd6e67d483b6c607dbc757e68e
SHA256 d77fdf94d39c675aa3794c1ca09231c0e81011f2f206adf86da01d38458c0034
SHA512 ef028ecfa5bd997ff315e0a6e3a8006e3ab354c342075f12c25d321524388b32b641046bbba5831c97deab6427d7da2727f0239f880d578601c598db86e352c1

memory/4940-134-0x000000007301E000-0x000000007301F000-memory.dmp

memory/4940-135-0x0000000000600000-0x000000000064E000-memory.dmp

memory/4940-138-0x0000000004F80000-0x0000000004FA4000-memory.dmp

memory/4940-141-0x00000000053E0000-0x000000000541C000-memory.dmp

memory/4940-144-0x0000000005420000-0x0000000005446000-memory.dmp

memory/4940-147-0x00000000053A0000-0x00000000053B6000-memory.dmp

memory/4940-150-0x00000000053C0000-0x00000000053DC000-memory.dmp

memory/4940-152-0x0000000005660000-0x00000000056C6000-memory.dmp

memory/4940-153-0x0000000073010000-0x00000000737C0000-memory.dmp

memory/4940-156-0x0000000005CD0000-0x0000000005D0C000-memory.dmp

memory/4940-159-0x0000000005D90000-0x0000000005E0C000-memory.dmp

memory/4940-160-0x0000000005E10000-0x0000000006164000-memory.dmp

memory/4940-161-0x0000000006870000-0x0000000006E14000-memory.dmp

memory/4940-164-0x0000000006320000-0x0000000006328000-memory.dmp

memory/4940-165-0x00000000063D0000-0x0000000006462000-memory.dmp

memory/4940-167-0x000000000A860000-0x000000000A88E000-memory.dmp

memory/4940-168-0x000000000A890000-0x000000000A8A2000-memory.dmp

memory/4940-169-0x000000000A850000-0x000000000A85A000-memory.dmp

memory/4940-170-0x000000000B670000-0x000000000B69C000-memory.dmp

memory/4940-171-0x000000007301E000-0x000000007301F000-memory.dmp

memory/4940-172-0x0000000073010000-0x00000000737C0000-memory.dmp