Malware Analysis Report

2025-01-06 10:33

Sample ID 240601-dyhhcagb8s
Target 893cd7327794849ac8f4aa160965617a_JaffaCakes118
SHA256 b825f4dbda413389e431e2ecea066d2c95bb02dc6f1c13c1d0029a556d659e12
Tags
evasion trojan upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b825f4dbda413389e431e2ecea066d2c95bb02dc6f1c13c1d0029a556d659e12

Threat Level: Shows suspicious behavior

The file 893cd7327794849ac8f4aa160965617a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan upx

UPX packed file

Checks whether UAC is enabled

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 03:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 03:24

Reported

2024-06-01 03:27

Platform

win7-20240508-en

Max time kernel

140s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 rp.tatomayey.com udp
US 8.8.8.8:53 os.tatomayey.com udp
US 8.8.8.8:53 www.emulestore.com udp
US 103.224.182.242:80 www.emulestore.com tcp
US 103.224.182.242:80 www.emulestore.com tcp
US 103.224.182.242:80 www.emulestore.com tcp
US 8.8.8.8:53 os2.tatomayey.com udp
US 103.224.182.242:80 www.emulestore.com tcp
US 103.224.182.242:80 www.emulestore.com tcp
US 103.224.182.242:80 www.emulestore.com tcp
US 103.224.182.242:80 www.emulestore.com tcp

Files

memory/2244-4-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2244-3-0x0000000000401000-0x000000000040B000-memory.dmp

memory/2244-0-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-6-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-5-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-7-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-158-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-161-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-159-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-165-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-160-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-166-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-167-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-169-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-170-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-172-0x0000000001C60000-0x0000000001DC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish259401036\bootstrap_18833.html

MD5 1ea9e5b417811379e874ad4870d5c51a
SHA1 a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256 f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

C:\Users\Admin\AppData\Local\Temp\ish259401036\css\sdk-ui\progress-bar.css

MD5 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA1 13807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA512 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

C:\Users\Admin\AppData\Local\Temp\ish259401036\css\main.css

MD5 001f0b28fb11638dfaf5412e156b82f2
SHA1 7442a74c768ed75bb6fc8bbe0ed9679ad1f8cf7e
SHA256 ad8cc29ecda16f4087820e815c38f3ae40f27b2b2cc90aef8d7a956bc1c5f2b5
SHA512 203fcda0ca0bc1b8730a107688214948d6b97a52e0f0a2e9dcdce54c6197463061ccf81931a56bf30faee4c301e76fc5df37b3895cf5c51e7ff4c21da7aced1d

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\default_tb.png

MD5 70e70599d4b853df0f12f6cb0e04695f
SHA1 6e3a721aef65625bf99b639800476150d262dd4b
SHA256 87af4027e8f89459463bdd73df7b928b883eefb20514159d3a1a4be0d39e00c0
SHA512 1efcf8af09cf857b3850cec43a88fc8c0992e3b04f78ad2c71b84c2ac7775e745df211582694588b29217aefb1ae02b29b94c2cfe52b5d32bdafb9dce73b9920

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\default_wi.png

MD5 1cc2677e3e29e45e538985839cff2b42
SHA1 2dab653eb20be72b034a38dc1fcebbd18f079c86
SHA256 9216d98a6574dfadacdc8321dc435454cb72c589b3ee8326a9b946966f756d7f
SHA512 25575fea9abb1491b5a5853244a9b655ce05f64d98f4b79134674f2d9a560a5af405c1783c9da4a07cfb38b51d060c7a70890c70df6c1c8f4b01e041aa4f649f

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\BG.png

MD5 c8832698af9afcad56acd4480d89f82b
SHA1 ff0e5fabe4efa28a3bf716ed94f74179df7ef8c4
SHA256 7fc9a29cd4869e73fcc0d82c4235daeceb0456c6eeafc948c9ce6b5e4dbf8942
SHA512 a1f09051dafc43403b2946a81c645e2456e6bc09d6c66eba46fa6d8d0ac6f136e775811abae6747cbd40055773c4c6d45d8b7e6240c8cd9ec40a1fc5452f4e96

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Quick_Specs.png

MD5 07cd59b954e8495ad6cd6a7c11d2de86
SHA1 787aeda3eee8053705fb208a6b399b8340820b82
SHA256 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb
SHA512 0159aca0c2a49393fd91acd4b6819217e67f8fd01e220297eb3e0fdd8132fad794fc317f5cc5e2b761d4123da71478b97df776908de6740eb6d54187c6c00754

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\sponsored.png

MD5 e3758d529f93fee4807f5ea95fbc1a6c
SHA1 3a9a1ba234e613e5f808c3ffeda05a10a5dafe00
SHA256 8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303
SHA512 e891552bee3aa10247cad1fcc510331077016a6e71d46827be2dd46017f943c5acc2c1506b41217880d35d52a94989923ad0a345f8791da4bb379eceefe3c407

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Color_Button.png

MD5 aebc9f7755027a8790663b5d74088c42
SHA1 d567455a3e106cd5f456b1b0f395a0d0336aaa27
SHA256 b3f34c560de55adc8c9eadef4a7779f2d2e6ee0997c340d8f10a8dda63c86696
SHA512 53d4ce45e5c943c11d7951bc9f6563d3365ce36786ddc952bf6b3469b46a2c326410da29aff1061b21800b1cfff3088e3f3dfcad9f34a0962d069dd3a6fea3ee

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Grey_Button.png

MD5 aa1424f218bf3befbcca3c4c0e42a365
SHA1 c91d5dce4ebd543d905026577f8a05dff1d8357e
SHA256 e1a823582add59d1406fd36d3f7f86f98873e3201168e542cb49239d6c525ab0
SHA512 8ef2ea9613ff50bf028c9ef4611326d61b1cd07d01b89631faa2053449fab9a746e06e59a176dd5cda4f02f77fca8eedbb6e46ae4a78afa416ae8adb7ef0d93b

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Close.png

MD5 f5bdb3cabdc15580d97fa94aa3397c08
SHA1 d73b3bc67c9fe124768697cee7eec84c2b1eee4f
SHA256 b28db98f2a6b06b6783b8fca6aabdcb89234d5bd4306fa71711988dba1fc71ea
SHA512 511de8d97853457a37f89550f4b283ed69c05efdb7ce63657bc53b4e37ddf357577738be92da4bcd736d9c3c181c5ffc50b890c8cd5aa27099a87acf2c600fad

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Loader.gif

MD5 57ca1a2085d82f0574e3ef740b9a5ead
SHA1 2974f4bf37231205a256f2648189a461e74869c0
SHA256 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
SHA512 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Progress.png

MD5 35a600a752d3074501de31a516860499
SHA1 51eac62cf77a0b88a3e9cb9ee6f85def21fd4bcf
SHA256 14e064857751b23da7bbe40861ef4caf99b2496227507b8e3108fbac6d901f75
SHA512 046ec179571d239bfb2d51be9837f96d9afebf2e5db77bba0f4a25ce8716d37581a3f9753bd2dbb04c47711699a9d93987bceb71df0b8becf8c577d660320069

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Resume_Button.png

MD5 9d31583bcfad58a6b9ddeaf44549a5e6
SHA1 98f4c693af708e02201de2aee31fe094dc3b0a9c
SHA256 e466a2db2f755d9eb68619439af37ff4e45559b7a3f476e226ab2a11aeadae1a
SHA512 9ddaaad53375f4d2874fe5c98b6782202d2bd975cdd9363796986dc7567368b94d9ec1aa3e839194097838b787bbd71d574540cf5b04fd04f10fa80d6a89e695

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Pause_Button.png

MD5 84b37cb510f50c8fea812eb308d3f03f
SHA1 d141a79feb407506709f051e55c55438a12fd3b4
SHA256 7bf800336671204de36b7d1f6ceffdff830040f51d21bc44f220f68d72cf492b
SHA512 3222cb5772a4e9b20de253914c0856c7e6383567df68fcf287801f6f79248f65957515e7ec4a44db1fbe910afeae8ca3349295c4bdf03df6aabde36f2aaa6b5e

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\ProgressBar.png

MD5 eabb61abba55f80af418fa1128d1548d
SHA1 a5ee1d55de2cc60966039120c830fc19cefb0351
SHA256 717f3f02f5d5fd1478b6d2ec44acef6e70bb8f1adcf2dc030c08b92e851737e1
SHA512 d232072c9540bf0e2fd56f353c2cc83518eabf8282cc02d9f8bec81c0341287ada29ba79f2a515d68722658686b6cce97be138a48f44409562d9a567af200bd6

memory/2244-216-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-218-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-217-0x0000000001C60000-0x0000000001DC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish259401036\locale\EN.locale

MD5 838bb977e85d67f57ee26f454efcab3f
SHA1 ea53b761be427015efbd9ba082e16ff3f14142bb
SHA256 08cd2a5f2633780ae360e3a27c24c4c400aba19bbfc0112524b58d90a35a8869
SHA512 a585178923cc095df9d54117cbc8d7775dc6d89d03b065b07134ba9b2130c897d58012deeb1e4deb46e16f8d4b0029943ab3d4c2ba69c86717e70e1a58d2d4c5

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Close_Hover.png

MD5 ac391860a9ad32fdd295b46eb502501d
SHA1 e07bf7c4fd4ca9d31d0f6f562cd723d2eb48ab54
SHA256 d40022cdc0b9d44212378fc7d6de76a80b317433d1f655cbe0733abbb6dde35b
SHA512 2d01948154bce9efa0a12570d935f786ca41a8cd20acbed1cf6cf13c08efcd74b6e93293c636396951592f69bdbbca063281fc316ad4cb64a893a6401f2fc97a

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Grey_Button_Hover.png

MD5 61b27f16ef13d3ad95833dd3a932f307
SHA1 9e0866a07c8309b8f5fb3fbec98531f2ebfbce6f
SHA256 be3dee9b5d9f2893607ff916b3c3313987a16092230650dbaeec6e9e36c63ad2
SHA512 c3d6a15a826c990bd77c4d2581fe8791fb71346477ee360af50f96a7521e83f5ae89c520af221a737787684eb2b6a714afe9e6d770d9103de4fcc18f767283a0

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Color_Button_Hover.png

MD5 f6a0a0c082bc7ddc1e0e599493949e1f
SHA1 73b63bb6233e0e27b58ccdcb4ac32b05e36ce046
SHA256 b01fb9069f905b1f8ec3b72937e1a7a415fa62ee289aa79c68f65eee43bdd762
SHA512 ed5176bb258835a6346322a0ec0564557da28484a7bcc014ad1fcc337b14518b98e37475e41e6ae29cb724333e1c8471dd0f48bcf2a0d4cff522fb15e097716b

memory/2244-238-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-239-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-240-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-242-0x0000000001C60000-0x0000000001DC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish259401036\images\Icon_Generic.png

MD5 a35aeb077ffa7ffb4382c639743d29cc
SHA1 a00692b5a73c035da31aa5a285202cd117118290
SHA256 dccfb478e6097086d886b5a01d120bf511b381982b0975e0c65eab3846e4234d
SHA512 1bd9612dc93217f1341764d1a4f917da8af338649772a41ae89798b5db7cc9bd9c6ec78b7a34945d3d0885b929bf7ae696a865dd50e4fb332ff3ca77bd84d629

memory/2244-245-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-246-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-247-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-248-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-249-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-251-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-252-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-254-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-256-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-258-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-259-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-261-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-263-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-265-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-266-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-264-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-268-0x0000000001C60000-0x0000000001DC2000-memory.dmp

memory/2244-270-0x0000000001C60000-0x0000000001DC2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 03:24

Reported

2024-06-01 03:27

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\893cd7327794849ac8f4aa160965617a_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 rp.tatomayey.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

memory/4552-0-0x0000000000401000-0x000000000040B000-memory.dmp

memory/4552-1-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4552-5-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-6-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-2-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-7-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-158-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-159-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-165-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-164-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-160-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-166-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-167-0x00000000021B0000-0x0000000002312000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240604546\bootstrap_49444.html

MD5 1ea9e5b417811379e874ad4870d5c51a
SHA1 a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256 f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

C:\Users\Admin\AppData\Local\Temp\ish240604546\css\sdk-ui\progress-bar.css

MD5 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA1 13807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA512 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

C:\Users\Admin\AppData\Local\Temp\ish240604546\css\main.css

MD5 001f0b28fb11638dfaf5412e156b82f2
SHA1 7442a74c768ed75bb6fc8bbe0ed9679ad1f8cf7e
SHA256 ad8cc29ecda16f4087820e815c38f3ae40f27b2b2cc90aef8d7a956bc1c5f2b5
SHA512 203fcda0ca0bc1b8730a107688214948d6b97a52e0f0a2e9dcdce54c6197463061ccf81931a56bf30faee4c301e76fc5df37b3895cf5c51e7ff4c21da7aced1d

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\default_wi.png

MD5 1cc2677e3e29e45e538985839cff2b42
SHA1 2dab653eb20be72b034a38dc1fcebbd18f079c86
SHA256 9216d98a6574dfadacdc8321dc435454cb72c589b3ee8326a9b946966f756d7f
SHA512 25575fea9abb1491b5a5853244a9b655ce05f64d98f4b79134674f2d9a560a5af405c1783c9da4a07cfb38b51d060c7a70890c70df6c1c8f4b01e041aa4f649f

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\default_tb.png

MD5 70e70599d4b853df0f12f6cb0e04695f
SHA1 6e3a721aef65625bf99b639800476150d262dd4b
SHA256 87af4027e8f89459463bdd73df7b928b883eefb20514159d3a1a4be0d39e00c0
SHA512 1efcf8af09cf857b3850cec43a88fc8c0992e3b04f78ad2c71b84c2ac7775e745df211582694588b29217aefb1ae02b29b94c2cfe52b5d32bdafb9dce73b9920

memory/4552-187-0x00000000021B0000-0x0000000002312000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Resume_Button.png

MD5 9d31583bcfad58a6b9ddeaf44549a5e6
SHA1 98f4c693af708e02201de2aee31fe094dc3b0a9c
SHA256 e466a2db2f755d9eb68619439af37ff4e45559b7a3f476e226ab2a11aeadae1a
SHA512 9ddaaad53375f4d2874fe5c98b6782202d2bd975cdd9363796986dc7567368b94d9ec1aa3e839194097838b787bbd71d574540cf5b04fd04f10fa80d6a89e695

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Pause_Button.png

MD5 84b37cb510f50c8fea812eb308d3f03f
SHA1 d141a79feb407506709f051e55c55438a12fd3b4
SHA256 7bf800336671204de36b7d1f6ceffdff830040f51d21bc44f220f68d72cf492b
SHA512 3222cb5772a4e9b20de253914c0856c7e6383567df68fcf287801f6f79248f65957515e7ec4a44db1fbe910afeae8ca3349295c4bdf03df6aabde36f2aaa6b5e

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Progress.png

MD5 35a600a752d3074501de31a516860499
SHA1 51eac62cf77a0b88a3e9cb9ee6f85def21fd4bcf
SHA256 14e064857751b23da7bbe40861ef4caf99b2496227507b8e3108fbac6d901f75
SHA512 046ec179571d239bfb2d51be9837f96d9afebf2e5db77bba0f4a25ce8716d37581a3f9753bd2dbb04c47711699a9d93987bceb71df0b8becf8c577d660320069

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\ProgressBar.png

MD5 eabb61abba55f80af418fa1128d1548d
SHA1 a5ee1d55de2cc60966039120c830fc19cefb0351
SHA256 717f3f02f5d5fd1478b6d2ec44acef6e70bb8f1adcf2dc030c08b92e851737e1
SHA512 d232072c9540bf0e2fd56f353c2cc83518eabf8282cc02d9f8bec81c0341287ada29ba79f2a515d68722658686b6cce97be138a48f44409562d9a567af200bd6

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Loader.gif

MD5 57ca1a2085d82f0574e3ef740b9a5ead
SHA1 2974f4bf37231205a256f2648189a461e74869c0
SHA256 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
SHA512 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Close.png

MD5 f5bdb3cabdc15580d97fa94aa3397c08
SHA1 d73b3bc67c9fe124768697cee7eec84c2b1eee4f
SHA256 b28db98f2a6b06b6783b8fca6aabdcb89234d5bd4306fa71711988dba1fc71ea
SHA512 511de8d97853457a37f89550f4b283ed69c05efdb7ce63657bc53b4e37ddf357577738be92da4bcd736d9c3c181c5ffc50b890c8cd5aa27099a87acf2c600fad

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Color_Button.png

MD5 aebc9f7755027a8790663b5d74088c42
SHA1 d567455a3e106cd5f456b1b0f395a0d0336aaa27
SHA256 b3f34c560de55adc8c9eadef4a7779f2d2e6ee0997c340d8f10a8dda63c86696
SHA512 53d4ce45e5c943c11d7951bc9f6563d3365ce36786ddc952bf6b3469b46a2c326410da29aff1061b21800b1cfff3088e3f3dfcad9f34a0962d069dd3a6fea3ee

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Grey_Button.png

MD5 aa1424f218bf3befbcca3c4c0e42a365
SHA1 c91d5dce4ebd543d905026577f8a05dff1d8357e
SHA256 e1a823582add59d1406fd36d3f7f86f98873e3201168e542cb49239d6c525ab0
SHA512 8ef2ea9613ff50bf028c9ef4611326d61b1cd07d01b89631faa2053449fab9a746e06e59a176dd5cda4f02f77fca8eedbb6e46ae4a78afa416ae8adb7ef0d93b

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\sponsored.png

MD5 e3758d529f93fee4807f5ea95fbc1a6c
SHA1 3a9a1ba234e613e5f808c3ffeda05a10a5dafe00
SHA256 8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303
SHA512 e891552bee3aa10247cad1fcc510331077016a6e71d46827be2dd46017f943c5acc2c1506b41217880d35d52a94989923ad0a345f8791da4bb379eceefe3c407

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\Quick_Specs.png

MD5 07cd59b954e8495ad6cd6a7c11d2de86
SHA1 787aeda3eee8053705fb208a6b399b8340820b82
SHA256 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb
SHA512 0159aca0c2a49393fd91acd4b6819217e67f8fd01e220297eb3e0fdd8132fad794fc317f5cc5e2b761d4123da71478b97df776908de6740eb6d54187c6c00754

C:\Users\Admin\AppData\Local\Temp\ish240604546\images\BG.png

MD5 c8832698af9afcad56acd4480d89f82b
SHA1 ff0e5fabe4efa28a3bf716ed94f74179df7ef8c4
SHA256 7fc9a29cd4869e73fcc0d82c4235daeceb0456c6eeafc948c9ce6b5e4dbf8942
SHA512 a1f09051dafc43403b2946a81c645e2456e6bc09d6c66eba46fa6d8d0ac6f136e775811abae6747cbd40055773c4c6d45d8b7e6240c8cd9ec40a1fc5452f4e96

memory/4552-190-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-188-0x00000000021B0000-0x0000000002312000-memory.dmp

memory/4552-186-0x00000000021B0000-0x0000000002312000-memory.dmp