Malware Analysis Report

2024-11-13 14:03

Sample ID 240604-ad8x1seb4w
Target 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118
SHA256 103735dcc14bab45c670f5a6f50aa9d23479c1a487812cb63d0ef32931e69a31
Tags
spyware stealer upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

103735dcc14bab45c670f5a6f50aa9d23479c1a487812cb63d0ef32931e69a31

Threat Level: Shows suspicious behavior

The file 93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer upx

UPX packed file

Reads user/profile data of web browsers

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 00:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 00:06

Reported

2024-06-04 00:09

Platform

win7-20240221-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\is259433172.log C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe" /_ShowProgress

Network

Country Destination Domain Proto
US 8.8.8.8:53 os.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 os2.coolflvplayer.com udp

Files

memory/2768-1-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2768-0-0x0000000000401000-0x000000000040B000-memory.dmp

memory/2768-2-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-5-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-6-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-91-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-92-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-94-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-93-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-95-0x0000000001C90000-0x0000000001DD3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish259431394\bootstrap_34515.html

MD5 1ea9e5b417811379e874ad4870d5c51a
SHA1 a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256 f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

C:\Users\Admin\AppData\Local\Temp\ish259431394\css\sdk-ui\progress-bar.css

MD5 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA1 13807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA512 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

C:\Users\Admin\AppData\Local\Temp\ish259431394\css\main.css

MD5 67c969a4e52643367ede75f5f532c53b
SHA1 b8fd0d25312b7988b69741c24c483077c4c04ed7
SHA256 159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9
SHA512 248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695

memory/2768-114-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-116-0x0000000001C90000-0x0000000001DD3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Close_Hover.png

MD5 62d7273f7bfd374313f6fb0155b2e7f7
SHA1 dcc738108fa120a4d8ec47ff3e6e71c336c59c16
SHA256 8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa
SHA512 76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Color_Button_Hover.png

MD5 5cd0b8eeca192b93361d0b5d53c694f5
SHA1 1de3542d5642e0ce08c374aac7055494d4c70a08
SHA256 75918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9
SHA512 cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Grey_Button_Hover.png

MD5 7af396fe907f2279c7be2f45c4a71f68
SHA1 e2915cd58658e004a528d6afb41a719e2f8bc906
SHA256 79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7
SHA512 4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde

memory/2768-133-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-134-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-132-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-135-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-136-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-137-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-138-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-140-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-139-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-141-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-142-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-143-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-145-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-146-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-147-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-149-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-152-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/312-154-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2768-153-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-160-0x0000000001C90000-0x0000000001DD3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Loader.gif

MD5 57ca1a2085d82f0574e3ef740b9a5ead
SHA1 2974f4bf37231205a256f2648189a461e74869c0
SHA256 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
SHA512 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Grey_Button.png

MD5 377a4cc417c35e8bca043b5fa45c76f4
SHA1 bba1d0a63c01c777536008dc177e8c8e3d1f3d0a
SHA256 d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5
SHA512 b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Color_Button.png

MD5 4bc69253486ba5f9a9b7ef5c6cdf44ab
SHA1 d837c6bb223d954f50f0f5a99c30f15ff346410a
SHA256 786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a
SHA512 e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\Close.png

MD5 60e7a3f760637dd125a1150474e7f6bb
SHA1 46e4b53480dd7b3db532e3511a7ad3b9e99b2f48
SHA256 d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184
SHA512 d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

C:\Users\Admin\AppData\Local\Temp\ish259431394\images\BG1.jpg

MD5 6df40f246406cf460f897c8c2c511281
SHA1 770c046c1d794ef8c0565019f371717b8251004b
SHA256 39272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d
SHA512 3752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a

memory/2768-175-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-176-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-177-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-178-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-179-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-182-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-183-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-184-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-185-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-186-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-187-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-189-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-188-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-190-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-191-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-193-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-192-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-196-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-195-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-198-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-197-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-200-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-199-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-203-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-202-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-201-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-206-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-205-0x0000000001C90000-0x0000000001DD3000-memory.dmp

memory/2768-204-0x0000000001C90000-0x0000000001DD3000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 00:06

Reported

2024-06-04 00:09

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\is240602281.log C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\93132d2bd4641c75cfa6e114a30a5ccd_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 os.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 os2.coolflvplayer.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 cdneu.coolflvplayer.com udp
US 8.8.8.8:53 cdnus.coolflvplayer.com udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

memory/2824-1-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2824-0-0x0000000000401000-0x000000000040B000-memory.dmp

memory/2824-2-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-6-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-5-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-91-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-93-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-92-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-94-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-95-0x0000000002120000-0x0000000002263000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240601187\bootstrap_24443.html

MD5 1ea9e5b417811379e874ad4870d5c51a
SHA1 a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256 f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

C:\Users\Admin\AppData\Local\Temp\ish240601187\css\sdk-ui\progress-bar.css

MD5 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA1 13807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA512 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

C:\Users\Admin\AppData\Local\Temp\ish240601187\css\main.css

MD5 67c969a4e52643367ede75f5f532c53b
SHA1 b8fd0d25312b7988b69741c24c483077c4c04ed7
SHA256 159cc6cd282a1ae07acd355c5c0bba831002af9878d4657d539dccc452d926c9
SHA512 248c8e0905be0db5e3f1b1c76fc67c64c37ec6262c4d664190ac05983256bdd613af73cda674d29bb26587f6dcc57117649b3616e3561ee6209ff4b1fa9ff695

memory/2824-111-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-114-0x0000000002120000-0x0000000002263000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Color_Button_Hover.png

MD5 5cd0b8eeca192b93361d0b5d53c694f5
SHA1 1de3542d5642e0ce08c374aac7055494d4c70a08
SHA256 75918837bf5071469eb7faf5adfcfc192832d1896428bcac21b5ae0475aa2cc9
SHA512 cadcc46b628919e50a936c6ec9461383e7fcdd66f48c60b8c1200a5151178610092418c8feadbfb8f9e56b8f32225fe1fccce7a0871af64c8211b6f9072e6f0a

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Grey_Button_Hover.png

MD5 7af396fe907f2279c7be2f45c4a71f68
SHA1 e2915cd58658e004a528d6afb41a719e2f8bc906
SHA256 79aaaa8a2c4196a8fe5608ed9638c02febca9a5f01aaccd024741543893c10a7
SHA512 4b32408f9f8e101f93150fa991bbf7048b87d73ef284f1ab6b70e377ddf4dbd55d256a8be303f1a687b2b5d072444bd80fcf4905417524392dc4406157a5bdde

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Close_Hover.png

MD5 62d7273f7bfd374313f6fb0155b2e7f7
SHA1 dcc738108fa120a4d8ec47ff3e6e71c336c59c16
SHA256 8c7b475a063df4c3a3aaa79c26010eddc3259ab91d8ed904a539e17eea8e5caa
SHA512 76b316228fefc32424236019e931626611e9b50944960ded528a1e7f6c33b102f9f1326d758411b65fa3c96e99de222324ae3bc85989435da434005245d25a0b

memory/2824-129-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-130-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-128-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-142-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-149-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-148-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-150-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-152-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-151-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-154-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-153-0x0000000002120000-0x0000000002263000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Loader.gif

MD5 57ca1a2085d82f0574e3ef740b9a5ead
SHA1 2974f4bf37231205a256f2648189a461e74869c0
SHA256 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
SHA512 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Grey_Button.png

MD5 377a4cc417c35e8bca043b5fa45c76f4
SHA1 bba1d0a63c01c777536008dc177e8c8e3d1f3d0a
SHA256 d6476ab7dab6839357bda90d337593833f42b95f474ee358db9ddcd5b689c2c5
SHA512 b6a5d34089d830ba39194d7a40b7f394609b5dd4c3297f9e168f66d41e8ca29ef84cb46a3dc59ca305235e8ce33fb0c52766056fede28405b9f78f2382d1b4e8

memory/2824-155-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-156-0x0000000002120000-0x0000000002263000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Close.png

MD5 60e7a3f760637dd125a1150474e7f6bb
SHA1 46e4b53480dd7b3db532e3511a7ad3b9e99b2f48
SHA256 d244e6d623fb3706340ead5491bb61663e5d53a3f7d96d4b613175c875c42184
SHA512 d279b197d330c4fe7de5e891b45e60273b603d58c84a502461ba2edf008ed51e6bcfd8768a74ee95bc9558bcbe8294f9f759c188327f7c54b1483d1072b32268

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\Color_Button.png

MD5 4bc69253486ba5f9a9b7ef5c6cdf44ab
SHA1 d837c6bb223d954f50f0f5a99c30f15ff346410a
SHA256 786b492a45057f4019e0bdf71aa351b4b880f101ec77be50a0da0ae5898d379a
SHA512 e43f5ab251de650aba16f601e6d7312e4d6c90dcd500b8c7ca24cd8d87acf52722d7eb05719f734e29b6f937d2eeb5d39ccaffd50f47864bf390d6509c15d7de

C:\Users\Admin\AppData\Local\Temp\ish240601187\images\BG1.jpg

MD5 6df40f246406cf460f897c8c2c511281
SHA1 770c046c1d794ef8c0565019f371717b8251004b
SHA256 39272989cb5e5b10a83ff75e2f7e1a331265323747978900337aaed961a1164d
SHA512 3752aaca9fbab4b4c4e5fda9071de426b59ddbb6efe94c8959549a96f081f06289b5507f2ed824a8296e072a50075a46cea7c7f19752e61d3d386b66004d3c3a

memory/2824-135-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-157-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-158-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-160-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-159-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-161-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-163-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-165-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-167-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-168-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-169-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-170-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-171-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-172-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-173-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-174-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-175-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-176-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-177-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-178-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-181-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-182-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-183-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-184-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-186-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-185-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-187-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-188-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-189-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-190-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-191-0x0000000002120000-0x0000000002263000-memory.dmp

memory/2824-192-0x0000000002120000-0x0000000002263000-memory.dmp