Malware Analysis Report

2024-10-18 22:06

Sample ID 240611-s94bhssdkf
Target 9eb51e1e61836355b2f58940d17df047_JaffaCakes118
SHA256 7130b2d0fa07e86d96edde99e4df456f37196109df17edcb8e7aa6ac9e4a2e55
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7130b2d0fa07e86d96edde99e4df456f37196109df17edcb8e7aa6ac9e4a2e55

Threat Level: Shows suspicious behavior

The file 9eb51e1e61836355b2f58940d17df047_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Loads dropped DLL

Writes to the Master Boot Record (MBR)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 15:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 15:50

Reported

2024-06-11 15:53

Platform

win7-20240419-en

Max time kernel

142s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.show.sina.com.cn udp

Files

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\installUI.dll

MD5 851199151b791faf430b93a7cede2ddb
SHA1 0d65eca7e4a08821eba43fb3de5c3165abd1564e
SHA256 a79d318b27e8657c638d11ad77a56f64b21c8c857c52de00cb564d662bfddfd5
SHA512 5c1c5ef108fe4e0e86aa8cf3999eaaffa9a3102b8c5c8e9f54f48041941610c090d1d389245d963a0a2f951200403b59fbea1552a149952bbbff531a5f701e52

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLFSIO.dll

MD5 7c4946b29a25b8d2a56be42142382db8
SHA1 d2179ac6649bebdd958b15962624a862973ec317
SHA256 904acdc9e58fb025b1b6ccbedcaa60cc84a80f4e6f1f181f265f8de847803ea0
SHA512 7309aa2ad0691301f76f5142f58bcd81dafdc3966892955bdb940aa19cf5126e8a454835196f847700753d0a57198967119046681710eedf5e30361ee88128ad

memory/908-72-0x0000000002C20000-0x0000000002C53000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\msvcp71.dll

MD5 a94dc60a90efd7a35c36d971e3ee7470
SHA1 f936f612bc779e4ba067f77514b68c329180a380
SHA256 6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
SHA512 ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\msvcr71.dll

MD5 ca2f560921b7b8be1cf555a5a18d54c3
SHA1 432dbcf54b6f1142058b413a9d52668a2bde011d
SHA256 c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
SHA512 23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

memory/908-84-0x00000000030A0000-0x00000000030D9000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\libpng13.dll

MD5 1e1e34be543669a185f52a8589e84e86
SHA1 a1b8d8cb3e32b6c662a05da4129e8fda02c54008
SHA256 cba3b634236d173993e541f789b666d972a5437fecf04fb94036f48fff79611e
SHA512 01dacd238c443bd2e11030d201819b98068b5cccdb0f1acf96582d7538d3a36a5e4087fdbf20d6b41782a854569bdaf67470cc3bb8fb9e663a3089b7307e5f36

memory/908-80-0x0000000003340000-0x00000000033F9000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\zlib1.dll

MD5 8ac275b39f47cd375de5c582af7bc5df
SHA1 c8aa95fa7236925312c2f11e5051c23bdc6affd0
SHA256 92b4e943a1cd10dda4f171ec767c37158ad3792c723802aad391e4e6c58057b4
SHA512 9ce42bc878f4277552824f3f952244bf31ce7d915680c8ec4d6edb19774da56787f5669f7472bf4e6ffa6458e6f19023b2d25029421bd02aff2cf171f513ab7d

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLGraphic.dll

MD5 f41e24ab7d848a4bfeb07df0da745880
SHA1 fe7fb1d231de3337bec1bdbf375b2f84c501d2e6
SHA256 a95a2b2fdedb4c5fd47dccc1b5538d266038b00671a613550525202e54713712
SHA512 bda1e38da9974786d234a869c136a9ca4f2a1a76677bacf60a65a9bdc964b7eb374ef10b60b35c57067d2fc145ae7b46d836e026b57d08cfbfbac465874d8cbe

memory/908-90-0x00000000030E0000-0x000000000311B000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLLuaRuntime.dll

MD5 03b3732a1965b1f0e83a58166358dd9b
SHA1 252a7611c87e0e8c67accdfe8232ce806b9e263f
SHA256 b4bcbf707e03c8d9b5861dd5085abafab9d1ba7d73c6785be13374dd0110b7c3
SHA512 90e2808a260e7a41bc7d2bee282b7ff1cc013dfb1c3a3359f43c6b1b40fbbfc76e665c654b5decfd1b6ec2830fed2f414feab039703386187c07ef9d7b720a9b

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLUE.dll

MD5 ea3d7f310483fac453013f200bcc1aa2
SHA1 a959f901ea74643fae6f5aa09c3f7072b653f17b
SHA256 868a5e7f4f94c677ea781ccf335c6b95fa360dfdaee9e9bb74bad46b39f8bdbc
SHA512 606d5266fcd525b3720d6d36b74ade6d8abe36ed7263984198f9454915b56044272e524c441cccea9472e45edab72af6d4fcae53fb0a008f72e66894f3b00402

memory/908-94-0x0000000003400000-0x00000000035D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\atl71.dll

MD5 79cb6457c81ada9eb7f2087ce799aaa7
SHA1 322ddde439d9254182f5945be8d97e9d897561ae
SHA256 a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
SHA512 eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

memory/908-100-0x00000000035E0000-0x0000000003604000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\libexpat.dll

MD5 e1b5d8a30d71675b6b98b74641c4dbbf
SHA1 2e1799003065534334f84d8f5b23d883a97e4999
SHA256 2810a1e3eb3bb8ff1e64fc34dd9485ffeda6a8e0b510f2879c65afa5a0ed0381
SHA512 9eca414b9e27ca15d063a3ab260d2bf680bc20e62c09f25ac1aea73cbcdde90910e59cf22ffeddec6a8f9f4a42df722e6cc6d894898ec37a4801223ba4c0cffe

memory/908-104-0x0000000003610000-0x0000000003642000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLGraphicPlus.dll

MD5 6be5f83d76c67d05cd5385b9262298f0
SHA1 23ffc30390eee9942afa03299c3d4895e0e10c82
SHA256 54aa0c55fbcdf7c36a52a34335dac26ea202dd5a2be175714b7363fe47515d3d
SHA512 03e628df8439baa067a7a82dcc9bbc8a61d93318fe3755a7f081f906491d1ea4d8a182ef896791a609a134c8c98ff0e695b56f2cbb6b2d728f05e0edfaab2571

memory/908-112-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-113-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-116-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-119-0x0000000002AC0000-0x0000000002AD8000-memory.dmp

memory/908-126-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-125-0x0000000000240000-0x0000000000340000-memory.dmp

\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLTS.dll

MD5 352d0efe67c8f46bcf763cd403d4145f
SHA1 47da3c79f46609551342bfc31b9f2b905e7e51f1
SHA256 defc745864ea79b9d356e4c7c1c18a18b8325a55bec7dd0eb64eb548e7ac1513
SHA512 39728835484a69ccf955dbadf7415f9713b1078d3c15f568d739201406dfbd0b1d49418cf64c1a70c42166239f5f6cda2f61c14c12c2bd52633de57aa52403c7

memory/908-139-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-138-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-137-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-136-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-135-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-151-0x0000000000240000-0x0000000000340000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\showinstall\UI\InstallUI.xar

MD5 62fb02388c9bb8f54c2f0272db276a46
SHA1 006dea94310452b8ab90217755b483210dc1cca2
SHA256 8b1ab8bdf16c7e2c4cbda04e4e97d05d434a2894e1bad7053250a641aa5986ab
SHA512 d9b5cb4874658bacc5e250f2e270420931ead6b73c5d4ed5c7b050e3689fd6c1b2a03df642576c301697df1100eac3a2a33f8bca9628bc725aee43de929fa8c0

memory/908-622-0x0000000062E80000-0x0000000062EA2000-memory.dmp

memory/908-623-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-624-0x0000000000240000-0x0000000000340000-memory.dmp

memory/908-626-0x0000000000240000-0x0000000000340000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 15:50

Reported

2024-06-11 15:53

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stat.show.sina.com.cn udp

Files

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\atl71.dll

MD5 79cb6457c81ada9eb7f2087ce799aaa7
SHA1 322ddde439d9254182f5945be8d97e9d897561ae
SHA256 a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
SHA512 eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\installcfg.ini

MD5 93f1cd8cf4f0b164bb25becdddb0775c
SHA1 35ca4760d5949c18ee03b2bc612a06a3fa221c4e
SHA256 36ef12e48c94c55dc4d8770591c5cea28e64340f9f71c3183c587bf3b4c206e9
SHA512 a166d9250624ef986eee4938230fd167b35fb24137cd3ed10c3e0c9c21f185d920c5f90533aa967cab67440cd5c15a33b201b92d934b70d6c45517e50d103525

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\installUI.dll

MD5 851199151b791faf430b93a7cede2ddb
SHA1 0d65eca7e4a08821eba43fb3de5c3165abd1564e
SHA256 a79d318b27e8657c638d11ad77a56f64b21c8c857c52de00cb564d662bfddfd5
SHA512 5c1c5ef108fe4e0e86aa8cf3999eaaffa9a3102b8c5c8e9f54f48041941610c090d1d389245d963a0a2f951200403b59fbea1552a149952bbbff531a5f701e52

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\XLFSIO.dll

MD5 7c4946b29a25b8d2a56be42142382db8
SHA1 d2179ac6649bebdd958b15962624a862973ec317
SHA256 904acdc9e58fb025b1b6ccbedcaa60cc84a80f4e6f1f181f265f8de847803ea0
SHA512 7309aa2ad0691301f76f5142f58bcd81dafdc3966892955bdb940aa19cf5126e8a454835196f847700753d0a57198967119046681710eedf5e30361ee88128ad

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\XLGraphic.dll

MD5 f41e24ab7d848a4bfeb07df0da745880
SHA1 fe7fb1d231de3337bec1bdbf375b2f84c501d2e6
SHA256 a95a2b2fdedb4c5fd47dccc1b5538d266038b00671a613550525202e54713712
SHA512 bda1e38da9974786d234a869c136a9ca4f2a1a76677bacf60a65a9bdc964b7eb374ef10b60b35c57067d2fc145ae7b46d836e026b57d08cfbfbac465874d8cbe

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\XLGraphicPlus.dll

MD5 6be5f83d76c67d05cd5385b9262298f0
SHA1 23ffc30390eee9942afa03299c3d4895e0e10c82
SHA256 54aa0c55fbcdf7c36a52a34335dac26ea202dd5a2be175714b7363fe47515d3d
SHA512 03e628df8439baa067a7a82dcc9bbc8a61d93318fe3755a7f081f906491d1ea4d8a182ef896791a609a134c8c98ff0e695b56f2cbb6b2d728f05e0edfaab2571

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\XLUE.dll

MD5 ea3d7f310483fac453013f200bcc1aa2
SHA1 a959f901ea74643fae6f5aa09c3f7072b653f17b
SHA256 868a5e7f4f94c677ea781ccf335c6b95fa360dfdaee9e9bb74bad46b39f8bdbc
SHA512 606d5266fcd525b3720d6d36b74ade6d8abe36ed7263984198f9454915b56044272e524c441cccea9472e45edab72af6d4fcae53fb0a008f72e66894f3b00402

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\XLLuaRuntime.dll

MD5 03b3732a1965b1f0e83a58166358dd9b
SHA1 252a7611c87e0e8c67accdfe8232ce806b9e263f
SHA256 b4bcbf707e03c8d9b5861dd5085abafab9d1ba7d73c6785be13374dd0110b7c3
SHA512 90e2808a260e7a41bc7d2bee282b7ff1cc013dfb1c3a3359f43c6b1b40fbbfc76e665c654b5decfd1b6ec2830fed2f414feab039703386187c07ef9d7b720a9b

memory/672-103-0x0000000003000000-0x00000000030B9000-memory.dmp

memory/672-116-0x0000000003140000-0x0000000003316000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\libpng13.dll

MD5 1e1e34be543669a185f52a8589e84e86
SHA1 a1b8d8cb3e32b6c662a05da4129e8fda02c54008
SHA256 cba3b634236d173993e541f789b666d972a5437fecf04fb94036f48fff79611e
SHA512 01dacd238c443bd2e11030d201819b98068b5cccdb0f1acf96582d7538d3a36a5e4087fdbf20d6b41782a854569bdaf67470cc3bb8fb9e663a3089b7307e5f36

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\msvcr71.dll

MD5 ca2f560921b7b8be1cf555a5a18d54c3
SHA1 432dbcf54b6f1142058b413a9d52668a2bde011d
SHA256 c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
SHA512 23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\msvcp71.dll

MD5 a94dc60a90efd7a35c36d971e3ee7470
SHA1 f936f612bc779e4ba067f77514b68c329180a380
SHA256 6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
SHA512 ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

memory/672-117-0x0000000003320000-0x000000000335B000-memory.dmp

memory/672-112-0x0000000003100000-0x0000000003132000-memory.dmp

memory/672-107-0x00000000030C0000-0x00000000030F3000-memory.dmp

memory/672-173-0x00000000039F0000-0x0000000003A08000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\XLTS.dll

MD5 352d0efe67c8f46bcf763cd403d4145f
SHA1 47da3c79f46609551342bfc31b9f2b905e7e51f1
SHA256 defc745864ea79b9d356e4c7c1c18a18b8325a55bec7dd0eb64eb548e7ac1513
SHA512 39728835484a69ccf955dbadf7415f9713b1078d3c15f568d739201406dfbd0b1d49418cf64c1a70c42166239f5f6cda2f61c14c12c2bd52633de57aa52403c7

memory/672-193-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-194-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-192-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-191-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-190-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-189-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-188-0x0000000000500000-0x0000000000600000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\UI\InstallUI.xar

MD5 62fb02388c9bb8f54c2f0272db276a46
SHA1 006dea94310452b8ab90217755b483210dc1cca2
SHA256 8b1ab8bdf16c7e2c4cbda04e4e97d05d434a2894e1bad7053250a641aa5986ab
SHA512 d9b5cb4874658bacc5e250f2e270420931ead6b73c5d4ed5c7b050e3689fd6c1b2a03df642576c301697df1100eac3a2a33f8bca9628bc725aee43de929fa8c0

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\UI\BaseUI.xar

MD5 8fee14428f387712d32eb082777d67b1
SHA1 2653a306abb29f8bf002bf6727b69f3e3fb39e96
SHA256 e31e6a04d563acdec9c5a6f4cb034f7335ce6ee3afafb17d5495560e48f425ff
SHA512 5b03af1a0e61c51e52939d68f50ab68c79fc1cded6487d2c71d43202aa4b66036819e46df35814e770fe2630bc74d939fdac87e2088c4cb963e9567948ddfc50

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\UI\SkinInstall.xar

MD5 e8cc5bfaee3979882c33cc8a2cc2fc60
SHA1 7e6d39b25a9092aba2c3a4721b6b7f0a27a8a74a
SHA256 0d3b877c566fc9f917ece2352bdcdff8bac10fba3b77acf5c06ab14f5e0b4c72
SHA512 efcd0a6d95fa1e42a160cd238d75eff39004d5427afcbd8eff86485eabefd3e0063c0d2cee3a6c98e9a6fa06514fb1bbb583797e582971012bcaa49bf484de8a

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\zlib1.dll

MD5 8ac275b39f47cd375de5c582af7bc5df
SHA1 c8aa95fa7236925312c2f11e5051c23bdc6affd0
SHA256 92b4e943a1cd10dda4f171ec767c37158ad3792c723802aad391e4e6c58057b4
SHA512 9ce42bc878f4277552824f3f952244bf31ce7d915680c8ec4d6edb19774da56787f5669f7472bf4e6ffa6458e6f19023b2d25029421bd02aff2cf171f513ab7d

memory/672-145-0x00000000033A0000-0x00000000033C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\showinstalltmp240615250\installui\libexpat.dll

MD5 e1b5d8a30d71675b6b98b74641c4dbbf
SHA1 2e1799003065534334f84d8f5b23d883a97e4999
SHA256 2810a1e3eb3bb8ff1e64fc34dd9485ffeda6a8e0b510f2879c65afa5a0ed0381
SHA512 9eca414b9e27ca15d063a3ab260d2bf680bc20e62c09f25ac1aea73cbcdde90910e59cf22ffeddec6a8f9f4a42df722e6cc6d894898ec37a4801223ba4c0cffe

memory/672-141-0x0000000003360000-0x0000000003399000-memory.dmp

memory/672-196-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-677-0x0000000062E80000-0x0000000062EA2000-memory.dmp

memory/672-679-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-680-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-681-0x0000000000500000-0x0000000000600000-memory.dmp

memory/672-682-0x0000000000500000-0x0000000000600000-memory.dmp