c00088634d657acdc294aea496a2513799f7fbcb15cb3f54553dc597fff17d8b

Analysis

max time kernel
136s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Size

7.9MB
MD5

083bbbf5605fcdb802cd8e07cf567eef
SHA1

8453839d484df9ed9d06e428b12f5da8e40a1a6d
SHA256

c00088634d657acdc294aea496a2513799f7fbcb15cb3f54553dc597fff17d8b
SHA512

61147b629546ea1bf364f2f61956f41d390be42654410109169270a8464b3023d982c6789a0cd96f9826a9a7f0288b3ec9342b2871620b31c7f61cda784a783e
SSDEEP

196608:tCXPnmlxzOxtKCyEcw1ZKF+gZiikE5eQwOF4mPrFGYacMR/:kmlxhdBw1ZBgZiBE5eQwOF4mj1E/

Score

10^/10

evasion trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3744	setup.exe

Loads dropped DLL 26 IoCs

pid	Process
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe
3744	setup.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2624-2-0x00000000029B0000-0x00000000039DA000-memory.dmp	upx
behavioral2/memory/2624-0-0x00000000029B0000-0x00000000039DA000-memory.dmp	upx
behavioral2/memory/2624-3-0x00000000029B0000-0x00000000039DA000-memory.dmp	upx
behavioral2/memory/2624-16-0x00000000029B0000-0x00000000039DA000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 1 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\IPMx2\autorun.inf	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM.INI	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 800	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	9
PID 2624 wrote to memory of 808	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	10
PID 2624 wrote to memory of 380	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	13
PID 2624 wrote to memory of 2756	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	49
PID 2624 wrote to memory of 2772	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	50
PID 2624 wrote to memory of 2928	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	51
PID 2624 wrote to memory of 3428	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	56
PID 2624 wrote to memory of 3604	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	57
PID 2624 wrote to memory of 3808	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	58
PID 2624 wrote to memory of 3904	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	59
PID 2624 wrote to memory of 3968	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	60
PID 2624 wrote to memory of 4044	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	61
PID 2624 wrote to memory of 3888	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	62
PID 2624 wrote to memory of 2904	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	74
PID 2624 wrote to memory of 4916	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	76
PID 2624 wrote to memory of 4344	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	77
PID 2624 wrote to memory of 2784	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	78
PID 2624 wrote to memory of 5004	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	79
PID 2624 wrote to memory of 1616	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	80
PID 2624 wrote to memory of 2464	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	81
PID 2624 wrote to memory of 3992	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	87
PID 2624 wrote to memory of 512	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	88
PID 2624 wrote to memory of 3744	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	93
PID 2624 wrote to memory of 3744	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	93
PID 2624 wrote to memory of 3744	2624	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe	93

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:800

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:808

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:380

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2772

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:2928

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3428
- C:\Users\Admin\AppData\Local\Temp\083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\083bbbf5605fcdb802cd8e07cf567eef_JaffaCakes118.exe"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - Drops autorun.inf file
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\IPMx2\setup.exe
    C:\Users\Admin\AppData\Local\Temp\IPMx2\setup.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3604

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3808

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3904

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3968

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4044

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3888

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
1⤵
PID:2904

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffd4bb84ef8,0x7ffd4bb84f04,0x7ffd4bb84f10
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2300,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1844,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2436,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:4924

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
1⤵
PID:3992

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IPMx2\IScrNB.bmp

Filesize
118KB

MD5
48ba23373d43bdcd0ceac891af7b7226

SHA1
2bfcf16cb619f9d4d002fdeac47b969b289e1187

SHA256
3060fb9f8fc24a6176e33ee5799b92ffb55aa150d8ff163cb10e2d9570019553

SHA512
6603432d03eb4a2080e8dd755fe7a6182a4c48cd5084f6defcfffb3ff116b3a61bfc30bc0edc5909fa03619abba63916e1282e07bdc91e21b4520ea3b4c98354

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\ARA\resource.dll

Filesize
56KB

MD5
f9cbbc044303460ab0b22332e3d69049

SHA1
0a019a75c5622a04ea31b696a04a133cc70a77e0

SHA256
3966769c23d5cde62ba37ab90136da3ca66df8eb722831b040a92f72e4330185

SHA512
eaf663b9a72686bda047886452bab51b0b346b029c62c79c8c106e788b8d14ae80c4999ba560fe77616cabd02149d0172a622c6a52f7e997abddba85ba5324a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\CHS\resource.dll

Filesize
52KB

MD5
820ed751072b37c544c5e6dda339f2ce

SHA1
5790581dbb6071dabfdcdc9f0d4056deeb62516a

SHA256
0509dd89b77c6300f34fb561e727ed55c26224d609f5051cb5ae8fe83bd6b88b

SHA512
890c5bce2f5e0bf44f25697ead2a1c5113ef812c9faaa7c17d421d204b487fe7e62030f1c0c8cbcacbd8db28cc6515bd8549948afa27294cff888cfe1daaf0c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\DAN\resource.dll

Filesize
56KB

MD5
e5d28392f6424c09327194176a1e2c4e

SHA1
c880def1d83a4ae487afaf28ab73b24751fe32ff

SHA256
a30bb4006722106f0b792fb435a4cc94ee4c5e4a5acd6838e94d1239906bfd62

SHA512
a32aa514e4df98dcbd510da2f7b6cb72af3563dcf150b8466425d5cac37b80bcbc49c1f7a9ac65c7853ec1979c16ceba84e0c31db6189066926742514d0d219f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\FIN\resource.dll

Filesize
56KB

MD5
2ccf3fd694fe2b04c56cfe8847908183

SHA1
626b930a4bfe6bac2b3aa325fd0937a706e53832

SHA256
cbd2659bb0318d9de992c18cd6062944bb6bd7acd15f039a418bb82471c9b876

SHA512
2302e27e4f6c55215cd47eb15f396d3dd91b4d753c1c4efe393a8857b7c328a35ae14ba62c7eb312aa7e71bf7846dfab5ce1d677113b3b53c63e8d2f132ee553

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\HEB\resource.dll

Filesize
56KB

MD5
20ef2c2e9a091d5390af63caea6ad40b

SHA1
250cab0dab54c74b143e27a1eab57b412cf7ab0f

SHA256
8c697757297012230e2110b20b2e38251ac1b9d3e18956bf774b64bf6a571e23

SHA512
cd0f08c7371818c4d0e2fb0a68a6d1935c3d25d09e4038e5381a04f241b4710b3e813b8e2f2b8a74456b04afd41ce6d36764c6f6fe4866c72a1aa94213b526b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\HUN\resource.dll

Filesize
56KB

MD5
2790b6f99f2d5e5ffcd3243fae9d356c

SHA1
2419a1513fc3cca0d270aa9ac8687e40d61c1369

SHA256
1b7783bf39b080df6aa030a883d3c419f6be0f3cd9d9408fe5fd9b5ac02ec44c

SHA512
556de77d57c0d3932baf703745c3d8ecad5b36134f790b11b774f507e94a2b51ec74db1348b77049cad1c0ac2e8488b03426c372f6330924cac5f4215e7874d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\PTG\resource.dll

Filesize
60KB

MD5
39f9d7bc8b05b055459368d320fbf0c7

SHA1
fc838870c1032511f3a559e474aa443c94110661

SHA256
f5abfc590d865ed8f39a904a0afb07e7c12ec8310c6995507911ad504aac9b54

SHA512
33e5cd49bc13e537459c2a010ed0f5f8677b11a4470885acc22478481d2ecb2b0a2d83650a15af18ee7fbd6d09739d08c03ac77b3a439fe6525c1a9ad240a8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TVWizard\SLV\resource.dll

Filesize
56KB

MD5
792aa664f8c099d428dd654227b05bb1

SHA1
bc6f38a2d82b9d96c4be8bc93b7019d0b09f6f1c

SHA256
e79e74548a36cb001133328ffd4a271707d92a7f601a7f588d88d2722728c930

SHA512
126ec47bdfa2ed518fef08b3c245098c847f07fdba3f430f4bd9c62650485016010b1587e64681327088a42a2f9af9e4e9141924b450509a9a2f89dfcd13f5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\CHT\resource.dll

Filesize
52KB

MD5
2d384af7c89b811b3776192ea7db28a8

SHA1
61d624dc1808c835e7e15b5fbf19124c44a9637d

SHA256
a33a770609540f1810ddeac44bbbe6dff251e91d4dd62c229c2dfb6abf694a3d

SHA512
8ca4193a5aac4c1f77ddd4c4a1877a80fc8a245f1c84720368d8b59e9d8c6f875f8b6720b29d2ee4a34993d747862eb11e3ea848d2d262f8692ee5e4f78b1253

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\CSY\resource.dll

Filesize
56KB

MD5
b94f859bb2096c786c7a33d0a06e8f79

SHA1
2803f6c3bf717a56c07bf4e770c280730caf66b9

SHA256
6c5787338094f3c58eb12f02856b2fdfaef25c10a6cd1dfd4f949a4d64ac5b66

SHA512
3b7eeff5f988b6d1ba5f77954143b6f76f15ea16f4a28add122595f3d93aa034cfeecfa1d414a435bfbf54d51362543fa9e8b182d40a1a4c66b8d12ee2cf458f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\DEU\resource.dll

Filesize
60KB

MD5
868bfa1f9010231b836754e56cd48a95

SHA1
c4d6dd4083f5cc24aa261df138a9ebb6c783b436

SHA256
aa2078585d5c9af075d45dfad768636aa28f9fd958a8dd0e18123b461934d2a7

SHA512
cb53d73ce0fa33681cd1986fa5d5c480b0200fbf41e30ead598984a487e56749b319350af7c7620967b6666010eba4eefdbec8e117eeadccfaaa34b8cfa0b707

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\ELL\resource.dll

Filesize
60KB

MD5
3d37f40a5caa3296fe19b115effc4cf4

SHA1
fa5c4a19435dea3768d9d2be96aa1f3ed04048bf

SHA256
5e35d5c4e9f2de2ca3a542a6e356d6c7ebdd3ead74f7c4b2239c2a123ef733dd

SHA512
380b60833852b898ef14b5ac3a01026d26509e099ed7dff10ea8c2d64f31310d26f62c74b6688dc0a383d34f67b83244f659b687e8f7130b7e10eca992670331

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\ESP\resource.dll

Filesize
60KB

MD5
8ca145dda03a7b64576b65b3ba7c25cd

SHA1
488f679392edd1ad1bb84ac60e6891486666393d

SHA256
7df34aec10fc7bd2bbc5f7f82b479c84c8063db6e429635f04052ad00fe897ad

SHA512
9f3268ecff6574b950f0aa5682451d66737e2305f36f89275324206bf009f473bfd0cc46cab511e86d4501599b736e24334ae9baff36eb4ea15c0cc2e22cced2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\FRA\resource.dll

Filesize
60KB

MD5
59c02c58340a72652594248ad3d27f83

SHA1
edd1313ec52504fba04f1d02585ce6e397b344ac

SHA256
871fb93f3fe828319a4a813c0c74865b7a7be1acd2aab5c4dea5667733933844

SHA512
16e068dc2446948a342ef169434b9381202f22a8be090cdbbfa5eb151ab39664962e9302f21bd87299fd59da21f4187c71bc8c35479079893b1bffd6641d1bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\ITA\resource.dll

Filesize
60KB

MD5
814ff17e9b3881a2f2732890078875f6

SHA1
143416c68671651104627069737e64718e547512

SHA256
5bc1e92dfc1fc119927a79b8561dfbec0b22c074b86cb729f49e8125d79f9838

SHA512
94445d8bd539c55c14d85349d975dff51258bab16ab9169947d50528f4a76ff563513b12b261a4e753bb05be7245d60731888d8bc168db46771157f2c7d54f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\JPN\resource.dll

Filesize
52KB

MD5
48a9deb7732190c038def1e77bbf3561

SHA1
5b756a3f00c50c3237455de1db1f967f3a8520c0

SHA256
147c3c6d7eaef137ad163d7a7fb24a038def73bd22c42989198ff48936b90955

SHA512
c949632cfa40c074105c662f07257b1a37ec90c1d9315b82f83d819faa93da810eee905a0ee8d70eafda5a5350dd4d8e0b80344057396fe4b47bf6571d7be59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\KOR\resource.dll

Filesize
52KB

MD5
2b3e2d4aed21c088ef381a72f7ff9667

SHA1
94656c8a94d6c9e45c914665544dfdccce4aa06b

SHA256
12b9b02bf0a410ce9c634f2a27e9385b0283f276c14219e249fe42c5f1219222

SHA512
582444f074ab6df542edeb91f48c841719cd89163ddf4925f5a0867c48398014a1a773723a6d4de51ecb6ddecf32e8b18955f03bffe359a2ccd55b5f04d4c508

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\NLD\resource.dll

Filesize
60KB

MD5
3484c7a50feb3a8ded0127425ea5d955

SHA1
6e235a829b074222194da6fd410c5a42cd2486f2

SHA256
fc525a94a076d5fa6586770fb4a1c4bddffebb3dad994b478432aa583e6f4f95

SHA512
aea735bacd933a8737e3fa51104162054ee07bca8dc1a4404f17fb6d0f58a396670ac26ff658bd8405ccd84c7f34a478f55054d83d434c035c7c86941b762442

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\NOR\resource.dll

Filesize
56KB

MD5
9ef14bf01db2fe5757b2da9629a57fc3

SHA1
56dc022ebba950413b892dbbd5c8ebf034a39d94

SHA256
a76cb91f5b905b8f2d67028f331ae92d76c4041f16fd1fbbd43caaea4fd63758

SHA512
9fe953c2a715a70fa4ecb4d9ec58def48c06b4652052bc81207b1e77626ea660fff7a178fcb9d899911d04e5ae7e2310c75c3b7c0e8dd6e9112ff013bdc3c586

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\PLK\resource.dll

Filesize
56KB

MD5
c9f54fa34f9ce21e725aff1bd7bc551c

SHA1
4900d4c2293f513f31e8a5b597969823edb2ee0f

SHA256
acfbbb4bdcd55282d25c842ef68d9ab41a93ad7a64c1c9fb1ead8eda538c2f9f

SHA512
77979aa2cf2bbd1171c26ea5e962f7699bba18774643631ceb797baccae3ccf529c0f746fa0a6d55e81d2de4d6d316586b1c1aca099bfc05f88e61b0f2977f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\PTB\resource.dll

Filesize
56KB

MD5
5152664fb4f1ad8f2999d451c16bdbe3

SHA1
75af680353549f009da03715ad164e45aee72c97

SHA256
cd766415683abb9a6300e905b7995e996daf62c116820aabdacd92f7919d834e

SHA512
e8c695a9f88294635789b66a3cf7f1d43f5f23b80eef4e1385c9317b8ec01fc988a022dca24b457a333cd7f8a4be701f0cd39f39ef71447859ac598dfd748c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\RUS\resource.dll

Filesize
56KB

MD5
d5e3ae66b403124a9d01a4c430c2156e

SHA1
59d130cf52e4919fceb7e99503ac1a52ea2c32c1

SHA256
5d239fd3c2a724edd12dee34fdf881677596b99d8c30805f95e96ec058e660cc

SHA512
89fc2aa122e4b6303507b4073fb494de0b310145f7703dc8949fb78116b13e958193e0f3efbcd49f681d440fb22650bec6f50dcfbbba57b44c087300801fdfc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\SKY\resource.dll

Filesize
56KB

MD5
f0f580115dac98ee54b3f77366c465cf

SHA1
fb6b00a52300e32fa5c036e174d07e607b332b86

SHA256
1ebc25242c5c4fea6c2162ecd355241cba55a824e0edd61d0c7719e8d92ffdf8

SHA512
34242f512eba106fe9a9923dd39afffc1e8ae9e8d8bbfbbd9cb0f06a3f576eec5a385cf00dbf8bf2363a62ad68b80c874b7c0c2acd5720e87b0547d9ca634139

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\SVE\resource.dll

Filesize
56KB

MD5
4e9058481367360bc708c24f3f11e609

SHA1
3edbb9a528857398ad5ac1a1ed4d047d04c5c295

SHA256
bd5ecc086e7b404c163be045e5d907be8e9e6864eb749e1e2dbef4b38d03c63e

SHA512
923b8ae7465d2247ebc817fb0aacee46a4fd9733e611f550a694bc45938ede1c443770527c5b1a1ad413b183e3368cfedfd7a4492f5761e3772c100b6b923355

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\THA\resource.dll

Filesize
56KB

MD5
0dc9312ce58967540b9ae5907f548b6a

SHA1
93713f1a6e637d93f7aecbf1033f85d9b363fe31

SHA256
a0ad43b4dfa6b379bc9c0a6042ae497c1ca536c9da6c9f401d5eed4d6e4d0ccd

SHA512
874e399420731647096724d47c7dbe8bc41ecc4fb6c55b761e91c6700b74d02a01b8c632bcf9c8cdff30e3bacea6cea012e7f46009a1bd9fa6f3cdf14c25eb91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\Lang\TvWizard\TRK\resource.dll

Filesize
56KB

MD5
f80416b688e8749712688bacb8bb9127

SHA1
78943030815e23ceaa05e566cbe7267025d43d1b

SHA256
6006ace5527be4cb849bc80e5884e2447baf1fe0d98a5b42c88450518508a1a9

SHA512
1171cdd3d8e2e24ae4eeccc53fcbf5f8115c249bd6111eef95781e2d669af5bf7385dc82066b3eaf8a9c2a0c5729675e0c91cd7cce4c041321c25720a350784c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IPMx2\setup.exe

Filesize
389KB

MD5
6d57ee295a320e4477f14bca7c153f40

SHA1
b6d3728ea8b0bb9d145ca43138db61b80e1ddd83

SHA256
824eabcc1dd6c0639a7aa7a9a535c7ac3b741576c6348878c4d021008706f3e1

SHA512
9f652bbeeaefabf47394bb3b375a3885d6d3d155cc51efc65a4737ad6cdd1c8b89922bd72fe8028503bcec2a4cd1581ae6db2f83c429579bcdb9ea6cc838ab8f

Download Submit
C:\Windows\Temp\IntelTVWizard.log

Filesize
2KB

MD5
3e04eb893eb994a0c3a81a16aa1009bd

SHA1
ba03470fa15f8d4539ff2affafa5b9156abd18e7

SHA256
d1bf218d359f65c09045d9a1481546ffbdf9595cc352dd637f027719ddbf129e

SHA512
7fbb7ad0549c8a5fbe7e9ff258804ce29637d8a84b252348904dae3242097a8db38158de9b11f679fa7dfa5671dcf0376e87af341dd89a8d8956e68420ddb040

Download Submit
memory/2624-2-0x00000000029B0000-0x00000000039DA000-memory.dmp

Filesize
16.2MB

Download
memory/2624-16-0x00000000029B0000-0x00000000039DA000-memory.dmp

Filesize
16.2MB

Download
memory/2624-7-0x0000000000CD0000-0x0000000000CD2000-memory.dmp

Filesize
8KB

Download
memory/2624-11-0x0000000000CD0000-0x0000000000CD2000-memory.dmp

Filesize
8KB

Download
memory/2624-0-0x00000000029B0000-0x00000000039DA000-memory.dmp

Filesize
16.2MB

Download
memory/2624-6-0x0000000000400000-0x0000000000BE2000-memory.dmp

Filesize
7.9MB

Download
memory/2624-3-0x00000000029B0000-0x00000000039DA000-memory.dmp

Filesize
16.2MB

Download
memory/2624-13-0x0000000000CD0000-0x0000000000CD2000-memory.dmp

Filesize
8KB

Download
memory/2624-8-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/2624-494-0x0000000000400000-0x0000000000BE2000-memory.dmp

Filesize
7.9MB

Download