6058bf31d92d6ab4be098b9d318d5236c45d570b8d4af96a559311ac16d16908

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 07:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/bundle.exe
Size

1.6MB
MD5

981780e62db7df6ebf7dc3fc94ff9df4
SHA1

32cafdcfe5822f0eea2def9829afa30e746feeb6
SHA256

c207ee428f0eb876e23f5b7ac859f0602aff15ac533eeb6b74262e99f3658342
SHA512

a59c19741b258223dee6a8f631d2cc442c9fb5cc9d13b87e81cb9b5bdd2cede636ac442b3aa254abe9b50f88eb810cd9769d91697e8fabc5ce2f844ef47cbb99
SSDEEP

49152:e8YWaDwae/oxwOLa1IgZ/yS4SS0emt5NMVqi:ZYpktoxwSa1IgEy7FRQ

Score

7^/10

adware discovery evasion spyware stealer trojan

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk	SetupUpdater.exe

Executes dropped EXE 5 IoCs

pid	Process
4500	MyBabylonTB.exe
2232	Setup.exe
4388	MainInstallerAutoEmbedded.exe
2544	SetupAuto.exe
1644	SetupUpdater.exe

Loads dropped DLL 13 IoCs

pid	Process
1536	bundle.exe
2868	rundll32.exe
2232	Setup.exe
4452	rundll32.exe
1536	bundle.exe
1536	bundle.exe
4388	MainInstallerAutoEmbedded.exe
2544	SetupAuto.exe
1644	SetupUpdater.exe
1644	SetupUpdater.exe
1644	SetupUpdater.exe
4388	MainInstallerAutoEmbedded.exe
4388	MainInstallerAutoEmbedded.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\ = "C:\\Users\\Admin\\AppData\\Roaming\\2YourFace\\bho.dll"	SetupAuto.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\NoExplorer = "1"	SetupAuto.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}	SetupAuto.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 6 IoCs

installer

resource	yara_rule
behavioral10/files/0x0007000000023460-131.dat	nsis_installer_1
behavioral10/files/0x0007000000023460-131.dat	nsis_installer_2
behavioral10/files/0x0009000000023462-141.dat	nsis_installer_1
behavioral10/files/0x0009000000023462-141.dat	nsis_installer_2
behavioral10/files/0x0008000000023463-164.dat	nsis_installer_1
behavioral10/files/0x0008000000023463-164.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\DisplayName = "Search the web (Babylon)"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "\|affilID=\|trkInfo=\|visitorID="	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6FE19C-C35B-456A-83EF-0ACCBC14F55D}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\2YourFace"	SetupUpdater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6FE19C-C35B-456A-83EF-0ACCBC14F55D}\AppName = "Updater.exe"	SetupUpdater.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6FE19C-C35B-456A-83EF-0ACCBC14F55D}\Policy = "3"	SetupUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "\|affilID=\|trkInfo=\|visitorID=\|URI="	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\URL = "http://search.babylon.com/?q={searchTerms}&affID=112042&babsrc=SP_ss&mntrId=3c829b53000000000000caeaa890b1db"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	Setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6FE19C-C35B-456A-83EF-0ACCBC14F55D}	SetupUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}	Setup.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.babylon.com/?affID=112042&babsrc=HP_ss&mntrId=3c829b53000000000000caeaa890b1db"	Setup.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Test.cap	Setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\TEST.CAP	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Prod.cap	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Prod.cap\Info = 433f39789c636262604903622146b36a27031763634b23175d0b7363035d131347275d0b23334b5d33232343732713034b4353f35a06010101c1795efb0116bb0b31	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\2YourFace\\bho.dll"	SetupAuto.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\InProcServer32\ThreadingModel = "Apartment"	SetupAuto.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}	SetupAuto.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\ = "2YourFace Addon"	SetupAuto.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\InProcServer32	SetupAuto.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2232	Setup.exe
2232	Setup.exe
2232	Setup.exe
2232	Setup.exe
2232	Setup.exe
2232	Setup.exe
2232	Setup.exe
2232	Setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2232	Setup.exe
Token: SeTakeOwnershipPrivilege	2232	Setup.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 4500	1536	bundle.exe	86
PID 1536 wrote to memory of 4500	1536	bundle.exe	86
PID 1536 wrote to memory of 4500	1536	bundle.exe	86
PID 4500 wrote to memory of 2232	4500	MyBabylonTB.exe	87
PID 4500 wrote to memory of 2232	4500	MyBabylonTB.exe	87
PID 4500 wrote to memory of 2232	4500	MyBabylonTB.exe	87
PID 1536 wrote to memory of 4388	1536	bundle.exe	92
PID 1536 wrote to memory of 4388	1536	bundle.exe	92
PID 1536 wrote to memory of 4388	1536	bundle.exe	92
PID 4388 wrote to memory of 2544	4388	MainInstallerAutoEmbedded.exe	93
PID 4388 wrote to memory of 2544	4388	MainInstallerAutoEmbedded.exe	93
PID 4388 wrote to memory of 2544	4388	MainInstallerAutoEmbedded.exe	93
PID 4388 wrote to memory of 1644	4388	MainInstallerAutoEmbedded.exe	94
PID 4388 wrote to memory of 1644	4388	MainInstallerAutoEmbedded.exe	94
PID 4388 wrote to memory of 1644	4388	MainInstallerAutoEmbedded.exe	94

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bundle.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bundle.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Users\Admin\AppData\Local\Temp\MyBabylonTB.exe
  C:\Users\Admin\AppData\Local\Temp\\MyBabylonTB.exe /aflt=babsst /babTrack="affID=112042" /srcExt=ss /instlRef=sst /S /mhp /mnt /mds
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4500
- - C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\Setup.exe" /aflt=babsst /babTrack="affID=112042" /srcExt=ss /instlRef=sst /S /mhp /mnt /mds
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    - Modifies Internet Explorer start page
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2232
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\\rundll32.exe C:\Users\Admin\AppData\Local\Temp\97DF18~1\IECOOK~1.DLL,UpdateProtectedModeCookieCache URI|http://babylon.com
      4⤵
      Loads dropped DLL
      Checks whether UAC is enabled
      Modifies Internet Explorer settings
      PID:2868
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\\rundll32.exe C:\Users\Admin\AppData\Local\Temp\97DF18~1\IECOOK~1.DLL,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
      4⤵
      Loads dropped DLL
      Checks whether UAC is enabled
      Modifies Internet Explorer settings
      PID:4452
- C:\Users\Admin\AppData\Local\Temp\MainInstallerAutoEmbedded.exe
  C:\Users\Admin\AppData\Local\Temp\MainInstallerAutoEmbedded.exe /PID=104 /SUB= /NOTIFY=0 /FFP=0 /SILENT=1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Users\Admin\AppData\Local\Temp\SetupAuto.exe
    C:\Users\Admin\AppData\Local\Temp\SetupAuto.exe /PID=104 /NOTIFY=0 /FFR=1 /FFP=0 /S
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Installs/modifies Browser Helper Object
    - Modifies registry class
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\SetupUpdater.exe
    C:\Users\Admin\AppData\Local\Temp\SetupUpdater.exe /S
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\BExternal.dll

Filesize
126KB

MD5
743acbf54eb091066be6ab3cb12c5988

SHA1
43a205985790c47a7e611fa2d3cab9b4eb59121f

SHA256
fcee9d5c80b11b82add301e142dea2b40b05f0839ef7cd0a8b0fff84a67eccd0

SHA512
014cf6b9896a2f76b8d110bce862c46a56471ae74582cbae7af672af49ae052d7827fc28806dbe80c911d05c4688d7e08ef486bc7d7acc2b05fa7b2b3f2a3689

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\BabyTBConf.ini

Filesize
578B

MD5
eadcd22e2244af10a49053eecaf2fb77

SHA1
e0461a8acd65f04bfc2af596da7341e7c0703cb5

SHA256
af8ed063d92fa0b9fbc6d320652ddc4f180e1578342297101397ff3dc763f531

SHA512
4bfc116705abebcd6674d861b3dd7211a0eb9491541f87e992f29212cd4ac33eda4204ac68adfb9b2f5aa6dbada2256a765a1ae4836bb6b0545bd745020aa8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\Babylon.dat

Filesize
12KB

MD5
adbb6a655ae518830ba1afefdb84668f

SHA1
a1be53d99a67fff011ea035c310588e635c718e1

SHA256
7029ed42440ab0b23c76c2800871002151776f927cc77855590e79b31b96838c

SHA512
b5ddfa301fdcd852a35c6b8a5d4eed78c43bc250d7e2c7d95b548d5f5ce216f2b9f5eabf5e1c0c87691d735fc1ac7a33a5c236c5560a4777ef7bf75510f0b228

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\blueStar.png

Filesize
14KB

MD5
a7fcdf142648bac756fcfe06a31f42e4

SHA1
4df99b119c183c821ed1bf0f825536318c9c3353

SHA256
008aebc73a7bd79e914db753b83a385c1aac320ebbcf4ead8fa49f74e3f30f22

SHA512
ddd8571b02909ede720af8e27044e126002a749719f41fe65d44004a5165ebfd90e5cca007e6014194de510a0076862839ecd056bf0043113337ab25086037eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\eula.html

Filesize
79KB

MD5
1b73a781f7f5b0d61624bd97050a2ed0

SHA1
01b848625761d5dede115e8599e4c72f126f8a3c

SHA256
f7f4148b58242a889a8694d734e49ca96bdad63d7fa5d5be130acfa9414b5cb5

SHA512
76eb4cd01eae14b0050802ad4cd0e401e2e65705d4d4b8c25e3632bd24745ec85df129c51332500823953755314a51907f0a713d0c2011054490acebc9c2787f

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\globe.png

Filesize
33KB

MD5
cc53fb9e9456eb79479151090cb16cbd

SHA1
e61004bf729757f3f225f77f0236b82518f68662

SHA256
3eca21891a2b484a38098410c5d8410361e91ae4dd84cb565891281145501f42

SHA512
0aac27727044ef9cf05e7a8d35d4395c9812a9169fd1661f95f53a2d809a7a73a034058b8080529ab50471688877cfdb45a282308ef86eb4812a2d734e02d28b

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\options.js

Filesize
119B

MD5
771f230f8bbc96a03b13976667918f1f

SHA1
0fba422c76b89cdb5d12e657064c49a9b1b7abae

SHA256
92db8b549583a5498689a42840a282f33d734c3cb081ac6f896377e56d043252

SHA512
b8209b679f30fea49ea34b77b7f4126acef962a17b292cbab711660c7ec23646bab91e66ce49fde6570ee3c053bb6b8d521b6917cb16f3e925ce8f82d7b4c8f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\pBar.gif

Filesize
3KB

MD5
26621cb27bbc94f6bab3561791ac013b

SHA1
4010a489350cf59fd8f36f8e59b53e724c49cc5b

SHA256
e512d5b772fef448f724767662e3a6374230157e35cab6f4226496acc7aa7ad3

SHA512
9a19e8f233113519b22d9f3b205f2a3c1b59669a0431a5c3ef6d7ed66882b93c8582f3baa13df4647bcc265d19f7c6543758623044315105479d2533b11f92c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page0.html

Filesize
1KB

MD5
cf33120dd42cee842d96532843bb1961

SHA1
1db4f3e0aa1e4036a078a05f48fefdbb8744e3cf

SHA256
783a0e39d4a751462e26e4acfcf6fb4953f818980ad3d7d7fb821ac35c00c29f

SHA512
889d4043672b551a08979054add55bca4c5a4438fef5189b1ecf309c803ff1468664ed1123b0d22ceecb21a7bc5cfbf85a7428ed72ad7be04596185432aa68e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page2.css

Filesize
2KB

MD5
085cf46c4d1c8dea9edd79ee37d6d5bd

SHA1
30cb66994c45261a4aaa6d9ecdf1b1890ed09b45

SHA256
9ca3bd0f0c3ac1533fcda2e20e2fb3c18deb40986b37ae6edff594becb82405d

SHA512
66ea917206a7e771e48e3734004e6b96619c5534cca35c2e59e7c2922bec7dca5fbb6536e8940013871becce7493b0e2b1844cc5f37668396639c6d7c7e321a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page2.html

Filesize
3KB

MD5
12152ded3604e8baaf82c078f8034d60

SHA1
0867dec241a257e3e9ad9e8d20b9e06e3bce7184

SHA256
abb8953ffc3818e54e86019e1920595d65ba0997f3fd7fd47480a450cd7ee485

SHA512
a38ed7d7ef0be98ef362b4f5345961ac56f2db9e184b8a405dd3b09611796fda2189837a3bc0c27152276225a2fd4c8bfe8324c70df0d67b9cc826212448e79b

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page2Lrg.css

Filesize
1KB

MD5
db15b568f9d195635b3fcab87ef6293f

SHA1
6ae0f374531cb3013857880e8469a103492b8393

SHA256
5d7bd6b3acb31788f12475528d51d98778f1dbc940b2d6dc6317704d17d0964d

SHA512
a8d2baf03d85e31847b21ee5c193d11e2f7ccd9ed7630feab3c8e4fe780bc62d1847ff4608654b3201fa6c39175c7d6e650163d9347db40454935856af3f7af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page3.css

Filesize
1KB

MD5
07784ad77f30fa018949e412b2257aab

SHA1
8595c222a3741bfa83c5a4d982c845c8038062a6

SHA256
226a67f6e05fd889f91253158e583c443cbc7c27d29e8b441925849f820565cf

SHA512
2fe022c30d9280f224ca159edf485ca7ba870bd32b7fb82ee86b3657cdd2e9bdf52525408566ec3ecff80660390f8fac8f04b166623082c706213597f1178cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page3.html

Filesize
1KB

MD5
b23c25988099403433efb7fb64715676

SHA1
e833527e1c021b311286e6e2d1c2f0530be0a565

SHA256
7f2252432fff22505b6fbcce5077a9f455006f724dfa705fbc0540325a14c28c

SHA512
8f721e25e47fc5508a0ae1d887a556c22b64b9eb4d2a7ad019b0ddbe4c91649ca52c4582e3cf99338f4b779bd50832110054c46e9bf9f2ffc9a4469343f6838f

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\page3Lrg.css

Filesize
977B

MD5
b3520c555c46a7020d8f27bfe81df0ca

SHA1
59398086abe3987c2a91edacb74eca94bbd63d7d

SHA256
74a9e635dc555a07820a288d0dfe05adea386292757f4cd6933ba3ce6697bef6

SHA512
0b3243cd84b44be79cc7d45a1e18d9840cb393aaf0b82229a0e5a4378d4588c1d65f1ba80530fa10659777fa6ca7b45785fe4fd4aff8dc6047956f93299c5ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\progress.png

Filesize
2KB

MD5
dee08d8cbcdeb8013adf28ecf150aaf3

SHA1
c61cd9b1bd0127244b9d311f493fc514aa5c08d6

SHA256
eb7dbbb4b7f4020a91f5b64084fb3ce08aeac2f72be66959332041ed06b59bf5

SHA512
c7ff9e00e5afd3b14947006127c912a3c0e7e7fbdde558f5575e6499deb27eb39199206497bfa4372ce469a0fac64df03ec165c0565a619774531c7311d3223f

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\setup.js

Filesize
13KB

MD5
a95607ce49fa0af8ed7a3f5667c3eb31

SHA1
5e4b5a30e56c42329afdf216625bf35be69a82aa

SHA256
01d6d025c169e9c36600d097749f76f8e877846cd8733b7dd958aaea7c54884c

SHA512
1f1fe95c04964de2f3fd73a7ba1632fecaf1c9ec80f918859eb91702e10333f1ba0342a85d1129ddb48cbc3ab74a5dcf92f8c4c053f683ecdbf34dee0112015b

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\title.png

Filesize
25KB

MD5
12ef76069cc40b8ad478d9091915ded6

SHA1
fabad560b6e6839f9e5ae1268695d11ca35f9d74

SHA256
4be568ed2044e1b74bc1d61d13ce71080e5a9717ed481616a6efc1ec4c35dd0c

SHA512
5625082a87aa75266c9680a4f4b31eb7b1df084bba6c7e2e70512f232556f9029af06a0a63b342ffc220bf3797cc09f333437fe26547ea6494913f1c59b2e067

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\HtmlScreens\toolBar.jpg

Filesize
19KB

MD5
56dc3cb42b46309e642c15167003685d

SHA1
045749de2c1492e5dfc4c44f9eb6c0feefe06b3d

SHA256
bc488502223b3369dd657e8bac70abc42ffde2223a0661fb507c8ec87778bca1

SHA512
5f3dc868d6e128407e071d6d7d7b9d0bbe7e45a32ff76985dfa53fe9dad0f5fb372ce64d35170c3719a06dd6762e4bb33089bfaedf93e6064c06c74a21b65a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\Setup.exe

Filesize
1.7MB

MD5
14c2d4576d528ed76fada4f4fa1a5952

SHA1
3a9d7d4639b5eb8bec42df972c44493690eaadfc

SHA256
6e7425ace83127aa18a94927144f3d97870f7395606285606635c3ae591f1b52

SHA512
15c32a49946429e15ff8a8e4293d2ccccd160c43c24d3b6f9ccb0373f3dfb666e3c04c062feecc5dd6415f44c7230a09f0cc423aed601a121c2afec28d772558

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\SetupStrings.dat

Filesize
63KB

MD5
07bb1523dc51ec1fd5913b0a70ab98ee

SHA1
216f853cb251f32f5c91345404efd48f041ad5bd

SHA256
31fdb44bc58ee37f01712c2e9b5f0f7c29058a6cd7f869df2f0ee6d77a552dc2

SHA512
8ae9b6ca8a6e6f9692161422b5815944a7ef6e74ff51dbfd9a0dee83828b1140ce399fc40765313e6d2657603731bdd1c791b56df07fe42fb2d152b584d922db

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\bab033.tbinst.dat

Filesize
236B

MD5
1ee8c638e49ee7137607722768afc5a2

SHA1
8719d7a498a49b042cd6fc411cac6c44f3c0f43a

SHA256
1368324e8df1654fb9c3bcae320e982ff9f40e76e0cc118d5f507649e1ec2f2e

SHA512
2acb5547bb9b62505a5332e3b2752c5004fee9579bc45c46271e53d42fff5f412f3a18863ed382052d961d33d0e0449d9c111950060663660d7dbb21e9bff575

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\bab091.norecovericon.dat

Filesize
174B

MD5
4f6e1fdbef102cdbd379fdac550b9f48

SHA1
5da6ee5b88a4040c80e5269e0cd2b0880b20659c

SHA256
e58ea352c050e6353fb5b4fa32a97800298c1603489d3b47794509af6c89ec4c

SHA512
54efc9bde44f332932a97396e59eca5b6ea1ac72f929ccffa1bdab96dc3ae8d61e126adbd26d12d0bc83141cee03b24ad2bada411230c4708b7a9ae9c60aecbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\sign

Filesize
80KB

MD5
73dbc500e121b83ec57bb2563203259a

SHA1
658adac13fc362f5292cbbda19ade1d228ff7901

SHA256
9fb7ed24ed57aebd1314119ad70fee1d74c614bfd3c8fcc85716797803de8878

SHA512
c5fd20a4d90f16c147e02afc82b477054b3bfa8d321017f32f99606febc076bed86b249f372779c3582f8a3de859b8d3998b0bdbc873953d9e5e15b552fafc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF1810-BAB0-7891-A374-001B1C6F2429\sqlite3.dll

Filesize
508KB

MD5
0f66e8e2340569fb17e774dac2010e31

SHA1
406bb6854e7384ff77c0b847bf2f24f3315874a3

SHA256
de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f

SHA512
39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\97DF18~1\IECOOK~1.DLL

Filesize
5KB

MD5
5a27c8702510d0b6c698163053fde6d1

SHA1
69fdc602a51e52c603f23a80e9b087c262dce940

SHA256
ccba25e2b6462f5f5646ab9c2e1f63a941b1ab7911d3e0a32a29ebb65cbda437

SHA512
ecf38339ff38b601509a1f5aee16cd0ee7c70662940a81f45e18f91581a8b2964129603b47606f762b371245b039d4faa91b30cff125d46d32253a0e88401e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\MainInstallerAutoEmbedded.exe

Filesize
796KB

MD5
7fc6bc14a74dc69773587af10132d8c9

SHA1
9d98b268eaa7f4ad208bde39944fdb1ab201e076

SHA256
e288d49f6011dcd3f893e54ceafda9b6b491543966521c483064a7df43e5bdd2

SHA512
a738205fb26bf259e70b1cacfd10f9168d381778ef90a49847b8d332d93b471cbdcf6357a3d2dfb2e41a4666cba98dd9dc2867a20d472636e5fc8080cc073742

Download Submit
C:\Users\Admin\AppData\Local\Temp\MyBabylonTB.exe

Filesize
845KB

MD5
3d91ecdbb3404485702fb92b26b17d90

SHA1
5dfc514a7a1e037683fed57029f49fa6c6f04dbf

SHA256
588b7896a3712043efd9789e8bd2de35d2bcc082344f2d2cb7a90cfadc66b6d9

SHA512
1cc40cfa7328eb251f9cc5bc4c5ba695e213c8efda94e8ef23cfc7786a561c8298c05b39fbbbcfccc90eaf3a18090f1d6fd4ecc405795565fdb8790c9b2093d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\SetupAuto.exe

Filesize
512KB

MD5
ff0198fd1f59b71c1deec34b6b0b0c07

SHA1
cae622ad91a3bab0996589e3bf905c9d4eeb6059

SHA256
f552d818f17841efb7f06803ecd2479fe5c9b2a0d3c4dad2c9d90b42e2e9d7d5

SHA512
96795276eefcde81b0ad4ac85f4aaec368cb93bd9e9912c343316912f1502f3a22d845af3ba75ea5aa92b1936028558d48c11a77d331d49bd77f58b886868ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SetupUpdater.exe

Filesize
260KB

MD5
2fef4da41b5f58e66d6de6b318bf3004

SHA1
66ef30ff290e8615cad27abb884cc8a2d250c3e7

SHA256
7c8472e322a87d039c22e8f48ab55107508898102b17a011222b2b0da9df4790

SHA512
8e6ee8e5660a10f227a9690822f278f393e865665c6d63d0a625241d58c6d48292964c3a30b594afca775de75d06604742925cb4fc42fd18c0cd14dd46cc9f1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl87A0.tmp\SimpleFC.dll

Filesize
175KB

MD5
d38543fc9ae37d188a23e06ee11d3504

SHA1
174fe778f66db4a527fddf21b1c23e1bc1ceceeb

SHA256
72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e

SHA512
43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7986.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7986.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/1644-181-0x0000000002870000-0x00000000028A0000-memory.dmp

Filesize
192KB

Download
memory/2232-120-0x0000000060900000-0x0000000060970000-memory.dmp

Filesize
448KB

Download