92a106736e7db41013c276bd18f29b9ce5bde5b85fbf46b26369a96497032aa3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe
Size

1.4MB
MD5

d334c73d9184bf9e25f3444528dfc8b6
SHA1

0ce7e5c2fedae78c896f46771196f03ab3a41998
SHA256

92a106736e7db41013c276bd18f29b9ce5bde5b85fbf46b26369a96497032aa3
SHA512

3de328389ec5ceecb38be87f58b550ed157a6f898570bb8ad111c50a5164c7ba5c3d6f3947eff7fbd5fee4bab1cfa15b4295e81769fd27170da5e1a17998fbab
SSDEEP

24576:Yutr5OUuNKJOAa/Q7lhRugqqnMx5OKASgL7sg1MMbo3O5X1UhmAeJi1B0:YuX+QC8PggXMx5OKmQxMbo3OtawA+i1B

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe

Executes dropped EXE 2 IoCs

pid	Process
4360	bstrapInstall.exe
2376	gameinstaller.exe

Loads dropped DLL 12 IoCs

pid	Process
4024	regsvr32.exe
4024	regsvr32.exe
4024	regsvr32.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bstrapInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gameinstaller.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.UnRar\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A38DB794-40F4-4540-9062-0C1C6E71EF0C}\AppID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D991AAA3-6CEB-47CD-9A34-08E0C9D0959E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ProcessMgr.1\ = "CProcessMgr Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A38DB794-40F4-4540-9062-0C1C6E71EF0C}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A38DB794-40F4-4540-9062-0C1C6E71EF0C}\VersionIndependentProgID\ = "StubbyUtil.UnRar"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{860450DB-79C1-44E4-96E0-C89144E4B444}\TypeLib\ = "{12631F96-F37E-4975-81D5-16E871EE557B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{29F023B2-B05F-4613-A60F-2A0094DF3017}\ = "IRegAccess"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ProcessMgr\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.RegAccess	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.UnRar\CurVer\ = "StubbyUtil.UnRar.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D60A064-2009-4623-8FC1-F99CAC01037E}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5609BFB-AC99-4F0C-AA90-5BA58C1E382E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5609BFB-AC99-4F0C-AA90-5BA58C1E382E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5818813E-D53D-47A5-ABBB-37E2A07056B5}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RACInstaller.StateCtrl\CLSID\ = "{C8F76629-E4F4-4646-AFC0-665082D167B1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D0A4EAC1-BD78-4D2D-AAAD-3C6558E74008}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ShellCtl.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8F76629-E4F4-4646-AFC0-665082D167B1}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A38DB794-40F4-4540-9062-0C1C6E71EF0C}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{12631F96-F37E-4975-81D5-16E871EE557B}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\bin\\"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D60A064-2009-4623-8FC1-F99CAC01037E}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7E480B1-78D1-4D43-8B94-0D32DD109899}\TypeLib\ = "{12631F96-F37E-4975-81D5-16E871EE557B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29F023B2-B05F-4613-A60F-2A0094DF3017}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D0A4EAC1-BD78-4D2D-AAAD-3C6558E74008}\TypeLib\ = "{12631F96-F37E-4975-81D5-16E871EE557B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RACInstaller.StateCtrl\CurVer\ = "RACInstaller.StateCtrl.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.RegAccess\ = "CRegAccess Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E}\ = "CRegAccess Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.CookieCtl\ = "CCookieCtl Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A38DB794-40F4-4540-9062-0C1C6E71EF0C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12DE7CAC-9F64-48FA-9526-212043DF0AAE}\TypeLib\ = "{12631F96-F37E-4975-81D5-16E871EE557B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D11E12-E33E-40A7-A78D-2EAFD88906DC}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4}\AppID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ProcessMgr	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29F023B2-B05F-4613-A60F-2A0094DF3017}\TypeLib\ = "{12631F96-F37E-4975-81D5-16E871EE557B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E}\VersionIndependentProgID\ = "StubbyUtil.RegAccess"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D991AAA3-6CEB-47CD-9A34-08E0C9D0959E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AAA7D05-AC75-4B10-88A1-D4F6344158DD}\ = "_IUnRarEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ShellCtl\ = "CShellCtl Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ProcessMgr\ = "CProcessMgr Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ProcessMgr\CLSID\ = "{5818813E-D53D-47A5-ABBB-37E2A07056B5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29F023B2-B05F-4613-A60F-2A0094DF3017}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5609BFB-AC99-4F0C-AA90-5BA58C1E382E}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5609BFB-AC99-4F0C-AA90-5BA58C1E382E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D0A4EAC1-BD78-4D2D-AAAD-3C6558E74008}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}\ProgID\ = "StubbyUtil.ShellCtl.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8F76629-E4F4-4646-AFC0-665082D167B1}\ProgID\ = "RACInstaller.StateCtrl.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D11E12-E33E-40A7-A78D-2EAFD88906DC}\ = "_ISlideStateEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{860450DB-79C1-44E4-96E0-C89144E4B444}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.ProcessMgr\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StubbyUtil.UnRar\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D60A064-2009-4623-8FC1-F99CAC01037E}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{860450DB-79C1-44E4-96E0-C89144E4B444}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{748744E8-6812-4F07-9F57-5F40395BDE65}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A38DB794-40F4-4540-9062-0C1C6E71EF0C}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12DE7CAC-9F64-48FA-9526-212043DF0AAE}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{860450DB-79C1-44E4-96E0-C89144E4B444}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}\ProgID	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe
2376	gameinstaller.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4144	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe
Token: SeRestorePrivilege	4144	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2376	gameinstaller.exe
2376	gameinstaller.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4360	4144	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe	86
PID 4144 wrote to memory of 4360	4144	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe	86
PID 4144 wrote to memory of 4360	4144	d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe	86
PID 4360 wrote to memory of 4024	4360	bstrapInstall.exe	87
PID 4360 wrote to memory of 4024	4360	bstrapInstall.exe	87
PID 4360 wrote to memory of 4024	4360	bstrapInstall.exe	87
PID 4360 wrote to memory of 2376	4360	bstrapInstall.exe	88
PID 4360 wrote to memory of 2376	4360	bstrapInstall.exe	88
PID 4360 wrote to memory of 2376	4360	bstrapInstall.exe	88

C:\Users\Admin\AppData\Local\Temp\d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d334c73d9184bf9e25f3444528dfc8b6_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32 /s .\bin\InstallerDlg.dll
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gameinstaller.exe
    .\bin\gameinstaller.exe installerMain.clf
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll

Filesize
401KB

MD5
0f91917aea4d789b37bde97686d505d0

SHA1
ff6da6abe91122e2e1fc37a773823a4ee46938f9

SHA256
156fba599df6c6b168b79eb5fa9dfc743b99bb2d384ff3822c600468a62dc2a9

SHA512
27f6b53aa8c9079545901107c6a719417ac540dc0486035ec1817c7f99223476f60fd9bcee8fa590abcfdabb5da4ce507788edb74dce20d6a4449a5920bd1632

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\RAInstallerPaths.dll

Filesize
50KB

MD5
ee5dbf50e8d510a65a054d37b9e41490

SHA1
6ad6f7cba1e21aa537486cf7f64e78666acb735c

SHA256
9e28a3b4fc3b3a3dbe87610d5897b8c348779e41d066bcc94bf01218058309e1

SHA512
68f5c4b52e7eb2cd02f1c5cbc10412016bcd90bc38c3dd2417ae436d3563ac1268afb17fd239e7821d8806b737bd7fad4d11514630d0972b2e0e3ab25ce59c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\bstrapinstall.exe

Filesize
39KB

MD5
6c3edad257f9a509a41d02e6e829c87a

SHA1
ae79453bd3e50f1e946e2942cd4795a9dd0e4d12

SHA256
ea68b7f9903745a3406014f234525a5f91953829eb9066a43d3eb43c309bdbb6

SHA512
2d59ea7317424e492b31becd7c969ed9915df2045d76e160fce2b4de9dbf0e1bcaa045ed1e661ec5ec389207188f5c361c619e17c22eda53b49975db0c0ad7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gameinstaller.exe

Filesize
95KB

MD5
179a9c99cc10fe735ce91ec577b0536a

SHA1
5b9a7fa31bc8dc7a92f5130d23091c1bbb80b787

SHA256
fed1829be18f024fb32e67b94e8118308ad07bff18cbe823ee6406767b99eb31

SHA512
0ee5fa47c8d2a375923c16184e0459872f19d42e7563ff20ddcc43b22bffd7405da29bd01890042f36bee89ec2f23d39e7db16cec10ef3c8231e87c284bbcd75

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\lua50.dll

Filesize
92KB

MD5
913973aad1d92e274b0691ca15a3d78f

SHA1
a00ae78ce78d5f3d9834579a0f2e456c2a3be863

SHA256
eb55fdbc8a12ddc41d281964068c2369981da0a9d7459283ab875178b9fd49fc

SHA512
068978f3f3a92a61578f140b50a6174c4e76a4046ec0ac55b6511c3270005f3a5d8e715c66f97cdee4846978ca0d21e3315c68faefd8040bac19efcbcda03b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\luacom.dll

Filesize
136KB

MD5
3cd7899d4638fed3d474c506f4557d72

SHA1
f1497894bbc1a2bcb8f217ccf9b05c139afaee30

SHA256
74c0412a8f39d399a9731299affb2622749ea48960f80c72bcb6c0442d196cb5

SHA512
70f35d10bd9a54602597d6b0a6fe900a8f2b169b88c541348c50fadbee88492daf87b4df1e6119ce56211693b32b25dd44e7cc7cae6f8ef44b88baea9547c628

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\blob

Filesize
231KB

MD5
a7e494eb97abf72eb5ab34cefdac4fbb

SHA1
a5431235781b5f8520ff52a7823b19e300e81cf7

SHA256
0a0bf833cde834021b80b363e6ceba4ffc5890130c1747fb6ed18ab485387076

SHA512
b254363a368ac431bc45eab955002df8b1356edfc7a0f470ce910a1db4c472bbd376bc4e615bb349dc7f299bf4fc10c3fe1ed27b61a0d1715d294f16d1c6adce

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\compat-5.1.lua

Filesize
5KB

MD5
199607e50cd446a1f24249397568f814

SHA1
c22bcdd7f1628681e8aa93d0b4d801e00bbb2ee4

SHA256
86bc8a577082f61a89e235c9251abcc80333a204c494d60dc9b3245d118da08d

SHA512
d030810e77c9974a64e2a38ed9cf13fa9ba453db6cd41c4454c8ecd8c6fea00dabc54bf909d677b2b10c85daf004e5272079d26c4b223b80ee46773de531a28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\config.lua

Filesize
1KB

MD5
7f750417fafc1be8c8ea7d6610bbd3c7

SHA1
c33faf5c0485c32d3f692a5570d19a347a8eb189

SHA256
6329973f73494d38cdc6af01a717bcee899f8fd0afbe09cfab12a82957a94697

SHA512
d29574f5009aeffb5bd00cd60c7cea79e5561dec30e31b760f7e9f753c4b1022537e0ef3ef4e4de9449cc8f8c045404178bade457209a15dd7f5e210bb811a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installerMain.clf

Filesize
50KB

MD5
ec954495769232bfdde7bf8255cac480

SHA1
ad82c4f48ea56296ed61e408abbc3efb088c849c

SHA256
46f3dad32a7cd655170930e7c759ad5a1d57f98d14075536fa63d6cb0e3784c8

SHA512
bea206891558072e936ea118ac2eb1c367df0105496694a946fee776fee1fb5243e9024d0e20b5ae31617d6a0a7cfa72a1b5c1e3d15f291d3017ad1d52da4957

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\http.lua

Filesize
11KB

MD5
726309c05a4658fb8e8608ecbe5eb4aa

SHA1
5587c6eb9de86183718a05b973e1fde0f6407ddd

SHA256
c3b9c340f1cd2255eb7bd54372df7383e6b7bb644db24a9c5f59efafb4e0d483

SHA512
a4730dab6023d1978960a2bbcba7d7e73609f20164112da483b6382ad97f4b4613f42d7a9c0bdb46abffe7bc48583eaa9590c58e647f75a5b2a2290d0ca5700a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\ltn12.lua

Filesize
8KB

MD5
2ce994424bc66a99d3fe29dc87cda481

SHA1
26339be6ca6cfb7b9c0725801643945d489fce37

SHA256
4c91fc1bd2871c53c9b4d3e7293f0a7ffd12c477e5721eab80aac871e3e22f85

SHA512
495a7ec3e95b4cc55b645169e12d81860171efb5fcbec6ebf94f2c2847da6cc4dd17624610b7c777dd5e65296da6e296ebcf627cf7fc231b39f6dd68d3bfa117

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\mime.lua

Filesize
2KB

MD5
c7cc9ea4f6038095c45995a95da66d0f

SHA1
84911c0e24238f218019a0b280c1408a42cc609f

SHA256
3fe83f8e918c874dae8331653b59ca88891a9c1a8005b7e2eb40e980b0933ea5

SHA512
21a5e56e0ff1ef3552d3f13be45f56a06830a9b6b5e33888c6554ba24e6b4be69f7e32a199e0e3f50f3e20465c2b6c2cbdf97129dbd1362e2791c5bf8ef2e67c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\mime\core.dll

Filesize
24KB

MD5
8eb923b32f76b4aa1c324c0764a6bd95

SHA1
e15d2d5c065c689d2f107e0381645339a2baefbc

SHA256
87cb3cdad3b854598386350d1c169f93996c74ba45f1394d843e07780b5d79e8

SHA512
494861bb8a55af17396bc5b62b62a2cd94658702a04544b8ed31f2d608ca6fa23fc7ed449c2eff136c9a4a86d69d3af4bfab8ba2db35664616813ff082fad4db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\socket.lua

Filesize
4KB

MD5
7f689483b773e1b8cf3f1e7ecf39691a

SHA1
9da5f292d6b59404b48e5a0b36bdf15a26c4738a

SHA256
2ee5259b65c4493c3b49dac2cb1894753b67dffc65ce4ce5830e6ecc802e47b9

SHA512
97a22a1d4dc3435c9d920b3d2b1b4cf9c60efe4297961b9f15c23612d899349bc7f4b7279243a1851d139545c3813a0e730f275b390cee496e6930769213cefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\socket\core.dll

Filesize
36KB

MD5
fc3c96670e67eff3a9064fcbf9398b6e

SHA1
a3c89ecd29745fa34cac76bc3773cd3c5018c2ef

SHA256
e4ede13a74a2eb38397dcf8bd1794f2231ee6fb4abf5e9df76af65f945700978

SHA512
12113c136c9316fc7d68ce90c02a52540e208af6e8ede2c46da301dc55e17c3b933c959541c0e3068ed3c00d08bee183a56b524dedb395137d48dc144331225b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\url.lua

Filesize
10KB

MD5
d26c368bd8f0062de33367337d705c58

SHA1
f4586e48bf73afb204b6c2dba2701ec013594ac3

SHA256
0b5703fbeaa8f7036d1bf91a90241cf23586850c571e4cf7cdbb78fb6b824157

SHA512
b85ecdc7acd93d5a34b20f5f50ffade7344f29023bf86a051f22e2b12fb296a433565e8274c10ebead8a920a4eedd51e362d4e787c1632bc33736456213c07db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\wait.html

Filesize
4KB

MD5
24a32a52b62fbbfaa06e6642138f8b0f

SHA1
26d2ba8b8718d25f365344beefc66b2e2922c75d

SHA256
43f7595559754c0fb25fb0f1081713223d9ca615bb64ffba314c347f3766f902

SHA512
3c1c0a59080017bf53683e42e944ec11066ef215af96a270876da41a7941969b9785b65a1764e099a16511dccd60e21c8aece6265c0db038d2c18cb1e5d446d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\waiting_bar.gif

Filesize
10KB

MD5
7d61a7f4cb6a0d3e7f03873cf55db8e0

SHA1
3d97b561200a36bda2778e0a17462470f1a3fe23

SHA256
dcd61a04f134719cf1235da25342d4823896974d4de0dffe53dc38f78c7e37ef

SHA512
b25515d845a424b1bd5e10d16b4384dc87d528af646107fea1d29ab29b32d3d22c223c2024a7003ec1867cd931792505a573e1704c67dd3d4a319e801a97c685

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\waiting_to_install.png

Filesize
91KB

MD5
fa62c74c39866441733bbacadd7af26c

SHA1
fb691cd43bae0e0c37dca870b110d09d9a7544a5

SHA256
91a4b0ea722233a0c2280f7232709bba85ce06757f809cb0dfc5af38e7c0a412

SHA512
02ed41bbb078b1c774c1255c33ac6c5a86228bbd483a2a15c7783eb700009b2788e61b4f92da801fced461a91e39442156ed5bc341740570baf54e86c09e72cc

Download Submit
memory/2376-131-0x00000000004F0000-0x0000000000514000-memory.dmp

Filesize
144KB

Download
memory/2376-140-0x0000000002DB0000-0x0000000002DBA000-memory.dmp

Filesize
40KB

Download