Malware Analysis Report

2025-08-05 14:55

Sample ID 250704-wezxdswzhx
Target JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91
SHA256 041be9284322a225c4bec3004822eec287bea0c22b232a0a0e00859ed474b35f
Tags
discovery spyware stealer upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

041be9284322a225c4bec3004822eec287bea0c22b232a0a0e00859ed474b35f

Threat Level: Shows suspicious behavior

The file JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer upx

Reads user/profile data of web browsers

UPX packed file

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 17:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-04 17:50

Reported

2025-07-04 17:53

Platform

win11-20250619-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\is240618546.log C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 os-test.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp

Files

memory/1072-0-0x0000000002270000-0x0000000002279000-memory.dmp

memory/1072-6-0x000000000040C000-0x000000000040D000-memory.dmp

memory/1072-7-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-10-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-12-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1072-11-0x00000000023B0000-0x00000000024EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ISH240~1\images\Close_Hover.png

MD5 83487401daf307d6c726a479de1ee6f9
SHA1 c173be4937a63672570078b325864c76b28040b8
SHA256 f4f0f59fccd9b87b208b416423797dcfb532472dcfef99bef41a11ea9f6f713b
SHA512 da69729b6682acd1c46587c7c3b4533d9afbcf84c17e55f43798f1fee0097c7a2f39860e6dbc6a9b1cb26dc63d9afab4511071981ad5fd494f36ad9659c56e50

memory/1072-97-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-100-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-99-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-98-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-101-0x00000000023B0000-0x00000000024EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240617734\bootstrap_25286.html

MD5 1ea9e5b417811379e874ad4870d5c51a
SHA1 a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256 f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

C:\Users\Admin\AppData\Local\Temp\ish240617734\css\sdk-ui\progress-bar.css

MD5 abc5fac091a8548789f3e6b4553ef430
SHA1 c02d3c132f87607b7081a7b61fbd48728cc75ee4
SHA256 d482709570c0f9259ccf0ca4569a9ca05b37798910fe650da459b30dd832c845
SHA512 5e01c691a1b4e2e767e73c32bd74866ebe5a61532438c4c222058f832c26901824fe365157f23a3f559de171332b743c9a55f0ae4ce5c004ae24cd906595a2b3

C:\Users\Admin\AppData\Local\Temp\ish240617734\css\main.css

MD5 c4defa8d39bae67d8f65a0db206ce195
SHA1 61c4c8d278c15f4fbcf3d5c471adf796135920b5
SHA256 ac85063553d730cb11945522296d3887dc200fba829024c92bb3c72ce24b4de1
SHA512 8d9565d2ddbb5b9d336b7275f5e3c3398444cd467a162a5831238057855273571991bfe1812c50a5a94446014e15871ba1a42dfc9f3b53e73d31f185acc2b39f

memory/1072-117-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-125-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-132-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-137-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-141-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-142-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-140-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-139-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-138-0x00000000023B0000-0x00000000024EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240617734\images\Color_Button_Hover.png

MD5 08ffc7fcaf5adc850cc454275a98274c
SHA1 d504fa7e100b7dc379b83a8565b307e6485bf29b
SHA256 28879145d87be92a4ca7896fc60f6eaa81d5baa5d12af34e768e2ad374a8ffa4
SHA512 96639e4bf4cfc9d353c071768f88cc6da7342619c5e19cffcff0e2fd53edae13b49e398ddc51b2d78ef89900f895f2b26172360222e860dcf11ea43560a111bc

memory/1072-166-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-165-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-163-0x00000000023B0000-0x00000000024EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240617734\images\Color_Button.png

MD5 a379d9826c7537e27c3d039e6d816382
SHA1 19fc3f105175fa7b61d91e3217f2f7b56bc752a6
SHA256 ed26660ccbec7a439f5158741892beb9b63d2e7b9c491e359535d2cbce4f4e72
SHA512 cd2b2c5a559968857ff759351d8d5133410be863b97587ef50ea0b769ff46d142e96aedd24eeeb01b0aca55292cf91a86ea9569fa4c3838007a2aa76ab60ae55

C:\Users\Admin\AppData\Local\Temp\ish240617734\images\BG.gif

MD5 e4f15874b7d6a90e64364a02269bc4df
SHA1 63e6ea43b6f890cb00dab260967723730f525cb0
SHA256 1d4313dacef0bbf110c9f7b8bf4035334a6f7c9f2e05caa775aef936e4fb69d3
SHA512 fc707be1c0209b83f4403e95d2c2b67703d68309b6d27842d596c44179980c29e020a639b90956b79e4661c1e82f8ab615a054475c66d855b49669d7f20ebd35

memory/1072-156-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-152-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-151-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-135-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-136-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-131-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-169-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-176-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-178-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-179-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-180-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-181-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-182-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-184-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-186-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-187-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-189-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-190-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-191-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-193-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-194-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-195-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-196-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-198-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-200-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-202-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-203-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-204-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-205-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-207-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-208-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-209-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-210-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-212-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-211-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-213-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-215-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-216-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-217-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-218-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-220-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-221-0x00000000023B0000-0x00000000024EE000-memory.dmp

memory/1072-222-0x00000000023B0000-0x00000000024EE000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 17:50

Reported

2025-07-04 17:53

Platform

win10v2004-20250610-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\PROGRA~2\is240618250.log C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c74256f347b6a5d23aa5ca3b801eb91.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 os-test.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 os2.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdneu.extrimdownloadmanager.com udp
US 8.8.8.8:53 cdnus.extrimdownloadmanager.com udp

Files

memory/4044-0-0x000000000040C000-0x000000000040D000-memory.dmp

memory/4044-1-0x00000000004F0000-0x00000000004F9000-memory.dmp

memory/4044-10-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-11-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-12-0x0000000000400000-0x000000000041A000-memory.dmp

memory/4044-7-0x0000000002170000-0x00000000022AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ISH240~1\images\Close.png

MD5 83487401daf307d6c726a479de1ee6f9
SHA1 c173be4937a63672570078b325864c76b28040b8
SHA256 f4f0f59fccd9b87b208b416423797dcfb532472dcfef99bef41a11ea9f6f713b
SHA512 da69729b6682acd1c46587c7c3b4533d9afbcf84c17e55f43798f1fee0097c7a2f39860e6dbc6a9b1cb26dc63d9afab4511071981ad5fd494f36ad9659c56e50

memory/4044-97-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-99-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-98-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-100-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-101-0x0000000002170000-0x00000000022AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240617234\bootstrap_9963.html

MD5 1ea9e5b417811379e874ad4870d5c51a
SHA1 a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256 f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

C:\Users\Admin\AppData\Local\Temp\ish240617234\css\sdk-ui\progress-bar.css

MD5 abc5fac091a8548789f3e6b4553ef430
SHA1 c02d3c132f87607b7081a7b61fbd48728cc75ee4
SHA256 d482709570c0f9259ccf0ca4569a9ca05b37798910fe650da459b30dd832c845
SHA512 5e01c691a1b4e2e767e73c32bd74866ebe5a61532438c4c222058f832c26901824fe365157f23a3f559de171332b743c9a55f0ae4ce5c004ae24cd906595a2b3

C:\Users\Admin\AppData\Local\Temp\ish240617234\css\main.css

MD5 c4defa8d39bae67d8f65a0db206ce195
SHA1 61c4c8d278c15f4fbcf3d5c471adf796135920b5
SHA256 ac85063553d730cb11945522296d3887dc200fba829024c92bb3c72ce24b4de1
SHA512 8d9565d2ddbb5b9d336b7275f5e3c3398444cd467a162a5831238057855273571991bfe1812c50a5a94446014e15871ba1a42dfc9f3b53e73d31f185acc2b39f

memory/4044-117-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-131-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-130-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-139-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-138-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-142-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-137-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-140-0x0000000002170000-0x00000000022AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240617234\images\Color_Button_Hover.png

MD5 08ffc7fcaf5adc850cc454275a98274c
SHA1 d504fa7e100b7dc379b83a8565b307e6485bf29b
SHA256 28879145d87be92a4ca7896fc60f6eaa81d5baa5d12af34e768e2ad374a8ffa4
SHA512 96639e4bf4cfc9d353c071768f88cc6da7342619c5e19cffcff0e2fd53edae13b49e398ddc51b2d78ef89900f895f2b26172360222e860dcf11ea43560a111bc

memory/4044-157-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-151-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-136-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-135-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-134-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-165-0x0000000002170000-0x00000000022AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ish240617234\images\Color_Button.png

MD5 a379d9826c7537e27c3d039e6d816382
SHA1 19fc3f105175fa7b61d91e3217f2f7b56bc752a6
SHA256 ed26660ccbec7a439f5158741892beb9b63d2e7b9c491e359535d2cbce4f4e72
SHA512 cd2b2c5a559968857ff759351d8d5133410be863b97587ef50ea0b769ff46d142e96aedd24eeeb01b0aca55292cf91a86ea9569fa4c3838007a2aa76ab60ae55

C:\Users\Admin\AppData\Local\Temp\ish240617234\images\BG.gif

MD5 e4f15874b7d6a90e64364a02269bc4df
SHA1 63e6ea43b6f890cb00dab260967723730f525cb0
SHA256 1d4313dacef0bbf110c9f7b8bf4035334a6f7c9f2e05caa775aef936e4fb69d3
SHA512 fc707be1c0209b83f4403e95d2c2b67703d68309b6d27842d596c44179980c29e020a639b90956b79e4661c1e82f8ab615a054475c66d855b49669d7f20ebd35

memory/4044-175-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-160-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-162-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-176-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-178-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-179-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-180-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-182-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-183-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-185-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-186-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-187-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-188-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-189-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-190-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-191-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-192-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-193-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-195-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-194-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-196-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-197-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-199-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-200-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-201-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-202-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-204-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-203-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-198-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-205-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-208-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-209-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-211-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-213-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-215-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-216-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-217-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-218-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-219-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-221-0x0000000002170000-0x00000000022AE000-memory.dmp

memory/4044-222-0x0000000002170000-0x00000000022AE000-memory.dmp