babadeda | 90d5e4b6604b118f18ec88b7f032454493c0f75616468d217e7a481678d3f8bd

Analysis

max time kernel
149s
max time network
165s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Size

6.2MB
MD5

bf77575e35353666d14f859329f809ca
SHA1

bf6971bd549f142cbbc55af77ac62583c037dcf9
SHA256

90d5e4b6604b118f18ec88b7f032454493c0f75616468d217e7a481678d3f8bd
SHA512

628268b5b9190dc3c358ce22d61e353b14c2cb3bf80a721072c5b9581a3fef87105b2041d7a3c178143e4fa2f7c5412463b9849ce1ca7932623272b0f3535736
SSDEEP

196608:L+gqLKB2pDcLmoduFZ1TS9zC262x7QDEMqQEd:L+jOB2pALm8i+H7+bqr

Score

10^/10

babadeda darkvnc crypter loader rat

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\mil	family_babadeda

DarkVNC
DarkVNC is a malicious version of the famous VNC software.
rat darkvnc

DarkVNC payload 7 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/2896-581-0x0000000000270000-0x000000000033A000-memory.dmp	darkvnc
behavioral1/memory/2896-586-0x0000000000270000-0x000000000033A000-memory.dmp	darkvnc
behavioral1/memory/2896-587-0x0000000000270000-0x000000000033A000-memory.dmp	darkvnc
behavioral1/memory/2896-588-0x0000000000270000-0x000000000033A000-memory.dmp	darkvnc
behavioral1/memory/2896-589-0x0000000000270000-0x000000000033A000-memory.dmp	darkvnc
behavioral1/memory/2584-590-0x00000000009E0000-0x0000000000F12000-memory.dmp	darkvnc
behavioral1/memory/2896-592-0x0000000000270000-0x000000000033A000-memory.dmp	darkvnc

Executes dropped EXE 1 IoCs

Processes:

synctools.exe

pid process

2584 synctools.exe

pid	process
2584	synctools.exe

Loads dropped DLL 11 IoCs

Processes:

bf77575e35353666d14f859329f809ca_JaffaCakes118.exeMsiExec.exeMsiExec.exesynctools.exe

pid	process
3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
2784	MsiExec.exe
2784	MsiExec.exe
1808	MsiExec.exe
1808	MsiExec.exe
1808	MsiExec.exe
1808	MsiExec.exe
1808	MsiExec.exe
3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
2584	synctools.exe

Blocklisted process makes network request 2 IoCs

Processes:

msiexec.exemsiexec.exe

flow pid process

4 2312 msiexec.exe
5 2240 msiexec.exe

flow	pid	process
4	2312	msiexec.exe
5	2240	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exebf77575e35353666d14f859329f809ca_JaffaCakes118.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\O:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\P:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\S:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\Q:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\T:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\G:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\Y:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\H:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\M:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\V:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

synctools.exe

description pid process target process

PID 2584 set thread context of 2896 2584 synctools.exe WerFault.exe

description	pid	process	target process
PID 2584 set thread context of 2896	2584	synctools.exe	WerFault.exe

Drops file in Windows directory 11 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB6F9.tmp	msiexec.exe
File created	C:\Windows\Installer\f76a7d3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76a7d3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAAE3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAD96.tmp	msiexec.exe
File created	C:\Windows\Installer\f76a7d6.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIABA0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAC4C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIACF9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76a7d6.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

bf77575e35353666d14f859329f809ca_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

2240 msiexec.exe
2240 msiexec.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

synctools.exe

pid process

2584 synctools.exe

pid	process
2240	msiexec.exe
2240	msiexec.exe

pid	process
2584	synctools.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exebf77575e35353666d14f859329f809ca_JaffaCakes118.exe

description	pid	process
Token: SeRestorePrivilege	2240	msiexec.exe
Token: SeTakeOwnershipPrivilege	2240	msiexec.exe
Token: SeSecurityPrivilege	2240	msiexec.exe
Token: SeCreateTokenPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeTcbPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSecurityPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSystemtimePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeBackupPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeRestorePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeShutdownPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeDebugPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeAuditPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeUndockPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeManageVolumePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeImpersonatePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreateTokenPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeTcbPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSecurityPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSystemtimePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeBackupPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeRestorePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeShutdownPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeDebugPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeAuditPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeUndockPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeManageVolumePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeImpersonatePrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeCreateTokenPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

2312 msiexec.exe
2312 msiexec.exe

pid	process
2312	msiexec.exe
2312	msiexec.exe

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

msiexec.exebf77575e35353666d14f859329f809ca_JaffaCakes118.exesynctools.exe

description	pid	process	target process
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2784	2240	msiexec.exe	MsiExec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 3000 wrote to memory of 2312	3000	bf77575e35353666d14f859329f809ca_JaffaCakes118.exe	msiexec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 1808	2240	msiexec.exe	MsiExec.exe
PID 2240 wrote to memory of 2584	2240	msiexec.exe	synctools.exe
PID 2240 wrote to memory of 2584	2240	msiexec.exe	synctools.exe
PID 2240 wrote to memory of 2584	2240	msiexec.exe	synctools.exe
PID 2240 wrote to memory of 2584	2240	msiexec.exe	synctools.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe
PID 2584 wrote to memory of 2896	2584	synctools.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\bf77575e35353666d14f859329f809ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bf77575e35353666d14f859329f809ca_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\bf77575e35353666d14f859329f809ca_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711995531 " AI_EUIMSI=""
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:2312

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F324033157BA24D9333427E149F4D905 C
  2⤵
  - Loads dropped DLL
  PID:2784
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DCC04DF8B6B6CF11A5C2B21727E9A8ED
  2⤵
  - Loads dropped DLL
  PID:1808
- C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner\synctools.exe
  "C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner\synctools.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe
    3⤵
    PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76a7d7.rbs

Filesize
19KB

MD5
f278f747cc19506d4a9d55e22b307869

SHA1
26c47173d92114339a7a43a660f203f85040ad3f

SHA256
45f8a42e54a2eee449533fcf277ed8792caad7b883d02fe2ba1b68c6a7901250

SHA512
33dd8c87634c00234e72d3807ce83f61bb5d804a1a5e2be0fe606c59f4dabc45d2738c9d2928bc2ae745000e2044cc0bcdcacd7c2916511b96c8c62f38187093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
424b4814ef6ff80c5d3c8eb659dcc85b

SHA1
55b7196d389ccf16b2f7c0336b16dae2c26b7e3c

SHA256
ca1bcc12bd8842138c9e6b5d6e587c584785811d33e83dcb85757800336f2b6d

SHA512
b83ec60c79c742489a3a63f7c34278783f5d7ad00247cb5d485e89e3da69c646fdf3003f34cd9759483a36a38793933fc5dc6f3595a9d710b06cb9867602db1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05e290a2926121edea229751844c04e0

SHA1
6f61e487c550b70192dc80f012ac5e0b64c8c6d3

SHA256
c3fe7c738e98908503be01a2cbc5f2fc7f5038b34f736125f97ef1f4f1dde8eb

SHA512
687210de3a88662081eb7c4504013f52c048aeecb60ce616e4c65a0adbd5fa1d63092866c9bdd3ab424b585873c17c00946d94224d99eddb1bd75674d66c84ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9ED1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA32E.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA4C5.tmp

Filesize
864KB

MD5
4e2e67fc241ab6e440ad2789f705fc69

SHA1
bda5f46c1f51656d3cbad481fa2c76a553f03aba

SHA256
98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392

SHA512
452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9EE3.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA0AE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\3DBITMAP.LGO

Filesize
3KB

MD5
c7eb72cbf51334c39e297403a6e00e5c

SHA1
eb8e6b0b81888da182730c055ad228907c0e49b1

SHA256
f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f

SHA512
f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\3DJOY.LGO

Filesize
2KB

MD5
1dfb4a0a7e6372acdb89c2a9817284ea

SHA1
d87b2a9d393c3515dc2712c93727db41d600ad80

SHA256
e10b673f954c12e31812afd7773dee18940fb46b2fdd9aa70ea9ec3d4df4b488

SHA512
f80b3215c8c7162be25c5897e5b2bf60461299eedb18d4217e73ca2607afa6dcbdf9c3ee929eeac8f7ed6761febebc068451131b9cbfb6c625c50a8e7ef0e96d

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\3DMOVIE.LGO

Filesize
2KB

MD5
85319eb1c4096384e18e71658148190e

SHA1
7cea0551747d67b4a08b6f78ced0567199f8e38f

SHA256
979982407f136490d2d2788055cc0feae741f584f8daed331f18cb5ae969c287

SHA512
2d20c9c509b929f6220bb62b047177db9fdf4dc6c891733733c1db0c3deb8a12a802cb17ba1567cea5b3b24b0f707ae75be0108dea2b23c7086abf931ab8db66

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\3DSIMPLE.LGO

Filesize
1KB

MD5
77eae74dd7bd2ca9982bd2f12adff615

SHA1
9c82d2fadc1ead2cd0848a261b1430b49f806e79

SHA256
4018202e5192fdf1e92a2d4784b884af3c9f27409cabe16a8f1b8803df599ccf

SHA512
0d2c268994584fa15c88e54f7c673349ee259f006a40b69098b673d28ecaca6042840b98198015b80cfd61b106b2585ff05f47e6c470b4e8a2aa6cd967a6ffe2

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\3DSTEPS.LGO

Filesize
8KB

MD5
8bb174bb497395b6d679af159b75e9b1

SHA1
6e286d495c5720c6c236f2d521e4baa7affd09ed

SHA256
520cb66f51f5822ab2c164fd23badf8879f3c22f63706a9875b4f3d87db0919c

SHA512
6ab2ec5c91442c6ba0412d6d66b65f274fee303a053f883ca934bb8791c18871c239347967c1ccaaf56724aa1115a39257deebfacf70abc7ce7d8c6ac715122c

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\AXIS.LGO

Filesize
1KB

MD5
3be7e79f251f5dee60215a123df636bb

SHA1
5fce52c40ad8d6054f77bb5e84cfee34b145c447

SHA256
288e25d6e2b5346eab20256bb581aadb6e3752076412d60934642f79478be20f

SHA512
02d9ff2aefd3e29786f5b674b6d3458bf25ec221d093f1f6ae3ed6828912a2e7cf421fa3166081cda2e9fa0deb6497ad767510d22d63bf702ca644a6a5c64c76

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\CHECKER.LGO

Filesize
1KB

MD5
829044c299c931e3773faa5340869b2d

SHA1
4a88dbf1901bba3b5d8b4cf2bb7c66998add9a58

SHA256
2cf7197f40b2cdb9b381975690f664a305696a1e84b56202364321b009e5eb54

SHA512
65bc42f88c69b1539ffac2d34a45efa98b8b684c3a35643f779a1176d3a0095ff15ce51d816b314b35c6ad73c3e59a47b9601947f0db96f772a1f7a405fa0c37

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\HILBERT.LGO

Filesize
3KB

MD5
bf351f6bd2d7a44fcf9bcb99324d4b36

SHA1
52bc9e082584357fde1f4daffb840573cec864b7

SHA256
1e0bbb9ffdabe16183a87c789a4e737f2c46179b01c71c7b8a88ac62fffb2c11

SHA512
6d44570429ffe78645ae6fb659d1b528a05b1aba77213ca62668ab2144aa26e267fd8493b6214d9bde056d33c9824a50f76381b4b8ca2a0aa6f2b7fc24525d74

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\ICOSAHED.LGO

Filesize
4KB

MD5
1a52a14106fd3e659d3f960f7cf45ab5

SHA1
72e840e28848c0e0ea0c60eae20bfd775043c8e3

SHA256
9caf0a5e3ea51b7125a67fc6a8acfc21aecce0bb35746bb57c0abca8e9c801fa

SHA512
e2d81e0d9f9f9199296a097e859859227e31063110568221deae5a6651378a45920915a57b6c84c64e1ea497fa59621d0491133d05525b46796735f50bfc6a0a

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\SHUTTLE.3DV

Filesize
20KB

MD5
e00bbd821c702566c9d17e47bb00d665

SHA1
a9ba7176147341e1555b0c63592bc57d371063e6

SHA256
ca6769e5a8b34067878e96647027ed50dfde0402ca4371bf008589d9e53d188f

SHA512
1f16a7245945f4e70e0c8f44bce86537f01fd6f5d172c35f450894edcf51f9630822631bc4301bed44012282e7ea3f1ae0f7bd95311b6e97b0d9fbc7d6b0e95c

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\SHUTTLE.LGO

Filesize
2KB

MD5
ba4b027fb49d27471ee578dc93d5296b

SHA1
d9fdd8bed9931dcdb2d3f3056cbd5286d903c6ac

SHA256
0d4839f083cf2037256048560fb3979113f2948941d580158dde559429491ebd

SHA512
65bb4b4fe447c5c86bde7d4e85b524cee9e707c0ab10f07df189fdddb844a1fa83cc29aadd0c99028d71a17a6158ae6b3104ae1cd4a01cad60ae0daf84efff0c

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\SOLAR.LGO

Filesize
2KB

MD5
6c567d552d2fe350bcb0986273162253

SHA1
bb8fc18067bf1ebd8445ac22e2486a4ddf0d3242

SHA256
faf3487c2b65f41ed6b534280625a40f936d08ff225f9c5484bcd84655f8a53d

SHA512
bb31975f186281e4c357fa6e8d6fae13c0f83b07714f822bba78d790fd9c2bc3e486d4f3309c5e6c22f651469ca1dfd313159e9d5c5fbffd3378406f208d60fa

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\SPHERE.LGO

Filesize
2KB

MD5
7b7b9b7b4be184e7fabda2d590c93923

SHA1
4657b5a118948a309a9d1478aeab63ac8625efb8

SHA256
578342aa2c859a7e2930f4051169306178122c992595ac809f3a2f603d5cf73f

SHA512
bfbf1a2f68b1b9f2cdd218f2f8053ec1768f25a96ba31f879641ed24918cfcf5667b473396f3c87b8aebbc37a016fed02d65e883ec5c5b0e339baeae32024000

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\STEREO.LGO

Filesize
3KB

MD5
d62e05f8d0dfcec9216febad10e110ca

SHA1
25cec291197969161924b7219ceb6a8dfdc4b45c

SHA256
780eb93d0eb99cd2c75137be9e37205b220d44892c0ceaa0ae090d2cf7624b92

SHA512
371d62f09d5d5ebdb9970d7e37f90ed3d4b3ee5e5e9c8ecc3cd51ce0f9917b121d6ec666ae8d985c9e1c500cbb3116d3fe3135d315875a1d9df65bb91e1f3a20

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\TORUS.LGO

Filesize
2KB

MD5
362cada28e17ad2e41b5fafdb31f41fe

SHA1
1dac44fe205cfe218b0007560827b5631b937af2

SHA256
27be594b0236fc144ff7553084ed2a1473332038ca104006b0edcabc6723c7e4

SHA512
c3dc94584d63e10717e48c6a4fac17eabc9eb96fb3c8788937c344b6f7abe50d3166dc3453fe40d10ce658372bda63c6c246b261c131759cda96e5d5fff58e1a

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\3d\fmslogo.bmp

Filesize
66KB

MD5
074091f21cae34e830cac8ef5422b840

SHA1
2cf882243c45a7bb657cc74543850c07227ffa3d

SHA256
f8656e1e1ab41af29efa9550769e354e7e0f4476b802e32090e706880ec86603

SHA512
62ea398ffa3be0ad6c128bb51bb6d28d9dd2366420beb88a357d27f3a3d3951e69b822e23c6f4389d994408e647c4ee294a37f71615a4945b7d25ff851adcd81

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\CAR.BMP

Filesize
1KB

MD5
5fc366b3371bde5c769a8c5b9d0ff966

SHA1
124f3a48111e1adba8cbee101655d6bf438c9129

SHA256
4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46

SHA512
e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\CARMASK.BMP

Filesize
1KB

MD5
afe2ac27f1ae91549f64971d1ba81e1c

SHA1
a717af1a26506bf440d8ade244e12b9283b2b7bc

SHA256
c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d

SHA512
15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\CLOCK.LGO

Filesize
1KB

MD5
c4acddb7dacd73b0a509fc54e9c607bb

SHA1
9f1e79be02b00a5eea5d615094eda6ffc4a45af0

SHA256
070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d

SHA512
e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\CURVES.LGO

Filesize
2KB

MD5
a20a8a5480c82964f58b62ba8b29f932

SHA1
1d48183b50b6abb30323b70922175042fe573f18

SHA256
4ca29c112c6486054e71ddbe4c49b809e227c9e2e6760b4c36ee30afd7b255cb

SHA512
f561e9d53d2c6d896abf80bde1e1ed2adf2aeb5397e9b73723d0cbbb69129a084d570a412e5d409c3dcc154a37f6b106d6c704141effa6fef0363b9f20c67e5e

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\HANOI.LGO

Filesize
3KB

MD5
a21687bf228a38528aa1963d2c8a78e3

SHA1
c816e2c99e20f2a79ec0ce9a8e0e9f3c05c9af13

SHA256
288699cdfee3880ca1ad2056e1cf4a2217a9d684005c5c690a6594f3d54709ae

SHA512
1802a7ab95a54fd17c11e2214da5c671618994fcba3efe2e4d366c59e8941a592f845c9f71826d266b15062554e6a32fd207ec09cea14e7bf12fa66966bff887

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\JOYSTICK.LGO

Filesize
2KB

MD5
99dc857ce06ae8878881adb61e4f1a40

SHA1
1cd90a57c1fd3cccf4ba2bd5c4d6eecf1bca6a1b

SHA256
3a8f8507f77f89a00c45c50f1d98bbb4ec0da58706d8e3bcc2ffd2be9f5b89a9

SHA512
367887c6aa8bb4e23ffad02f0a1e8e6c1767765aee04ab1c1b11c0cc4519c2cd68f16cf26e8546d98031e8bcf121ec646b5b59b351cea8057557dd0fb3625a85

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\PLATE.LGO

Filesize
2KB

MD5
8cea513a308679aefb4edba1375c4cd4

SHA1
0aa936e6cb1dbda47b22a4fd3c506002e84b4ffc

SHA256
924f989f6f9f54e97df021e22ebe002aa44ac8d69d44e289cdfa6644ad70bfad

SHA512
a8987e1bb9b06741b27800b34144ece709012d396b8501dbaef90b4686cc67ec0ff78d3084eb130f8553972dfb72a35f08e510f783c56890897ec406123f612a

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\ROAD.BMP

Filesize
37KB

MD5
11836818b440d6cba5a3aef15393a5e0

SHA1
4c49a9d1bd3ece0e031d80e8746e55f0ad08f399

SHA256
8a64eef1ee52de71fcd074dd39ebeb408558da79a7dbf1ef4305e9a4a23ced58

SHA512
15fa97e739906957ecd9ae9f939d4dc3b6a4b211bc5dd23b68863e53c8df72a3bae7cfb5367d8780f0cf37ac322c88d981565f85d2da61deb8652db22a879476

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Misc\SPRITE.LGO

Filesize
4KB

MD5
54085d51ffc8c72c37a70a0cfaf5354f

SHA1
7134793d8954f439284b5f76cce6095a97a4af81

SHA256
2e91c6dfb9317ed8a7e9e798bce808aedfd3dfb0b05daecffcc7d8ecbad0fcc6

SHA512
1921a7cd80b17b0bd2e98b74dde8f5a0884e0874b93869d732371760a3f087b56941dcbffba35b7a6924bea233336aec778d62c740dd92d4a6c0093afe27ad56

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Multimed\CDROM.LGO

Filesize
638B

MD5
b7e032a03eca04ab9a57cd9378c2daea

SHA1
9819866aa84e9f69ac1cf244306e4055c20376c2

SHA256
4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082

SHA512
1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Multimed\ECHO.LGO

Filesize
1021B

MD5
4ce0cb03e9b2e5707843f40f051c7e2a

SHA1
cf264b2656cb5515edd4728cbd3800aac335fa9d

SHA256
de0662b380865e9a1986d583c3279f1daa806db77d8a51061e9ceb9fa4c1dc04

SHA512
94d09dc730eba52110824cc46560172dde98bcd8cb8065637868baf9f9c11929ab7d847eaa4588f0f72c717d95d0bb9841eeca18c0ed06f1fef06bc12041e8bb

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Multimed\GROW.LGO

Filesize
4KB

MD5
513bbfe7b10a230b9ccd71071132e60f

SHA1
7ae0d03ddcf3f07760009625b7a61724899285e7

SHA256
66dc1d10c8d6a022ba82a6d446786e894a540ef3a59673287ed33d00be9a1293

SHA512
c14dbf4c407c4918e5404a94d0e96e602ae8a731f668c792a64703c6c50410ce1dddcf4f0b97f5796e98a9f0abddb439e5a124783260ef8b815cbd43a3bcae3e

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Multimed\MIDI.LGO

Filesize
10KB

MD5
c22e11b97c187b90cd5ef7301c4c4dfe

SHA1
c053efe04e861e77d34b2054163f9e22677deb65

SHA256
d0ec35bb6cdc36621db633dd61eaf296368c4046ee0d5d5d9b37c5a572581b17

SHA512
6d05655e153ce98f3aa1851b0cdeb664e08629daacde9638c28ba81b37046301c7acb239b174848a20bcf6b93e2acb95539d39a5ed8a1212af5d1b50a75e4afe

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\Multimed\frogs.wav

Filesize
155KB

MD5
29ee1c1753fc1c9f203c19d848c63c24

SHA1
f50fe3bfecfa872cb47bd218ff7545b1a1d858f0

SHA256
12ac3386432759ccf45c9e531c351ec5a049af608233160f6d23978c58f00001

SHA512
2c2c954500df3c5de10dc05bd91b4cb77163440f58ed516cd01af0349114907595f1a9165db406bb25053ac206aa36753db7f1c23a119557f698419fe65bd087

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Examples\index.html

Filesize
8KB

MD5
6e86736d64a4522b490c716cde97a8bc

SHA1
e48de1ddecfc842bbb8924c1023029ec21f838f6

SHA256
26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e

SHA512
67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\LICENSE.TXT

Filesize
17KB

MD5
cab5d95bb20bd0f36241edd276851797

SHA1
31848479ee67d58a013f018bc165ce1674166c3f

SHA256
4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e

SHA512
c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\Qt5TextToSpeech.dll

Filesize
114KB

MD5
99f5b275115a749309c0febb2c553a2a

SHA1
c3383e554c5c8d66ab1656603ff4f6d23568a520

SHA256
f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae

SHA512
f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\README.TXT

Filesize
3KB

MD5
2f271a2d2d92de5579f58b32f59993b2

SHA1
7582831fc25e3ce9c327706fd6d27f8a19e7abb0

SHA256
c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d

SHA512
7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\adv.msi

Filesize
2.1MB

MD5
1ab81806b571bbd992717daf40ef49dd

SHA1
d93f1ee565f4029cde200b518fca803cc97d021f

SHA256
90a1c615944041326ccaa97e79652e704869d707bbb09bb83b871ed6bc2c2d03

SHA512
09760e4182b2a13ce63b1db6db6d0d0915d366248573fed8900be0b708f807f5e177562a53d2e77ea673517215974ff770d487265ac76b3e613b638a0ad37b9c

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\icuin30.dll

Filesize
196KB

MD5
3204dadc26ec04db0fadfc9adf914513

SHA1
fc4bf25277ce523b235b09eead166b05081cc943

SHA256
195a654a1bcd29d42543c870b72861fe07558c347426931b0e9e18defb445406

SHA512
7c271459281bb6fe596431ce1f4e48d95e6d58dac286f475700bbe5e48feed53cb0bab387e66b827334f8672ac502dc77655e9020f2db174d6a62e1bfc738d96

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\libEGL.dll

Filesize
67KB

MD5
2874582e39562af961a6d1c59447459c

SHA1
3cf7d154637aac69913b1f549938a21c7c4b16ba

SHA256
b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d

SHA512
eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\libfreetype-4.dll

Filesize
2.3MB

MD5
cda01a2c066f5b01dcc183f3741ac3d8

SHA1
1848619e1db7b44518733bd9b1a9acaac7a3edf1

SHA256
84c79d9cc7eafc8754dfe215674f810fe265bc4e69ae8ca10000476580f7b17b

SHA512
b939449af537e54e37a6786296bac30099ade3d93d138cbe063b6ac99c4118d7a2ecdc9afbeaae78b8fa175781b7a7dfc52e4445aa7fd468f76732b55aa3a7eb

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\libgcc_s_seh-1.dll

Filesize
74KB

MD5
534b365361004828059600f05b34006d

SHA1
d8ff411b0939a021f47c845c6a90f1240bab5268

SHA256
438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b

SHA512
1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\libwinpthread-1.dll

Filesize
51KB

MD5
db18b7ec5f93127e6099744ea9568c1b

SHA1
e9143c76e308a816837e2f1a19dd0c5e2306ed08

SHA256
5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8

SHA512
ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\logohelp.chm

Filesize
395KB

MD5
4498d1584997d8ee7626b51f23bccdd1

SHA1
707c0b366848b51a16be5b858d021d1f687a4a6e

SHA256
1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81

SHA512
4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\mil

Filesize
1.4MB

MD5
f19ba2037f7fabe1324ce080e9bc7de0

SHA1
9c5bb1c8ab494948c106a6a02747ffd97a4a3269

SHA256
f1d8d9bf22af094c7077ae97584a4e86d14cc7cd9b86b88e5d2332a4af7738ba

SHA512
db5d0cc5aff9b75197674e76518016458cd0612390695dd877f3956ba241ef24d016f913dbb2c394b8be97dffe1fe4826da65a73d414d96e3d6272bbb54a264d

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\synctools.exe

Filesize
5.2MB

MD5
5b03fc493384a87c0781d0c7227d1171

SHA1
7b019bb9767f97f007bc42e180c90e562590a7f9

SHA256
e029b852ecee64640b8b6615fa47445003492a34ad3cd69f46beaa16535abe0a

SHA512
625e3e5fb002b5d83e30973b532bc73ca881a73e125f1026805e2409e9feea2ed63aded408e24bb280b0b45974590ebf739f9c28e8dc7cc295a6bcfcea653d4d

Download Submit
C:\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\14D3077\turtle.bmp

Filesize
1KB

MD5
8e5bc954263e6706359c06686159d143

SHA1
b5cdbfb8d0f200b580116404c6b6433b4df2c9d0

SHA256
bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c

SHA512
66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

Download Submit
C:\Windows\Installer\MSIAD96.tmp

Filesize
569KB

MD5
0be7cdee6c5103c740539d18a94acbd0

SHA1
a364c342ff150f69b471b922c0d065630a0989bb

SHA256
41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14

SHA512
f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

Download Submit
\Users\Admin\AppData\Roaming\John Sheehan\RestSharp-Tuner 1.3.2.3\install\decoder.dll

Filesize
202KB

MD5
831e0b597db11a6eb6f3f797105f7be8

SHA1
d89154670218f9fba4515b0c1c634ae0900ca6d4

SHA256
e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7

SHA512
e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

Download Submit
memory/2584-574-0x00000000009E0000-0x0000000000F12000-memory.dmp

Filesize
5.2MB

Download
memory/2584-590-0x00000000009E0000-0x0000000000F12000-memory.dmp

Filesize
5.2MB

Download
memory/2896-580-0x000007FFFFFDE000-0x000007FFFFFDF000-memory.dmp

Filesize
4KB

Download
memory/2896-581-0x0000000000270000-0x000000000033A000-memory.dmp

Filesize
808KB

Download
memory/2896-584-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2896-586-0x0000000000270000-0x000000000033A000-memory.dmp

Filesize
808KB

Download
memory/2896-587-0x0000000000270000-0x000000000033A000-memory.dmp

Filesize
808KB

Download
memory/2896-588-0x0000000000270000-0x000000000033A000-memory.dmp

Filesize
808KB

Download
memory/2896-589-0x0000000000270000-0x000000000033A000-memory.dmp

Filesize
808KB

Download
memory/2896-592-0x0000000000270000-0x000000000033A000-memory.dmp

Filesize
808KB

Download