26d6387d4429312d8a67263a6a85235fd9a468b945b8fb7a185934cba4703e28

Analysis

max time kernel
164s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
Size

43.3MB
MD5

3202e9cffd7fb9d707809599a2d57af5
SHA1

52f6d7d79c52e5b249ef1208c8de19d3c36fc8d6
SHA256

26d6387d4429312d8a67263a6a85235fd9a468b945b8fb7a185934cba4703e28
SHA512

e48c2cbfcd64ea2b53e0a00310633cb7f9916b8de310a9a1bb92bbc9e4d6b76a52658fe4c0af167a638c05e30df97236e26944063865accae14f42cb6284d736
SSDEEP

786432:1s7/y/+rmnAZRU+/Og9cwVS1e3w+lc4ssMgEsSg3b5VDwcaWOeSR50G6GFjDsSOi:y7/1mncRDOg6LowEksSg3LwiEinhSOi

Score

7^/10

bootkit persistence

Malware Config

Signatures

Loads dropped DLL 25 IoCs

pid	Process
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\KanKanLive.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\Xmp.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Bin\ThunderFW.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\p2p_session_com.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\sl.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\live_download.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\xlnpDapCtrl.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\PMP.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\SMI.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\wmv.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\p2p_cloud.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\KKMediaCtrl.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\StreamI.cfg	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\asyn_frame.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\dl_uac_tool.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\download_profiles\stat.dat	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Uninst.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\ThunderFW.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Bin\ShlExt.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Bin\XLUserS.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\XLLuaRuntime.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\download_profiles\nodes.dat	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\utl.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\ThunderServiceLite.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\xinstaller.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\AVI.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\MPG.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\SSA.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\backend_agent.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\kankan_01.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\xinstaller.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\download_profiles\server.met	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\Audio.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\MP4.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Bin\sqlite3.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\thunder_platform_full_path.dat	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\tp_proxy.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\XLBugReport.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\XmpSetupHelper.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\3GP.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\libexpat.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\AMR.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\xv.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\emule_kernel.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\upnp.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\LiveDapCtrl.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\FLAC.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\kankanlite.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\CDA.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\WMA.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\minizip.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\ThunderLiveUD.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\XLStartKankan.exe	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\VCD.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\Xmp4.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Bin\DapCtrl.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Bin\ShlExt_x64.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\MediaParser.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\MOV.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\MediaFileHeaderFirst.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\TP\XLBugHandler.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\desktoplink.default.ico	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\KankanLiteLiveUD.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Thunder Network\Kankan\temp\StreamI.dll	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
2120	3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\AVI.ico

Filesize
14KB

MD5
0a5a06ce9d55680af56fb8e19b7e2f09

SHA1
de02617179d0da067715037e18bdbcac5a521688

SHA256
23ef4807853db3d28d6b847c2d7e8f164b5a25ca373c3443a60444de88bebfcb

SHA512
64fedfaf777b0c92685e78d9b5d213b06b728a7b01a696d130a3bda89cc245a81843973b8af2a65d726254c8be599e3bb822064aaf85e7ebb61cdc5a890fb4ed

Download Submit
C:\Program Files (x86)\Thunder Network\XMP\V5.1.17.3857\Res\SSF.ico

Filesize
14KB

MD5
f69953e804bc6261af3bb219eb113419

SHA1
da5f9266157743b3aac70e9398ad95691cd26a64

SHA256
8681c015e8acc7ad635d2f7910351023e7867aa437844752d601f7a6351ebb84

SHA512
ff4f27d0b72c2b7267d571f5d546218048091cfd910e54920286290e754e84d325e47a0654767452706607180bc283fbc66755fd0ffdd8842854cc567bd54938

Download Submit
C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat

Filesize
121B

MD5
94cc2a1aae511ea760ff29ffc0368a1b

SHA1
10089b0cc7635f5bac65d4761cca152e4e84a155

SHA256
4cc71819531209878b1d5e97e3941a05da20a511f111a836b58938f955ffa732

SHA512
4c1d1ab6aa9034a3c5fd8dba15efc7d37660df6e5c39c4781f75acfa41462f9b859c247eebbbff33ce2de779961ed2b76a4c79dd5a8d0b9e01b32b3d7324160a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\SetupReal.dll

Filesize
386KB

MD5
6122ea44d0e2e732f92adef97a82bb46

SHA1
6ae547703fa9db5028c18369ebf7c6232bf6a2f3

SHA256
2f741cd24ee0dd44f849e53d09904db5d320de8bd8321e40ce933cf3357feebf

SHA512
9ff4b62a21310f0b77c6b336835fbbde5d70087a6ab550b188f8b5030db36ec16334f028a0ca13f326403d0e8bae207375f4c807582d4bb282f69680ab8427bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XLBugHandler.dll

Filesize
80KB

MD5
f7635ede51ace74365678c779784d668

SHA1
cad3f5abc08625eb525f4d9588db02d708588ce0

SHA256
3258d3b8ddd472a35c51937a7d4a78baef5ea189e10a403f9448b1c3e9165cef

SHA512
127711542604ca9acf6beedb8aa5beca19765ee72be558a20a6a79f7a6f6d600f05b6d9d4bf4749ed352c91cc1fc80feb0baca36f5262e64e4b6c8180d18affc

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XLFSIO.dll

Filesize
202KB

MD5
f84a740aef53f954dc254dad478d9313

SHA1
8e217cc032d2c653606f1977d963b38909d27bc3

SHA256
610493e1d2376610f82fc2081ad987d4ebbc2e16bd75125857b1b8171d178eab

SHA512
dc0959909c475a0f44964d0f98dcb7a136fa4ad0763d747efefba08bd3022d2591aba5b0ca14c2e84ce4947cb74524d399ad81b936bef7090ddfad65b9bb9fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XLGraphic.dll

Filesize
723KB

MD5
d1f0fc683450f7c513a8a7c913f47d04

SHA1
f6263ca9b6b5ba43f9318191be3e164eb3f6f5af

SHA256
827412cdce8a40a2549509bfc0bae8550388f91b649cac5674333008f312f892

SHA512
7ab0ea1f804360fd8be062e0a95f974497921ac3443ec70baa851af588c644aa35159efe4bce2cc57cd6f0bef82e09db2bc1ddfb13bb33ec1cda982b69a32cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XLGraphicPlus.dll

Filesize
273KB

MD5
f2520d075cc46d39ea9daaaaf13ed925

SHA1
31e37ca7b3db772d834024c3240588850c8f4b08

SHA256
084a5c2ede49f2695971946237525220a034191e56eb8efe1ef704f8f440df52

SHA512
c3e0478bfab744209301b4a58849696e8c490cd7c584e8619ed254a016406584912afe19fbc3b458d05772bc3d15009a50dc758fc8cc6a38dd33f1709e9c47fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XLLuaRuntime.dll

Filesize
242KB

MD5
7099aa5fecae4607444c9127f8b13b71

SHA1
c9f8b10de79be17365f0761ea3566868a4c6c623

SHA256
cf6c0b54e39e9a7c6d1bb3173f3c6ff9d3d3be20ced95eb6f88442694997bbc3

SHA512
b9c513d1448c3881bb72e4c0aa6c7096e4e186be7c7e96460bbd133e1dcfec20e5450bd31aef91821ff66cf9073245d4abdcda9ff6eb89c5230ec4303066a195

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XLUE.dll

Filesize
2.4MB

MD5
d6baf7e9823cb5cbeb551c5eff660168

SHA1
85cdf07e4fbbb1f5443dc83775a8efee2ecc91f6

SHA256
1a550af23567aa4ac8d47a4a5809c25d977d336973ed5d152736393bead9bd2a

SHA512
65a04cf5365aab3553cfbc04648a5aa095a5bb94f9b55d555c4bb29d7390a617c8035d9852cddc43fc4b73a430e5a03922df04db5fde77784132c481d47a27ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XmpSetup.ini

Filesize
5KB

MD5
fe53b499de131e289a11b3922757f2e0

SHA1
08b0c22293894d3a0e886e82156037c3e7bfaeee

SHA256
fd20468a27f82bd876f8fa8588895095dc0aed8f4af440d78bedfd3152056819

SHA512
e824d55c044b1629e1058858550fdbd86df2177fe5ac206cd43ac4c828b61ecaa062b8cf796d087c9c90b5b92f6c5715dcf0c1879d5e3f4638b363a38beddf5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\XmpSetupProxy.dll

Filesize
535KB

MD5
ea926d7ab7a3791a0f8658f2bcd13e3e

SHA1
7b3c97256ebda8f9d284f9c894ae98b17830b7ba

SHA256
e9604570a5c919ba5b612f86c74ccaf4aa3102782d4aafb9989eabeffeaa0afa

SHA512
1743923c552da2b1d6ed541790f6e62f0d88cb09d5579f6861f9817e3c67ce8261a36d25b3120b1831d1763a927d0d01bcfccf62a83f65c72068abbeaae48670

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\dl_peer_id.dll

Filesize
90KB

MD5
f102e167834e286ef584ce97d684189b

SHA1
8459a303d0d522f4199773745e3cc2d709c96582

SHA256
045ed5f3e949bbdec103da8db0efbd45c218152bdd4ab34143b45e3b49b8e918

SHA512
903c37f28c703866c41b1d14dafe833be8dc4395b301f4eb1d51d318111c17dd424f2bd10382b8096cf1089a8fc0f00c0c4d44f061b01197bbafcaf2a56fefce

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\libexpat.dll

Filesize
668KB

MD5
ce2c3c077954f3e2770fa6e5e7eda402

SHA1
3365c77af5e40784eb18df4d1dae235cf1dc1db1

SHA256
9500490813fa689e253113ecf34bdccd80691bcac04e5224fca0f78ac0974eff

SHA512
d0112f122ced15e9da76bed71a8839004e0050391cc6293444b4cef13c9e7f81fe2389de71284dc32280a0385e62d500a59ee63defc4b9aba9da8932c47566db

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\libpng13.dll

Filesize
158KB

MD5
3c6544bf2541f7d05e813017e14dc5f8

SHA1
a66839f0fb061ceb0682f9b7c39f0dfe324bc1cf

SHA256
c6ca4911011cbe1a424af43e9fd0d0efec76d3819afff7813b8ca8a3254aa076

SHA512
174c03f1ac2fd474a10436f792128f8f461f99a856615b8907e6311ebcc83fff9d995b3dc8ddfd1b45ad465eaf4b4361dfc9a9e3b0bb5bbb1836970d7b0fa49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\mini_unzip_dll.dll

Filesize
15KB

MD5
89ce9ac8cf286c91130b017969f8a5c3

SHA1
32584dad1cfba8bf613c91fa46b799e16728af6b

SHA256
17ee76faa9d8ef3e3a4f32c6fa6e120a30bf875daf416e38b732a27c9cce497d

SHA512
c4b4ac1a9382c2a764e4058b7c0ef6d9f6d638fdf966f15ad3532c272d268ed59664071a9de49f74722cacb992bf02b1cb197cc3df07fb85f65e9d11f5ccb6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\minizip.dll

Filesize
21KB

MD5
67e0a312d80adfe99f77cf3cefc82a03

SHA1
0af192591ed6fce7cfef2253eb31511c8f381543

SHA256
2f7562a68e340de44c4bbca7cc7c3837feeaf12e456c3c859595af1fae948ca4

SHA512
6ed8c4ad28ae99d1a03783dcf009467866da3185fc2bbdf1a43641b1ea6e9d02a415cb1b0e9b64bfd8b8b64680ae2df38bbe4ca65d6f81afe15431b395c059da

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\msvcp71.dll

Filesize
492KB

MD5
a94dc60a90efd7a35c36d971e3ee7470

SHA1
f936f612bc779e4ba067f77514b68c329180a380

SHA256
6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

SHA512
ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\msvcr71.dll

Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3202e9cffd7fb9d707809599a2d57af5_JaffaCakes118\5.1.17.3857\zlib1.dll

Filesize
61KB

MD5
eb33080d8fd1ed3c236bcee1b5bb8d5e

SHA1
91b11b2e0e767e7e99d5b0a25a0b49b396940ad3

SHA256
e947dfc176575da919848e87fc07edc0880844773030a40c038e8ffa00905a49

SHA512
090dc7724dc2aa8c9cbb016f55c64c3fae4e46d9d2e3364dd184ed9ba4303fee20fef0c50ae0955c2f46ebf4d6b47b95e1991b42eacec6c4adbceede25e36b09

Download Submit
memory/2120-121-0x00000000064F0000-0x00000000064F1000-memory.dmp

Filesize
4KB

Download
memory/2120-112-0x0000000006950000-0x00000000069DC000-memory.dmp

Filesize
560KB

Download
memory/2120-107-0x00000000367A0000-0x00000000367B0000-memory.dmp

Filesize
64KB

Download
memory/2120-93-0x00000000063A0000-0x0000000006406000-memory.dmp

Filesize
408KB

Download
memory/2120-85-0x00000000060F0000-0x0000000006365000-memory.dmp

Filesize
2.5MB

Download
memory/2120-77-0x0000000006030000-0x00000000060F0000-memory.dmp

Filesize
768KB

Download
memory/2120-69-0x0000000005FF0000-0x000000000602F000-memory.dmp

Filesize
252KB

Download
memory/2120-542-0x0000000006C40000-0x0000000006C86000-memory.dmp

Filesize
280KB

Download
memory/2120-49-0x00000000190C0000-0x00000000191AF000-memory.dmp

Filesize
956KB

Download
memory/2120-573-0x00000000190C0000-0x00000000191AF000-memory.dmp

Filesize
956KB

Download
memory/2120-574-0x00000000064F0000-0x00000000064F1000-memory.dmp

Filesize
4KB

Download