67c5cf4ef1f40ebb9e3d0d7406306e1f25227b8e4e014ec7573edb5d85df0fb4

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Size

395KB
MD5

71999a8d62e79b89ff7a0c2df8fe9fd9
SHA1

fd91edaf9f4d280f06a017b33d00bd5dc359ee45
SHA256

67c5cf4ef1f40ebb9e3d0d7406306e1f25227b8e4e014ec7573edb5d85df0fb4
SHA512

e0ff5100fa1787b8c7194a1e2ab0140ff6cc806bfc241e8b977ed1cb4a2bb3ad2567588cb7e4d0431e08908e3028a9fa9bda7ea138cca30631e4780098fb267a
SSDEEP

12288:YYT96JJ558EHwiQLykataz+wZT0Msxyj/LErqOUW9BH:1IJJ558EHwiQLykataz+wZT0Msxyj/L

Score

10^/10

discovery evasion persistence ransomware

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\Svcspool.exe, "	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe C:\\Windows\\system32\\pubshr.exe"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
468	debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pluto! Pager = "C:\\Users\\Admin\\AppData\\Local\\Temp\\71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Modifies WinLogon 2 TTPs 4 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System = "C:\\Program Files (x86)\\Common Files\\Services\\SrvHandle.exe"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\ReportBootOk = "0"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable = "4294967197"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan = "0"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Drops file in System32 directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\SrvHandle.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Regedit.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230419197.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\2304193.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230419193.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pluto.bmp	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\23041773.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230420207.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\lcc.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\taskmgr.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\about.htm	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230416179.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\gcc.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Debug\230416179.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\notepad.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230416136.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\pubshr.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\url.dll	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ctfmon.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230416147.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mspaint.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dllcache\Svcspool.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\23041876.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Debug\230420201.dbg	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\Desktop\Wallpaper = "C:\\Windows\\system32\\pluto.bmp"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Services\Svcspool.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmplayer.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\setup32i.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\notepad.exe	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\Desktop	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Software\Microsoft\Internet Explorer\Main	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page = "C:\\Windows\\system32\\about.htm"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "C:\\Windows\\system32\\about.htm"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "218"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\Wallpaper = "C:\\Windows\\system32\\pluto.bmp"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ = "My Cömputër"	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4536	Process not Found
2212	Process not Found
3808	Process not Found
652	Process not Found
4576	Process not Found
2464	Process not Found
3196	Process not Found
664	Process not Found
3476	Process not Found
1972	Process not Found
4452	Process not Found
4344	Process not Found
3852	Process not Found
388	Process not Found
2940	Process not Found
2732	Process not Found
1528	Process not Found
4912	Process not Found
5044	Process not Found
4424	Process not Found
4872	Process not Found
3136	Process not Found
3248	Process not Found
1324	Process not Found
2516	Process not Found
1864	Process not Found
4884	Process not Found
532	Process not Found
4020	Process not Found
4372	Process not Found
5040	Process not Found
4940	Process not Found
2132	Process not Found
4688	Process not Found
2860	Process not Found
316	Process not Found
4492	Process not Found
4916	Process not Found
1612	Process not Found
2696	Process not Found
1272	Process not Found
3544	Process not Found
4008	Process not Found
1588	Process not Found
3904	Process not Found
3424	Process not Found
808	Process not Found
920	Process not Found
4420	Process not Found
2200	Process not Found
3212	Process not Found
2188	Process not Found
1912	Process not Found
4512	Process not Found
1420	Process not Found
2340	Process not Found
2388	Process not Found
1036	Process not Found
4112	Process not Found
3332	Process not Found
4588	Process not Found
4504	Process not Found
4540	Process not Found
4436	Process not Found

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
468	debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu
468	debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu
3972	LogonUI.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 468	3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe	84
PID 3256 wrote to memory of 468	3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe	84
PID 3256 wrote to memory of 468	3256	71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Windows\Debug\debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu
  C:\Windows\Debug\debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4880

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39b2855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Debug\230416136.dbg

Filesize
162KB

MD5
e92d3a824a0578a50d2dd81b5060145f

SHA1
50ef7c645fd5cbb95d50fbaddf6213800f9296ec

SHA256
87f53bc444c05230ce439dbb127c03f2e374067d6fb08e91c834371fd9ecf661

SHA512
40d0ac6fa5a424b099923fcdb465e9a2f44569af1c75cf05323315a8720517316a7e8627be248cff3a83382fb6db1cf026161f627a39bc1908e63f67a34c0fd5

Download Submit
C:\Windows\SysWOW64\Debug\230416147.dbg

Filesize
163KB

MD5
a7790328035bbfcf041a6d815f9c28df

SHA1
7ee75c72f50d37b1c69f72f33ba1063e8278b29e

SHA256
6cee4877b6663fc93e94ecc0489834379d2fae6c363eb36035d863733ab7c304

SHA512
125d7e387a90dde64858a9b82e237233f3262f22f47474714d3a3fad193d1cd3bf4823e239b967ae73979bf9492dc15b3d57adbddf91831e5b6aa6b18906aa09

Download Submit
C:\Windows\SysWOW64\Debug\230416179.dbg

Filesize
207KB

MD5
1c1760ed4d19cdbecb2398216922628b

SHA1
66b6158b28cc2b970e454b6a8cf1824dd99e4029

SHA256
d66458a3eb1b68715b552b3af32a9d2e889bbf8ac0c23c1afa8d0982023d1ce2

SHA512
f058eda0c65e59105a7c794721697782f1e1db759c69a11dab09ca454aa89767addcc8ecefa54995527bc2cae983e44c9ed42b0973fdb47435b31428150b96db

Download Submit
C:\Windows\SysWOW64\Debug\23041773.dbg

Filesize
322KB

MD5
bd63d72db4fa96a1e0250b1d36b7a827

SHA1
aad4b770b25789b7acd508bf3cf266d4ddb88111

SHA256
f6953923fa9537edd709488db8fc17c7991f4f053a904306d9b93d79391fb0e6

SHA512
e68b7a255cd22dcb885a094c24e8fe2c86cd8d1014aa0064917d33dee96c345fda594baad6d86ec087a2b167cad9936624aadd5b4953337a4a39e79ca88f8f3c

Download Submit
C:\Windows\SysWOW64\Debug\230419193.dbg

Filesize
228KB

MD5
4ea55a213ff5cc019e388673d0e1b9ab

SHA1
d5b0957095904c3e720a8fdf004b3276fdd21a4a

SHA256
cc85a7b90afbbf967c99f7cb1737e9ad0c7924b03859e4d569c903e2d403a24c

SHA512
7bc118736bb2e63161b01d49c7325565411b7a04690145a0b7d2fde308e1dcdfd0f5412a7a895768a249de0f61cd19cf4abce19289705f34123f319e41f9a6c7

Download Submit
C:\Windows\SysWOW64\Debug\230419197.dbg

Filesize
942KB

MD5
61a8f02536ab07e430715b98bad49cab

SHA1
e28de42fc3a993305178f8eb422f5ace9ea8b175

SHA256
4f5ce43a424f1970c3a4d53ebd57c158180f30d60c71db329ee9eac772ef3bfa

SHA512
def5296894cacd6b6a86aa47d6fc33854ec4edb8d19a6800f02d6897e36ccc67769ce2fd81752a6b3091204f30747ff8cce6758b145cd115515dafaa0e9a14e0

Download Submit
C:\Windows\SysWOW64\Debug\2304193.dbg

Filesize
726KB

MD5
986a191e95952c9e3fe6be112fb92026

SHA1
1e2a48f1088ca5ab78617a7eeb8aa5f62abd4846

SHA256
8bd3c3d2a3e6285d004afd50262d80939fa588b39c5ecb404d12d364216e73b2

SHA512
044294049fed0c5165d2c204d4dfef8ddc65cbc872d499531a2d4f179e3ae2345142510ffc9c12c32e0c316eac3250d60b0b316a74a3d7d31b0a9699dc8529f7

Download Submit
C:\Windows\SysWOW64\Debug\230420207.dbg

Filesize
1.9MB

MD5
c63e6c17fa58deaef044b159566eb549

SHA1
a5af9542c7f56cf98eaf01f1bbdc0bd528aee147

SHA256
74de25834cbfeb41c3053bf976f958dbe27def7b2e4d1e11d7d7d05f3700529c

SHA512
fd005b6d94192758ca136b638b0a78dd3e9f15aa1718eb43b5b42a63706523b83800151c56afa77d5a58b1bcb1e6cc4dc19d088cd38af45baac5c24b64d8be6e

Download Submit
C:\Windows\SysWOW64\lcc.exe

Filesize
63KB

MD5
1841c44f0e9fb8aed2e0d50d2357d7e9

SHA1
e1dfa90674cdb2aa43f9d75e8ecb7e4e8c218579

SHA256
d74629433d64f600645c7d440b5746c7353b7c5ab26c0f986df89e30c82e5aec

SHA512
3605222a6e7faedc107978064370865a5576780f90ba52c49c2ed83139718fd65ef63d09f90567791aff6430001d234d2c8632eab6266fc1d44cbe3b78c03ee7

Download Submit
C:\Windows\debug\debug_71999a8d62e79b89ff7a0c2df8fe9fd9_JaffaCakes118.plu

Filesize
332KB

MD5
19d7285c744fe18326a665aa33eaba35

SHA1
48366a0ee4a3fbae86771a22a350941655190fcc

SHA256
addb4e33a11d70f4add9744c95ee96f52b107ccd0f78b820e0e5d7fce95f2167

SHA512
cafcf7b960d2b6e8a3b8915074f1a88334d396b9c8d0510fa2960635c38137dd2b0635c9d47c71968cea69e6744f4630b3f2b116f432ab53e9be949bc621836e

Download Submit
memory/3256-1899-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download