0981b52fcb3603e4053d92903b8b35dbafaf0e099081774b0a26dfa555b75a4d

Analysis

max time kernel
141s
max time network
130s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 03:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
Size

1.3MB
MD5

ce8606e7c60cfb774504c9874458c695
SHA1

8da1bada7cf387d317159d0d7ab83b7c4a4457a5
SHA256

0981b52fcb3603e4053d92903b8b35dbafaf0e099081774b0a26dfa555b75a4d
SHA512

b8f22ac5e7205b5d2d09fb8b41a4bdf2bc8648c18930f3d18010a84849031289190607bcd9ba917a0007554697af0f1020f04ed4a6616235aa907aa2b1927f55
SSDEEP

24576:04KevxLJj0a9Y4PyZeqsW5JTJ48C70TPmc94+2mQ7v21rwX2dv0pkR86HyW8s+:0mlpYpevWzK8pTPmT+jfvEqF+

Score

7^/10

adware discovery persistence stealer

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2892	rinst.exe
2712	catia4.exe
2852	bpk.exe
1804	WerFault.exe

Loads dropped DLL 19 IoCs

pid	Process
2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
2892	rinst.exe
2892	rinst.exe
2892	rinst.exe
2892	rinst.exe
2852	bpk.exe
2852	bpk.exe
2712	catia4.exe
2712	catia4.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\bpk = "C:\\Windows\\SysWOW64\\bpk.exe"	bpk.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	bpk.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\pk.bin	rinst.exe
File created	C:\Windows\SysWOW64\bpk.exe	rinst.exe
File created	C:\Windows\SysWOW64\bpkhk.dll	rinst.exe
File created	C:\Windows\SysWOW64\bpkwb.dll	rinst.exe
File created	C:\Windows\SysWOW64\inst.dat	rinst.exe
File created	C:\Windows\SysWOW64\rinst.exe	rinst.exe
File opened for modification	C:\Windows\SysWOW64\pk.bin	bpk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bpk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	catia4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WerFault.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rinst.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\Windows\\SysWOW64\\"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\Windows\\SysWOW64\\bpkwb.dll"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\Windows\\SysWOW64\\bpkwb.dll"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	bpk.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 33	2712	catia4.exe
Token: SeIncBasePriorityPrivilege	2712	catia4.exe
Token: 33	2712	catia4.exe
Token: SeIncBasePriorityPrivilege	2712	catia4.exe
Token: 33	2712	catia4.exe
Token: SeIncBasePriorityPrivilege	2712	catia4.exe
Token: SeDebugPrivilege	1804	WerFault.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2852	bpk.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe
2852	bpk.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2892	2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2892	2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2892	2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2892	2364	ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe	31
PID 2892 wrote to memory of 2712	2892	rinst.exe	32
PID 2892 wrote to memory of 2712	2892	rinst.exe	32
PID 2892 wrote to memory of 2712	2892	rinst.exe	32
PID 2892 wrote to memory of 2712	2892	rinst.exe	32
PID 2892 wrote to memory of 2852	2892	rinst.exe	33
PID 2892 wrote to memory of 2852	2892	rinst.exe	33
PID 2892 wrote to memory of 2852	2892	rinst.exe	33
PID 2892 wrote to memory of 2852	2892	rinst.exe	33
PID 2712 wrote to memory of 1804	2712	catia4.exe	34
PID 2712 wrote to memory of 1804	2712	catia4.exe	34
PID 2712 wrote to memory of 1804	2712	catia4.exe	34
PID 2712 wrote to memory of 1804	2712	catia4.exe	34

C:\Users\Admin\AppData\Local\Temp\ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ce8606e7c60cfb774504c9874458c695_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\catia4.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\catia4.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Xenocode\XSandbox\Mastering Catia by Examples (MCE)\12.0.0.8\2010.03.07T19.23\Native\STUBEXE\@SYSTEM@\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 508
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1804
- - C:\Windows\SysWOW64\bpk.exe
    C:\Windows\system32\bpk.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpk.exe

Filesize
428KB

MD5
850ded5a30b4e5bca781d77c0efcf16d

SHA1
cc2554aed78e2eb443a20df97634fbe8931bd276

SHA256
e7a53ae81f17e5c4e732e64a5f52c35ab8879abea4f508c0c42c82f5bc0d4a9e

SHA512
bb3fd071a5df5608510e65e0655fc12d6a9f933a410a16fd34289654b58ac9abce9f44afdc8edddb291acd4997c588ab7e7a04daf6a617e0ddaf2282d8a268c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkhk.dll

Filesize
24KB

MD5
9b60660cccada3f585c3e4284195e9c5

SHA1
8c21b1490ccc99088a87f6b7495951a320355df1

SHA256
c13d3f6a1bb8a9d652eb7802a3b2dbbf31580cbef1983a982d1a4b73ca45693e

SHA512
d68baed804995afa41003393e2894f7fb473d63399a24af0ebcd8955b2789b0989372fb7f06a7d2b67a664c4d44e084867e81cc198737da0d0aafefc4e45afca

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkwb.dll

Filesize
40KB

MD5
ea84c1f4209e797370ab6e19c8c83b66

SHA1
6e00610a3efd07be1c9911181a8ee17da4647f11

SHA256
aec793cf2d4a69bf091092f6048cb72f5ea7bea99c039fc4b82ff26f63f97754

SHA512
83eaad1b220488dbb59935739e66878d6f29871c692ec5b74ca36ff790e2cb2cfc09ae326ca6e67111b904e2d63bebb7f7b569461e479c892535b4e64d502769

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\catia4.exe

Filesize
1.0MB

MD5
48cd21d1cbb7ee76824a0dd5c1172f50

SHA1
c689d4fe81365fad9468bc246c893e88eb5049b3

SHA256
310bc10e277e6f7992b868ca1e7674c78a625aea22b7ef9e468f0fb3969b02cf

SHA512
fde2889cd791bae05ab8daff7b3f8e6d730cf6d408843f904384d1bc0df8f0c5a571c55e59c4ed01d90d1cbe72974ec576b7919a267174a113c789205f91a466

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
fdc8b63e09b55ee85772432f071a14a7

SHA1
06064838e6cbbda4f124d730fbb3780705e14f0e

SHA256
5a9765d473e4f10d68ca988507f586d0524e1d0b7c41f75bfa1308565884cfc5

SHA512
cd029e6977013ca2db03fe469022d55e7fee64ef5e756a909c6145a803860b6de41f12d4514f2ea61d3096d936ba0e9dc8bc381bb703faf1309a3340619399c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
4KB

MD5
e39358d6de4c4142ea8bd9b9695c0007

SHA1
32df247d80ba8e20af8acf8bfbd0d4009873dd0d

SHA256
3713b0cbe936c2088eb4738a40cc90696799490ea49a6ba15fa79a0fc9e954f4

SHA512
3686cdab43db7d03ec10288eac86b46e78fb721c9dfe5a350c02c3c435b555ea6f663f09f65644617b9efd38aeaa762f601a8f21adc0446a2da4d66d5189ec54

Download Submit
C:\Windows\SysWOW64\pk.bin

Filesize
4KB

MD5
1029fe42640f98a65f77ab46a0528780

SHA1
8e3534c748218b92f167eb6b18a6d2b4ceda203b

SHA256
61f52a38b9b2cabfeb0269743947d1bca0e3f0cce6b73d0eb6fb51da155597d5

SHA512
8b8ff8095a5aea845008954f41389dcac6b63ef6a43c78a9584612df53f28f90ef162eb0639214ce51b045e409e6bdc7f503848354f1af1ca0aa48d2fcbe5900

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
7KB

MD5
fbe4bab53f74d3049ef4b306d4cd8742

SHA1
6504b63908997a71a65997fa31eda4ae4de013e7

SHA256
446658dd5af649857fff445c600f26cdc1d0c19c86a080f312b89b1890182092

SHA512
d458ab806a3ed3d1494a13ad8a75df874a0b227cb4f337996cb82df3c4a26dc9c4fe48a664b53b052a4af123ea8d89911d9d9493870e6b5992d5621a32260c2f

Download Submit
\Users\Admin\AppData\Local\Xenocode\XSandbox\Mastering Catia by Examples (MCE)\12.0.0.8\2010.03.07T19.23\Native\STUBEXE\@SYSTEM@\WerFault.exe

Filesize
16KB

MD5
0fd4d0e0f31afaae497b37fe783028af

SHA1
09e3a773e7c013e0789fd03ec8319bb0feb86d23

SHA256
a079f3fe864a03b3fff148f2601bcce947b9671db43a44ca83720b03f5aaa114

SHA512
91ca82af43f4563aa24dd75c80f3e9fa093342f3f1151fddeb148547cf1bcf1f7924daefcf4deb6d9adb45dc7d5be4c2ba5d7b0a2a2dd959b07a523d4817f48a

Download Submit
\Users\Admin\AppData\Local\Xenocode\XSandbox\Mastering Catia by Examples (MCE)\12.0.0.8\2010.03.07T19.23\Virtual\MODIFIED\@PROGRAMFILES@\Catia Pro\MCE\MCE-Structure Analysis\catia4.exe

Filesize
797KB

MD5
2eb7026fd3e96225f338a570a455c6d2

SHA1
938643bd56ec84f79f8d6cc81b36d63a5643fc9f

SHA256
beac8cb58e03f162517fa9e1c21e69cd7a9c107cb5a3a5d8b04eb871a42ba218

SHA512
44d8533974081ab7af417d8b3cff5992c8db5fb815716eef4f884ff283c05076b6b3ecc25ef2ba635441f938a05d1f560f526f73b0a9d6206a15b3e13cba9d37

Download Submit
\Windows\SysWOW64\bpk.exe

Filesize
428KB

MD5
137cb2835b1d91386ac2b1b565c6492d

SHA1
acc7213b0b856db29aa6d10b49884c432a05e75f

SHA256
a8cea204954ffa11134f0be8ac0fed6c9939b54c369cc7f8312059c0a601c390

SHA512
b55cb7be2a077006497aa6cd08459fa9a000bce6eb970a1dd2a28143c3859a1ee26edadb6890d6de848701bbc7c6373ef35f051ebdaaac296e6afc8b32fba688

Download Submit
\Windows\SysWOW64\bpkhk.dll

Filesize
24KB

MD5
9ac9028338d1b353a7cacb563bb91df7

SHA1
a20c5dee8f05c91686324cec2d5b092bafe58339

SHA256
93c0e7f41d5d74217189e4cc2d5cdb8f97d8e5eeef0a0dcf4cecd67e3393682c

SHA512
ac83c8f7b6fe913487015d8d7a2e430e917d230b6b2907150f6c4a73bf64c3a02320dddc29fea03db5df8ac5620d8a902fe7be80ba1b1bd1e6f5b8b1b016ddfe

Download Submit
\Windows\SysWOW64\bpkwb.dll

Filesize
40KB

MD5
21d4e01f38b5efd64ad6816fa0b44677

SHA1
5242d2c5b450c773b9fa3ad014a8aba9b7bb206a

SHA256
3285df0c25d4b9b6d5ccbe166a3ce3d04f5cb3a0d61c8bf29bf5f953e51b0977

SHA512
77dae941676a56664da89c7670d29ed5402032c8040df1cc231986733c78f0dc56c41f7a276ec9ea8336e3fa2bfc68d3121048e9585bf0d8a98917d799f669b8

Download Submit
memory/2364-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2364-626-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2712-98-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-80-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-114-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-112-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-110-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-106-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-104-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-102-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-100-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-108-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-96-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-94-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-92-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-88-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-86-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-84-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-82-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-116-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-78-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-76-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-74-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-72-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-118-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-70-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-66-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-64-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-90-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-62-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-60-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-57-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-68-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-54-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-55-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-52-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download
memory/2712-628-0x00000000002B0000-0x0000000000309000-memory.dmp

Filesize
356KB

Download