a7238929d338f88a63bce22795ee79e7aad958a56c177c0f5fb02c904ce13edd

Analysis

max time kernel
148s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 13:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
Size

992KB
MD5

05fd3352109fda4c84ce83d4503a36aa
SHA1

4e213fbf37a6b28f55b7dae7317edae9bdb9c559
SHA256

a7238929d338f88a63bce22795ee79e7aad958a56c177c0f5fb02c904ce13edd
SHA512

29df30e54a507dcd1480ad7337fbdef92cc33c9e359402d3eaa1f66315eae7114585430ecfec7cb48498097cded5df4a6872d3872c9554e8d3c0236a8d91c659
SSDEEP

24576:hojc//////4h3L5b+qbT81FkkvZfx/ilxRJcLetpa0nPe:hyc//////4h3LN+qlijQFraYe

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2712	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
1780	ScrBlaze.scr
2476	ScrBlaze.scr

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ScrBlaze.scr	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
File created	C:\Windows\ScreenBlazeUpgrader.bat	ScrBlaze.scr
File opened for modification	C:\Windows\ScreenBlaze.exe	ScrBlaze.scr
File opened for modification	C:\Windows\ScreenBlazeUpgrader.bat	ScrBlaze.scr
File created	C:\Windows\ScrBlaze.scr	cmd.exe
File created	C:\Windows\ScreenBlazeUpgrader.bat	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
File created	C:\Windows\ScrBlaze.scr	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
File opened for modification	C:\Windows\ScrBlaze.scr	cmd.exe
File created	C:\Windows\ScreenBlaze.exe	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
File created	C:\Windows\ScreenBlaze.exe	ScrBlaze.scr

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScrBlaze.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScrBlaze.scr

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\ScrBlaze.scr"	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	ScrBlaze.scr
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	ScrBlaze.scr
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	ScrBlaze.scr
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	ScrBlaze.scr
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	ScrBlaze.scr
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	ScrBlaze.scr

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
1780	ScrBlaze.scr
1780	ScrBlaze.scr
2476	ScrBlaze.scr
2476	ScrBlaze.scr

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
1780	ScrBlaze.scr
1780	ScrBlaze.scr
2476	ScrBlaze.scr
2476	ScrBlaze.scr

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2712	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	31
PID 2532 wrote to memory of 2712	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	31
PID 2532 wrote to memory of 2712	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	31
PID 2532 wrote to memory of 2712	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	31
PID 2532 wrote to memory of 1780	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	33
PID 2532 wrote to memory of 1780	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	33
PID 2532 wrote to memory of 1780	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	33
PID 2532 wrote to memory of 1780	2532	05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe	33
PID 1780 wrote to memory of 320	1780	ScrBlaze.scr	34
PID 1780 wrote to memory of 320	1780	ScrBlaze.scr	34
PID 1780 wrote to memory of 320	1780	ScrBlaze.scr	34
PID 1780 wrote to memory of 320	1780	ScrBlaze.scr	34
PID 2476 wrote to memory of 2768	2476	ScrBlaze.scr	39
PID 2476 wrote to memory of 2768	2476	ScrBlaze.scr	39
PID 2476 wrote to memory of 2768	2476	ScrBlaze.scr	39
PID 2476 wrote to memory of 2768	2476	ScrBlaze.scr	39

C:\Users\Admin\AppData\Local\Temp\05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05fd3352109fda4c84ce83d4503a36aa_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\ScreenBlazeUpgrader.bat
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2712
- C:\Windows\ScrBlaze.scr
  "C:\Windows\ScrBlaze.scr" /S
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Windows\ScreenBlazeUpgrader.bat
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:320

C:\Windows\ScrBlaze.scr
C:\Windows\ScrBlaze.scr /s
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\ScreenBlazeUpgrader.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
fc55823a96a15ff5065131aef9afa4f6

SHA1
e977654dda843e6809750f6a1008c2407df3b47f

SHA256
982431701c6caa9cf58418d846d903b2be003833200e73918e1facb915a126b3

SHA512
f656776f3749fd353b64c473e0c79aa045c7de0ffab167eec3fe0d26e328cba9caca4d961bc3988cb3b737ffdae06039d73332831d00eacdcaf83a46c3bc3f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_058F778FC8346DE378B15A5652BAADD9

Filesize
472B

MD5
2363956bdd7c6f2daf6c07f424af9a0b

SHA1
95012e2aa8fb41a34bca8bb00d9da0de84f056e9

SHA256
c49d3f4aa2f3c3839216788c84d8cb40d187d9a1cf49712f59d68263191fa4de

SHA512
3523d7e9f6931f78c7bd379f06355ee457ec87ef29d615921df29ee6255177a85e5cb2fcec8c0369d356de800deecc09daf9e1c74f90510641372be45ede58b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_64D0E789CB701290BBA99483C478F9FE

Filesize
471B

MD5
4f749a649a001a4cf7e4e96a2a5b67ee

SHA1
6d59bc82440702e8d6038be3e47df6dbb4e66a20

SHA256
4e0c3c6e896755c68d1a738f9128e2c67959ce0fb87595c59818cb74d611ca38

SHA512
07af185670e7c2df78738fae0f4003324a79364c96986b3d77199a504e79a10d0922bdd45de1df923717891475174fa425cd4ee04d932bce44f114208570ab2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_436A12A0FAEB3EB0641FAEC097954DBE

Filesize
472B

MD5
0295ac9f55b031d1c8f76da844cdd18b

SHA1
b496f8fd57747412598555533cc1a59286836077

SHA256
41e55b990bee5d515c5630e5fe31357c906491d18c716220f9d13191d74a231a

SHA512
ed9825c1d6899bac6effbe086f511029715e83a12b865caf07c84fa3004684f1f0d3c1fd27a6a1e7a885fc92fbea5bab2cb9bdb2be800325b7f79df783e197fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
cfe7ee5aebfae0a6c16ba1f79f05785c

SHA1
f833c9403eb07c4d5e8554cae458078f97747980

SHA256
a1450526a109e60ce952aa2932a6abdec55441c8e80c9854cde82d538fa45a1c

SHA512
d6ef13bbe870baa4926a3b947721915de7d355479929ad4dd78e8cd05df2dda745e4ff4b18ac1bd5c7e1a5083c4e8fb6f06512e650a8255760a606eb8ce517a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c0fed64b81f7e921188d04dce43c0298

SHA1
4ffa1d614f765d98f4928f196f9819a78959dc82

SHA256
91c4d04932e7fc1a79f5b4bc83d673950726b785293bb924058d884f30fd47a6

SHA512
7eeb5105d8600549b821aed33c3bb56e0c200f86b1464bd4efa0271ef868b1db2b27e040263f336a1d0b423b5f8c8d54ec15462f23b120d6d0b3570cd179e918

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_058F778FC8346DE378B15A5652BAADD9

Filesize
402B

MD5
f18f12328834be3d0c521f94a8bd22f7

SHA1
038470e8e8429085d9354cf557eb7c395b60194b

SHA256
33acb84d597c6e6c2574588fc2d7691b600f41b974b491f923669da02180c3c0

SHA512
36e3c53c67a68419157cbf724f342c5351c7320cdd3bde1c59c8dc35226ed9cbc8a003a1a746365e146f5c96dc53c875c89870e40b058f3f0172398aac76059a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_64D0E789CB701290BBA99483C478F9FE

Filesize
406B

MD5
4c41566100168f99eea85398f999910b

SHA1
d33f7012c3e9e103d5af7a58992a1874c1cdfeca

SHA256
5f1468e303a90ec65f493d7d6ddb55d12164cfcb0d67aeea512272984b37a435

SHA512
f0be3f2cbe01034dd4679e8a25207aaa34f09e33f83e2b5ed95a46943a9df77a515913be34ebf2a90486328007aba46ff2e08802dc02c0bfbac44abcd881bc14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_436A12A0FAEB3EB0641FAEC097954DBE

Filesize
414B

MD5
aad4f060fa94227a73a4f99fcf2fc151

SHA1
1a86759793be5f1e76d76e077241c202e1a13460

SHA256
0c913e8155726604b50f1b4ba92673b28b3ca950217b8524e4aaa2e770229226

SHA512
ed9ec521d46b4dcb89199cb308764c4a1dc2ab2948d324ff3d30779da961be746e9472d18d29977a470ced6e290a3aadeaee43fb75f74384c1372cbdd3d1af1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\chrome[1].png

Filesize
6KB

MD5
ac10b50494982bc75d03bd2d94e382f6

SHA1
6c10df97f511816243ba82265c1e345fe40b95e6

SHA256
846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd

SHA512
b6666b540aef6c9c221fe6da29f3e0d897929f7b6612c27630be4a33ae2f5d593bc7c1ee44166ce9f08c72e8608f57d66dd5763b17fec7c1fb92fc4d5c6dd278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\yt_logo_rgb_light[1].png

Filesize
8KB

MD5
d654f892f287a28026cd4d4df56c29c8

SHA1
98779a55fe32a66ebec8338c838395d265e45013

SHA256
fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8

SHA512
3668902aeaf792ad73ba51e0a4caaa520ebc38177791dfac9a9b28026c3bde99e721bf54d626f266a19cfd045a6d2dc8c8e70e53a2c5ee524c6f2736bb0ce409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\css[1].css

Filesize
312B

MD5
2494130e2dd81fb40051261cac87fa92

SHA1
08bf1ea9863ee62a66bf9a75161176caa5a11cec

SHA256
ad6e8562d7a6a701d734b60795921409d5449b1806b88ffb1173e832c6da695b

SHA512
5defafa591cbe2fce7b02dbde7b9ff834fb0e5a3da41807978560c292aad11546045f8689d7de4d583c1635012bbcda48b8f49bf0588abe8ef50480fbb2f7134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\edgium[1].png

Filesize
6KB

MD5
01010c21bdf1fc1d7f859071c4227529

SHA1
cd297bf459f24e417a7bf07800d6cf0e41dd36bc

SHA256
6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e

SHA512
8418d5ac3987ee8b6a7491167b0f90d0742e09f12fceb1e305923e60c78628d494fcd0fee64f8a6b5f6884796360e1e3ec1459dc754bbfb874504f9db5b56135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\css[1].css

Filesize
181B

MD5
f407e7b6e7d9fc9da41d84c225ba6dbf

SHA1
2c26b50f87ee2e0d8c2f345106047e2055a147a7

SHA256
df378280434faf25fbbdaf52d145580a12fffdaa2fe3f45f7e24d4cf8f7a13af

SHA512
cc6ff71ed48e437215cd54ab4b527f01935070aeed4e6650c27c0d304eb80b3e7207c859425bd0f770c091c968e45e704c25bec0009dcb5b513823956f7e8528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\opera[1].png

Filesize
2KB

MD5
5cb98952519cb0dd822d622dbecaef70

SHA1
2849670ba8c4e2130d906a94875b3f99c57d78e1

SHA256
02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7

SHA512
5f29b7459fbd01e16dbd196e4bcddf109af017cccf31337abe1cec6cc5a84711fc2cd34ad7a35d9432a9d7e42ca23d7f6c9d4315396429d7b8e48b9491696afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\dinosaur[1].png

Filesize
57KB

MD5
bdda3ffd41c3527ad053e4afb8cd9e1e

SHA1
0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b

SHA256
1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399

SHA512
4dc21ef447b54d0e17ccd88db5597171047112ce1f3f228527e6df079ce2a43a463a3a1e4255828b12f802d70a68dbe40b791852134be71c74de97718b2f1d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\firefox[1].png

Filesize
9KB

MD5
7f980569ce347d0d4b8c669944946846

SHA1
80a8187549645547b407f81e468d4db0b6635266

SHA256
39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7

SHA512
17993496f11678c9680978c969accfa33b6ae650ba2b2c3327c45435d187b74e736e1489f625adf7255441baa61b65af2b5640417b38eefd541abff598b793c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC948.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9EDF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B786N199.txt

Filesize
74B

MD5
e44ad7130b1b7fba9371d5d65108430a

SHA1
d8fda8faf467a71996fac5d6a1729cd7bd4460f7

SHA256
e7b00937bc539314b4c50cd81b749dd85d765ef678f18fd997f90557dde4a47d

SHA512
2893f7f62bc392d2796553a6ec085e9a75bd816dbc7db23ab255337be2f6d21c23d4386ad6e5e26711d7bd636cf01b8ce184c40b039025a619fdbcf08394af20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FXH4MA2V.txt

Filesize
74B

MD5
055d08cf80756d675d56959ea60b88b7

SHA1
c132bcfc0a0d88eff31afdd6f1615dd12d610c1c

SHA256
93d685012718b728e1d4b58f3a98460c3c50836bef1e94b10e2bfe5f902b1ac1

SHA512
4589346e30dead49899436852fbc5a9001f0debb5baf9dcc49b458026e348a6090ccd5398db48f80222ecdeb6d3fd98002eb4d36b330b059683f13c3247ca5b5

Download Submit
C:\Windows\ScrBlaze.scr

Filesize
992KB

MD5
05fd3352109fda4c84ce83d4503a36aa

SHA1
4e213fbf37a6b28f55b7dae7317edae9bdb9c559

SHA256
a7238929d338f88a63bce22795ee79e7aad958a56c177c0f5fb02c904ce13edd

SHA512
29df30e54a507dcd1480ad7337fbdef92cc33c9e359402d3eaa1f66315eae7114585430ecfec7cb48498097cded5df4a6872d3872c9554e8d3c0236a8d91c659

Download Submit
C:\Windows\ScreenBlaze.exe

Filesize
2KB

MD5
e37725a18e9fa058b5ad86ab48fff47f

SHA1
67e5df591f81ca0ad15af962632c268a0b097d54

SHA256
9f08f004b869a736f60dd056074e78d9429c81ab80ca6169c4abb105ffab0553

SHA512
e897047e519eaa8184e2a11553f7ea20d5040338d6f2aa5ef8890999df7bd248c9e1aaa8be87f04837df8519080326dd6dd740c448341154044d3a8e50ca0bf5

Download Submit
C:\Windows\ScreenBlazeUpgrader.bat

Filesize
495B

MD5
ab73b489e9fac2536b22d1ae5193bcb3

SHA1
b0d62acccd3327054a2efbe385dc146f3edea889

SHA256
693656be461ce1fb33a464b49d91726d49791e268f87b10aaf26d70c5b1e7b68

SHA512
7c0e748a28a122f3c99bb49739dc6aed8911bb9fc8bd310888760686b1101ca69754631dea16eb2016a88d4276194036ffdf5a86bdacad7fd17bee0a2b9b03fa

Download Submit
C:\Windows\ScreenBlazeUpgrader.bat

Filesize
251B

MD5
1b6947de66aa77bb45467cbf8a954d57

SHA1
150df7d37acda9be67f356366ebe5c86f4e2e736

SHA256
8cb979326e5abd04737cee99e2e116567d9da9ef45b5b2008cb47ed3bc1f5e91

SHA512
4af58804e62e7b97c7ee5fada4cbdf40d7c88b3696c2f15f1d50cee33fb34543f6425eb9e52cfbb2720f6798ca5dae2ed11f2427e6ece03c59fdf3d336dbbd70

Download Submit
memory/1780-124-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-123-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-126-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-127-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-132-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-133-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-134-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-135-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-136-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-125-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-139-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-122-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-184-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/1780-58-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1780-182-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/2476-183-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/2476-185-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/2532-59-0x0000000000400000-0x0000000000501000-memory.dmp

Filesize
1.0MB

Download
memory/2532-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download