Analysis
-
max time kernel
148s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
04-10-2024 13:31
General
-
Target
138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118.exe
-
Size
9.2MB
-
MD5
138b5cc8e7dcd60fbdb99898982ed606
-
SHA1
8157e5c44df485d4ab29e637e0a4783c1d07c154
-
SHA256
237de1196f556a7b8f6d0c908025e1be7b5561cd9f7533f29d57076aec9176c2
-
SHA512
97999514d2e1b259c729dc2aed6cf8d0e962ffae2b92d1cd028e34a104e50cf1e8faf22d73939ec4974129dbe5bea5326169028a69979b839b76eab52c4ab411
-
SSDEEP
196608:Wegi7jbmj9kCADU91h+RXhKpBRGvMZU7nK2r2eTcuYH6TL:A+bG9ZADU91h+byRAMPOSPi
Malware Config
Signatures
-
Blocklisted process makes network request 6 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 40 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Kills process with taskkill 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 12 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msiexec.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\System32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi /quiet2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding AD8EF831CED7715363DC4D4EB1D0FCDB2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSI9FC7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259432423 1 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationStart3⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ts-l_qr_.cmdline"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA362.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA361.tmp"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSIB08B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259436682 5 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationRemoveFiles3⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSIB7AF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259438507 9 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationComplete3⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
-
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"4⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"4⤵
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"4⤵
- Installs/modifies Browser Helper Object
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"4⤵
- Modifies registry class
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"4⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Smartbar\Application\SnapDo.exe"C:\Users\Admin\AppData\Local\Smartbar\Application\SnapDo.exe"4⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zwrdkqmt.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD76C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD76B.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\t4gepgxm.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD7D9.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD7C9.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\po_suhdf.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD827.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD826.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\t9vikl1b.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD875.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD874.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bvmt59aj.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDA0B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDA0A.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ue0si9yz.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDA88.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDA87.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eiaryf9o.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDAD6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDAD5.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zf1ytujk.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB62.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDB61.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kegphowj.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDBDF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDBDE.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\llqib0ff.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEBA7.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCEB97.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\-brbs7uo.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEF21.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCEF20.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ft1oqqm5.cmdline"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF171.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCF170.tmp"6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\svsylo4e.cmdline"4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD7D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCD6D.tmp"5⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\f769a9e.rbsFilesize
111KB
MD55783226dd59acb55b08255e4b3e855a0
SHA17b0d06193a0496b10b310a9392bede4c5ee61c0c
SHA2568799b9e955260f12dfa992424e55d332371100b5a9681859a86bd877a5730ba9
SHA5126b2863ca067bdd9835f11979432f874cc30e88837d83d17c51a95c0335cdd28af23199948f7bafe787165ec6af8dae8e728328c58a73466410a76a935605f8e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b4f17275e67debb15d49a8c703712d02
SHA1307e304ff67dc74b0aa1e1246bc08b1a98cc7d90
SHA2569519e374ec7efa484b689e2e1994e29f1920b224839241fce4c968ed421265b2
SHA512a982913ef7cfbd8ec9a2b5aeb3d05be57681bcf06810bd19cc79d833ab87c2bcfdb5268f7371d95e508ed2e633556b25e313aa221c6dd10b37edc72254cd41fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.tempFilesize
92KB
MD52c87b2d541eecd3b4a69f502e63a5783
SHA1c3d1777df678cf4ef89ec8330f4d64f07fb26f9e
SHA256eae2daadf140785ff98f48909f57ec24b3138fc0744018ec84a4ff8932c3d638
SHA512502bd68d3ead4d794969b1db7dde114e0d3ded7fc52d81ab4e50c9d59ba74a0279426b54502301e2589929802b91ff8aa32d7e3d02a79d98209e540b40f7304c
-
C:\Users\Admin\AppData\Local\Smartbar\Application\gauomtpw.newcfgFilesize
12KB
MD568791d8ef37c4c2a5eee46f8315ad2ae
SHA15fa5c38ffd43b32898bdd6fd0cda37976035a28f
SHA2566348df8ce02c5ce502b52fcccc9e8ac695a0661badd08c5bfe8538b7904276eb
SHA512ab447a3838fa7108d54f73d6cd4f70d732811e2e07e1fd066d7ae3ad7057daad697a23201b1123c4ba22b740d76dab19970ab1a00546fd47706d687b278a26c1
-
C:\Users\Admin\AppData\Local\Smartbar\Common\icons\30DFF8F0-BA79-4360-A3EA-51B6D006133CPress.pngFilesize
4KB
MD55719ee7f6521ae142f0557f0706cded1
SHA1a1d5694197827967aea5b3ccc88e2f91d465c283
SHA2560a2ae8f3e9aa552748cfeadaec055778487602e7f6d4a6c2a221fe1fd496bfaf
SHA512cde76dada9e798a746d7ae23ee189940a6b7660805267a9221501c5c911a89b298005f111622fae7c886e810e23f83b77d47fa75793d19441246eb775a2f2bf6
-
C:\Users\Admin\AppData\Local\Smartbar\Common\icons\3C610B86-19DE-4757-B46A-871C9C27FF0APress.pngFilesize
4KB
MD52768222689e3585d609b5a2afc1ba52c
SHA1ee522df6b2e365857bf6be58ac7150cbc71cfc9c
SHA25621ee471e79b0a646735e132bc1f0c48f464677127b105426e00b160a554de6b0
SHA51256527749dca471af92eb4166b2bb6f1ca4cbf07c8d7e1a201378467f1d08efe5fd913715bb995d35c7d511b2cbdc9469d79baae7ee4bab619e4e11753c3505e4
-
C:\Users\Admin\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCBpress.pngFilesize
4KB
MD5e6ab030a2d47b1306ad071cb3e011c1d
SHA1ed5f9a6503c39832e8b1339d5b16464c5d5a3f03
SHA256054e94c94e34cef7c2fad7a0f3129c4666d07f439bfec39523dca7441a49bd7c
SHA5124cbb002cc2d593bafd2e804cb6f1379187a9cae7d6cc45068fda6d178746420cc90bcd72ba40fc5b8b744170e64df2b296f2a45c8640819aa8b3c775e6120163
-
C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\PublisherSettings.xmlFilesize
15KB
MD57706e14f8e1e875567edf16ae1bd148e
SHA13bf8439022f78b731f909799d2ea16b917e26b28
SHA2569025426fd77d229a4c53d983335873ee78560181bae855b7a84d2e233a4b1829
SHA5123d5d7264971be81a897e98cf88d92109433dbe15956d86196d82093ab6f62e02306b221018c3ccc8a70e18738413d8b0d59f8b18f038065ed784a90a186dafda
-
C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xmlFilesize
2KB
MD5471b9e8752f0eca9a655cfafd7410154
SHA153d555749c04cb475963d4e2d448bc1ae8cd1f00
SHA25643e84d9f068cd3e27412df1e3f32809f70b056840483c0b453d5168b4a85d36a
SHA5125a1ca37319734c0d8e2a43e5e7cfa6a2c64493901219142d503fe82105e6bd2b7729f4bcdd64b7218972f10c05839ac9df6ed14c1915734bd6fd33cbb26f184c
-
C:\Users\Admin\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.830\gy-7i9fd.newcfgFilesize
600B
MD53119b5000b9117b449a20aa115b4a5b0
SHA1fd911c66db786812a3a698dba1cd278411c63c1d
SHA2563eb76b84eee202d1ad7f12436cf4d3f4805141869d5eeaa6bca88d76a4151555
SHA512a21b8b9c33a9cef5653c70e8c9bed246700c8a41627befc41dda5f85fc26d289bcc05d36489f98263397327ce2a7dee320951a7b5ac1fafbdc60cd89e7c9e3a0
-
C:\Users\Admin\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.830\user.configFilesize
471B
MD5d72214fcd73bfc58befa5f7da26e3c2c
SHA1aba51ff425df4fdff070c8fb12ca67c788dbe1ae
SHA2560c48f4447e1f2bf1d8cc3c71f7dd674d837e5c4f6c71f5d5a2da04782c49ca7b
SHA512e98bb9121e5f01b47672ff340a83c10023deeeb94831574638274ffa44fc53095aaa6e56707d3e005514149df9ff96b1d4ebb38cf67a142f04cddac4663ee026
-
C:\Users\Admin\AppData\Local\Smartbar\SnapDo.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.830\w3y8sde_.newcfgFilesize
535B
MD526c9a9a9f54570195350e424bfe6fd01
SHA14e2dd5f8e75d685b1e9fba513cac14834f0e1328
SHA256c09f2296aeb953013e1c0efacbf86f93af795d347c076f6d895535f8b895431b
SHA51261cd32a9a8c301467483dd4bc8e9bfa39ace95f9ef45eb1c3f8d6e5402b114b703187fd16770bf25e504059cf85e056d72c6002358964dd69b8835dc5ecd3fe2
-
C:\Users\Admin\AppData\Local\Temp\Cab9B67.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\RESA362.tmpFilesize
1KB
MD541fe441223a0c6cbb4e3f1853f8eff17
SHA1ad224004c1330615295a9e227d2552b693db6c6b
SHA256780904cfabeb18213b09ada354cb5ef3a42229ec7dd84f1ec2684012ab9d5020
SHA512b71ce11d8b050299a73efb5548d4d780fe5a4019324504ff4ac05097af4484a96890212091f922e182876caee4f8fd65c4183c7445c2bbe86a22dedbd3b79c48
-
C:\Users\Admin\AppData\Local\Temp\Tar9B7A.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msiFilesize
8.1MB
MD57c0a5c2c273f7266369c6cb5ad305314
SHA1c0316dbf07385f033f51758b1700089e06201eb9
SHA25643944a61c24f4c3178856707054a4e25d52ccdf30aae5b8f9494497e34d26e9c
SHA512d4eae25fe4e9638b0590bf9b4e34e58ad42f43fe1344408ba5811dc17aea1a6fa8bf2b940d03df33da8c26849fb87c11fc1698c490ee9e77ecf8c39cb2ad2acb
-
C:\Users\Admin\AppData\Local\Temp\ts-l_qr_.dllFilesize
88KB
MD59070edf7f04ff1a3bad1f119e55dc92b
SHA1ec554dfe48b3a690f85f99bf5209bb8f72306f12
SHA25602dec716f714fe90c621dad468d405c57124400fb5e4b350e121cb12b64788ab
SHA512b9b8632d079635f935553a3bf28a5ea792ff75510f758650d8871913d1bd8777f1dbb1e7129e23dff5506ce79259c9be99e79a956301dff7e05cefb0ef75d557
-
C:\Windows\Installer\MSI9FC7.tmpFilesize
1.5MB
MD5f4dac8512f2767c89b6ade353fe7296b
SHA19b591a77b0d7f53590a5143eb9c39be65a41b06d
SHA256ae9d1e49f652e1132a7122399e792d7ebad1b550f65ea114eff89a8c8368548f
SHA51243e81639da7c8135030a0667ed66e9c0acc9e8c7f6bf0c29ef4ebb6cd35b7540d527866af2cce59c0cee0c610b90f4d0fd4040ef2d9d738ebe7be019c07bde48
-
C:\Windows\Installer\MSIB08B.tmp-\CustomAction.configFilesize
806B
MD5796621b6895449a5f70ca6b78e62f318
SHA12423c3e71fe5fa55fd71c00ae4e42063f4476bca
SHA25609be5df7a85545fd93d9fd3cd1d6c04c6bfe6e233c68da6f81c49e7a35fcbb84
SHA512081cf1dadb3a0e50f0a31ab03e2b08e80298c06070cd6f9b2806c08d400c07134623f7229a6c99910c6243dfa53c6e2c05d09a497aae1e701bc34b660cf9e4c9
-
C:\Windows\Installer\MSIB7AF.tmp-\Interop.NetFwTypeLib.dllFilesize
32KB
MD55f999c68e7770881a9a6e045855c7995
SHA103d58c17cebf5075b9cb6091a286f414489b4f0b
SHA2560ee85b7498d7ac0acfcfa9d65c7eec6e2c2191c21cda2d0047df395eee0471ce
SHA51297f08f783a2473652fee4a3d22023e6ac9bccacf10e13a4aef1500cc0a4aeee19787d49f109f993ec0a643a9c7d7109de8a21e309319935c673208c617b73ab1
-
C:\Windows\Installer\MSIB7AF.tmp-\Smartbar.Resources.ProductsRemovalLibary.dllFilesize
17KB
MD5e1bbfdee0a3dc9c963c53443a5cf8963
SHA155753d0a7b1e49f3c09184623f674e60d7d10245
SHA2560a6598e12d49debe47ea678e9a721e27b417e9af50e18093d48290aa679cd978
SHA512d53c569eab2e313de3f723f84a7dd89f6876bbd8aacb467dcad74d3057f778473413f8efe8217a0a8373db54da55230481ce4ad84bee414d22c73fd62c217d20
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.logFilesize
109KB
MD50eebc375bc1dae1bb0150f501121d3ff
SHA1f5389b514a160e316b5d27ad6fa12bd3fe6c85e6
SHA256d38254cb9d5c842d72be740823a1d4eac09aa82e6bdca193fc8badf233a0ced1
SHA51260d5d70710505374017929248489aca1f6ae988799bc47096a69e58783b9336ba2295eb598af26ddd8ca3249b168997df9bc35e7bf2772c092cf8c1b27ec2420
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cchFilesize
416B
MD50e5e5b7a0d0125576d061c85ecb9075e
SHA1e84b840cb7a2cd211e73a4ea2a39f9f69651d25a
SHA25647a3c07fcb879747bd30b04502db2208bb9282bf152683326dfabc5d0c9ea067
SHA512fef42df29c352a5f21633a4308e1473fd2e40cc641002668e7e4ba683b1ee910e14283d57aac2d16fc113bd520272336dfd84e21a296d1f59f797d69b063b191
-
C:\Windows\assembly\tmp\FZKZI0DC\System.Data.SQLite.dllFilesize
890KB
MD50cad9f17eab4f29719b2defc90e42f27
SHA1a2750221ccf7fb4d2c14744b073e84f4ab0e6831
SHA256794cd3e7f0ec56d554936aa3d9f22753a605ed1130bf0c9e2c3c57f3e298f703
SHA512c49a6b1296bfe1a578b52475ab124a96c0ef14dba0ffae680c5482881b68b83d728c58cd69429dadf3f0546785992e35fd26d20f2ff027ed5af4a34c9e055454
-
C:\Windows\assembly\tmp\MV7SU7YQ\Interop.SHDocVw.dllFilesize
143KB
MD57155bca191991224bcbba5b5aa64b302
SHA1b3d7c5b1d40d82d0000d4b82a1b8b6ed3fb60261
SHA2567242f575e2414031cebbdae0b3f557300c4b6a521da63772b81d5f96661cc2ff
SHA5122f72a0ab4914da0233ab180c57bc36c180fab6b66dff6592eddd02301eca2f54cadbaebc0c1a3140f41b4ec9a588ce4c450edd80b747b3bdc73a2d9531e4bfc5
-
\??\c:\Users\Admin\AppData\Local\Temp\CSCA361.tmpFilesize
652B
MD526a139f694beeb61640ad0d33c129b70
SHA155fc585e764622483150b27600694ece43f7bebd
SHA2564851de16861020fa6587b8d53b6db0ef5ffc2441fc7025b15f8c1b60a61c1fe6
SHA5121fc764f1b13afdb8ddc3e03737637351557556740a1629ba6194bf76c5bf5598c12745e307a3dbc881aaca0d3c8996858d70f716889debd35edeaaed03ac678c
-
\??\c:\Users\Admin\AppData\Local\Temp\ts-l_qr_.0.csFilesize
187KB
MD5144d5d043b00d613d6ae0215b79fc4f1
SHA1456386473ffd3cf917a4a67adab5a1ff962c617e
SHA256c870040596d07812d93905c698e503263aec04dc4dca0d8a214e03040086ed88
SHA512de998ec94a07c7220449132e0ae4ffbec7b4dc2d6061071ac0cecedbb2089cb8c7e5261147719152ba3e3e8c4fd7041e345060bf2730c9d77c603b090bea7657
-
\??\c:\Users\Admin\AppData\Local\Temp\ts-l_qr_.cmdlineFilesize
614B
MD5e8fd4a0ffc2564dbad0bdba77b076331
SHA19c94c212f21c8c22b927f32139c681d35b088057
SHA256f2ca2a1772535665c3a4128e64d3674c8475629ae601379f602b585bbd43b48f
SHA51223b8344612101e7d9b84de8e2ba90777e4d9ec4d9481e0f10963762dbffdd7f9429726c2ad403dc0982c9dbe57ff03fde423cc9012d8ab236ac2e5cee8ef879a
-
\Users\Admin\AppData\Local\Temp\smartbar\HistoryWrapperService.dllFilesize
383KB
MD54693e209db87ea689c2dfae2ebcc371d
SHA1ab0b0901cf45426d05262cc8e1e9b9418f4a0159
SHA256338ecd0d1af2bb3edd27a49663a30fe9eca74aa99cfe078e0622304d1cef6fa4
SHA5120ce991bddb2074f0246d957a6f2d7452918c88ed00b7ffb687c0bd54e8e3ec99606c5b87a20e49522203dfa296bdf89322afd2514f49aeb9f1d5abbb413bc437
-
\Windows\Installer\MSI9FC7.tmp-\Microsoft.Deployment.WindowsInstaller.dllFilesize
172KB
MD534d4a23cab5f23c300e965aa56ad3843
SHA168c62a2834f9d8c59ff395ec4ef405678d564ade
SHA25627cf8a37f749692ab4c7a834f14b52a6e0b92102e34b85ffcb2c4ee323df6b9c
SHA5127853f1bc1e40c67808da736e30011b3f8a5c19ddf4c6e29b3e0eb458bea2e056fe0b12023ceac7145c948a6635395e466e47bdd6f0cfa1bd7f6a840e31e4694c
-
\Windows\Installer\MSI9FC7.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dllFilesize
77KB
MD57868ed46c34a1b36bea10560f453598f
SHA172330dac6f8aed0b8fde9d7f58f04192a0303d6b
SHA2565c17864f1572acec1f93cf6355cfd362c1e96236dcba790234985a3f108d8176
SHA5120cc913337e3334ff0653bc1fad044d9df60a8728c233dcc2c7f6139f14608740b70b57c25a9d2d895cbc4d59508779f342a72406e623d30365ae89fb2a3607ba
-
\Windows\Installer\MSI9FC7.tmp-\Smartbar.Infrastructure.Utilities.dllFilesize
12KB
MD589160109632ca3459a07c0eebd067021
SHA1124a6315565903806b187d21b9f9d8db32eba3a7
SHA256fa2e4147d3ff0e79a8cb2ce0fc965b7ccf97840d20325438488324fab5bc0f8b
SHA5120d6ddd1a02601a41c2d158d00272258c76315d589ab115d656167af3d1c5f9251368c9e85f9a36ed9d2ddad39d73e541ecfc9425163342094d0ef72d02f6d33c
-
\Windows\Installer\MSI9FC7.tmp-\Smartbar.Installer.CustomActions.dllFilesize
140KB
MD55c579c4e45c6f515c06cece15b0e7a56
SHA1c92a26439fb04afd860f74bed2cc4faac261c627
SHA256f1323e4b76c0b423859d5263b3541241bb93b693ca5f7e71786664c93c22d600
SHA512ddb219f3e6ebaed41242d03136ee8131c014332bf48233b64f1b9a62adc90ac99aa0d52c3172b6e4f6c8ea5da0e055ddae1bf30670f084c6be659ed98dbf3557
-
\Windows\Installer\MSI9FC7.tmp-\Smartbar.Resources.BrowserHelperUtils.dllFilesize
7KB
MD5873932eeab6826a9a8a300cd9fc160b4
SHA1ac82e4ea8c202419c07bedb5cd89a3f49398398d
SHA256396a7855cafef41132972cbabe38f9d72707392cf9f2824b1be43cf4fdda22ac
SHA512cb2c32ba6afd1bbff06aba92d85af78585236e080648c255734bf7edee937eb613ac848f059aa2a03d58cadfa1d509925b650d8576dd96843bd511988481e849
-
\Windows\Installer\MSI9FC7.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dllFilesize
88KB
MD5f91a5d59970d8b984b422c9b69346615
SHA1124fad0d27bad34b2757a1353e1213fe25bcbd29
SHA25651185b0e127a3284ed9c4104dd010f38e77ba2f5ead77bcecdab2020c4861579
SHA5127840abe0e117803de0752c22f8dd47034dab6d47684e7784d0b2137e877b1dc5986cddd57afb4f27a5dfec855a7ca70cab5ff61daccd9a8eae335aa88a5396e5
-
\Windows\Installer\MSI9FC7.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dllFilesize
103KB
MD5f0d0c318daca7e1ff3abde442a79d25a
SHA1da007f339272e1670d5d95f407f1cd23d4150375
SHA2565fb6269aa8de327693ad6ad67b9eb3e996a896416597bb117585a57f7a0f9f58
SHA51271bbff848461fe217e8ae814208dbe686dbb3532a6f8a2a6c43e7eb272377cc651ca6b6a13787ec6fd4b41848cb928f55c7f159735c0ebc2fbe01670c04209f6
-
\Windows\Installer\MSI9FC7.tmp-\Smartbar.Resources.SetBrowsersSettings.dllFilesize
154KB
MD5d99745d1f4d8013efacb9c65527904d1
SHA18db5756bcc2ef4d1d1205910b9aa0ca5c907f0f5
SHA256cbb016f9021e57cb1842e376e1e1d1024df53aa429d1cb9db9eb7a138f37ff12
SHA5125a410d42de0ae9cb65bace93c42e2d42109cc5d8e2ed7403541b258d6ca1f3d56d2f2c61f7a8c3f39cfeb4c487f08f269642b068bd2d33e9b629d43c71fedac3
-
memory/536-1303-0x000000001C1C0000-0x000000001C966000-memory.dmpFilesize
7.6MB
-
memory/536-1304-0x000000001D120000-0x000000001D8C6000-memory.dmpFilesize
7.6MB
-
memory/1536-1331-0x0000000000DB0000-0x0000000000DD6000-memory.dmpFilesize
152KB
-
memory/1536-1332-0x0000000000DE0000-0x0000000000E06000-memory.dmpFilesize
152KB
-
memory/1632-1222-0x00000000008E0000-0x00000000008F8000-memory.dmpFilesize
96KB
-
memory/1632-1221-0x00000000008E0000-0x00000000008F8000-memory.dmpFilesize
96KB
-
memory/2828-916-0x0000000000230000-0x0000000000256000-memory.dmpFilesize
152KB
-
memory/2828-1028-0x0000000003190000-0x0000000003273000-memory.dmpFilesize
908KB
-
memory/2828-942-0x0000000000460000-0x0000000000480000-memory.dmpFilesize
128KB
-
memory/3008-1276-0x0000000000990000-0x00000000009B6000-memory.dmpFilesize
152KB
-
memory/3008-1275-0x0000000000990000-0x00000000009B6000-memory.dmpFilesize
152KB
