Overview

overview

10

Static

static

10

JaffaCakes...6d.exe

windows7-x64

10

JaffaCakes...6d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2025 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe

  • Size

    4.9MB

  • MD5

    3412857a3afade21f86071e2f9a7fd6d

  • SHA1

    00ce956542aae84290594a6a187d537bfe965338

  • SHA256

    42a807f5e9dcad351d3f4b41b5e16203f590ada5a75700f6e297f68a4f631081

  • SHA512

    aaf083abcb4977e0e0f5e5d76a526e8c1b1e5ef6fef7ab373b411735dc2f475a63b54f9cb03a84a5eb29fb4b6daac63591db60823b637f259fa6fddc0958ec61

  • SSDEEP

    98304:2sPj6quMBYyuSFOMKykvYgS/ylTpHufHMpPbOZ39c7T3eeom2vJtPSh9i:7PjzayuSgMKykQgSaTkvMxEYT3OfPShg

Score
10/10
neshtasalitybackdoordefense_evasiondiscoverypersistencespywarestealertrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Detect Neshta payload 2 IoCs
  • Modifies firewall policy service 3 TTPs 6 IoCs
    defense_evasion
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Windows security bypass 2 TTPs 12 IoCs
    defense_evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 14 IoCs
    defense_evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    defense_evasiontrojan
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 47 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs
  • System policy modification 1 TTPs 2 IoCs
    defense_evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1112
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1160
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1192
          • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe
            "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe"
            2⤵
            • Modifies firewall policy service
            • UAC bypass
            • Windows security bypass
            • Loads dropped DLL
            • Modifies system executable filetype association
            • Windows security modification
            • Checks whether UAC is enabled
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1980
            • C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe
              "C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe"
              3⤵
              • Modifies firewall policy service
              • UAC bypass
              • Windows security bypass
              • Executes dropped EXE
              • Loads dropped DLL
              • Windows security modification
              • Checks whether UAC is enabled
              • Enumerates connected drives
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:1976
              • \??\c:\17b53ec55097746a5b1db44c3bac55c6\Setup.exe
                c:\17b53ec55097746a5b1db44c3bac55c6\Setup.exe
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                PID:1612
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1224

          Network

          MITRE ATT&CK Enterprise v15

          Reconnaissance

          Resource Development

          Initial Access

          Execution

          Persistence

          Create or Modify System Process

          1
          T1543

          Windows Service

          1
          T1543.003

          Event Triggered Execution

          1
          T1546

          Change Default File Association

          1
          T1546.001

          Privilege Escalation

          Abuse Elevation Control Mechanism

          1
          T1548

          Bypass User Account Control

          1
          T1548.002

          Create or Modify System Process

          1
          T1543

          Windows Service

          1
          T1543.003

          Event Triggered Execution

          1
          T1546

          Change Default File Association

          1
          T1546.001

          Defense Evasion

          Abuse Elevation Control Mechanism

          1
          T1548

          Bypass User Account Control

          1
          T1548.002

          Impair Defenses

          4
          T1562

          Disable or Modify System Firewall

          1
          T1562.004

          Disable or Modify Tools

          3
          T1562.001

          Modify Registry

          6
          T1112

          Credential Access

          Credentials from Password Stores

          1
          T1555

          Credentials from Web Browsers

          1
          T1555.003

          Unsecured Credentials

          1
          T1552

          Credentials In Files

          1
          T1552.001

          Discovery

          Peripheral Device Discovery

          1
          T1120

          Query Registry

          2
          T1012

          System Information Discovery

          4
          T1082

          System Location Discovery

          1
          T1614

          System Language Discovery

          1
          T1614.001

          Lateral Movement

          Collection

          Data from Local System

          1
          T1005

          Command and Control

          Exfiltration

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
            Filesize

            547KB

            MD5

            cf6c595d3e5e9667667af096762fd9c4

            SHA1

            9bb44da8d7f6457099cb56e4f7d1026963dce7ce

            SHA256

            593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d

            SHA512

            ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\0F76DD73_Rar\JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe
            Filesize

            4.8MB

            MD5

            cede02d7af62449a2c38c49abecc0cd3

            SHA1

            b84b83a8a6741a17bfb5f3578b983c1de512589d

            SHA256

            66b797b3b4f99488f53c2b676610dfe9868984c779536891a8d8f73ee214bc4b

            SHA512

            d2d99e06d49a5990b449cf31d82a33104a6b45164e76fbeb34c43d10bcd25c3622af52e59a2d4b7f5f45f83c3ba4d23cf1a5fc0c03b3606f42426988e63a9770

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\HFIE0FD.tmp.html
            Filesize

            18KB

            MD5

            7df9fd49a624f8b9df5d0c9932a2329e

            SHA1

            15c930448552f249e9b8deac998ff74fd4fe873b

            SHA256

            63a27abcd7fc9e98011b0dd6b435c9e9bd3192ff36879d15c75a0a6c9571fb2e

            SHA512

            9b56fcba9b3ce63550a5d32d9d4e73c9d4db1a151a6dd7bb609cd888369e1570715459920b18c682f596cf41c6fb24dc64eefebeca1c7bbe674403d8b4fab223

            Download Submit

          • C:\Windows\SYSTEM.INI
            Filesize

            257B

            MD5

            e937f4bc6acd09e737464ebb30bc3661

            SHA1

            a82df52e2e00a25c5d5a2737ff8ffa9d835cd903

            SHA256

            f578b69f1bd93eba8cc3914be89a18dcee507cbd6b6d2f0874823f05476e0216

            SHA512

            2d8c5ef1115aba0fc1a5cb99b0cede5790fb4f5eec45740ffc8f9f8ad76e745f46d9f397a3d6ff11541f8028f1b3e26589d64e00395f8689389247128cf93456

            Download Submit

          • \17b53ec55097746a5b1db44c3bac55c6\1033\SetupResources.dll
            Filesize

            16KB

            MD5

            718ab3eb3f43c9bcf16276c1eb17f2c1

            SHA1

            a3091fd7784a9469309b3edb370e24a0323e30ac

            SHA256

            e1a13f5b763d73271a1a205a88e64c6611c25d5f434cfa5da14feb8e4272ffaa

            SHA512

            9fa8a8d9645a9b490257c2dce3d31f1585f6d6069f9471f9e00dfaa9e457ff1db4c9176a91e02d7f0b61bae0c1fc76b56061eff04888a58aeb5ad2e8692fcf8a

            Download Submit

          • \17b53ec55097746a5b1db44c3bac55c6\Setup.exe
            Filesize

            76KB

            MD5

            9a1141fbceeb2e196ae1ba115fd4bee6

            SHA1

            922eacb654f091bc609f1b7f484292468d046bd1

            SHA256

            28563d908450eb7b7e9ed07a934e0d68135b5bb48e866e0a1c913bd776a44fef

            SHA512

            b044600acb16fc3be991d8a6dbc75c2ca45d392e66a4d19eacac4aee282d2ada0d411d832b76d25ef505cc542c7fa1fdb7098da01f84034f798b08baa4796168

            Download Submit

          • \17b53ec55097746a5b1db44c3bac55c6\SetupUi.dll
            Filesize

            288KB

            MD5

            c744ec120e54027c57318c4720b4d6be

            SHA1

            ab65fc4e68ad553520af049129fae4f88c7eff74

            SHA256

            d1610b0a94a4dadc85ee32a7e5ffd6533ea42347d6f2d6871beb03157b89a857

            SHA512

            6dcd0ab7b8671e17d1c15db030ee5349ab3a123595c546019cf9391ce05f9f63806149c3ec2f2c71635cb811ab65ad47bcd7031e2eff7a59059577e47dd600a7

            Download Submit

          • \17b53ec55097746a5b1db44c3bac55c6\sqmapi.dll
            Filesize

            141KB

            MD5

            3f0363b40376047eff6a9b97d633b750

            SHA1

            4eaf6650eca5ce931ee771181b04263c536a948b

            SHA256

            bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

            SHA512

            537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1028\LocalizedData.xml
            Filesize

            29KB

            MD5

            7fc06a77d9aafca9fb19fafa0f919100

            SHA1

            e565740e7d582cd73f8d3b12de2f4579ff18bb41

            SHA256

            a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

            SHA512

            466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1031\LocalizedData.xml
            Filesize

            40KB

            MD5

            b83c3803712e61811c438f6e98790369

            SHA1

            61a0bc59388786ced045acd82621bee8578cae5a

            SHA256

            2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

            SHA512

            e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1033\LocalizedData.xml
            Filesize

            38KB

            MD5

            d642e322d1e8b739510ca540f8e779f9

            SHA1

            36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

            SHA256

            5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

            SHA512

            e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1036\LocalizedData.xml
            Filesize

            40KB

            MD5

            e382abc19294f779d2833287242e7bc6

            SHA1

            1ceae32d6b24a3832f9244f5791382865b668a72

            SHA256

            43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

            SHA512

            06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1040\LocalizedData.xml
            Filesize

            39KB

            MD5

            0af948fe4142e34092f9dd47a4b8c275

            SHA1

            b3d6dd5c126280398d9055f90e2c2c26dbae4eaa

            SHA256

            c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248

            SHA512

            d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1041\LocalizedData.xml
            Filesize

            33KB

            MD5

            7fcfbc308b0c42dcbd8365ba62bada05

            SHA1

            18a0f0e89b36818c94de0ad795cc593d0e3e29a9

            SHA256

            01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2

            SHA512

            cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1042\LocalizedData.xml
            Filesize

            32KB

            MD5

            71dfd70ae141f1d5c1366cb661b354b2

            SHA1

            c4b22590e6f6dd5d39e5158b831ae217ce17a776

            SHA256

            cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331

            SHA512

            5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\1049\LocalizedData.xml
            Filesize

            39KB

            MD5

            0eeb554d0b9f9fcdb22401e2532e9cd0

            SHA1

            08799520b72a1ef92ac5b94a33509d1eddf6caf8

            SHA256

            beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c

            SHA512

            2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\2052\LocalizedData.xml
            Filesize

            30KB

            MD5

            52b1dc12ce4153aa759fb3bbe04d01fc

            SHA1

            bf21f8591c473d1fce68a9faf1e5942f486f6eba

            SHA256

            d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3

            SHA512

            418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\3082\LocalizedData.xml
            Filesize

            39KB

            MD5

            5397a12d466d55d566b4209e0e4f92d3

            SHA1

            fcffd8961fb487995543fc173521fdf5df6e243b

            SHA256

            f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89

            SHA512

            7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\DHTMLHeader.html
            Filesize

            15KB

            MD5

            cd131d41791a543cc6f6ed1ea5bd257c

            SHA1

            f42a2708a0b42a13530d26515274d1fcdbfe8490

            SHA256

            e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

            SHA512

            a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\ParameterInfo.xml
            Filesize

            8KB

            MD5

            46db5d342d306778cab61e413a84fece

            SHA1

            d0885ae1f706e014015cacb0cd67ca786d0962c2

            SHA256

            227bd903261486663665ba232b753781bafd7afba68b5614ad93d6d1f5a1e16b

            SHA512

            5de734ce86888ae41db113be13b8b6652f67de8e7ff0dc062a3e217e078ccafacf44117bbfff6e26d6c7e4fa369855e87b4926e9bdfa96f466a89a9d9c67a5bc

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\SetupEngine.dll
            Filesize

            789KB

            MD5

            a030c6b93740cbaa232ffaa08ccd3396

            SHA1

            6f7236a30308fbf02d88e228f0b5b5ec7f61d3eb

            SHA256

            0507720d52ae856bbf5ff3f01172a390b6c19517cb95514cd53f4a59859e8d63

            SHA512

            6787195b7e693744ce3b70c3b3ef04eaf81c39621e33d9f40b9c52f1a2c1d6094eceaebbc9b2906649351f5fc106eed085cef71bb606a9dc7890eafd200cfd42

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\SetupUi.xsd
            Filesize

            29KB

            MD5

            2fadd9e618eff8175f2a6e8b95c0cacc

            SHA1

            9ab1710a217d15b192188b19467932d947b0a4f8

            SHA256

            222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

            SHA512

            a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\Strings.xml
            Filesize

            13KB

            MD5

            332adf643747297b9bfa9527eaefe084

            SHA1

            670f933d778eca39938a515a39106551185205e9

            SHA256

            e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

            SHA512

            bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\UiInfo.xml
            Filesize

            35KB

            MD5

            4f90fcef3836f5fc49426ad9938a1c60

            SHA1

            89eba3b81982d5d5c457ffa7a7096284a10de64a

            SHA256

            66a0299ce7ee12dd9fc2cfead3c3211e59bfb54d6c0627d044d44cef6e70367b

            SHA512

            4ce2731c1d32d7ca3a4f644f4b3111f06223de96c1e241fcc86f5fe665f4db18c8a241dae4e8a7e278d6afbf91b235a2c3517a40d4d22d9866880e19a7221160

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\graphics\SysReqMet.ico
            Filesize

            1KB

            MD5

            661cbd315e9b23ba1ca19edab978f478

            SHA1

            605685c25d486c89f872296583e1dc2f20465a2b

            SHA256

            8bfc77c6d0f27f3d0625a884e0714698acc0094a92adcb6de46990735ae8f14d

            SHA512

            802cc019f07fd3b78fcefdc8404b3beb5d17bfc31bded90d42325a138762cc9f9ebfd1b170ec4bbcccf9b99773bd6c8916f2c799c54b22ff6d5edd9f388a67c6

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\graphics\SysReqNotMet.ico
            Filesize

            1KB

            MD5

            ee2c05cc9d14c29f586d40eb90c610a9

            SHA1

            e571d82e81bd61b8fe4c9ecd08869a07918ac00b

            SHA256

            3c9c71950857ddb82baab83ed70c496dee8f20f3bc3216583dc1ddda68aefc73

            SHA512

            0f38fe9c97f2518186d5147d2c4a786b352fceca234410a94cc9d120974fc4be873e39956e10374da6e8e546aea5689e7fa0beed025687547c430e6ceffabffb

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\graphics\print.ico
            Filesize

            1KB

            MD5

            7e55ddc6d611176e697d01c90a1212cf

            SHA1

            e2620da05b8e4e2360da579a7be32c1b225deb1b

            SHA256

            ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

            SHA512

            283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\graphics\save.ico
            Filesize

            1KB

            MD5

            7d62e82d960a938c98da02b1d5201bd5

            SHA1

            194e96b0440bf8631887e5e9d3cc485f8e90fbf5

            SHA256

            ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

            SHA512

            ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\graphics\setup.ico
            Filesize

            35KB

            MD5

            3d25d679e0ff0b8c94273dcd8b07049d

            SHA1

            a517fc5e96bc68a02a44093673ee7e076ad57308

            SHA256

            288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

            SHA512

            3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\header.bmp
            Filesize

            7KB

            MD5

            3ad1a8c3b96993bcdf45244be2c00eef

            SHA1

            308f98e199f74a43d325115a8e7072d5f2c6202d

            SHA256

            133b86a4f1c67a159167489fdaeab765bfa1050c23a7ae6d5c517188fb45f94a

            SHA512

            133442c4a65269f817675adf01adcf622e509aa7ec7583bca8cd9a7eb6018d2aab56066054f75657038efb947cd3b3e5dc4fe7f0863c8b3b1770a8fa4fe2e658

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\vc_red.cab
            Filesize

            4.0MB

            MD5

            c580a38f1a1a7d838076a1b897c37011

            SHA1

            c689488077d1c21820797707078af826ea676b70

            SHA256

            71c0acc75eecdf39051819dc7c26503583f6be6c43ab2c320853de15bece9978

            SHA512

            ea3a62bd312f1ddeebe5e3c7911eb3a73bc3ee184abb7e9b55bc962214f50bbf05d2499caf151d0bd00735e2021fbea9584bf3e868a1d4502b75ec3b62c7ff56

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\vc_red.msi
            Filesize

            160KB

            MD5

            3ff9acea77afc124be8454269bb7143f

            SHA1

            8dd6ecab8576245cd6c8617c24e019325a3b2bdc

            SHA256

            9ecf3980b29c6aa20067f9f45c64b45ad310a3d83606cd9667895ad35f106e66

            SHA512

            8d51f692747cfdd59fc839918a34d2b6cbbb510c90dea83ba936b3f5f39ee4cbd48f6bb7e35ed9e0945bf724d682812532191d91c8f3c2adb6ff80a8df89ff7a

            Download Submit

          • \??\c:\17b53ec55097746a5b1db44c3bac55c6\watermark.bmp
            Filesize

            301KB

            MD5

            1a5caafacfc8c7766e404d019249cf67

            SHA1

            35d4878db63059a0f25899f4be00b41f430389bf

            SHA256

            2e87d5742413254db10f7bd0762b6cdb98ff9c46ca9acddfd9b1c2e5418638f2

            SHA512

            202c13ded002d234117f08b18ca80d603246e6a166e18ba422e30d394ada7e47153dd3cce9728affe97128fdd797fe6302c74dc6882317e2ba254c8a6db80f46

            Download Submit

          • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
            Filesize

            252KB

            MD5

            9e2b9928c89a9d0da1d3e8f4bd96afa7

            SHA1

            ec66cda99f44b62470c6930e5afda061579cde35

            SHA256

            8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

            SHA512

            2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

            Download Submit

          • \Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_3412857a3afade21f86071e2f9a7fd6d.exe
            Filesize

            4.8MB

            MD5

            fd1ad53e21c51159035db3a6d5c699e8

            SHA1

            f01e7a89ca9edee86ed60c8dd6a3cc20cc5a8abd

            SHA256

            4f46f94190b16c3c1b70cd81f407cbb2b4484ba6cd343b42dee0a1ec1a80be34

            SHA512

            1287fecf4f539be5136c07093334e2b99f6f1a64d53d5c2393e6112a832e84273d18063942437e9f40c06fa60293644fef2e60589b9651a8d763cecd49c1d9fa

            Download Submit

          • memory/1112-24-0x0000000002170000-0x0000000002172000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1612-279-0x00000000001F0000-0x00000000001F2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1612-272-0x0000000000200000-0x0000000000201000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1612-273-0x00000000001F0000-0x00000000001F2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1976-167-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-22-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-39-0x0000000000870000-0x0000000000871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1976-21-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-23-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-18-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-19-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-168-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-43-0x0000000000280000-0x0000000000282000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1976-223-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-225-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-224-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-232-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-233-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-330-0x0000000001000000-0x00000000014EA000-memory.dmp

            Filesize

            4.9MB

            Download

          • memory/1976-11-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-275-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-274-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-20-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-255-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-256-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-169-0x00000000028F0000-0x000000000397E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1976-258-0x0000000000280000-0x0000000000282000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1980-257-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1980-31-0x0000000000250000-0x0000000000252000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1980-32-0x00000000003F0000-0x00000000003F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1980-242-0x0000000000250000-0x0000000000252000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1980-41-0x0000000000250000-0x0000000000252000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1980-33-0x00000000003F0000-0x00000000003F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1980-8-0x0000000002DC0000-0x00000000032AA000-memory.dmp

            Filesize

            4.9MB

            Download