e67777b181a1ca1f21890bd0da9b177bcd850498375af8f1b0d3d61c7a54c9d0

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Size

9.6MB
MD5

088a5597c25de7da7946d6475c41c42b
SHA1

13f7ddd4906ec5a8b0df28ce352a50d07f721f23
SHA256

e67777b181a1ca1f21890bd0da9b177bcd850498375af8f1b0d3d61c7a54c9d0
SHA512

fd202e54338b8c7b15901d4e43fb8d15a76c4bc4145fd742c3a9161371a696eebe7974b6523326a78d99d395a5a79274749b187ab44ac3d508d1a2bc08cbccba
SSDEEP

196608:ymW+JpzqHHQRgJvfFU4NdHj00YY0e8XIt6YTJNie3iTBfAGk+fAJK/JxdcqNatBM:3GHHQRgXdH40YY05XIpTJseyNM+YI/6y

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1460	PPAP.exe

Loads dropped DLL 29 IoCs

pid	Process
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3452	regsvr32.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
1460	PPAP.exe
1460	PPAP.exe
1460	PPAP.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\PPLive\PPTV\tab\3\2\2.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\white_dot.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\list_livebtn.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\resize1002.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\tab\4\0\2.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\data\NoCache.List	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\hj_expand.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\exbg_bot.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\gbg_bot.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\btn_min_2.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\scrollbar_pageup_hover.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\bg_right_bot.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\asc.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\chrome\signin.xml	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\data\local\page2.html	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\list_search.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\scrollbar_downarrow.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\common\checkbox_checked_hover.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\hot_5.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\bg_left_top.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\exbg_right.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\adselector_title.jpg	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\playerinfo.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\gbg_top.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\list_cate_new.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\resizeback.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\tab\8\1\1.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\exbg_top.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\list_class_bg.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\chrome\NoAds.xml	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\notop.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\ch.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\checkstart_hover.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\gbg_top.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\max_hover.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\passport_bot_hover.gif	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\icons\PPTV.AMR.ico	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\close.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\btn_screennormal.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\bg_top.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\btn_close_2.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\list_close.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\pdot.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\common\checkbox_down.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\tab\4\3\2.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\chrome\NewDownloadTask.xml	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\data\face\em39-²»·þ.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\mini_main_l.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\scrollbar_uparrow_hover.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\scrollbar_pageup_hover.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\s_close.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\default\passport_menu_hover.gif	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\scrollbar_vthumb.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\menu_hover.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\exbg_right_bot.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic\scrollbar_vthumb_down.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\btn_close_3.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\dt_item_sel.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\PPLiveNetwork\resource\ikan-p.ico	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\icons\PPTV.FLV.ico	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\close_down.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\playerinfo.bmp	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\common\radio_down.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
File created	C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\list_so_left.png	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\AppPath = "%CommonProgramFiles%\\PPLiveNetwork"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\ButtonText = "PPLive"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\MenuText = "PPLive"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\MenuStatusBar = "PPLive"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\HotIcon = "C:\\Program Files (x86)\\PPLive\\PPTV\\icons\\PPLive.ico"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\Exec = "C:\\Program Files (x86)\\PPLive\\PPTV\\PPLive.exe"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\Default Visible = "Yes"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\AppName = "PPAP.exe"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}\Icon = "C:\\Program Files (x86)\\PPLive\\PPTV\\icons\\PPLive.ico"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\Policy = "3"	PPAP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPLive.Lite	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E62D3029-1430-49F8-9470-2A192B02E433}\VersionIndependentProgID\ = "Ifupt.Update"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{628DF9B1-785D-44BA-AC9D-E9E226F01987}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{203AFF7C-C6A8-46F5-B32C-C6A7F4E79A62}\TypeLib\Version = "1.0"	PPAP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\ProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Explorer\\PPLite\\plugin\\pplugin2.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\TypeLib\ = "{7163F003-E2FD-4C06-A268-F36C1083FBC0}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F770594-0FC9-44DB-AD75-47C808CB7B44}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MngModule.Manager.1\CLSID	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{203AFF7C-C6A8-46F5-B32C-C6A7F4E79A62}\ = "_IManagerEvents"	PPAP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MngModule.Manager\CLSID	PPAP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\LocalServer32	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\ProgID\ = "Ifupt.DPlugin.1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{377AC21C-4921-4C3F-9240-7756548790FB}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Common Files\\PPLiveNetwork"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{203AFF7C-C6A8-46F5-B32C-C6A7F4E79A62}\TypeLib\Version = "1.0"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{203AFF7C-C6A8-46F5-B32C-C6A7F4E79A62}\TypeLib\ = "{377AC21C-4921-4C3F-9240-7756548790FB}"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04987413-5E4A-472F-9899-0A092233239E}\TypeLib\Version = "1.0"	PPAP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\synacast\DefaultIcon	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPLive.Lite\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ifupt.DPlugin\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\VersionIndependentProgID\ = "Ifupt.DPlugin"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F770594-0FC9-44DB-AD75-47C808CB7B44}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Explorer\\PPLite\\plugin\\pplugin2.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C016F89-DC77-481D-A82F-A5345DFB7FB8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C016F89-DC77-481D-A82F-A5345DFB7FB8}\TypeLib\ = "{6F770594-0FC9-44DB-AD75-47C808CB7B44}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{579A418B-2440-4278-9CC1-25E85E1C9D09}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{203AFF7C-C6A8-46F5-B32C-C6A7F4E79A62}\TypeLib	PPAP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{377AC21C-4921-4C3F-9240-7756548790FB}	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{377AC21C-4921-4C3F-9240-7756548790FB}\1.0\0\win32\ = "C:\\Program Files (x86)\\Common Files\\PPLiveNetwork\\MngModule.dll"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF0D1A14-1033-41A2-A589-240C01EDC078}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{579A418B-2440-4278-9CC1-25E85E1C9D09}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\ProgID\ = "MngModule.Manager.2"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\LocalServer32\ = "C:\\Program Files (x86)\\Common Files\\PPLiveNetwork\\PPAP.exe"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ifupt.DPlugin\CurVer\ = "Ifupt.DPlugin.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AB37F5E2-E5EC-4E8D-8978-420074EA4DC0}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C016F89-DC77-481D-A82F-A5345DFB7FB8}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pptv\DefaultIcon	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\TypeLib	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Synacast\Customer = "forqd1"	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF0D1A14-1033-41A2-A589-240C01EDC078}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\synacast\Shell\Open\Command	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MngModule.Manager.2\CLSID	PPAP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04987413-5E4A-472F-9899-0A092233239E}	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04987413-5E4A-472F-9899-0A092233239E}\ = "IManager"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C016F89-DC77-481D-A82F-A5345DFB7FB8}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{579A418B-2440-4278-9CC1-25E85E1C9D09}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA7DFF65-E473-4efe-ADF0-FC1E50CDFC82}\InprocServer32\ThreadingModel = "Apartment"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPLive.Lite\CurVer\ = "PPLive.Lite.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF0D1A14-1033-41A2-A589-240C01EDC078}\MiscStatus\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F770594-0FC9-44DB-AD75-47C808CB7B44}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C016F89-DC77-481D-A82F-A5345DFB7FB8}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{628DF9B1-785D-44BA-AC9D-E9E226F01987}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{579A418B-2440-4278-9CC1-25E85E1C9D09}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF0D1A14-1033-41A2-A589-240C01EDC078}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6F770594-0FC9-44DB-AD75-47C808CB7B44}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04987413-5E4A-472F-9899-0A092233239E}\ProxyStubClsid32	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF0D1A14-1033-41A2-A589-240C01EDC078}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Explorer\\PPLite\\plugin\\pplugin2.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{579A418B-2440-4278-9CC1-25E85E1C9D09}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Synacast\Shell	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{377AC21C-4921-4C3F-9240-7756548790FB}\1.0\FLAGS\ = "0"	PPAP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ifupt.Update.1\CLSID\ = "{E62D3029-1430-49F8-9470-2A192B02E433}"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 3452	3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe	85
PID 3216 wrote to memory of 3452	3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe	85
PID 3216 wrote to memory of 3452	3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe	85
PID 3216 wrote to memory of 1460	3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe	91
PID 3216 wrote to memory of 1460	3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe	91
PID 3216 wrote to memory of 1460	3216	088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\088a5597c25de7da7946d6475c41c42b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s "C:\Program Files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3452
- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
  "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" /RegServer
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\PPLiveNetwork\player\CoreAVC.ax

Filesize
181KB

MD5
c264fed121afd44bda8bf0ff8f4e4269

SHA1
7480a3b26b81045a1504e68e15225682bcc6f440

SHA256
cb8d9d80dcd48d9a9e3d87c847c47125f7201a98fb5abb4bd6c443322071b951

SHA512
99ed4b723b2b7a90fce8e9bf9ee8d5a1440c4d569638ff6a1aa59354c8bca91618a13c440f754fad3ae22c306709da35b4c53b8a00a09753027eaed0d238052b

Download Submit
C:\Program Files (x86)\Common Files\PPLiveNetwork\player\audioswitcher.ax

Filesize
304KB

MD5
9ab21c1c96fcb113ff93cd641b88112e

SHA1
d5ffe5945ebbeaf73a0e1d7470d0a2f72b08f6ff

SHA256
bff1bf09ff63a3fd600cbf36684aa01da6a08b63498ae549b15f0964572c3ea6

SHA512
44cf7f6d8e51aa6c8d98f1c5456c391fe812d6df4c6b68450d0ba4ee920e86a22433f22ee3f367a8f1183c0276fbe0eaeb2de7987ac9acf51f542a0a84451293

Download Submit
C:\Program Files (x86)\Common Files\PPLiveNetwork\product.ini

Filesize
174B

MD5
f5a77eee2dbe7baf637118e56ca72be2

SHA1
790952148b594d4471e12187cba615160d5ce8a4

SHA256
10ede6fe253f0d033301f228bf5690450bd7fd0d486b604e748b9bbb9d01d78d

SHA512
9f68ecf4d0863dfb68e5c5fcb76ace333ab9bbc7b40ce89043ab98e7eecaee464a8d5c1e77da99bd3dc20731084f5df8962d0611113c03dc23dbd66f075fed99

Download Submit
C:\Program Files (x86)\Common Files\PPLiveNetwork\resource\ikan-p.ico

Filesize
126KB

MD5
96651dcf6e6acc9966f24b31c84f6937

SHA1
847e145c951139bb2736eb5f32e82f55b565a0c3

SHA256
e72970a5e442fc1e22e2363a1a8a81b7e8d7dcc3032e582c410fde47779116ba

SHA512
0035d9e69142a6b843db7e33adadef35d55f81d148c44b90ef38d1e234f0c666d03286f742694c024f51db1f96e4c8517f852091cff12e317781a469da2d8afa

Download Submit
C:\Program Files (x86)\PPLive\PPTV\PlugOut\client_ap.dll

Filesize
446KB

MD5
13bdd430284805dbec8c68b99259e4cd

SHA1
f0ecf785efa6de53dc0440b934ee01cbdc6f943d

SHA256
67bcafadeced563063841597f87a168bb2cb059d6827154513cc4963f258f40e

SHA512
1777646d25ef3aaffe9199b192d3aebdf35a9d46d784bb52ab2dc35816bee4b348925744575dac6f96d8abd3b999285b86fb714cb31887fbb06fc461c77b7463

Download Submit
C:\Program Files (x86)\PPLive\PPTV\components\PPFrame.dll

Filesize
524KB

MD5
3496214c887b22fdd63b419983f1fc4b

SHA1
5c0d70648fa66214928b2ee0d53f0b92d8d391da

SHA256
63e156ff3d029a0a556013749e4ae049e5d7344ce23c84f997a40ce1415a4f4c

SHA512
536beced9d326d3b39d5342a3e47f187db5163eada2321facb9a26776de0b4e436318f207d862d6ac56e54db69e6072674fffbd398d111d0ee5190886b963ec7

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\ICON\PPLive.ico

Filesize
126KB

MD5
9f00095091415c1e065e9fc44b51ea7a

SHA1
5dfcaac94c6264f058f726372efb9a5be452bfb4

SHA256
9a270237bbd86d4c57e526f36ef6542b1653bb7313dd84000ec1db3bb8293114

SHA512
942f4f94ee34bdb35b3f5b616cacf0ea51d7d2ca4d15dd2e60e1cfbd0ae1d0254cea5e71e4e849c963c8ff85c1dd6116d41ef01119861d2b5f658aab18a55f32

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\PlayProgress2.bmp

Filesize
16KB

MD5
8e52e745125306ee4c1a820b16a47f97

SHA1
ffd685465eaec0cfe3b69abbd928dc9e7cadc0ab

SHA256
f890ad1dd6c2cd54fc5127c430d121bc6945a29c26afbac498e40d0b68c0c197

SHA512
10aad92675645e15b88e09a2eaff3f02770ecf18e25d43518b65a635409e479be2a65c25455321be1f362b0e9ab8302aaa345d61a5e96921cb4ecf1769fa8d4a

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\list_HD.png

Filesize
544B

MD5
22b53edfe6e1d6bde4c145fe4eeb01a5

SHA1
11e8c70756e18ffb8b7c03cb17f9f8e1ccbd9cb6

SHA256
9ed30eb5783647a0f4d3838dd9a4df81794c0234b237e73327aa7b24cfc28f43

SHA512
7ffbed90c92b76d73fd4f537ef1c7d92ecc3ea533c0382a89c2c835e29f7a8af86e46c9f898879814b47c0a6d64b88ae509f63aafc7d6d26b4ec5b80c2e2ac68

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\list_livebtn_down.png

Filesize
757B

MD5
cb96f0c57d50eeadf658f1bd858353ee

SHA1
2367654541eaf27ed1e86b506d3199c18f183ed7

SHA256
36630d09b394828852c5133a3ee909c8d2b5b402cf81477a5036597259943a1d

SHA512
e5a5343e5f3fd57b6f6f8207b86ac13ae9d29213af646aabe9dc5e287989052106c23ee6c809a0cc5024449852435eb897154bc94b68e984dff5759c4d0bc2fc

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\scrollbar_pagedown_hover.bmp

Filesize
938B

MD5
164b0e5435d98c9b78e5a8b2f67032f0

SHA1
7e97a10a4889f0a40fc09fe0af457994a3f29b54

SHA256
6909bc2d3367d8d28a4f43b4b5dfdfa0118f9d3bc36d758ecfba3241cb0a3e23

SHA512
b1f52be072d6ffcd901bcad633dd74c50eb499f8945158ac1009e7f3690406d43e49dc5469858113e334a5ab12f24560f5d1d9e5af9cb56c9b4287633ae5027a

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\3xgiving\scrollbar_vthumbgripper_down.bmp

Filesize
67B

MD5
790d30d59169ff4af1fdf4758a0dc742

SHA1
fc09b7ac084e59ec4556d2d407beb6b6e38137ca

SHA256
7bcaf21d25e29965e887e09a4542afd4ffafe3a6c788dd0184c5efb7a7f839d1

SHA512
4b0eaccce9d297f94c7d8f23f3593fa409051112478551cb2ea39af22e801199b76fcf3875ca51fc705fcff95b4bcb45e3c4284ea2788f5c47d9c38fa0391b7f

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\PlayProgress2.bmp

Filesize
12KB

MD5
e4e993436f1d6c079f51d3c3b5c00ffa

SHA1
2f56caef164858c22ed17ced0e09e94fde578c15

SHA256
aef46f4191ce7404add9bd7429fce703060d8d226f02c25229b4dcb4d18efd03

SHA512
e5b4bef624637d169c8b01e87e520b698dda9f39d1e148d706683eeb12c930eb6cb849d6b77a359b18396bcc10247aa5953bef95873e6bfbcac5ec08592425d7

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\download_pause.png

Filesize
1KB

MD5
387bc6e9662bb349881a011eff57835f

SHA1
b7f31f4cc56b024b75f54d56d5d88ab5fc32902c

SHA256
0a2c55b70d3a90367c3b299b9963259f93f51badef602a6ffc8179f81899fb57

SHA512
d82264866931c88988e594959315e87be468ccfdb65be0f5e6a5712748262c781b1c6a241b098b0f2e1ed5bc5c466c52953eecf211a6a08c9ea5f1e439126184

Download Submit
C:\Program Files (x86)\PPLive\PPTV\skins\classic_b\scrollbar_pagedown.bmp

Filesize
938B

MD5
8cef089386ebde8d75be4f1ff484dedf

SHA1
9b0d2df216ab05a77dd2d26e25f74ad0f74215e7

SHA256
00ef4863718b02036cba33c6c6a9c418257055ae9ecc05e2e9e363ff7164d31c

SHA512
27aeb168cc70c16ae64f60507250c935038bec80c084c0d54b8a273ec3f4311d02c3c3cf1320a4b87286760187d0654f17bdaf5a7698f970624973912f64d822

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\AsynDownload.dll

Filesize
29KB

MD5
72f5fa9eb744818136a0ad6b5bc3b332

SHA1
23facc141497c0c27bf25ee2d81b37bdfb5a1e9c

SHA256
ef89ba69fa02c1617005b2cab71981126f926c50fe21fef454de2a91f3b27edd

SHA512
5bf62bbff9ff8e78367b3fce41b9cdad4cefcd8b02c114fe4b71a302365af68f6ba6b9a4871ecbf877bc12d3e5c0876a344041cc46adb4e89efeaa30d512401c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\CommonFuncDll.dll

Filesize
37KB

MD5
00de58cb2a798857a6c0cab3f4e9ea3c

SHA1
c7b0491b1b71d24ce47f04c4ea731ae5b92e8fef

SHA256
23c9523fe7802d7e48b15725a2f509ccc0ab674f10be75635412f21975a13a94

SHA512
0c77b158f16746aa36d84fd83b171781ad9362c03a4fb746bc3b6d9b4cc6a2b7c642dc1236ac4ae325e243ef8836e1057c723b95c1cd5ef2d80566f83110a8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\CoreAAC.ax

Filesize
312KB

MD5
b0ffac757be8d6cc41e1131eb2b0d959

SHA1
0e41733a050bc2ed53fda6337d6501b9942317c2

SHA256
04bf38bbd9cb8287582f9a2fb8b06e0ab30f06f676a93f4a56656b576f10e597

SHA512
356ecf4902f767f74670e5fcd57f26fb8a43710d0a2b3a995877e6f265119b2f091c6e5e3457dfa1767c6e4043afc470cc7090f43dd997b27c0e94c7e102bee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\CoreAVC.2.0.0.0.ax

Filesize
265KB

MD5
a45cfb1f058297ae981f8afeef056b8d

SHA1
e454ed585a0f19d3119cef725958ea19c93cd7cf

SHA256
779768aa0bf2270422e1686547ae622238e7b7cf37ce212a1d75caf8628c1508

SHA512
efa87c97e4f76d5fbd73d2e0c5c580c719518d4e3e7e16efdb1355b659c9584956bc7df944f0d637f069f359a046fe65bfd178e4cbaf97fbb5921ebd29e09aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\FWUpnp.dll

Filesize
140KB

MD5
be2d4b56d5d40afca9c804d0776a25c6

SHA1
7ea48cf0e980fe999f14338f44ad4c57c9b714de

SHA256
e54031818e6449897e3a81f0637b0af7618f6aa9e1530c3bf4989d2fabe4a2d4

SHA512
f32b8e1d27acb7c9021dcc6cd426599374f61a78fd38a0f9d0bf5bf63c424ca816e3859387d98b3060592ea86d1743c5ff149099bcab4da9e31ff7abc81fd627

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\FindProcDLL.dll

Filesize
20KB

MD5
943ccc923be093185c04e893245e55c4

SHA1
5d48cfcbe7a659e8c1da7127aced2cffb8e6d125

SHA256
893607cef43f3dbe210b301c6b91d426a4eca11694d8feb5104edd329365f57d

SHA512
5006e7b312a3182b4d638a38579ff1bbbaecf288995d23135d201745b4d2b999357ce8ca051decd51c55620fc144e536d51846f73e42d76c5cd058a00c5661f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\Gallop.dll

Filesize
61KB

MD5
1d35ca1932177d72945e8210a7ba6473

SHA1
5bd7f1904e0b2ab8204293785cb4cb3382280a28

SHA256
0eeffe35f50a01473d58ec87ce5a933beb1f932a37ec1abdd35c4db4191df28f

SHA512
b57f23344b186156e6a1beb2c76cc1a4c9cb1ebbf6e82c00d328f0f6878f3347c8f8d73f1687b37bae10d338292686dc05c43c8b3f1212d8c3e828185289a1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\GdiPlus.dll

Filesize
1.7MB

MD5
0c38476c6e51c95144f648b78fb579d8

SHA1
1a85ebc7203e7f0dc5297e6c5a056d52d45c447c

SHA256
04495ada069d6d176f14115738782cc8660c575e90046919a02792c274260f02

SHA512
5800fd07a1ab41a14aa1d413d0d2e54583e61086937bbc6b9b8901726f6944fb75fabc45ef1ae44ca9a0b00240c5df50a8a826ce7f2a33581ec21f9fd47be8d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\HTTP_ASF_SOURCE.ax

Filesize
511KB

MD5
2ca0666cb7eebc4f31d1b1cd5567defa

SHA1
57937bc69d62e8405742137b94172b129274c77d

SHA256
5ccfce12fdeb592955cd14154446374a547864a6b5ef1a5a5d9cd801121a0128

SHA512
bac83324d390f961aec228ddee702a0709e9e59501500592e8fc5f30e0236719836b86c880e9cc90af3747c2b23dcce7ce1b7b29121740c82a0b9fb8fc086e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\Hookkernel.dll

Filesize
275KB

MD5
65c2129a5c0cabd657022cf49a1a96a3

SHA1
03c529e0226eb5b41cd91708512dbd58edecd600

SHA256
0aa0271fc27552af57fd171c3288b00b600c912a60d8752bf70f90b997f5d67c

SHA512
b9900c3f6c93cf30c55cf718d96743728535bcb820ffaf4efa3c1ab874c684903a8fb30c2e88babdd468c2badc49306186df95f32d86bfb1a84d8d182bc8143c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\IEBrowser.dll

Filesize
209KB

MD5
fc6f1a6895679f0043609aa24b8bbf65

SHA1
4f3a6a730f52ec4f6437201f39c3d277ea4f6007

SHA256
e6082f7afff0e65503ccda11ec1fd87999b41e1952e6a18e72c1ada891954169

SHA512
b7978bed8b42038b820ff042b7ce96e6d6df029ddeecf03ce7be862a1c3523129dfa5f47a329fbbd2d49b09b5a43f57d26458bfa2c3103eaf6066c33ab2bcf58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\IEProxy.dll

Filesize
225KB

MD5
dd5706db7e75941e3658731b86ef7d6b

SHA1
0254d7ecc87f3bf6345fb4c0ae35be492e495450

SHA256
83f9daccbb75bd6105c1586119aae0309c29578cfac82f5a5fa9371bd4e71d5e

SHA512
af2c76de0741f4c405ed4636c7bcccd5be05319554ea15ee0a78cb0b2cfd37b470bb410298dd80dec4a10cc39040c7a5678a7aec6542d8ad0b98e47f7648a9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\Live.dll

Filesize
205KB

MD5
ec03fa69a025dc807314b9dcb5498986

SHA1
a0f5abfa07ce548f10b806922eff748d2652f0e9

SHA256
c3c5091dad0c0be701f6da2ae41a07f3614d6f567031dda823e5a320483c2243

SHA512
78c30b0616686454be4c2eff375c91445270effb8d7bcbca372692ed86ce9dc383f91512fc65a937cd7c478c0c5cbd840e301aceabbf7d3c58cb92a80671cabb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\MP4Splitter.ax

Filesize
509KB

MD5
bb01bfdc1bfe48cf9c18180bf6539917

SHA1
25d0a11d31857fef74e9b98dcabd96f24d89c774

SHA256
050649bb8dc43e68753de7567e17972cbcec1a2dacf243befeb12dc51517f7cc

SHA512
f4fa00923ee61f0fcb53c8ebfd65b27db54a7663e5d60d8a56f7d08f33e2e1c467aa0b58899fbd62ac2261b185655cc94bac9ce85e2ed3b0c32336daa5346ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\MngModule.dll

Filesize
879KB

MD5
03c1c25a70050b9f7fe35574fd55496c

SHA1
d54445619e837928514eb0d029d89a8aff06d78d

SHA256
5a6e0727f0de9a9c507e54c705d7894a110bd07db7a4aab04f33e2701f78671a

SHA512
1caa89facf88c83c9c49373662d64abad13685d19dff8375e179ca03895dfeb5d997494300fb75d546ce2c45ed7d16c817d27986a1c5c32c6a7dd6bc249c5ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\NCList.dll

Filesize
703KB

MD5
cdeef59aa88b15777da2c55c8c29e9a8

SHA1
c942f9bf4b53ed24dff5cdb278c65b74ea24d494

SHA256
2367558c7b9b584eff2d569171d1e1a9ba447eaf94873c8d46cd5001f2e8506e

SHA512
a9c609efd93c3126e1889b81e10884f37049fe5e9951557c80ad33acce40a840175333ef9c046d3f8ca69d4e04b428895c3bc00a3fcdd7eedd4d524c2428e583

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\OPlayer.ocx

Filesize
1.2MB

MD5
ca3028a6adee108bb3fd4657e9632355

SHA1
43be6285c5f7ed07062dce2f23171b7965147f98

SHA256
57ee68455ef1219b05d8efea12beeba73a1ef03608756e693706b5096c2a558f

SHA512
47461d1797170e62fcb5170f22b859046dc09541614044a29c8c56377ffa30780dc8e1210b6a2600232f1e3fd68c26493e47d6b90367acf8396b430f7092e601

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPAP.exe

Filesize
185KB

MD5
235574bd973ec3eac38bbd870e9d5e01

SHA1
f2ddcde409454618179d0bcbab8560c8b02bb074

SHA256
5e6d8ecd136ebb7bec3e515e65c1f8b9b234726d5a8a5e87a36213b7c345e694

SHA512
e462f527bf7c3f995251d0f8e1f77b11675338d4bfdc42f098363c93228a53c89983b6b8a08736fa8eaaf0caa5abf9d379141f1fe017b4899f47c5ba6fb79343

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPChLocalManager.dll

Filesize
255KB

MD5
ebba7add0bdac4418ca13b33c780655d

SHA1
c6db8e5230ed5c05bdfe225e002d719f5adf19ac

SHA256
f69393814f15897980cee2125408eab4259b40126aa078551c601dcd433fd721

SHA512
e221bf2e64049fef5f477b2d22dc44c8ca30e17dec0ed11d32bf1beac526d552f6045b7334274d968220a1be186f7d790764bee5b7c99811faf270df33a36a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPFlvCom.dll

Filesize
81KB

MD5
01e157b81ac314d668ec0cb6b88a5ed3

SHA1
b6fa91106a37c0effbf81475297fe6bd8298585b

SHA256
2ca061165325fe3b8e8d1df7d557a2cd33663f1b32346d0168e2527b35c709c7

SHA512
1f4ec727db27038ce699977d56bf0499b43cb11199870a5b1016b251de2b260e84701536e184ffe5e0cd0f34e88cd6003a3adc5b22633ba04864e8a66f710252

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPHookShell.dll

Filesize
252KB

MD5
a27a138723878a478c06e1f82adccfab

SHA1
79dffc70b9104cd9487d7e49a95f492faadd3133

SHA256
519277e0449b1eed8f75624ebbb9cb09a5d8dccd3815c6ef594fa4fec6318741

SHA512
24ec8474d7e3969772176045a0191f669c4bf6f05ca241dc0e2c0840027ed8daa9cfb7b50383f23497c192809732f2afc5f384cd4edaea4d47e3547fbdbea31f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPInstallLog.dll

Filesize
41KB

MD5
a04d44787b28d37b4334c184ea4faae8

SHA1
47a5038f2fc45841420a89f08eefd35191aa1fe7

SHA256
34f0eb6f3b7deda82929fba6993eb27cd26d0b791be8031ce0b4729a7dc9dd46

SHA512
a529e5c412dce90f34e13a185e81b757adf140447167b310d056d2b380873683e5b6681f5810be7d1194cfdd64eda25b87a1a5aae70ed4e48be5aa64acbd5346

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPLiveU.exe

Filesize
181KB

MD5
3c993bd6888e15f953dfa09cc8574562

SHA1
f3378eebb71ecc70d8e73d11e150a4a6ee850d76

SHA256
ab14fa7a372c943f04940245b53eedd5fe3a7f57cf5538ce4b39cc34157b7b66

SHA512
1534945574c97e78dc5c27948968e9cd0a9b438b7a9798fc054f771a7140dcb4be20c74296226c3544c54bd344679536a443e793c5c5161d8790880b0481fed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPOptions.dll

Filesize
505KB

MD5
e25a8bbe848bdf37857423a649ca4322

SHA1
2a17dfb77349977ff5024b0cd3925acc89b7ea35

SHA256
f17e3794e296525c4519edc4ed1300bf15dc10d7de5b678caa9c22a900e6475b

SHA512
9ed7dced84a6779f3d4e7e79fac7fc660e0dc3452351ac3aa3d7063d5dc9f0c15b527d5b9f6fb967b90e1536451909ac11c7ed75aa36c5466afd30d8707b14e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\PPVodDownload.dll

Filesize
569KB

MD5
fd03beeade8fe7121ca7916459cf3873

SHA1
1af9b5f0ad974105b3cd9f69c52a4e97705592fd

SHA256
d9e20f1bd31d0349bf237befff8fa488d96c9d36e404338bc089a24091256e61

SHA512
7c0b5011198aa4304648b1ced45d3e5f496962922b00774d2d79a9e53dd322b95d35001e059da147ac85e82c6d9e1e4335ff4877fb4e91d90f6ac853731bf59e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\ProductUpdate.dll

Filesize
662KB

MD5
695ebf69843e073f56702346160ed4ec

SHA1
a0d6f2b0238892aee5a6a71a0f886b17b813fad8

SHA256
f36e471fe8ca6129b7b3ec34ad32c87565146181ede41a77b9f04fcdda251227

SHA512
fc893c3710eaedafa0828a752edff2a381b8f437498452ef45f96aad6e9a7150f78d2b258396a63f05ba9da8575ede6f2d991f6688f46998d44222473ff1b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\Send_Log_Kernel_Module.dll

Filesize
233KB

MD5
7d1dbe3c735d2a5d4951022c45547772

SHA1
e6fbebc3c185d6b150bc7b2a9d1685e107b03b3e

SHA256
8cc9bc4f9289ef37d344c88e4b53ce5ca58b11ec1e32d60fc9fd6456a80f1233

SHA512
648299ee0b0c2678d9da43ca039fcf8525e9921b46327577fa6c57f0de41f5ccecda70e219a0135fb8c05725a752e7e2cdf27bad845203eb5147d3056e588086

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\TipsClient.dll

Filesize
237KB

MD5
25853e8bd3e283e15024d1111535ede7

SHA1
5b56e1dea924520b6c61ec09113c33fa3db573a4

SHA256
ccbce22f01208cc8fc96de789ab9fedefc851f588cd4c1fbd6d9edc7ac2f4eb5

SHA512
5bfa0e6bed05f1ab79ee97d1bd9bf1d48ba3d263a44e538d005af820c41c659eb112a4f19152e0841301fbd8b9618e8f353fe672df88b66e45c4719784202144

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\Troubleshooter.dll

Filesize
365KB

MD5
4fa4e323db30f10c8e678f35459d6cef

SHA1
ccde320d4366d83fa3df907fd2b328770a722545

SHA256
27346c756cee08f4a7bf1cbed2be017ae06bee03e9db182ca6fd0b6599f017df

SHA512
eb23b321ef2ef1e30dfdc00577514583da7eafb295aef0b30c5aca703e41b91612021a3e9d48e19239aebbe5ef849e12da9ef4b9193d10804df52f4cd0adc114

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\VAProxyD.dll

Filesize
97KB

MD5
c3a7c71bce4ec04d63b7ef8ec9958c39

SHA1
cbe84ecbae1eb37557426783b7fa89a804d4fc09

SHA256
02a78e77cb64d9fa1f90ed2be6d9ff7b94624b2a790ed8109bfe61e66ebd825f

SHA512
9a5579cd5c437158d8277b64e583d18cd0113c186d1013e3c57c92d39a16b412ce9f95aef09dbbd05a36cab62e5193532c41eea6850b0a77d8502e7d1fa23468

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\VSFilter.dll

Filesize
1.3MB

MD5
347e0b1ad5494939167e883479bd0a5b

SHA1
260a595d847b4923b13109a64cfe52f7185f7f9f

SHA256
e31ed68fca6374cd6cf5b6fb2ecab03ae1c06616f44d3597b56c6f907ac16a06

SHA512
91044d1f1576e92a7b9f02e3e49c4db978fb7e9b19f92059f907f6dc38a12fcdd0340939dc6a6d849cf905ca2d941ba680b3f4fcabc4e5c7648211854e8d7fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\admodule.dll

Filesize
892KB

MD5
c2ee29dd7ec73eeed94be83b8a0572f4

SHA1
094af97567ea5b2343e9ef4b1db803123823e83d

SHA256
fd2447a90d7525726b9a116c81e04b606e03914a01de12345910bf47925cd3b5

SHA512
33d92f6af57acf4dd452e95aa0380150d46547ca4b5d1992524990f40d0cd47979e8ca5e6c17c89cac688935a6f5849b3cb52e48d4157c57771aabcf3fead7d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\admodule.dll

Filesize
812KB

MD5
a256337aedd10bfe85aa8d0cc759c4b1

SHA1
292012487cd89842964712e1ad26e7dfb2c1fcb1

SHA256
e2c24c63ac4da0e34a253c3cf8d6ec31da39740376fe2e87e52ba0f32c450640

SHA512
250666689c156809dae72648e99d0a9abdb105375044c956d6c50e4107dce236d95a7925611566f8963b7bb0e956631aff9cce65695f1b7e493cfd4c849dab72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\chctrl.dll

Filesize
953KB

MD5
2b7922d7f6fad8f4e13a4e7ff249dd6e

SHA1
3ef02d0a56e13f5ac3373f556905a7c965c50c9d

SHA256
e603f75ca46e07d7cf1e3d3d8a3012d70051990f9b1c8e68e17f0c0e595d6404

SHA512
5ad6a6fd8dd7bb67870fbc76096a0c0d62e85f5dbe84ed4e48f37a9d5004adedead6d4e0cb4aa527e134fe27eebec3ffc85dde4a5dfbc47c35e8ebac8c2e2cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\ckdll.dll

Filesize
65KB

MD5
5453a50acedcdd7b81ebcb44e5df4607

SHA1
475da46f5d0906d93c9fc93247a0d3addcb001e8

SHA256
45b134cde09d861a62e740f27b52ccbb911ef35b7a6cacce9e2765d842f57088

SHA512
807ef2172fa4bc077588992dcec963a264fb6b96b5a530f780587949223c8ebfd4439e8c9649bbb410485b9fe8bc60e315e06a1398f16cb974060783e122cb29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\cmdline.dll

Filesize
45KB

MD5
e6f710078a265647d4fbd96fc2fb40fc

SHA1
c27581059618a531efae20d4734e0e8400e77035

SHA256
76e493cbf94fb95287bc62a0f291bba4d60623574e0b3d7eb54d0bd43e420aee

SHA512
3cba58c3f6005e1a1e59dec0a621d4b39629bfd8df849af92045fafda8b6939dca0e83bfc2d7b9d705d3f0feed329078013003c499550edd285301d2af42f649

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\condisp.dll

Filesize
73KB

MD5
53c81dba4e40b564acfd423c277ed3fc

SHA1
e5695e090df6b1365cf0f08455680bb75e53d749

SHA256
d21d9df541dd2e1469b3b0a822660e5f93627f1ab03c07e1852222a8879c30f4

SHA512
8bf4df2aed705c679a2f8c6909b00a0cd6441c9bfde19a209097e4d138b1b0539e752b9a8af1af3b8232dc1339f68559359fd81b25545b08b3a8ad952ab0bbc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\crashreporter.exe

Filesize
193KB

MD5
5eaeb815aea47e74418a479366596f9c

SHA1
1ffb8002e7ba91d02ec97be247ba6b6a0f998eff

SHA256
311a7efb1ab6ef527a045d12b4adce8b3e807af7bfcfe8c95351c08934dc2f5a

SHA512
0cdd1d704a41718ab87cff984f8cdb9efe38290101edb47d057277b35644920313366ec47b3645a2311e57d9108df7a74c6c3457db82ef0347a407eba28d86ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\filepick.dll

Filesize
73KB

MD5
eee0751d024f5be186645db4ef65b9d6

SHA1
d7914843b10662cc324e8ad9280288a15afef930

SHA256
c8905eeb8e3d346e5a8b0a2451e0ebf7b1341feee196a00dfe826915ccc747ac

SHA512
3be2a2837e55ffb972c204eacaad3eff25b0edc403bf37735228131b3bc8a530b6976ef013efd9c941f27b2b6b673edb401e34ff12ffc47c209a736920190270

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\mframe.dll

Filesize
609KB

MD5
cfca286051452ee4ade71c64021424e9

SHA1
80bdc7dd1a5b478b2e86d6d99674794cc75d4f2e

SHA256
1f3c0af59c46dc9a04bbc86ec5e363622d87118dd32c0782bcbbd964086aedd4

SHA512
8a2e88bccfe0fbdef29d9bcc7c7dc5e7451f32aa1e75a5592546f7b7013d581b5cebec7c80565ed6debea4e9a346e869cd728761cbbba3efac703167b2664cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\mframe.dll

Filesize
497KB

MD5
b4de2e02878e710c2dab277c096f7146

SHA1
b00a28f6bbee3fb87c7d7b4345d2c4dba4d523f8

SHA256
9f2cdde2a42b5a37cbc60ae84233517b5199ae9af6ce9326c8194be3c888cb13

SHA512
5184eb2c9125c7b05b30977a273de905c32a5783123e76e8c006aa33e9fef64c1224be8c81d8df43d142bf19c1dd35b93784d81b1ecd0937e57c84707c480e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\mir.dll

Filesize
1.1MB

MD5
a4354640020d7940bf14afad4e9aec84

SHA1
238db777283f149f687147bbb61a9d94197b5036

SHA256
5969d022510794f883ef269d1a1dc9a1ca430d77a89087561db384f427f4fa4d

SHA512
1b2a396289a81488e0f13fd20f0a5ff6e3e6d16eb5897c79453b38de55f57adab9992ad73b55354208e2cf4f998afd82d9644951f46979bf5a07e2a64b1b9f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\omng.dll

Filesize
485KB

MD5
92303255256128a7516be09380d84557

SHA1
f2c8828e5b8e07abee2a141611b43f2ed14e45dc

SHA256
ebf5f27a69ce8ccf7cdb175fa68517fa6afcd2ad1386ba22ab0f6f9c3916503c

SHA512
3f9c590006daf1390ff0fcb16a18d320298ccc668075441520c9a917e70e8d8704ca98ab3c25f6d881f21f012361667eb86a17a1c3691374b7651aa1eb1a4b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\peer.dll

Filesize
1.5MB

MD5
004cbd928592219189ce006761e05290

SHA1
3eb635c328fa45a450d3c3e506443d6310851e12

SHA256
1aa25ea71e1f2c2a6a3fb8a43b6cf3cc760ef239e2a07f6119a38eb3a360ae4d

SHA512
49ce2c9be7ce895070ef2d16cb45fe7b8eed3f4753439dce2121ed0e2dc92aa3829f1f721e7657cc0bbfe30daf19eedcf3fb73710efdb34d6db06a1300dd30fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\pnsis.dll

Filesize
72KB

MD5
dde7cd3719145ecf3c89d2a1e79ca1f3

SHA1
92802c38f88c4d57f0b1153b04b4de43af4adcde

SHA256
c930819a0f64879fe3a96c606da4be49613693a43b9b1060dc870bec7b3ab47a

SHA512
dd67858919fea31f0d4df0c012dc9605fc68bb7512924fee04ae41528d02f8f7ddfd32949841b676735a9d3d81f7dcb455854f20467a4a40ee9f48babd5bee5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\pplugin.dll

Filesize
121KB

MD5
a7543337212c5cae30de77d63272c1ce

SHA1
fe1a358f8e0eca0d3bbdf05036cc59af80126669

SHA256
45f88a39d30e45e674ffe9d9a4ab989289472c2ad32e3ed01e0ebf73970f6b34

SHA512
57fea8652a16b23ad5570a50db7527855e0efb253884f15de6bd18f49ddb857dcfa9956a6f6da2b3ec6aa1e40605d340f14567dbd19b50349d3a3933f669a612

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\pplugin2.dll

Filesize
241KB

MD5
f62f6814c814b1edd41401c50135bcde

SHA1
dbd994d95ca44d9f672149b3780b0ee32df3f404

SHA256
6f060604bd162cadd83e75eeb0285056aa389bdacf1a4c906a81e63328ddd650

SHA512
a2be347d3f2c6fb0c55bdc22b881450db9e3f1c7fdfcd47245122dcdfe7c77d923d36be6aadfccc4a6e327078e9f2d109d65cc7ddd4436a899dd61328f03cb35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\ppopt.dll

Filesize
101KB

MD5
ffcf0e4cfee109dfbca76bb776fd2608

SHA1
4140f8791697cba83ae1afb120ba14060746ff2b

SHA256
900bdfd4b9f25195bbf907bdb5e1bca3ea3d1378d71d650edf857d19559b1aae

SHA512
730629e776828c545e1825bd4e8b8acaa97b67a91244faffd9a8da076a7d9613e0467481194781d44cb10d878e898e911b579454f43f4b93f4be09642474d5e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\ppp.dll

Filesize
337KB

MD5
7d2b217c30328b51f4638f46a8b6bfc4

SHA1
7371d29d5a8768222f1c059ce846f55153877602

SHA256
419d9d9725f6d06c2a69a14c654409a322ea68c8561cb7e7138d69f270d7050a

SHA512
a25bf62d0ae1b3bd30014bdeb315e4f5ef502051cba77b66ba86cbbc415ad6cb443c7b48805ef9fcd96f10d1c429dc5a573ccebd99088c3df0a636e6f939bd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\ppp.dll

Filesize
305KB

MD5
19e50d2c1b3d9cb095508ba3edabf19d

SHA1
ddaa2469659fe7c110bde2c93470d4b4ccceaa39

SHA256
b75d1af08423e2987f90e734116e76bacfdea7632405df1b8f36af8f98d6a943

SHA512
75666665a231a929eb535e5c6038d155828842725fbecfe03d43267ce540b805dadadf60d4cefeed27f98b7bdd266578a6353adcb2755133216116b3eb4e6876

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\pprepair.dll

Filesize
29KB

MD5
47534dd790ebfddbc9c8a718e3c8f597

SHA1
5521f6fa238c71becb79b616e7ef40ce9b1af2eb

SHA256
349591ef83276586b26f010f93e3868d8680a5bd5d976a247c698bb30b3c6a47

SHA512
302390c876baf8cb51292ed341198f22b8b142ad7a80c4e703555ef8473f556bd5ca08bce79d382ef0b16a548220f1a3ec00e481d5d35e5408b9420763bcba07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\sop.dll

Filesize
455KB

MD5
aec9302b4c826d91b1cd0666404354ab

SHA1
ea8be9a7420c972b3501cfde374a3630873fae61

SHA256
8dceb44c06f1cc5bc819944b9816d9c9e1ddab6d734f76ca96c56006cc0455b8

SHA512
287f31a2f021f4ff47abefcead9ce0ffc6d49f7ae156c1a259f3e6e98eb30641ffb2cb1166c8931916af21faf4d5f1eec2bca106f90328b9a50a007eb37c4593

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\sqlite3.dll

Filesize
504KB

MD5
b8a7b1f27c5d6b29ca363671307d8ec9

SHA1
5f190843d7bdbfbf86805d36003479df24b3a9cc

SHA256
4b55e4fae8b9d12c8ef971f037bc37c5e592fa3382bd5e4a08d2b3ddd112b559

SHA512
e7bd5c77078fe64478ca821fae29b550febdd5833d496a3d479ea4afc63822b55d81f2da2dc65b9f194edb019d4dfc951ad4af2ad970ff4b74a123ccddc3c8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\tpi.dll

Filesize
885KB

MD5
f7aebe01c20ba67e2841a0d26bb14e7a

SHA1
8571707df764256694e6a5eb9da1288127d570e8

SHA256
f92a000062c3b5cb961a9773db071ab7dce19bb21a6b775fb72b89e6e12e745c

SHA512
dea2cea63d7098c27d73c3891234b6e672d956a41acc24315de7cce42ba35aae4e6447234c42fca085f91e6749fef051c78af35dee316f348939cbc3a131ce29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\ui.dll

Filesize
799KB

MD5
4e871631c85b53e023361130ff115a49

SHA1
585f7a7548c83afddfb86a5b00934c325454539c

SHA256
c24d37b487f4341a28f6f7e5005369300df9102065aa3065cd22e4e017937624

SHA512
b3ca988ce59422327aa3a223b68db8fbd21ff302670e2146e8c07c1ec92f3e340bf00f6f664be5ee4ca750a501d1edc53acf807045a83c814ce2b82469d500a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc3450.tmp\uilib.dll

Filesize
710KB

MD5
3593044d8ea68a34ecac55c3c2487fd6

SHA1
e7a7b1a4ba52f5b19c594e642c07581472bc7566

SHA256
e6c5657092532ccd3404784cd30003d8ba0b5340c65a1af8b962850146d4a6c1

SHA512
bdd407f8e1782808a0ddb71587c7d25a65a902fe1ac9039aa8e59fe1d31867de7aa74fd958ab3a464fd182cbb87a378aea236684840f4722b579d60b4b85f744

Download Submit
memory/1460-2138-0x0000000060900000-0x000000006096E000-memory.dmp

Filesize
440KB

Download
memory/3216-62-0x0000000003660000-0x0000000003672000-memory.dmp

Filesize
72KB

Download
memory/3216-2102-0x0000000003800000-0x0000000003812000-memory.dmp

Filesize
72KB

Download
memory/3216-313-0x00000000037C0000-0x00000000037D2000-memory.dmp

Filesize
72KB

Download