9ebfb7e3c1394ea3aec0641497db4af4643369243aec0a6703b7fa3a773dea3b

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe
Size

999KB
MD5

620d3da55be8cce610cccb366fd10232
SHA1

68012d54cc7faf66303084f600b2e6b04b8a842e
SHA256

9ebfb7e3c1394ea3aec0641497db4af4643369243aec0a6703b7fa3a773dea3b
SHA512

53ed0c89bb5d71f2086c8f178dbaacd0d07e2b53647789c047714687889ea2b8a929c70c2146d0d19823936e3d7e25fdbb135b58ce3a80844d05c97941329ccf
SSDEEP

24576:FYheIZBT3d3xvh2YbyVGOLGragL+ymgBqKVi:aheIZL3xvh2vVdGagL+LgBVi

Score

7^/10

persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
672	apple-scc.exe

Executes dropped EXE 4 IoCs

pid	Process
2472	apple-scc.exe
672	apple-scc.exe
2648	remove.exe
2672	Au_.exe

Loads dropped DLL 5 IoCs

pid	Process
1092	620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe
1092	620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe
2472	apple-scc.exe
672	apple-scc.exe
2648	remove.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\Bomgar_Cleanup_ZD25957082713125 = "cmd.exe /C rd /S /Q \"C:\\ProgramData\\apple-scc-669DA80F\" & reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v Bomgar_Cleanup_ZD25957082713125 /f"	apple-scc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000018708-113.dat	nsis_installer_1
behavioral1/files/0x0005000000018708-113.dat	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
672	apple-scc.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 2472	1092	620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe	29
PID 1092 wrote to memory of 2472	1092	620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe	29
PID 1092 wrote to memory of 2472	1092	620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe	29
PID 1092 wrote to memory of 2472	1092	620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe	29
PID 2472 wrote to memory of 672	2472	apple-scc.exe	30
PID 2472 wrote to memory of 672	2472	apple-scc.exe	30
PID 2472 wrote to memory of 672	2472	apple-scc.exe	30
PID 2472 wrote to memory of 672	2472	apple-scc.exe	30
PID 672 wrote to memory of 2648	672	apple-scc.exe	31
PID 672 wrote to memory of 2648	672	apple-scc.exe	31
PID 672 wrote to memory of 2648	672	apple-scc.exe	31
PID 672 wrote to memory of 2648	672	apple-scc.exe	31
PID 2648 wrote to memory of 2672	2648	remove.exe	32
PID 2648 wrote to memory of 2672	2648	remove.exe	32
PID 2648 wrote to memory of 2672	2648	remove.exe	32
PID 2648 wrote to memory of 2672	2648	remove.exe	32

C:\Users\Admin\AppData\Local\Temp\620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\apple-scc.exe
  "C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\apple-scc.exe" -nctuf "C:\Users\Admin\AppData\Local\Temp\620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe" -install1 "C:\Users\Admin\AppData\Local\Temp\620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\ProgramData\apple-scc-669DA80F\apple-scc.exe
    "C:\ProgramData\apple-scc-669DA80F\apple-scc.exe" "-nctuf" "C:\Users\Admin\AppData\Local\Temp\620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe" "-install2" "C:\Users\Admin\AppData\Local\Temp\620d3da55be8cce610cccb366fd10232_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\" "C:\ProgramData\apple-scc-669DA80F\"
    3⤵
    - Deletes itself
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:672
  - - C:\ProgramData\apple-scc-669DA80F\remove.exe
      "C:\ProgramData\apple-scc-669DA80F\remove.exe" /OK
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
        
        "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" /OK _?=C:\ProgramData\apple-scc-669DA80F\
        5⤵
        Executes dropped EXE
        
        PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\apple-scc-669DA80F\settings-cc.ini

Filesize
36B

MD5
2559e6837521f7cddf3f7e1dd0b282b9

SHA1
5e1552f2bf23341f5e3bc59743eee05a8a69e459

SHA256
cdcc367b2f7ac072b55d2b6cda447090caf61d664179ebdd2e947064d7ed812d

SHA512
9fbfa760b812b3b212a8182167248447790a227ad33becf2a90a963dcbd1465b86b09748193b34814b61625f15c4f50fb4b0f65463ba12ec36b1c28a5ce6986d

Download Submit
C:\ProgramData\apple-scc-669DA80F\settings.ini

Filesize
238B

MD5
c14c7af278884ad09fedf6b7cbcdf247

SHA1
eab2386d3a3c6bc7a50d01bb98480682da74c43b

SHA256
9fab2cabef981ca50403b26b6375a8ed17e74e2c97f21018337095d5f3926b81

SHA512
480f9c7abc026b4f6061164fbfba1556365c5cda32065d4e5ec2f5ffe9c834f689537784518861f35b6d51541b6dce44fbe2700abf006fddc30faea000e03524

Download Submit
C:\ProgramData\apple-scc-669DA80F\settings.ini

Filesize
288B

MD5
cfaf84a474abdd195292d6488dedea21

SHA1
2a019bb3b12869d3e793193e0de02971c7c5a5ef

SHA256
94190afac2cf870976756e00d804acee41da20621a99cea391161e84cef39ad8

SHA512
2e0b381ea1c96e981d52752eb4be48d845b5aead4ec3cd7f40bcc7d04d76dcb483bc8d2f8b0c6570b1513dbf2cc99cb0c0f8f1251751a08c13a00b66a8d42201

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\BF13227E-B446-4E12-913E-7E5FBBEE54F6

Filesize
22B

MD5
3de24922859f24ff707380fbd86161a5

SHA1
3693f0f9eaf4a60e402665352433375ee9a3c3a3

SHA256
823e3f3a6e936017daba2108e49ff9bd2fcce02dbbb229d8f7b780d35791b170

SHA512
145310ac33f7930f0fb2abd33f1e15ebbbb4b28f80177215d2028a8b6e437410e3cc0bbbfd40e20b991e2d8cd97e23b89549f4bf2193e4cd7916558e4493f2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\app_icon_16.png

Filesize
841B

MD5
38ed9c022272503f57de81663b0273d0

SHA1
6693bdc0d79dfd2beee2460bf025c62a51db5df9

SHA256
eaa7b920aee6181c22d70a5f955382b62ec218e934fe22faf3aacd5fa0dd5976

SHA512
5abedd6af3601e1d77d2ba7cabcc1022c012b83dbe91bd1c246f5ee7bd0d42ffef82f7628774364b7e4c9c07a9194cc196ee6cf06361129b8e6b8cac18c74cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\app_icon_32.png

Filesize
1KB

MD5
b520de6a39407096eec29646ef775a78

SHA1
fea80d355bcd69a8e420f1f49c4a22438dc565cc

SHA256
f350da02182f537222a96431c40551b0176996a70afe962d179212eac65f3f21

SHA512
a0c9674a52876c5dbb8eab7c0c6be961e86bac4aa2c69de51e9eadecb256b18a849155d6e4fc7a4a395798b0457d315ee1d044a2bd7dc422cc7dbff87d682237

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_cb_access_key.png

Filesize
2KB

MD5
cb86cd2ac7860f28fc41da0b9fcc2b9b

SHA1
e92a8560a5734619f1a4b64472b66355ec9bd26f

SHA256
0888b56d0ddabe53e7487686b3e6eebecf1680be80efa2f6a73c5ed4e70a28ae

SHA512
4ef48f1b8c7a9a4bf151b4c98e36dca761bb89b928c1cd394f14ee8baa71f3588c0a4c5085674488d34b39f4ab545c6bfdf1feb9788eb43a52b264680bb7e3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_cb_private.png

Filesize
2KB

MD5
299e1b874903672e8141c4cb3d5700c1

SHA1
8c9ad28bfaea7a99d6940fef53bbcca395a48352

SHA256
3f59945a69029fe33c04b739f7367905b0ca775f8c16372c71c7d6b12e7dd8f0

SHA512
c2dc3234fbc398a127f1d695700fdb60d011dd4fb77f0ca20052b48dc8e9fc41f1d15a466a6fa4f9f26ba2ddae9eef1ab7b91c410730318e7fe82dcd39cab731

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_cb_survey.png

Filesize
1KB

MD5
c288b0e1a91ee7bee0187d86458596f0

SHA1
1ef3b041646f079d41ae11ad6d808f063a5ec29d

SHA256
71c9411b34d2ffabfca13928d786e69de829b9ff4f78c8a04d8408d3ea188599

SHA512
f23ea68454b772da819f7890cb3c6bac46f98a100c88ab3dca92179590560a55cc35ec4fa5549aa74e599d48b6df63c38c8bee932155fa982dd9dc43d9f9352c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_cb_team.png

Filesize
3KB

MD5
fe1a6e1ee543a9d90a9b224f938cdd0e

SHA1
b86874542b2c2a3b7c3905fa831f0362d76b1eb5

SHA256
d327a09ce5f4f53f4bf997f6988426687287f4279a6c37059bbad1e5ea379630

SHA512
f4935abe9d78602a276dce50e2c8d8f00f41ea08d97e69c971d0ea0fed7de349d287be87500438e28d6d93454fcaf68698bf381e20dae3c506e0bd0c18108575

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_panic.png

Filesize
1KB

MD5
2b25e35cc5da48cb1424f0033d679bca

SHA1
d9e2ef6e718fc9bf530bfb51fd15625793fba9b4

SHA256
9fbc1b3e99e2fb22e7cf2101304c4a74bb4339cba2e9a6c693747ee36cd1f63d

SHA512
90aab71028ddd7372fc14452e4bda45bce42e0b8a2ce692c8b2ae2aa87a153f798cbc218b83bc96d6cad4b716f93bc5072dae10e889dd34068f2a85f919d0e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_sidebar_alert.png

Filesize
325B

MD5
15bc1c43cd0fe95c3fa74cf5d3ef39de

SHA1
2f96481ee5fe80bbccc1ca60993e52e69666dc5e

SHA256
657d0511e51aa60b5d3718e0fd8e40071351af7d22da9051ad745c96aa1ea512

SHA512
4edce553f17415dfe04a1af6f95286db6a82e26d429ca748199cd864c66d11d05078330cf1b351abfc7ec73caa6bd1bf295abb0cdb3501ae8e3c2465d6ac0fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_sidebar_collapsed.png

Filesize
326B

MD5
c7526c66e428d3dae7274ecf465bf43a

SHA1
6d543aec1070de4d3b0b1bb542c97aa8c7678dda

SHA256
cb74fe37ce55257213d5a7c79eebe91bbf16a50b2f87f904c58a22e54a8fe77c

SHA512
3155a97cf3aba820494db3f3b92736c2693b191f8f622a4f6e365df28af7189197f338031be02788b162b1c7635208b1619b1481d4630c5e79083ab7e0a6f99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_sidebar_expanded.png

Filesize
322B

MD5
4e8bd7877a5240f116a9c624e3b4c715

SHA1
26d6abb13e233c315185b46587efdc9957b8aaae

SHA256
95d82560888401d0c7e09e4e2873afd104338a6e794ae70bf69971d7b5066427

SHA512
421fce6fc55023bb381e726b7e7dc76c44c9e60632964fa1a3aa59ac8728fb2c6a6e9eb15d1aceac7114dd9faef2cf47833ef168d5237f5078858a63d18c1b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_viewer_actual_size.png

Filesize
1KB

MD5
8b774f5b6b55b2e95ff96d836b69bfbc

SHA1
e8c0721a759fd6a613b4752bce63b6d4a3926ba7

SHA256
ea5ce8683058e3971f4f74e28b782b4bb7abf04f24007c209ef6d4f5dbe5a558

SHA512
d90ccf856e02c7afa8cf972e3b17c7a7e3398dff53019ea4e329431c525da0af8a9bf9e0c78dcde320845124f3576d0624a5a57ae2f94904804a998a30771e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_viewer_fit.png

Filesize
1KB

MD5
74902cad7e82ec1da3849a9842992c95

SHA1
fbe6648790be4e3a4748180b202888d6acd344f8

SHA256
cdfaf74f2efdf73f324aaee02ce18e11477a4b7acdaa0bdd13a7d225c08d7e48

SHA512
7b9188d45a8c1a96877800efb7ce7bbb714e2290d2606be657bc6b93008b3d103887d88e2817f8738f9a8749dab490d5bf9890e40d6826293f9ee33c5a1469c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_viewer_quality16.png

Filesize
1KB

MD5
18665a84b6131ff71b5774660de6b234

SHA1
e2e96cdc030b782ffdd9176b8e1a07f2f877b9cd

SHA256
abf44eee9c4d1bfa2cade6dabe7255805f47734a8784053400e8f88ea4dc53b8

SHA512
940176ce7644155e88b43f21158541a210da6555219d503a91b0db6dbe8f902c5fed0062be99d7caeac12c037a0ed82892c9afaa4c799157a5037781f6c82a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_viewer_quality32.png

Filesize
1KB

MD5
302d986fac00c2afd9a745a88c0749a2

SHA1
dbdfa05f3d9cce1b084dba2efecb0633cd6b0bb2

SHA256
38d452351d0679bdde2ab7a63d948819435eb886f9ce0dc325cd79bb316b5b14

SHA512
204a7f0d4001a202f028279e47cb337fcee566aff9549e64134caf422a66fabc2582dae3ca4e6cfb9ffdc59e3ed118063a643420b538b2c661b80235b9f7ffde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\button_viewer_quality8.png

Filesize
1KB

MD5
82aff50c008a9b9d8125454593fad72b

SHA1
afc09efa0ef753573594937891707ef21019b7bf

SHA256
2f2ecb91e09329532efcc7b65275affd66e4d48ec7f856f453c79e96cba481c8

SHA512
2eebc2bc7f15054d00381976c802e627c3edd48eb90441a91c55439325ee7ebe06587e93d21e371e91832c5b655a2583e79f7d2f772c203edf19e795c67c279a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_ft_animation0.png

Filesize
285B

MD5
b738e49d196e3a156e6c89cd556508c7

SHA1
4d4426f1e92f303968473fde9b131972ca198b3b

SHA256
2280def9ed6b32d59f848c1127c95e81438b709d1621f54a4a9763084c86848c

SHA512
d6af08f64bd3c39d307af96b11c47ebed1a09a61592c3d9dcd758fb459f8b701547cc3739648a0d4897a5770dbf2d15bc891bd4e785398a0508f5b2b0968172d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_ft_animation1.png

Filesize
445B

MD5
d34570f3eee57a283efd859b85bd33d0

SHA1
0991221e1824735b37a14888e0965837066b090c

SHA256
2871d6ac08914855b4e09e482270688f7c651b904d78dbf62dfda452e358c828

SHA512
40896ca08b554ed7dc8bec11fead6262f065a79f53fb5754bd91ff2114b7665b8d1961a02758f01852b47827e93aae92ba0a906a4ed76ed00bf637834964336a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_ft_animation2.png

Filesize
463B

MD5
fdaacc72c60fdab7c3dbe07b0a5bb889

SHA1
6937332bbcedcaf07d38b2191e26cc1ab398fca7

SHA256
054b83447c9bd6e2670aa3877d91c82c8611c274dd545f5a59ad3183346e19b4

SHA512
66ad968076a2ba8b302c27644c385270755f12543a903cdf144ae673c25793c242288ce034c3262f6f3ce1e67e9ebd9f4d8d586c8706611635b02e9ccf7e8b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_ft_animation3.png

Filesize
460B

MD5
b2c5830c23224cab3f7f41da8e4251f0

SHA1
913b00aa1ac268a5e6a82deed512637ec8cc84ba

SHA256
7e9809c3422d9ea0b18f314553966b7c26e837ff31c2215668be7c025699ed8a

SHA512
08bfb04ee327bdd3105c9055596f784daa22f6658d1717ade9e77dd389ec68dc12b8ab9b90ac86db7b532ff3ee07c0993422bf991539866b23ec05877f8ca435

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_ft_animation4.png

Filesize
457B

MD5
c5ff106fa2e97ee44ba2831f5f9f3ba5

SHA1
590abcb8e8d2080e29fcc60067d3889633f852d9

SHA256
2b9ac2cef973621bbbc0d5374585cce4d661cca361c1b626001da7f510113cab

SHA512
19fc31b30a5588e010d9153e98fe3814dd100a6025b4008586331cb9058eb67f1ce8cf3322b077e395f016dfe685ca731981b4796d9e46e2218e9c21f7705928

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_pinned_connected.png

Filesize
922B

MD5
45734d610813c1413dafa324d44faf86

SHA1
9ea5852931b9977a389ddd7f891c28f76f97c47b

SHA256
24b03fd3b9b9bc84bfe736f6487b06030f305d1107c816aec11f3c4815ad0f3d

SHA512
1a5e34566a61b7f4abd7a5a73b84536288260c2c315996da4addaec8aa9f583e18e19c5994ecc4c272eb9480680a8cbdfa877815d6107eb77763681bac64e099

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_pinned_disconnected.png

Filesize
951B

MD5
31ef3d8ca4e29236daf5eb7ca473d8b7

SHA1
70f75fd6bdef345383913d192432a06de7b35364

SHA256
5a1a8eb1cb0ce457ed2ec4c05103b67bcb0900efa609feb565461e40f993ee77

SHA512
bdcf6828996edda01632e50d7e144fe663c844667f233408a81b2d9a52db4ec281d51524d7ddf72a635b0d702d3d804fb2a6d37b49d555a5853dcf0bb8d80098

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_rep_not_present.png

Filesize
296B

MD5
da8bcf8256a8e035d8f47e2b752492d5

SHA1
f9e3b7e5414e27838c332c2606d92a406aa52e16

SHA256
a65b08d9b5c1c7fe8f520f14d5558a60b764956819e21d3d9d765e6e50ee0097

SHA512
11949c54eacf8444acaf5bead5ca832487465517464ffc9c1054eb54bc687fb729fee69b8ccca8b148624d74db2049728a749526957a04b837f6c5a4263d3f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_rep_present.png

Filesize
296B

MD5
a2e8bc64a13e7f9c8a5775a121b8d05f

SHA1
bd45d38cc3552bd99c0f0df2e03b9898f878052f

SHA256
96b97d35b94413eed0e9153c9e460bee620273f2c335f9795dffdbb214eaff0f

SHA512
9471cd6baf0441732cb263b23cfb8430290168aee7dd7d075fad6fae76d892c7bdf15d41d74f8a51cd1414a0d2bdb6151098a6e14a59dd732aec3822900f2517

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_rep_viewing.png

Filesize
4KB

MD5
f97a41c1f25ec23308689c7821ad057a

SHA1
d3fb945a5a116e37af0b84b45bb0ebb5e02ff08c

SHA256
c9104b027daca9aa26691831053a7781203e74cc8ce8107f83e2209348d2f4ae

SHA512
1b58142ba9e83f38ffd87570e8a9fa8c295596d8eb6b3bbb5b243fc2261434c6d02bf0bddab630ad59b56b68e720f52b386fe8720a4c9f26be54433e9dde8b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\indicator_ss_watermark.png

Filesize
5KB

MD5
0bcbd1453e5e182a0d5e9183f1399c38

SHA1
0ca4263ea9676ff1d717723711846541772cf660

SHA256
16f818330150173f54dcde89227efb9692fad36e34888f93f4a090a2fea5c8b6

SHA512
0f084ef110f3e5209368a61e5c0b04963e519b2ee5f827294aaae52e1919e071a567dd7b237cb21aeceefa6884e2c41207a81702bb5b6abe310b177017ed60e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\nstvhook.dll

Filesize
7KB

MD5
18ebdc8b76af2fbd2cccd69b37efd2d8

SHA1
f70f2af2392e45594995a1c8b8865080b3513ac8

SHA256
c9a72bee4f15a282c72620cd21356c59a5768c59cbcb28dfa95fcfe464748456

SHA512
83eb58566dd81240bd5f7af445c8caf9a92943d129ce12587858f2316cc822635612af9ade0fdbf0d426b9cf81f5d6b8bc3decb80fb7c425c3c2117259f435ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\preload-en-us.rdf

Filesize
1KB

MD5
33e23ca873dcc8e3fb2ab429367f9c38

SHA1
42553d001c4f5b755048554ca9a7ef4bdff69ec2

SHA256
a92702062ca541de28e349e6bad370944b631420d528bfc2a0ca099f458e9205

SHA512
b65ace5a3a7e7e477ebc922f3b25584abbe44280fc687cf7fe028463d4d0eb82aa32ca86e9324c0a1b93b498ea51befb97d991cd21dae57cd71f58ed0e7a502a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\remove.exe

Filesize
53KB

MD5
5bce31441d8cfaea99b7e51f9fe28590

SHA1
871c7c471d168d0f3b0006b213a78a922fd3d8dc

SHA256
f6cb2d3fd66b92701dbcb74db42c7289f4442f2603883e663b4265dfc38973a2

SHA512
41a78a4ec46001f356ab3283c3ba143e969c0b90d816e1396bedb560a2ad4e16a3748273a2c1567abace70971eba9eddd1df3303fbc88bf44413530c08a8aae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\server.lic

Filesize
5KB

MD5
6522c6ae15f3fc1f8d88360a696a4bd4

SHA1
4367721ca1e3afbbd58bc0784efbb5c348b30c91

SHA256
c489d994d1802f3f94ee973e3d7239c80d665847c21f5ac7f8cffaa495eb814a

SHA512
d2f2dfcfa978f8db0095b106860e4d262d78ef5533cf20103d168e53a858065a537745a167799de09bdd9fedd7fd69349dec859cb8be5a690fc315ca0463c04a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\settings-init.ini

Filesize
202B

MD5
1962052dc50c4f0ce46b5d08d826b849

SHA1
95f30e9df0311957708e623ac87bb35cc8b83fb3

SHA256
ddc6f0b7c51b19585e0e12f046562f7517ecd8ab97249c70c6ca893b683ae033

SHA512
48687601cbeabdf423894f85885a2c82c02fa83c608e76905a3f1d43fb7dcaa76360529ff46d2ca32f74dd11cb3e32f24cd295e31c4f7f42a36ff12e685b64c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseA102.tmp\uninstall.bat

Filesize
33B

MD5
b80a7b6f60117a9ccfc099c705598a88

SHA1
3ff7aa18e3fa74790f4abe417469c6d9f3d47487

SHA256
fa2f0953d67c07b1c4afb16ac079a44fbd8b15f4fa56552404eb60b4643dbcc7

SHA512
37131677f74f4b4b1ce8a591c71a656eb9a5ae0f0a8e3a984f53e162395a0d9d986472a3dcefb031a281b4c09af219def6072ff60dd4e921559f0bf00914edcc

Download Submit
\Users\Admin\AppData\Local\Temp\nseA102.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nseA102.tmp\apple-scc.exe

Filesize
894KB

MD5
9063d36084fbe906558c507409a71377

SHA1
4ba56ab05ed64d5e447e93d05544680d31ff1a6b

SHA256
bcdbcadc5b2b21a64a0f9caa3413745c7ed4d137d3bb0cd79526368ecc7f214d

SHA512
c3c211bd4867efd66243194b3e9514a34c197e527a83e6384a88ceaa54d1547f37713fef8180c4b0fcc23f9bb81208de905525eb107b38a5619ce88aa86d2394

Download Submit
memory/672-131-0x0000000000F30000-0x0000000001205000-memory.dmp

Filesize
2.8MB

Download
memory/672-166-0x0000000000F30000-0x0000000001205000-memory.dmp

Filesize
2.8MB

Download
memory/1092-49-0x0000000002280000-0x0000000002555000-memory.dmp

Filesize
2.8MB

Download
memory/2472-51-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2472-130-0x0000000001040000-0x0000000001315000-memory.dmp

Filesize
2.8MB

Download
memory/2472-50-0x0000000001040000-0x0000000001315000-memory.dmp

Filesize
2.8MB

Download