2fb9bed80be72f414aa9c13a8fec91ee0be2a73c660871c57621ed727eb0dcad

Analysis

max time kernel
130s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe
Size

869KB
MD5

dfde735280cb0ead0d7e8ed2f2205ad0
SHA1

5a9ccecb1f62f6eda8e72579a38e40094798aff1
SHA256

2fb9bed80be72f414aa9c13a8fec91ee0be2a73c660871c57621ed727eb0dcad
SHA512

6962e7a8c4e4aa96dc21d28a1a87b72add0775050d6306531d2bc310a009d5bd9070da9b4498d6bc4a740ddc4eccd52820474ba9cb8608b0c2c2f2a837406853
SSDEEP

24576:buneX0UoMvrA1BkMUiXfu0I+Z7xa4BCUJjPheNI4+Vi+C4:xkUfr3Mbta4sUJZJ19C4

Score

7^/10

discovery persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3708	bomgar-scc.exe

Executes dropped EXE 4 IoCs

pid	Process
2088	bomgar-scc.exe
3708	bomgar-scc.exe
1548	remove.exe
5516	Au_.exe

Loads dropped DLL 1 IoCs

pid	Process
2684	dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bomgar_Cleanup_ZD24068854626500 = "cmd.exe /C rd /S /Q \"C:\\ProgramData\\bomgar-scc-66E550CC\" & reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v Bomgar_Cleanup_ZD24068854626500 /f"	bomgar-scc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bomgar-scc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bomgar-scc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	remove.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Au_.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023635-110.dat	nsis_installer_1
behavioral2/files/0x0007000000023635-110.dat	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3708	bomgar-scc.exe
3708	bomgar-scc.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2088	2684	dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe	91
PID 2684 wrote to memory of 2088	2684	dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe	91
PID 2684 wrote to memory of 2088	2684	dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe	91
PID 2088 wrote to memory of 3708	2088	bomgar-scc.exe	94
PID 2088 wrote to memory of 3708	2088	bomgar-scc.exe	94
PID 2088 wrote to memory of 3708	2088	bomgar-scc.exe	94
PID 3708 wrote to memory of 1548	3708	bomgar-scc.exe	99
PID 3708 wrote to memory of 1548	3708	bomgar-scc.exe	99
PID 3708 wrote to memory of 1548	3708	bomgar-scc.exe	99
PID 1548 wrote to memory of 5516	1548	remove.exe	101
PID 1548 wrote to memory of 5516	1548	remove.exe	101
PID 1548 wrote to memory of 5516	1548	remove.exe	101

C:\Users\Admin\AppData\Local\Temp\dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\bomgar-scc.exe
  "C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\bomgar-scc.exe" -nctuf "C:\Users\Admin\AppData\Local\Temp\dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe" -install1 "C:\Users\Admin\AppData\Local\Temp\dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\ProgramData\bomgar-scc-66E550CC\bomgar-scc.exe
    "C:\ProgramData\bomgar-scc-66E550CC\bomgar-scc.exe" "-nctuf" "C:\Users\Admin\AppData\Local\Temp\dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe" "-install2" "C:\Users\Admin\AppData\Local\Temp\dfde735280cb0ead0d7e8ed2f2205ad0_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\" "C:\ProgramData\bomgar-scc-66E550CC\"
    3⤵
    - Deletes itself
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3708
  - - C:\ProgramData\bomgar-scc-66E550CC\remove.exe
      "C:\ProgramData\bomgar-scc-66E550CC\remove.exe" /OK
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
        
        "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" /OK _?=C:\ProgramData\bomgar-scc-66E550CC\
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3820,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
1⤵
PID:5916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\bomgar-scc-66E550CC\settings.ini

Filesize
289B

MD5
2cac7f9373d9bb2bec3ade20285f6c34

SHA1
4c9af19caaf0deae1d4c97be097213eb71353741

SHA256
47642550973054b9012ea6f991a126abf9fdcf53b0e11fad7f42e56abd21d2fe

SHA512
d63ff18b4e5deb611ab89fbb559dfc9529c826552bb67d3231958baed188728e44b5566a4b2576beb71f11bc725f1b21f54ebbfbec0fdf62153c324faf4cb16a

Download Submit
C:\ProgramData\bomgar-scc-66E550CC\settings.ini

Filesize
238B

MD5
89f5dfa92b7352a6b7eed745966bcea6

SHA1
4e27726c2ec9398a6544fe9e72b141c49e48dd58

SHA256
3d4475663e169db301c31db2008a774aed698157ac07bfba558afa858848c1cd

SHA512
e74dfd39e1c4c3b0fc89b96fe4745fcff78772d9f43fe851c95757c8fe65b2adfcb651fac118544257db27ef220eaecf411b86cdf33a6ef59de1af8b3a88003e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\BF13227E-B446-4E12-913E-7E5FBBEE54F6

Filesize
25B

MD5
63e8819444b404995663b56a82092c11

SHA1
34ad197827749e5ca94a56459b6c037a0645a0ac

SHA256
1c80bd5520d944c4ef4c586d4ed729bae4187e2269bb5c7c0b32c025c331a8bf

SHA512
da220f961e7c6a0bfaf7c73952721d0a1a5bed175fe1dc16fe78f1cce93e4084c3a04fcc266d786cb1df8073a4c5a178eae26b88490fa51e1238f6c1fbb448b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\app_icon_16.png

Filesize
597B

MD5
39a12032b2a1120530d797ce8fa618b3

SHA1
fb67cd135207043c015ded1db9bc35598fd626bf

SHA256
0cb38235ccb577f125c130d8bf905ecc11e92e9022f59de8faa6ba81ca843658

SHA512
55070dd2f349cd5a678c39d4e67bcdcc3b421ac285a3cc89b2725818cce61572b34dcc2f09f034d65a72dc976c6acc6bc65402835b32399549d867540b3fd31a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\app_icon_32.png

Filesize
1KB

MD5
5d7d5b54c0724a3e8b74f43da73ac402

SHA1
3a30be5616223a2bac6088b4d6632f5f6a8e1100

SHA256
343a1e26991049bbac19354e0802e708f74740e8e8e65ebb0077f80377647fdd

SHA512
4b3a944b2e10186c9d5c4a75247d98ee4af752605361f0761def02087f10520fbad4051f1fb1e3aecac7f644079ecc1a6aad567e83755e32d8b33f602cb4d89f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\bomgar-scc.exe

Filesize
763KB

MD5
043cac1683f5cab7d079925a4b8a0fed

SHA1
509ee93fcee9b59e6d383f30e55e52f88747e9b8

SHA256
25eae86c681f75d42985aa9d9ebc097167354bfb81419abc686c24492eadf211

SHA512
f1d4fb37f9866f6ca21622e6a0bf1c9993595bcc9480b91f80714d88fdc715ceb214403b53e427b237a61ca07891e8a7cf468b27551b68eb3583a20447d953d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_cb_access_key.png

Filesize
2KB

MD5
4c610f2c454ec9e9ff63d34d5676fbb5

SHA1
0d9d980624afd8948b44bf524cd441f111ec0637

SHA256
a751fdd03854a217b14136d9b9aecb9444b62fa0ef71a008db66703a8cb26fdc

SHA512
b7a6eaaa937c25fab2469b56eb8dc92250b7ab3fe2ec133f40e902327c671aa978fcf23e7ba8dfa90762ade6a819ddcd8ddba239724273ac7a0b06c615fb6645

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_cb_private.png

Filesize
3KB

MD5
41529de2e2ab466fcdf7c88809ef708e

SHA1
3834a44751fdd268780ef101b96b678873ef8493

SHA256
9c953f11ad2ee7e7495e71747eba1bb85002fcc13e0dd91123d24019cf5e367c

SHA512
56aea014d3d68e184e1755ecd70590e270fcbf3bbd460565959cc69718025667ff033b794f42b6c30982917935b6ab1a5d4d2472f41feac3099a8f88aefc6b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_cb_survey.png

Filesize
1KB

MD5
49ff076243c05aa6c44ae526925f966a

SHA1
6bf0ba5c6aaf838e542494aba72848e56db4871d

SHA256
79e39b353c0a9424f74356b423de9c7d4f5fc98df8a70c40909c8e3bfaf6fbcc

SHA512
4134fcc1284088d699412b031eb251fbfb980e0e6c281fd9948b38f2cdc8ec6d66f327b3bf1f5eb68c87587540c2d5a60341ca9186f909e822502c8d3c9c8a04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_cb_team.png

Filesize
3KB

MD5
c280d0ee8c186e77dd3ef60bfc66c57d

SHA1
57a03c32d25df8153c507ed427d12fc71c4a0ab6

SHA256
dfb4a7ab6125992a5e5b4da32e96612f317b7b354486fb3e8def18536bf30074

SHA512
bc614a530781aaff295eb99c9fa752a41d046ddf9434a6b088219155a9cf9f193cf39797de4852e08ac0bb49014aa4a86dd3d27eb82c2d9699567734ee0640e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_panic.png

Filesize
1KB

MD5
a95ccb65c6e1c558e6be67b0541273a1

SHA1
173782809be01d80e1b63c0e002b4aaf18e8828b

SHA256
900bb4d6e49e6fb1a83aa6faf856eefb40cc7bd691979bec2f0a3a4b90e0eca1

SHA512
dab9162daca7d70315b6e06f2448b85a933d622a067d58412ec6925762e92d9b40951a11c4775cdfb433cc15e09f47640df027f6b25de5290cb7369c71cb3984

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_sidebar_alert.png

Filesize
208B

MD5
b8cf0f472844ed55747e97b7419f97cd

SHA1
93b5c769d8ff3196cebfe753958bae012f0a55e1

SHA256
c7e6ecb41a1a19c75eb74aa70e7e880342a7ccfc0e374a176664f8affffeaea2

SHA512
84669ae3cad705c42a4345f2a14b49e38689d49f4f9435a3e320347b25eac0557016ba7337250c511428e71e57d3b6221b08ca441751ad5114a2f2eaafa847d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_sidebar_collapsed.png

Filesize
211B

MD5
fc12d35ebc61c8797a10a51b8e020cd0

SHA1
016f16621c21e8604418896472e7eee51d1fd110

SHA256
adbe8e74fdfad2ca1433457026cf6c62a5c1d147b910d95aec8cc192fa33aba1

SHA512
fca8fc395c974cab0e89d6dbc118f097ff1ae91483eda5ee1b9910165713f58175396f303c7026e16fbd7f08ddd4f9d5848bb1c21b4a5b5a5cc22da4b7f0fdf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_sidebar_expanded.png

Filesize
212B

MD5
7f77bc08ac490a514ae5984aa4056f03

SHA1
5fe227da79c18abfdb1856affc95eb3b32f31ee2

SHA256
250c8da2e78f7b839e98d9d949b9807e1d3b6829fdad4a7c9f2917eea9e11360

SHA512
0ca85c28ef6e78969ee3d2800b768b5cdd25efc3f19743dd82ae353ef6ed94c37848c160ec4ebae3b0ad000cc5623842cc9ed94ddb430748ffa962cd5449064f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_viewer_actual_size.png

Filesize
1KB

MD5
bd5ca395a3eb64d7cc99564c0b4ac83e

SHA1
eec139c93994045ded3deccd43c17899dbc59f39

SHA256
a1aec82b0934515229ed4075d47ccb8738491f36707a900d2c919b5e86cfef7a

SHA512
888d1da37ffdde6900880dcd1968127fba938e4ef684f00278d51c13b4b9dfa56f15952b72d7e26dd38c995c0eabdcbcab68a35fae8d57d693e408d2885b73b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_viewer_fit.png

Filesize
1KB

MD5
dfd0962a6473c0da071592965eca9380

SHA1
8726fbca13a01b238b112d17f703dad47f3a0cb3

SHA256
780f642a7fc532adab978c560d5eb392532c1f9a18c508e0a49d9a139e72af09

SHA512
3c3941673969aa3fd155adfaac5fe543fb57179677e30df76176b5c266f20843ea67a9b0179223fbd52c4bd07364be23f4a6cc987a57940b3215502d53f2566b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_viewer_quality16.png

Filesize
1KB

MD5
b0a0864f785cbafa976146f0e499eae5

SHA1
484cfe6b9dc40cd9b57040bfa82fc7d3f60bacd5

SHA256
d3d660b867b908354c0cdd072573f6816e30ead6807fff0c01b53e30b0c11fdd

SHA512
98c1ccfee6f05ff15f6a762b35982044f5c187cfda4142f8339fd7461fb9b03d8175618caa0f88d496a3c926e29d55f33a3137c68b962baef589989a0ad58634

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_viewer_quality32.png

Filesize
1KB

MD5
593808c880d6222263bda8ea30ae9b5f

SHA1
90583e92ab41c20aeb96647b257b7e47cfbd6a01

SHA256
d4a907ea59bbf70ea9e4a80cc041b445db28b35faae3b61b09584d187726eccc

SHA512
39e7fc5a346887da90a7e64c4683b94fb13cf65b5d5b5dc8c734d415346fae0d1b2e8844d157f1a21434c9aad75aac1ac1bec5fb95ef04da08bec67f1cda9123

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\button_viewer_quality8.png

Filesize
1KB

MD5
f29878f9b5cfbf51ded8ccb0b70e801b

SHA1
d3b4fb4542dfe45bcc4209a04a1403f6fbeb4686

SHA256
22befa93deed75de91d09f0baf109ca2580147bfdec4ff5e9bf895addd434210

SHA512
1264ea30237de4e65a7be89e46b00388977852733f2b7bc8f5a9959d8e4fe7bf926ec7917b6caf09d56bb2dfcc052ed082dfb34692ccb65556dbc678eda840d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_ft_animation0.png

Filesize
146B

MD5
cba4556689094cf1922ecd7a0a59d847

SHA1
071d0519e933ad855b1cbe51b9b006ba8aded653

SHA256
8febfe69dd46697ccbb2af88d5b45e9a073b3071f01b17cc39221f4b60c9a664

SHA512
68d46dec168a64b5d1ca245f3ab46e1d38906c2827aed68b1f2384015a90f8623ff3eca68ca26b1e9830422fe4b36bbda6ebe13e9f0a24c95ff6f53fad2dc765

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_ft_animation1.png

Filesize
345B

MD5
b1b479759c9e532425221577b43b097d

SHA1
76e775ad072096b19eab24a3b4b29a9b689871aa

SHA256
0d0d3838f43155c0017d81a4bfc2adb7841ec5041545594fac3cbbf9b8b17ead

SHA512
2d6f689aef66d7f0a4774b86829af84a5d0bebe327555578e947fc58aded326c605b33268cfeab3b8eaa76b91b6fb3698b2ca7a207d312385dd88f84ae5b7ffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_ft_animation2.png

Filesize
372B

MD5
8b64ecefbb37fa76b62449c0e654ed48

SHA1
f6ec58d90b404f6d83ce580cf95319cd9e73ec68

SHA256
0a2a7836ff19412091fd7bde86bad6c217d421ddfcd5152c3b25bd210be11b54

SHA512
9206363fb380db56237cc6291d4e1de44e2afd500cdc1b6a979c074093433d0261abac8c394461f22e2d11c0a7b71e1634c55ca2e73956d6396f9c36b3cbed00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_ft_animation3.png

Filesize
377B

MD5
68d36a699894af53bc32bcda665c682d

SHA1
c1f6b461264f238d9f422ab5714591c074b52ff5

SHA256
6c527add4735716b3489708468a8befb13caa6e1283404eeca1965b95d7731f9

SHA512
9a99399d223fb3d78718400be633505ed7d68593928406db92b924470ce47a03a23b953bf84d20437e32fdd22e589b454e0eb89b5f855fdddfc71f2985a5c4da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_ft_animation4.png

Filesize
372B

MD5
dc3637982ab2d90c3170cd470e6a6042

SHA1
a6ee0c7288765f489aaea62d56fe8d1bec90ecac

SHA256
cfe1839c6a1851a7d8c4ee357cf83c4a53f2e36ccda9a516781597d7c8a886f4

SHA512
870eb0558ca37727e630d70810920154cadad6a53e19d9ddb50a835ababeb83914b6bfe15d1cbf9b5374dd00b933a320bbef038cb4bc13b48a0e4d2e55483301

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_pinned_connected.png

Filesize
1KB

MD5
082537dcf3927ba113dfe80d8977e558

SHA1
3d69e091f0fcc263d1399a12f77e29788e9b5b7a

SHA256
c695776f6973cfc50a3b80e67a2ffa6f53f20d85c9eb75c9bc9714257e36f28c

SHA512
aeb611052c10064806e4585e753775cd83cbdd8b7d17b9e163eec17e76467cbbbd76912f2c674bef9b79537790d7ab0b3fe658600bbdc773d886f7ec59d9dc74

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_pinned_disconnected.png

Filesize
1KB

MD5
f04e7a3234b46e422c4e7d7457e89013

SHA1
c674b5422c79eb87cc41ff896dc04f5a0fe9d660

SHA256
70eb0f7f2743049ffdb86e723e4b38ad914ce70c65d5fdd350bb13b9289c806b

SHA512
75e2a513d0bc021e0cfebf4fe92b06e11d93be8704ca5977ac71735a373938650c7adcc8e7618ed5d81a3570194fffd3347f99cb2ef841eaa66814ad5efcf23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_rep_not_present.png

Filesize
118B

MD5
443cc9efc159caff51580d573f9b1cbb

SHA1
39d5dea5fa16a019b58642d605948b5071fd636f

SHA256
dab7631f385ebf316ab452bda036139128175f02d9c3675c7227c5ff339ab384

SHA512
235e4c054e40c348a2d1b98654cb502f07a4614168d060ae45c3d7f297cbc88be2bab960fcea62dccaf1b56f4f3757254a82968c69c2a8432c8449cfbea3e6ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_rep_present.png

Filesize
1KB

MD5
a04f7f342a118642d0f0285c3ea18cc1

SHA1
a16a3034a6141fdd32239395c09cebae20ab8053

SHA256
4763a3a28511eebda8000f0c5f2c42cc471524fe0881033add8fba80d6b2de54

SHA512
344a04438e9445e9bced533f70d9c8128a1b325616bc3ae718da70fdb196d6d628b4f39e0e3bae14cb48defb9cf549cd4a2de5923dfb47f3b89d3fc4878d95a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_rep_viewing.png

Filesize
2KB

MD5
e028b9e8c283b26107a7ba58b119e889

SHA1
36049d70f23b60f1297ebf177228e2d2ea074bc2

SHA256
104121b14a4c09a8fb360a24b62681812b7b9bef54ecb28cca69e6b951b4110b

SHA512
f9f89d74ef752347a4a4bf705723a62887a5cc1f17539089a7751a9828bea9c9d4f1800d65d0b22eaa4adbad64425a4ebdca26ce90c4e02f3083a69cb59c48cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\indicator_ss_watermark.png

Filesize
6KB

MD5
750c258707ecf7a7ce40023aa1e447d3

SHA1
8ee38bc863113ad9e18c867875cb315c47bd0981

SHA256
b6b17d4800c0e7da749979799dd453b26d8dc823144210c46b52c1cfceac2a53

SHA512
912919df5a83dc1c8e266be4120b91e9eedbb1685a17c886eb683db94bc9c4cba5ea8d0d1b7d58a33439c4e953de47313b755c4c558e974352367bbcd5927fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\nstvhook.dll

Filesize
7KB

MD5
18ebdc8b76af2fbd2cccd69b37efd2d8

SHA1
f70f2af2392e45594995a1c8b8865080b3513ac8

SHA256
c9a72bee4f15a282c72620cd21356c59a5768c59cbcb28dfa95fcfe464748456

SHA512
83eb58566dd81240bd5f7af445c8caf9a92943d129ce12587858f2316cc822635612af9ade0fdbf0d426b9cf81f5d6b8bc3decb80fb7c425c3c2117259f435ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\preload-en-us.rdf

Filesize
952B

MD5
b23b6a2fd7a4874ea287742beb4692c0

SHA1
1b0b350c003dc2d93957989f93b082ba0e41123e

SHA256
515f7ae9d910d587da58d36cfebe04c7044d9eede60221a2ac1e33f6732f73d5

SHA512
f4f911ad34c79e8c78009767f8033ea2e9c8f8d4b7ce09baf58b42b89ad5ace4e2355c57bb618c0d0c560b03e3450d83413ed91f840030919f2d06d89ab83c83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\remove.exe

Filesize
53KB

MD5
c32a5fe4eaf61eb04aaa22fd6a5a4bcc

SHA1
1ffc8c85a96e837911235cd6c2cbec4c5b8ae50a

SHA256
b9132a1436da8a7c011b3d6bc6810c71314b8e1d3bd832f363e4eeb8494f3c9a

SHA512
c8824a5936b3482870eeae2687257077f2683b265aac33218930b1ba1c7aceba2a24cfda96632d1b9d5dc371a97bbbebdd3e762b4656a45141561926cd9d8703

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\server.lic

Filesize
9KB

MD5
c614e0cf781efe28777cc3252d9c3ae2

SHA1
8f7534c47f838c4062a5902f803b7963951639ec

SHA256
a489583d1b4ced6b6860c0d05aa2c0611aca684389cca713fa47c44c7d9cac1f

SHA512
b4b241d68be21b48dd234e20527ba41bc6f9a72674fab262cae2258524b336c6df7388266e4d1ddfa26b86b63a993d100e42e8dafae6e56c3b70f435dd4fb03e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\settings-init.ini

Filesize
202B

MD5
cb2014e254df660a3f6fbcff683a0d5b

SHA1
3dcee084531e486ee18228a261c43a6c9695307e

SHA256
58fbc7c8ae1eeea1e8ac2c71b199dca4d5e551e27a138f3a7a11e7f05ea6d412

SHA512
04e454bcd2453e62c9a3a00dcf33500e2e3961fec8f5b542903ad764db967466eec28b878ee842687235b96b4758dbcd08893bb30ed88ade0d2b728e34718f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp82E9.tmp\uninstall.bat

Filesize
34B

MD5
0a66071b4436ed915697bfd252d02cf7

SHA1
f864686282191d807d993a52dab62e019699161f

SHA256
4de0cef8290d5f6186070e1430c5ace5766c0d2833aaf34fc71f086d5dd6a1ed

SHA512
1a9e6732119d4d65e81a9537a96a06f2f099ec62f2485657e652f4b38067ac4b566553c638512ca4d4a369404caa7f18f26fb6d5f182663c785669995dd9ed78

Download Submit
memory/2088-123-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download
memory/2088-49-0x0000000000790000-0x0000000000792000-memory.dmp

Filesize
8KB

Download
memory/2088-48-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download
memory/3708-128-0x00000000007D0000-0x00000000007D2000-memory.dmp

Filesize
8KB

Download
memory/3708-144-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download