Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 22:29
Static task
static1
Behavioral task
behavioral1
Sample
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Resource
win10v2004-20220414-en
General
-
Target
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
-
Size
3.0MB
-
MD5
f1b6dcdc41443111a0e9e78feef864c1
-
SHA1
07ef07bfc63410f1109f5c155d2a34ec755ed1ea
-
SHA256
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346
-
SHA512
ccdbe9e6c0fc4f3a96af8f80659bff72fefeceeba887714b01d878f3575db4f28fac950e4143081d80c09c578c0f7e63b80e77d8dbb2a1e9bd86fabb5c1fa64c
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
Processes:
HuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exepid process 1924 HuofengGameWorld.exe 540 HuofengGameWorld.exe 1268 HuofengGameWorld.exe 840 HuofengGameWorld.exe 892 hfgwupdate.exe -
Loads dropped DLL 23 IoCs
Processes:
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exepid process 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe 1924 HuofengGameWorld.exe 1924 HuofengGameWorld.exe 1924 HuofengGameWorld.exe 1924 HuofengGameWorld.exe 540 HuofengGameWorld.exe 540 HuofengGameWorld.exe 540 HuofengGameWorld.exe 540 HuofengGameWorld.exe 1268 HuofengGameWorld.exe 1268 HuofengGameWorld.exe 1268 HuofengGameWorld.exe 1268 HuofengGameWorld.exe 840 HuofengGameWorld.exe 840 HuofengGameWorld.exe 840 HuofengGameWorld.exe 840 HuofengGameWorld.exe 840 HuofengGameWorld.exe 892 hfgwupdate.exe 892 hfgwupdate.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\HuofengGameWorld = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\hfgwupdate.exe -opensystem" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
HuofengGameWorld.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA HuofengGameWorld.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
HuofengGameWorld.exedescription ioc process File opened for modification \??\PhysicalDrive0 HuofengGameWorld.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 10 IoCs
Processes:
hfgwupdate.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily hfgwupdate.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS hfgwupdate.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe -
Processes:
HuofengGameWorld.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\HuofengGameWorld.exe = "1" HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION HuofengGameWorld.exe Set value (int) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HuofengGameWorld.exe = "9999" HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch HuofengGameWorld.exe Set value (str) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl HuofengGameWorld.exe -
Modifies registry class 64 IoCs
Processes:
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\ = "IEAux 1.0 Type Library" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\ = "IEAux Class" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS\ = "0" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\ = "IEAux Class" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}\ = "AuxMod" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL\AppID = "{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID\ = "IEAuxMod.IEAux.1" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87} 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ = "IEAux Class" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Programmable 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ThreadingModel = "Apartment" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld" 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
hfgwupdate.exeAUDIODG.EXEdescription pid process Token: SeBackupPrivilege 892 hfgwupdate.exe Token: SeRestorePrivilege 892 hfgwupdate.exe Token: SeChangeNotifyPrivilege 892 hfgwupdate.exe Token: 33 1884 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1884 AUDIODG.EXE Token: 33 1884 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1884 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
HuofengGameWorld.exepid process 840 HuofengGameWorld.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
HuofengGameWorld.exepid process 840 HuofengGameWorld.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
HuofengGameWorld.exepid process 840 HuofengGameWorld.exe 840 HuofengGameWorld.exe 840 HuofengGameWorld.exe -
Suspicious use of WriteProcessMemory 23 IoCs
Processes:
9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exeHuofengGameWorld.exedescription pid process target process PID 1016 wrote to memory of 1924 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1924 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1924 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1924 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 540 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 540 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 540 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 540 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1268 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1268 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1268 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 1268 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 840 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 840 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 840 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 1016 wrote to memory of 840 1016 9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe HuofengGameWorld.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe PID 840 wrote to memory of 892 840 HuofengGameWorld.exe hfgwupdate.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe"C:\Users\Admin\AppData\Local\Temp\9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installprotocol2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -install_small_pack 140511401071307949122⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installicon 140511401071307949122⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" hfgame://id:14051140107130794912,category:52⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5501⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD5010b4d91d539d4e595bc5dfd0cc76d49
SHA10a72003557a8676705ebdbdf23b35f62202d0099
SHA25693125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
SHA512fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCP100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCR100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\config.datFilesize
393B
MD574763b466651a9f061464bf3da5b7707
SHA1c8ed4bc93bbbbcd5025eec9d31c7091146fbf422
SHA256258bcf86763cceb3e535f1d6422d8b2ba8f99a72af0843027ea54df12e7697db
SHA512e27176f8fef040cbbfa692b61366bcd1efd4679b053f8658c11a1da4da0d4d25b4544e28937f446f8cc155fcf52d033ec66e77b7bdc2952b4c0a86f12697c788
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exeFilesize
668KB
MD57500395f2c1353c49ba2ebf8b5a85546
SHA1ef0cb174a919d92ce743d7e11e88c84eca19c620
SHA25644e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7
SHA51284721d6106ec6bd6fe333fb35f7ef926afccc948e3a2de1d1ceed30f95bd7f3148cc19b25c9652b07aa1bc6a956b4807b3e8c9d1067868998c27210b771ec33d
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exeFilesize
668KB
MD57500395f2c1353c49ba2ebf8b5a85546
SHA1ef0cb174a919d92ce743d7e11e88c84eca19c620
SHA25644e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7
SHA51284721d6106ec6bd6fe333fb35f7ef926afccc948e3a2de1d1ceed30f95bd7f3148cc19b25c9652b07aa1bc6a956b4807b3e8c9d1067868998c27210b771ec33d
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib.pngFilesize
2KB
MD5f1cd23cec1ad277e34214d8c7458c226
SHA10c3fa5144536b02657276377989cfb36d4c235de
SHA2562ca40d953b3df2cb71ad3c649af7da3ef47878d0b647aaf803c4080ca292a797
SHA5121ced2896739479a75095cdf860f345b78b32b7aadd173fb5fe7d8aa1cb5ea247731a831f533afd64d90d9dc58ce8fc3fcf2fdec35180e04de964da5310b1098e
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib_hot.pngFilesize
1KB
MD5428ab0566da92e393025855366022ecd
SHA104c3bad9fc7eefa952e9bdd8f8780f47f458c1b7
SHA25678478d3cb7e8e20e92cea4045b547a931ae0fb36a5a7228d99f4321fa6a1ddb2
SHA512984193111a36e1c8599520a626f5cbce6dfefee8ba90472737e7434db308b349270c4dd41ffe84bd578baf6cf251cc3d6985ffc390cca2b382b68efd29671f1c
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames.pngFilesize
2KB
MD55cae3b1af2d7fa15a301bd73e57bb6a8
SHA154502662655eac7889fd49b701d2f5f37ea1e219
SHA256f2af69dd00da4e6b1fe8d930824a892cf0e75c9ae3c7a3132ce66288d17efdcb
SHA5121effc7f30d2f86404a49fb0a50a470a5427234db9b3b05bd978bdc1f465e38468c0c9d00f366095985d6ac93aec3be26eb06d74d12d8aee15aa957306264ed53
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames_hot.pngFilesize
1KB
MD57f7d159e97d63a2e5b1ef6c18869b18c
SHA11cb0014172d654a3fc50e21344f8f2f021bba698
SHA25679abce6749dd99c51dc8c13a9cba57540125df73582176b08d6990758ec09a68
SHA512f2703f184912f54e200618409cd19211d79cd9a92bafa53b68b6d31b6e2d0ca9a107485e178ad17a64a943a5762fca4582bd498f34c33ad38f56c89e9eff72ff
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\setting.datFilesize
530B
MD5e759313e404abf86e930b2abdc262ea3
SHA1b9d816d9b56ae0f2356f3f899285d338ae24ffe1
SHA25613a9660b3115924ee645f8088a344e524d699179f4be201078ea849997d6b9f9
SHA512f967fa7241db385d126b68561da0aa461d0844d0aa1107808f3d161608c4db42856184970afc13e59ecd9f3a4cf7de71be92f147357bdf5deb8933f068d8bf3f
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\skin.zipFilesize
445KB
MD57f5f26ba449b6205b02230729349ec71
SHA1a19c5d28281ef641ef96bc542d68a0372bb45db5
SHA2566f02ecbb1aa8ecb8ff2c3d2bc2aca0d19e246c02c884238afd16b027de6f7d96
SHA5126cd7f177e8552f4f3b9eb84b4456878c40c45ccf765ddf8715417e4117d5475e9355a7923203632cdcdcffb5957e5a1945b660eb4bb8fec937038711d7400eee
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5d12d28dce936a741dc0e01858f9f8ec4
SHA17f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5
SHA25638832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f
SHA512845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf
-
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD5010b4d91d539d4e595bc5dfd0cc76d49
SHA10a72003557a8676705ebdbdf23b35f62202d0099
SHA25693125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
SHA512fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53
-
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD5010b4d91d539d4e595bc5dfd0cc76d49
SHA10a72003557a8676705ebdbdf23b35f62202d0099
SHA25693125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
SHA512fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53
-
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD5010b4d91d539d4e595bc5dfd0cc76d49
SHA10a72003557a8676705ebdbdf23b35f62202d0099
SHA25693125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
SHA512fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53
-
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD5010b4d91d539d4e595bc5dfd0cc76d49
SHA10a72003557a8676705ebdbdf23b35f62202d0099
SHA25693125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
SHA512fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53
-
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD5f034531a701044350969d768a825b60c
SHA18763743d1d3e4c8a3cf151de06b34e67cec88465
SHA25611456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
SHA512a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
-
\Users\Admin\AppData\Local\HuofengGameWorld\IEAux.dllFilesize
64KB
MD53633de4079190b65d9c1a062db39b882
SHA170b6f944a6711b69b8d1a992456dccb3bc2618f2
SHA25671141a084a6ccc601f9ae32b5a56476854efde219bdad3c4abc93865fb5e611b
SHA512d8a7540713e34c74261ca542d3dc4ec1cb35da3953ba6fb390f4526147df1a14c68d940756a53a44676f6faa7ca9cc0bfb442ce390038c321117a832ace10362
-
\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exeFilesize
668KB
MD57500395f2c1353c49ba2ebf8b5a85546
SHA1ef0cb174a919d92ce743d7e11e88c84eca19c620
SHA25644e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7
SHA51284721d6106ec6bd6fe333fb35f7ef926afccc948e3a2de1d1ceed30f95bd7f3148cc19b25c9652b07aa1bc6a956b4807b3e8c9d1067868998c27210b771ec33d
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5d12d28dce936a741dc0e01858f9f8ec4
SHA17f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5
SHA25638832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f
SHA512845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf
-
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5d12d28dce936a741dc0e01858f9f8ec4
SHA17f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5
SHA25638832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f
SHA512845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf
-
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5d12d28dce936a741dc0e01858f9f8ec4
SHA17f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5
SHA25638832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f
SHA512845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf
-
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5d12d28dce936a741dc0e01858f9f8ec4
SHA17f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5
SHA25638832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f
SHA512845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf
-
memory/540-71-0x0000000000000000-mapping.dmp
-
memory/840-85-0x0000000000000000-mapping.dmp
-
memory/892-95-0x0000000000000000-mapping.dmp
-
memory/1016-54-0x0000000075501000-0x0000000075503000-memory.dmpFilesize
8KB
-
memory/1268-78-0x0000000000000000-mapping.dmp
-
memory/1924-59-0x0000000000000000-mapping.dmp