9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346

Analysis

max time kernel
137s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Size

3.0MB
MD5

f1b6dcdc41443111a0e9e78feef864c1
SHA1

07ef07bfc63410f1109f5c155d2a34ec755ed1ea
SHA256

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346
SHA512

ccdbe9e6c0fc4f3a96af8f80659bff72fefeceeba887714b01d878f3575db4f28fac950e4143081d80c09c578c0f7e63b80e77d8dbb2a1e9bd86fabb5c1fa64c

Score

8^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

HuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exe

pid process

4936 HuofengGameWorld.exe
4192 HuofengGameWorld.exe
4504 hfgwupdate.exe
3480 HuofengGameWorld.exe
4616 HuofengGameWorld.exe
4896 HuofengGameWorld.exe

pid	process
4936	HuofengGameWorld.exe
4192	HuofengGameWorld.exe
4504	hfgwupdate.exe
3480	HuofengGameWorld.exe
4616	HuofengGameWorld.exe
4896	HuofengGameWorld.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exeHuofengGameWorld.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Control Panel\International\Geo\Nation	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Control Panel\International\Geo\Nation	HuofengGameWorld.exe

Loads dropped DLL 22 IoCs

Processes:

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exe

pid	process
2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
4936	HuofengGameWorld.exe
4936	HuofengGameWorld.exe
4936	HuofengGameWorld.exe
4936	HuofengGameWorld.exe
4192	HuofengGameWorld.exe
4192	HuofengGameWorld.exe
4192	HuofengGameWorld.exe
4192	HuofengGameWorld.exe
3480	HuofengGameWorld.exe
3480	HuofengGameWorld.exe
3480	HuofengGameWorld.exe
3480	HuofengGameWorld.exe
4616	HuofengGameWorld.exe
4616	HuofengGameWorld.exe
4616	HuofengGameWorld.exe
4616	HuofengGameWorld.exe
4896	HuofengGameWorld.exe
4896	HuofengGameWorld.exe
4896	HuofengGameWorld.exe
4896	HuofengGameWorld.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows\CurrentVersion\Run	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HuofengGameWorld = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\hfgwupdate.exe -opensystem"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

HuofengGameWorld.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA HuofengGameWorld.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	HuofengGameWorld.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

HuofengGameWorld.exeHuofengGameWorld.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	HuofengGameWorld.exe
File opened for modification	\??\PhysicalDrive0	HuofengGameWorld.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

hfgwupdate.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	hfgwupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	hfgwupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

Processes:

HuofengGameWorld.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	HuofengGameWorld.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\HuofengGameWorld.exe = "1"	HuofengGameWorld.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HuofengGameWorld.exe = "9999"	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	HuofengGameWorld.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\IESettingSync	HuofengGameWorld.exe

Modifies registry class 64 IoCs

Processes:

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\ = "IEAux Class"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}\ = "AuxMod"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ThreadingModel = "Apartment"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ = "IEAux Class"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS\ = "0"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\ = "IEAux 1.0 Type Library"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID\ = "IEAuxMod.IEAux.1"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Programmable	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL\AppID = "{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID\ = "IEAuxMod.IEAux"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\ = "IEAux Class"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents"	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

hfgwupdate.exe

description	pid	process
Token: SeBackupPrivilege	4504	hfgwupdate.exe
Token: SeRestorePrivilege	4504	hfgwupdate.exe
Token: SeChangeNotifyPrivilege	4504	hfgwupdate.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

HuofengGameWorld.exe

pid process

4936 HuofengGameWorld.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

HuofengGameWorld.exe

pid process

4936 HuofengGameWorld.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

HuofengGameWorld.exe

pid process

4936 HuofengGameWorld.exe
4936 HuofengGameWorld.exe
4936 HuofengGameWorld.exe

pid	process
4936	HuofengGameWorld.exe

pid	process
4936	HuofengGameWorld.exe

pid	process
4936	HuofengGameWorld.exe
4936	HuofengGameWorld.exe
4936	HuofengGameWorld.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exeHuofengGameWorld.exe

description	pid	process	target process
PID 2944 wrote to memory of 4936	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4936	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4936	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4192	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4192	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4192	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 4936 wrote to memory of 4504	4936	HuofengGameWorld.exe	hfgwupdate.exe
PID 4936 wrote to memory of 4504	4936	HuofengGameWorld.exe	hfgwupdate.exe
PID 4936 wrote to memory of 4504	4936	HuofengGameWorld.exe	hfgwupdate.exe
PID 2944 wrote to memory of 3480	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 3480	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 3480	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4616	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4616	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4616	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4896	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4896	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe
PID 2944 wrote to memory of 4896	2944	9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe	HuofengGameWorld.exe

C:\Users\Admin\AppData\Local\Temp\9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe
"C:\Users\Admin\AppData\Local\Temp\9fa220a2b3b0c45abcc688160ba45d421e0a2dbeb0d0f3626f97e190b0918346.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -desktop
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4936

C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"
3⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:4504

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installprotocol
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
PID:4192

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -install_small_pack 14051140107130794912
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:3480

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installicon 14051140107130794912
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:4616

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" hfgame://id:14051140107130794912,category:5
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:4896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
f034531a701044350969d768a825b60c

SHA1
8763743d1d3e4c8a3cf151de06b34e67cec88465

SHA256
11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584

SHA512
a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
f034531a701044350969d768a825b60c

SHA1
8763743d1d3e4c8a3cf151de06b34e67cec88465

SHA256
11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584

SHA512
a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
f034531a701044350969d768a825b60c

SHA1
8763743d1d3e4c8a3cf151de06b34e67cec88465

SHA256
11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584

SHA512
a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
f034531a701044350969d768a825b60c

SHA1
8763743d1d3e4c8a3cf151de06b34e67cec88465

SHA256
11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584

SHA512
a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
f034531a701044350969d768a825b60c

SHA1
8763743d1d3e4c8a3cf151de06b34e67cec88465

SHA256
11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584

SHA512
a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
f034531a701044350969d768a825b60c

SHA1
8763743d1d3e4c8a3cf151de06b34e67cec88465

SHA256
11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584

SHA512
a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\IEAux.dll
Filesize
64KB

MD5
3633de4079190b65d9c1a062db39b882

SHA1
70b6f944a6711b69b8d1a992456dccb3bc2618f2

SHA256
71141a084a6ccc601f9ae32b5a56476854efde219bdad3c4abc93865fb5e611b

SHA512
d8a7540713e34c74261ca542d3dc4ec1cb35da3953ba6fb390f4526147df1a14c68d940756a53a44676f6faa7ca9cc0bfb442ce390038c321117a832ace10362

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCP100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\config.dat
Filesize
393B

MD5
74763b466651a9f061464bf3da5b7707

SHA1
c8ed4bc93bbbbcd5025eec9d31c7091146fbf422

SHA256
258bcf86763cceb3e535f1d6422d8b2ba8f99a72af0843027ea54df12e7697db

SHA512
e27176f8fef040cbbfa692b61366bcd1efd4679b053f8658c11a1da4da0d4d25b4544e28937f446f8cc155fcf52d033ec66e77b7bdc2952b4c0a86f12697c788

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
668KB

MD5
7500395f2c1353c49ba2ebf8b5a85546

SHA1
ef0cb174a919d92ce743d7e11e88c84eca19c620

SHA256
44e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7

SHA512
84721d6106ec6bd6fe333fb35f7ef926afccc948e3a2de1d1ceed30f95bd7f3148cc19b25c9652b07aa1bc6a956b4807b3e8c9d1067868998c27210b771ec33d

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
668KB

MD5
7500395f2c1353c49ba2ebf8b5a85546

SHA1
ef0cb174a919d92ce743d7e11e88c84eca19c620

SHA256
44e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7

SHA512
84721d6106ec6bd6fe333fb35f7ef926afccc948e3a2de1d1ceed30f95bd7f3148cc19b25c9652b07aa1bc6a956b4807b3e8c9d1067868998c27210b771ec33d

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib.png
Filesize
2KB

MD5
f1cd23cec1ad277e34214d8c7458c226

SHA1
0c3fa5144536b02657276377989cfb36d4c235de

SHA256
2ca40d953b3df2cb71ad3c649af7da3ef47878d0b647aaf803c4080ca292a797

SHA512
1ced2896739479a75095cdf860f345b78b32b7aadd173fb5fe7d8aa1cb5ea247731a831f533afd64d90d9dc58ce8fc3fcf2fdec35180e04de964da5310b1098e

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib_hot.png
Filesize
1KB

MD5
428ab0566da92e393025855366022ecd

SHA1
04c3bad9fc7eefa952e9bdd8f8780f47f458c1b7

SHA256
78478d3cb7e8e20e92cea4045b547a931ae0fb36a5a7228d99f4321fa6a1ddb2

SHA512
984193111a36e1c8599520a626f5cbce6dfefee8ba90472737e7434db308b349270c4dd41ffe84bd578baf6cf251cc3d6985ffc390cca2b382b68efd29671f1c

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames.png
Filesize
2KB

MD5
5cae3b1af2d7fa15a301bd73e57bb6a8

SHA1
54502662655eac7889fd49b701d2f5f37ea1e219

SHA256
f2af69dd00da4e6b1fe8d930824a892cf0e75c9ae3c7a3132ce66288d17efdcb

SHA512
1effc7f30d2f86404a49fb0a50a470a5427234db9b3b05bd978bdc1f465e38468c0c9d00f366095985d6ac93aec3be26eb06d74d12d8aee15aa957306264ed53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames_hot.png
Filesize
1KB

MD5
7f7d159e97d63a2e5b1ef6c18869b18c

SHA1
1cb0014172d654a3fc50e21344f8f2f021bba698

SHA256
79abce6749dd99c51dc8c13a9cba57540125df73582176b08d6990758ec09a68

SHA512
f2703f184912f54e200618409cd19211d79cd9a92bafa53b68b6d31b6e2d0ca9a107485e178ad17a64a943a5762fca4582bd498f34c33ad38f56c89e9eff72ff

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\setting.dat
Filesize
530B

MD5
e759313e404abf86e930b2abdc262ea3

SHA1
b9d816d9b56ae0f2356f3f899285d338ae24ffe1

SHA256
13a9660b3115924ee645f8088a344e524d699179f4be201078ea849997d6b9f9

SHA512
f967fa7241db385d126b68561da0aa461d0844d0aa1107808f3d161608c4db42856184970afc13e59ecd9f3a4cf7de71be92f147357bdf5deb8933f068d8bf3f

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\skin.zip
Filesize
445KB

MD5
7f5f26ba449b6205b02230729349ec71

SHA1
a19c5d28281ef641ef96bc542d68a0372bb45db5

SHA256
6f02ecbb1aa8ecb8ff2c3d2bc2aca0d19e246c02c884238afd16b027de6f7d96

SHA512
6cd7f177e8552f4f3b9eb84b4456878c40c45ccf765ddf8715417e4117d5475e9355a7923203632cdcdcffb5957e5a1945b660eb4bb8fec937038711d7400eee

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
memory/3480-159-0x0000000000000000-mapping.dmp

Download
memory/4192-135-0x0000000000000000-mapping.dmp

Download
memory/4504-152-0x0000000000000000-mapping.dmp

Download
memory/4616-165-0x0000000000000000-mapping.dmp

Download
memory/4896-171-0x0000000000000000-mapping.dmp

Download
memory/4936-132-0x0000000000000000-mapping.dmp

Download