05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c

Analysis

max time kernel
141s
max time network
152s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Size

3.1MB
MD5

8f624f06bacd6651334446e80ff16972
SHA1

0494097ab18dc74945acdbca430c91d4d1a3e3b4
SHA256

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c
SHA512

df64645de7143ae36ccee595365dd9e5f8a14cba463451b8fb0a1385b7262d43e11e6e39d915946443ee74bc7bc6d7de9e92b2e2db65e1142b33983ca46105f8

Score

8^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

HuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exe

pid process

1888 HuofengGameWorld.exe
1656 HuofengGameWorld.exe
1660 HuofengGameWorld.exe
1316 HuofengGameWorld.exe
928 hfgwupdate.exe

pid	process
1888	HuofengGameWorld.exe
1656	HuofengGameWorld.exe
1660	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
928	hfgwupdate.exe

Loads dropped DLL 23 IoCs

Processes:

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exe

pid	process
1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
1888	HuofengGameWorld.exe
1888	HuofengGameWorld.exe
1888	HuofengGameWorld.exe
1888	HuofengGameWorld.exe
1656	HuofengGameWorld.exe
1656	HuofengGameWorld.exe
1656	HuofengGameWorld.exe
1656	HuofengGameWorld.exe
1660	HuofengGameWorld.exe
1660	HuofengGameWorld.exe
1660	HuofengGameWorld.exe
1660	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
928	hfgwupdate.exe
928	hfgwupdate.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Windows\CurrentVersion\Run	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Windows\CurrentVersion\Run\HuofengGameWorld = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\hfgwupdate.exe -opensystem"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

HuofengGameWorld.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA HuofengGameWorld.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

HuofengGameWorld.exe

description ioc process

File opened for modification \??\PhysicalDrive0 HuofengGameWorld.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	HuofengGameWorld.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	HuofengGameWorld.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

HuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exeHuofengGameWorld.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	hfgwupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HuofengGameWorld.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	hfgwupdate.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

HuofengGameWorld.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	HuofengGameWorld.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HuofengGameWorld.exe = "9999"	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	HuofengGameWorld.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main	HuofengGameWorld.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	HuofengGameWorld.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\HuofengGameWorld.exe = "1"	HuofengGameWorld.exe

Modifies registry class 64 IoCs

Processes:

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL\AppID = "{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ = "IEAux Class"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID\ = "IEAuxMod.IEAux.1"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID\ = "IEAuxMod.IEAux"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\ = "IEAux Class"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\ = "IEAux 1.0 Type Library"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\ = "IEAux Class"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer\ = "IEAuxMod.IEAux.1"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}\ = "AuxMod"	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

hfgwupdate.exeAUDIODG.EXE

description	pid	process
Token: SeBackupPrivilege	928	hfgwupdate.exe
Token: SeRestorePrivilege	928	hfgwupdate.exe
Token: SeChangeNotifyPrivilege	928	hfgwupdate.exe
Token: 33	1464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1464	AUDIODG.EXE
Token: 33	1464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1464	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

HuofengGameWorld.exe

pid process

1316 HuofengGameWorld.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

HuofengGameWorld.exe

pid process

1316 HuofengGameWorld.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

HuofengGameWorld.exe

pid process

1316 HuofengGameWorld.exe
1316 HuofengGameWorld.exe
1316 HuofengGameWorld.exe

pid	process
1316	HuofengGameWorld.exe

pid	process
1316	HuofengGameWorld.exe

pid	process
1316	HuofengGameWorld.exe
1316	HuofengGameWorld.exe
1316	HuofengGameWorld.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exeHuofengGameWorld.exe

description	pid	process	target process
PID 1648 wrote to memory of 1888	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1888	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1888	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1888	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1656	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1656	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1656	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1656	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1660	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1660	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1660	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1660	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1316	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1316	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1316	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1648 wrote to memory of 1316	1648	05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe	HuofengGameWorld.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe
PID 1316 wrote to memory of 928	1316	HuofengGameWorld.exe	hfgwupdate.exe

C:\Users\Admin\AppData\Local\Temp\05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
"C:\Users\Admin\AppData\Local\Temp\05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installprotocol
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
PID:1888

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -install_small_pack 73152031041596
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:1656

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installicon 73152031041596
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:1660

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" hfgame://id:73152031041596,category:5
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316

C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1464

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
9965c1dfa81aba7cb0f235977558abf7

SHA1
3d5c95ba315c5d4608f0bf3563bf29c7f007a810

SHA256
d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b

SHA512
fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCP100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\config.dat
Filesize
393B

MD5
74763b466651a9f061464bf3da5b7707

SHA1
c8ed4bc93bbbbcd5025eec9d31c7091146fbf422

SHA256
258bcf86763cceb3e535f1d6422d8b2ba8f99a72af0843027ea54df12e7697db

SHA512
e27176f8fef040cbbfa692b61366bcd1efd4679b053f8658c11a1da4da0d4d25b4544e28937f446f8cc155fcf52d033ec66e77b7bdc2952b4c0a86f12697c788

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
661KB

MD5
5f2a07da815a6c088e1b381b3188f2e4

SHA1
dd87ada5a80e9d1e67f0cd413b37c8b56758e573

SHA256
a12cf129d1c386666411e83eb0e3dbd11cf9e29fb5510dd2747f09e0eef8639b

SHA512
6421865ccaeb53d95fefe0a005dd74069cb857de5d2273e76048b37a9c7b713470830af95bc24f678710df39655c647100d0e92265c9ac763bc28dcc92f527f6

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
661KB

MD5
5f2a07da815a6c088e1b381b3188f2e4

SHA1
dd87ada5a80e9d1e67f0cd413b37c8b56758e573

SHA256
a12cf129d1c386666411e83eb0e3dbd11cf9e29fb5510dd2747f09e0eef8639b

SHA512
6421865ccaeb53d95fefe0a005dd74069cb857de5d2273e76048b37a9c7b713470830af95bc24f678710df39655c647100d0e92265c9ac763bc28dcc92f527f6

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib.png
Filesize
2KB

MD5
f1cd23cec1ad277e34214d8c7458c226

SHA1
0c3fa5144536b02657276377989cfb36d4c235de

SHA256
2ca40d953b3df2cb71ad3c649af7da3ef47878d0b647aaf803c4080ca292a797

SHA512
1ced2896739479a75095cdf860f345b78b32b7aadd173fb5fe7d8aa1cb5ea247731a831f533afd64d90d9dc58ce8fc3fcf2fdec35180e04de964da5310b1098e

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib_hot.png
Filesize
1KB

MD5
428ab0566da92e393025855366022ecd

SHA1
04c3bad9fc7eefa952e9bdd8f8780f47f458c1b7

SHA256
78478d3cb7e8e20e92cea4045b547a931ae0fb36a5a7228d99f4321fa6a1ddb2

SHA512
984193111a36e1c8599520a626f5cbce6dfefee8ba90472737e7434db308b349270c4dd41ffe84bd578baf6cf251cc3d6985ffc390cca2b382b68efd29671f1c

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames.png
Filesize
2KB

MD5
5cae3b1af2d7fa15a301bd73e57bb6a8

SHA1
54502662655eac7889fd49b701d2f5f37ea1e219

SHA256
f2af69dd00da4e6b1fe8d930824a892cf0e75c9ae3c7a3132ce66288d17efdcb

SHA512
1effc7f30d2f86404a49fb0a50a470a5427234db9b3b05bd978bdc1f465e38468c0c9d00f366095985d6ac93aec3be26eb06d74d12d8aee15aa957306264ed53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames_hot.png
Filesize
1KB

MD5
7f7d159e97d63a2e5b1ef6c18869b18c

SHA1
1cb0014172d654a3fc50e21344f8f2f021bba698

SHA256
79abce6749dd99c51dc8c13a9cba57540125df73582176b08d6990758ec09a68

SHA512
f2703f184912f54e200618409cd19211d79cd9a92bafa53b68b6d31b6e2d0ca9a107485e178ad17a64a943a5762fca4582bd498f34c33ad38f56c89e9eff72ff

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\setting.dat
Filesize
518B

MD5
c702074f3f5ea2f29965161d568555c2

SHA1
fc26fcf13b58c6c04f82a8c029afcf3b1d73c93a

SHA256
fd40c405bcbc987e42f687e9e82df1f622231b66892427184add9eb4635f46ac

SHA512
36227e732539792ed61860f3a4cb47c98c333051b78815964867aefcc3163df52e460c5188b89b3904d5baf0b409977451a3e1cc1ce85ef4174b96fa0d78b6ad

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\skin.zip
Filesize
445KB

MD5
7f5f26ba449b6205b02230729349ec71

SHA1
a19c5d28281ef641ef96bc542d68a0372bb45db5

SHA256
6f02ecbb1aa8ecb8ff2c3d2bc2aca0d19e246c02c884238afd16b027de6f7d96

SHA512
6cd7f177e8552f4f3b9eb84b4456878c40c45ccf765ddf8715417e4117d5475e9355a7923203632cdcdcffb5957e5a1945b660eb4bb8fec937038711d7400eee

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
e2074cf2622722fbc72446737011da3a

SHA1
97678d44e98e4f54ee7a955f0e2dbba65383b128

SHA256
0100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444

SHA512
8e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
9965c1dfa81aba7cb0f235977558abf7

SHA1
3d5c95ba315c5d4608f0bf3563bf29c7f007a810

SHA256
d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b

SHA512
fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
9965c1dfa81aba7cb0f235977558abf7

SHA1
3d5c95ba315c5d4608f0bf3563bf29c7f007a810

SHA256
d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b

SHA512
fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
9965c1dfa81aba7cb0f235977558abf7

SHA1
3d5c95ba315c5d4608f0bf3563bf29c7f007a810

SHA256
d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b

SHA512
fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
9965c1dfa81aba7cb0f235977558abf7

SHA1
3d5c95ba315c5d4608f0bf3563bf29c7f007a810

SHA256
d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b

SHA512
fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
955KB

MD5
1dd0edb4d78e41c69c34bdf5ac67b5ac

SHA1
d003a8b450826de6b4c416fbc88d7557e5c1767e

SHA256
32ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8

SHA512
7569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\IEAux.dll
Filesize
64KB

MD5
707b32d177490c25338abb5ea442a36d

SHA1
d4d7c03cf684ab2d2015a7bee8c93a5ac34f331e

SHA256
b841868c2d07d5f78b697bf743a95993b67ecf6ffc5cca549e93e57d9b848058

SHA512
9e1e5d864856ac4220b8bf522fd2c241fe57e6475e72eef1f276715839763f083ba92edf48d4802154161fe2a9c6315fb87cf8b844d25f174ccc596903acdef8

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
661KB

MD5
5f2a07da815a6c088e1b381b3188f2e4

SHA1
dd87ada5a80e9d1e67f0cd413b37c8b56758e573

SHA256
a12cf129d1c386666411e83eb0e3dbd11cf9e29fb5510dd2747f09e0eef8639b

SHA512
6421865ccaeb53d95fefe0a005dd74069cb857de5d2273e76048b37a9c7b713470830af95bc24f678710df39655c647100d0e92265c9ac763bc28dcc92f527f6

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
e2074cf2622722fbc72446737011da3a

SHA1
97678d44e98e4f54ee7a955f0e2dbba65383b128

SHA256
0100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444

SHA512
8e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
e2074cf2622722fbc72446737011da3a

SHA1
97678d44e98e4f54ee7a955f0e2dbba65383b128

SHA256
0100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444

SHA512
8e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
e2074cf2622722fbc72446737011da3a

SHA1
97678d44e98e4f54ee7a955f0e2dbba65383b128

SHA256
0100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444

SHA512
8e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
e2074cf2622722fbc72446737011da3a

SHA1
97678d44e98e4f54ee7a955f0e2dbba65383b128

SHA256
0100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444

SHA512
8e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a

Download Submit
memory/928-95-0x0000000000000000-mapping.dmp

Download
memory/1316-85-0x0000000000000000-mapping.dmp

Download
memory/1648-54-0x0000000076421000-0x0000000076423000-memory.dmp

Filesize
8KB

Download
memory/1656-71-0x0000000000000000-mapping.dmp

Download
memory/1660-78-0x0000000000000000-mapping.dmp

Download
memory/1888-59-0x0000000000000000-mapping.dmp

Download