Analysis
-
max time kernel
125s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 04:46
Static task
static1
Behavioral task
behavioral1
Sample
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
Resource
win10v2004-20220414-en
General
-
Target
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe
-
Size
3.1MB
-
MD5
8f624f06bacd6651334446e80ff16972
-
SHA1
0494097ab18dc74945acdbca430c91d4d1a3e3b4
-
SHA256
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c
-
SHA512
df64645de7143ae36ccee595365dd9e5f8a14cba463451b8fb0a1385b7262d43e11e6e39d915946443ee74bc7bc6d7de9e92b2e2db65e1142b33983ca46105f8
Malware Config
Signatures
-
Executes dropped EXE 6 IoCs
Processes:
HuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exeHuofengGameWorld.exeHuofengGameWorld.exepid process 4244 HuofengGameWorld.exe 3156 HuofengGameWorld.exe 4540 HuofengGameWorld.exe 1092 hfgwupdate.exe 3968 HuofengGameWorld.exe 4940 HuofengGameWorld.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exeHuofengGameWorld.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key value queried \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation HuofengGameWorld.exe -
Loads dropped DLL 22 IoCs
Processes:
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exepid process 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe 4244 HuofengGameWorld.exe 3156 HuofengGameWorld.exe 4244 HuofengGameWorld.exe 3156 HuofengGameWorld.exe 3156 HuofengGameWorld.exe 3156 HuofengGameWorld.exe 4244 HuofengGameWorld.exe 4244 HuofengGameWorld.exe 4540 HuofengGameWorld.exe 4540 HuofengGameWorld.exe 4540 HuofengGameWorld.exe 4540 HuofengGameWorld.exe 3968 HuofengGameWorld.exe 3968 HuofengGameWorld.exe 3968 HuofengGameWorld.exe 3968 HuofengGameWorld.exe 4940 HuofengGameWorld.exe 4940 HuofengGameWorld.exe 4940 HuofengGameWorld.exe 4940 HuofengGameWorld.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HuofengGameWorld = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\hfgwupdate.exe -opensystem" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
HuofengGameWorld.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA HuofengGameWorld.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
HuofengGameWorld.exeHuofengGameWorld.exedescription ioc process File opened for modification \??\PhysicalDrive0 HuofengGameWorld.exe File opened for modification \??\PhysicalDrive0 HuofengGameWorld.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 12 IoCs
Processes:
HuofengGameWorld.exeHuofengGameWorld.exeHuofengGameWorld.exehfgwupdate.exeHuofengGameWorld.exeHuofengGameWorld.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS hfgwupdate.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily HuofengGameWorld.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS HuofengGameWorld.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily hfgwupdate.exe -
Processes:
HuofengGameWorld.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\HuofengGameWorld.exe = "9999" HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch HuofengGameWorld.exe Set value (str) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\IESettingSync HuofengGameWorld.exe Set value (int) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" HuofengGameWorld.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING HuofengGameWorld.exe Set value (int) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\HuofengGameWorld.exe = "1" HuofengGameWorld.exe -
Modifies registry class 64 IoCs
Processes:
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\ = "IEAux Class" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer\ = "IEAuxMod.IEAux.1" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS\ = "0" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ThreadingModel = "Apartment" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID\ = "IEAuxMod.IEAux.1" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}\ = "AuxMod" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL\AppID = "{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID\ = "IEAuxMod.IEAux" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Programmable 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\ = "IEAux Class" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\ = "IEAux 1.0 Type Library" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0" 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
hfgwupdate.exedescription pid process Token: SeBackupPrivilege 1092 hfgwupdate.exe Token: SeRestorePrivilege 1092 hfgwupdate.exe Token: SeChangeNotifyPrivilege 1092 hfgwupdate.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
HuofengGameWorld.exepid process 4244 HuofengGameWorld.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
HuofengGameWorld.exepid process 4244 HuofengGameWorld.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
HuofengGameWorld.exepid process 4244 HuofengGameWorld.exe 4244 HuofengGameWorld.exe 4244 HuofengGameWorld.exe -
Suspicious use of WriteProcessMemory 18 IoCs
Processes:
05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exeHuofengGameWorld.exedescription pid process target process PID 1564 wrote to memory of 4244 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4244 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4244 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 3156 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 3156 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 3156 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4540 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4540 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4540 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 4244 wrote to memory of 1092 4244 HuofengGameWorld.exe hfgwupdate.exe PID 4244 wrote to memory of 1092 4244 HuofengGameWorld.exe hfgwupdate.exe PID 4244 wrote to memory of 1092 4244 HuofengGameWorld.exe hfgwupdate.exe PID 1564 wrote to memory of 3968 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 3968 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 3968 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4940 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4940 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe PID 1564 wrote to memory of 4940 1564 05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe HuofengGameWorld.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe"C:\Users\Admin\AppData\Local\Temp\05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -desktop2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"3⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installprotocol2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -install_small_pack 731520310415962⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installicon 731520310415962⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" hfgame://id:73152031041596,category:52⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD59965c1dfa81aba7cb0f235977558abf7
SHA13d5c95ba315c5d4608f0bf3563bf29c7f007a810
SHA256d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b
SHA512fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD59965c1dfa81aba7cb0f235977558abf7
SHA13d5c95ba315c5d4608f0bf3563bf29c7f007a810
SHA256d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b
SHA512fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD59965c1dfa81aba7cb0f235977558abf7
SHA13d5c95ba315c5d4608f0bf3563bf29c7f007a810
SHA256d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b
SHA512fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD59965c1dfa81aba7cb0f235977558abf7
SHA13d5c95ba315c5d4608f0bf3563bf29c7f007a810
SHA256d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b
SHA512fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD59965c1dfa81aba7cb0f235977558abf7
SHA13d5c95ba315c5d4608f0bf3563bf29c7f007a810
SHA256d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b
SHA512fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dllFilesize
312KB
MD59965c1dfa81aba7cb0f235977558abf7
SHA13d5c95ba315c5d4608f0bf3563bf29c7f007a810
SHA256d7d6cfd006e5bce268171c0510a21108f4b2fdc63bdc4a97bd3ad42f99d21e6b
SHA512fe9a6aa86800c05a40f547795fd03cc43d16b6d99e794013ed96309019d0158e8f6b4de487bd2b7b12bf44c2a8963985cf96acc6196d666c39f8ff98a1e90462
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD51dd0edb4d78e41c69c34bdf5ac67b5ac
SHA1d003a8b450826de6b4c416fbc88d7557e5c1767e
SHA25632ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8
SHA5127569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD51dd0edb4d78e41c69c34bdf5ac67b5ac
SHA1d003a8b450826de6b4c416fbc88d7557e5c1767e
SHA25632ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8
SHA5127569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD51dd0edb4d78e41c69c34bdf5ac67b5ac
SHA1d003a8b450826de6b4c416fbc88d7557e5c1767e
SHA25632ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8
SHA5127569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD51dd0edb4d78e41c69c34bdf5ac67b5ac
SHA1d003a8b450826de6b4c416fbc88d7557e5c1767e
SHA25632ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8
SHA5127569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD51dd0edb4d78e41c69c34bdf5ac67b5ac
SHA1d003a8b450826de6b4c416fbc88d7557e5c1767e
SHA25632ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8
SHA5127569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exeFilesize
955KB
MD51dd0edb4d78e41c69c34bdf5ac67b5ac
SHA1d003a8b450826de6b4c416fbc88d7557e5c1767e
SHA25632ba0a62cf037c09e8805ec85d4b16666567bf19b37a4099f85e18bbc55b5cd8
SHA5127569b5c14185c450f0d89fc62e031807915f5b7217d669c250ef10eea454466fe1769ff1ca6ec3e0a0030413ceba7d48db009280bc9aa9100152873a7be001be
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\IEAux.dllFilesize
64KB
MD5707b32d177490c25338abb5ea442a36d
SHA1d4d7c03cf684ab2d2015a7bee8c93a5ac34f331e
SHA256b841868c2d07d5f78b697bf743a95993b67ecf6ffc5cca549e93e57d9b848058
SHA5129e1e5d864856ac4220b8bf522fd2c241fe57e6475e72eef1f276715839763f083ba92edf48d4802154161fe2a9c6315fb87cf8b844d25f174ccc596903acdef8
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCP100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCR100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\config.datFilesize
393B
MD574763b466651a9f061464bf3da5b7707
SHA1c8ed4bc93bbbbcd5025eec9d31c7091146fbf422
SHA256258bcf86763cceb3e535f1d6422d8b2ba8f99a72af0843027ea54df12e7697db
SHA512e27176f8fef040cbbfa692b61366bcd1efd4679b053f8658c11a1da4da0d4d25b4544e28937f446f8cc155fcf52d033ec66e77b7bdc2952b4c0a86f12697c788
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exeFilesize
661KB
MD55f2a07da815a6c088e1b381b3188f2e4
SHA1dd87ada5a80e9d1e67f0cd413b37c8b56758e573
SHA256a12cf129d1c386666411e83eb0e3dbd11cf9e29fb5510dd2747f09e0eef8639b
SHA5126421865ccaeb53d95fefe0a005dd74069cb857de5d2273e76048b37a9c7b713470830af95bc24f678710df39655c647100d0e92265c9ac763bc28dcc92f527f6
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exeFilesize
661KB
MD55f2a07da815a6c088e1b381b3188f2e4
SHA1dd87ada5a80e9d1e67f0cd413b37c8b56758e573
SHA256a12cf129d1c386666411e83eb0e3dbd11cf9e29fb5510dd2747f09e0eef8639b
SHA5126421865ccaeb53d95fefe0a005dd74069cb857de5d2273e76048b37a9c7b713470830af95bc24f678710df39655c647100d0e92265c9ac763bc28dcc92f527f6
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dllFilesize
411KB
MD5e3c817f7fe44cc870ecdbcbc3ea36132
SHA12ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
SHA5124fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dllFilesize
755KB
MD5bf38660a9125935658cfa3e53fdc7d65
SHA10b51fb415ec89848f339f8989d323bea722bfd70
SHA25660c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA51225f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib.pngFilesize
2KB
MD5f1cd23cec1ad277e34214d8c7458c226
SHA10c3fa5144536b02657276377989cfb36d4c235de
SHA2562ca40d953b3df2cb71ad3c649af7da3ef47878d0b647aaf803c4080ca292a797
SHA5121ced2896739479a75095cdf860f345b78b32b7aadd173fb5fe7d8aa1cb5ea247731a831f533afd64d90d9dc58ce8fc3fcf2fdec35180e04de964da5310b1098e
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib_hot.pngFilesize
1KB
MD5428ab0566da92e393025855366022ecd
SHA104c3bad9fc7eefa952e9bdd8f8780f47f458c1b7
SHA25678478d3cb7e8e20e92cea4045b547a931ae0fb36a5a7228d99f4321fa6a1ddb2
SHA512984193111a36e1c8599520a626f5cbce6dfefee8ba90472737e7434db308b349270c4dd41ffe84bd578baf6cf251cc3d6985ffc390cca2b382b68efd29671f1c
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames.pngFilesize
2KB
MD55cae3b1af2d7fa15a301bd73e57bb6a8
SHA154502662655eac7889fd49b701d2f5f37ea1e219
SHA256f2af69dd00da4e6b1fe8d930824a892cf0e75c9ae3c7a3132ce66288d17efdcb
SHA5121effc7f30d2f86404a49fb0a50a470a5427234db9b3b05bd978bdc1f465e38468c0c9d00f366095985d6ac93aec3be26eb06d74d12d8aee15aa957306264ed53
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames_hot.pngFilesize
1KB
MD57f7d159e97d63a2e5b1ef6c18869b18c
SHA11cb0014172d654a3fc50e21344f8f2f021bba698
SHA25679abce6749dd99c51dc8c13a9cba57540125df73582176b08d6990758ec09a68
SHA512f2703f184912f54e200618409cd19211d79cd9a92bafa53b68b6d31b6e2d0ca9a107485e178ad17a64a943a5762fca4582bd498f34c33ad38f56c89e9eff72ff
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\setting.datFilesize
518B
MD5c702074f3f5ea2f29965161d568555c2
SHA1fc26fcf13b58c6c04f82a8c029afcf3b1d73c93a
SHA256fd40c405bcbc987e42f687e9e82df1f622231b66892427184add9eb4635f46ac
SHA51236227e732539792ed61860f3a4cb47c98c333051b78815964867aefcc3163df52e460c5188b89b3904d5baf0b409977451a3e1cc1ce85ef4174b96fa0d78b6ad
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\skin.zipFilesize
445KB
MD57f5f26ba449b6205b02230729349ec71
SHA1a19c5d28281ef641ef96bc542d68a0372bb45db5
SHA2566f02ecbb1aa8ecb8ff2c3d2bc2aca0d19e246c02c884238afd16b027de6f7d96
SHA5126cd7f177e8552f4f3b9eb84b4456878c40c45ccf765ddf8715417e4117d5475e9355a7923203632cdcdcffb5957e5a1945b660eb4bb8fec937038711d7400eee
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5e2074cf2622722fbc72446737011da3a
SHA197678d44e98e4f54ee7a955f0e2dbba65383b128
SHA2560100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444
SHA5128e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5e2074cf2622722fbc72446737011da3a
SHA197678d44e98e4f54ee7a955f0e2dbba65383b128
SHA2560100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444
SHA5128e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5e2074cf2622722fbc72446737011da3a
SHA197678d44e98e4f54ee7a955f0e2dbba65383b128
SHA2560100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444
SHA5128e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5e2074cf2622722fbc72446737011da3a
SHA197678d44e98e4f54ee7a955f0e2dbba65383b128
SHA2560100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444
SHA5128e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5e2074cf2622722fbc72446737011da3a
SHA197678d44e98e4f54ee7a955f0e2dbba65383b128
SHA2560100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444
SHA5128e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a
-
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dllFilesize
528KB
MD5e2074cf2622722fbc72446737011da3a
SHA197678d44e98e4f54ee7a955f0e2dbba65383b128
SHA2560100cb87508bbf5514c57d7bc3c04ea10e29e896ca40e1e5a36a83ec53a99444
SHA5128e3ee33538ae36e017e749a70fdba86a16d47c18df01418121f52cde8b3dacaf6ca52ac78c94be121af2564e5f8cd15b0a02a3db703d7902be93a8673d81dd6a
-
memory/1092-158-0x0000000000000000-mapping.dmp
-
memory/3156-135-0x0000000000000000-mapping.dmp
-
memory/3968-165-0x0000000000000000-mapping.dmp
-
memory/4244-132-0x0000000000000000-mapping.dmp
-
memory/4540-151-0x0000000000000000-mapping.dmp
-
memory/4940-171-0x0000000000000000-mapping.dmp