97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad

Analysis

max time kernel
14s
max time network
150s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Size

3.1MB
MD5

94793104185332ba780f167310695620
SHA1

a1623e5640c786d893f280a3c3ab062676be9368
SHA256

97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad
SHA512

3573bc02a47df770eaba801e0a2e2ca227bbef432f9b26bf03ce91384daa546b225ef209d4f9c1d540d31098e96fca87509166285272b1b034ec7d809d6cd247

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

Processes:

97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe

pid	process
1672	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
1672	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
1672	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
1672	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL\AppID = "{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\InprocServer32\ThreadingModel = "Apartment"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BB6E5AF6-C76F-48D1-A2C5-E412CD76AF87}\ = "AuxMod"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID\ = "{C06F84BC-734A-4C66-B3AF-590E7FC440AB}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\VersionIndependentProgID\ = "IEAuxMod.IEAux"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\ = "IEAux Class"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ = "IEAux Class"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\TypeLib\Version = "1.0"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\Programmable	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\TypeLib\Version = "1.0"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux.1\ = "IEAux Class"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib\ = "{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\ = "IEAux 1.0 Type Library"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ = "_IIEAuxEvents"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24520E44-778C-4AF9-828E-750E747E38E1}\ = "IIEAux"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\FLAGS\ = "0"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AuxMod.DLL	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\ProgID\ = "IEAuxMod.IEAux.1"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld\\IEAux.dll"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}\ProxyStubClsid32	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CLSID	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3FCE3BD-45D9-40C1-A929-526EE5285EFF}	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEAuxMod.IEAux\CurVer\ = "IEAuxMod.IEAux.1"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C06F84BC-734A-4C66-B3AF-590E7FC440AB}\TypeLib	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\0	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E89584AE-50C3-4FDE-B54C-A3EF6D700A72}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\HuofengGameWorld"	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe

C:\Users\Admin\AppData\Local\Temp\97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe
"C:\Users\Admin\AppData\Local\Temp\97c1eef63efb95640173d226e1eda61ce7dba9bb3cef9836716e197066f90dad.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
PID:1672

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installprotocol
2⤵
PID:528

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -install_small_pack 7964649558160571705
2⤵
PID:1604

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" -installicon 7964649558160571705
2⤵
PID:1196

C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe" hfgame://id:7964649558160571705,category:5
2⤵
PID:444

C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
"C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe"
3⤵
PID:1608

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
92KB

MD5
1f6cd72bdcc5b8af654e18ae7cdfd4a5

SHA1
00098fec3ebd3f63eb997be6368e6ca2e66fda17

SHA256
b90ff83fa7333787dca58fdceea8dbb0fd53659d01ecb3f2eababca943187ce8

SHA512
4f8b7106b0ee5e30f4e16ae185ac7f2e97e8b78607c81cc478bfecf21830f804d01c9c06d152d00101a7bfb0f4eb7b9a3aeb281cfa4d4d8bab3e058ee1c1adf3

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
858KB

MD5
9c780cc20288c7f99cb2bf3318055f29

SHA1
cd6de3ac02ccc7e3ee2a7fa058fb54bb22b366ee

SHA256
93c9a8f6be8516a758139fd991b8a05bb640586b5e98fe20ad2330eec0233786

SHA512
ccf5bba5c6536e27d48502d051bc0b172b5fec1830f6a99e5915c7e97b89932620fcdd33e44ed6eb57e640a3eff818ad17c13e9178cbab39475f262c5bd922d6

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
630KB

MD5
bb07b9b98391ff2498124f3e01636f49

SHA1
4514abff44bc70f6268f82beabd5ffe22fa41c97

SHA256
7d584926df48f9d92a05d3832658bd7dcd038f5c13ebe7cef0e063b0fec1a0cc

SHA512
2ae75d99f5a7b330f3225fa53c74402b84a6488bd83143a63428a46b89cf180eff3a42fad4cd6d8065087598b6cb84df7b72b073235a542d4dc402cb6fc78402

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
163KB

MD5
0678bcdcb25bdeeb9c249294c904e66c

SHA1
9778d7c91e7bc3e7f2e823a1af4d88ee7329d7ef

SHA256
615f1424a4e39d31c8b8eae58e1d2c1fcbca5b0da9a30746bc58eb7176d4b205

SHA512
9ae184cc68fe203af798bedf17e37dfac0f011511788fb84bf0d1d4ab7bb2180a71a5298aa6f83d8ba3f85063a925c7874d3857acfe8db8decea4d442432053d

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
137KB

MD5
c5c45f1fc41e29679ee0b6d7696d191b

SHA1
5907dd2fcd4a3badcf0d73ebe75f8f237bb7c2c2

SHA256
7ab22d27022d7e82d91372fa52a9e60fabb3529cb3cec455465bcd3617fdbcae

SHA512
e29d4069d4a32dbfd2e3b73dd300133bef6110a995e996223f7a7180ead74a0d53f0bc812605daf3e24f34252e6595416095b58767f846229f0c6a314a21c1c0

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCP100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\config.dat
Filesize
393B

MD5
74763b466651a9f061464bf3da5b7707

SHA1
c8ed4bc93bbbbcd5025eec9d31c7091146fbf422

SHA256
258bcf86763cceb3e535f1d6422d8b2ba8f99a72af0843027ea54df12e7697db

SHA512
e27176f8fef040cbbfa692b61366bcd1efd4679b053f8658c11a1da4da0d4d25b4544e28937f446f8cc155fcf52d033ec66e77b7bdc2952b4c0a86f12697c788

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
114KB

MD5
2735589f96b4c110488a0540227536a7

SHA1
f12c21def6474096d3034b7dc780f67dac73a053

SHA256
8c2c18181b0427623ef664e115a666c4ea358a9b065f7d6e8b0bc46382cec519

SHA512
52ae2cfa41c3a8b22fd2f86543819568cddded5705db81d2d1e695ed3f69823051063adcfbd8d98e2e627c26714ed384835212de85f3ff3497fbc2949130656f

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
109KB

MD5
c527327f7392f50c68365dee2b89c899

SHA1
3066734bf55eaeb69c456fd41120e2fbf47beb26

SHA256
2e8fdaeb165a8e465b61204c9d89c22b57ff7bb674f3005b976ff389e17ccc29

SHA512
215e4a49b87a182590bf390311ed791d838e1381f8b4fae162365064066969ddb5245c6f7f2a54b09a1f57c8d3aeb001579133471421cb3ec6ca32e5e9139437

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib.png
Filesize
2KB

MD5
f1cd23cec1ad277e34214d8c7458c226

SHA1
0c3fa5144536b02657276377989cfb36d4c235de

SHA256
2ca40d953b3df2cb71ad3c649af7da3ef47878d0b647aaf803c4080ca292a797

SHA512
1ced2896739479a75095cdf860f345b78b32b7aadd173fb5fe7d8aa1cb5ea247731a831f533afd64d90d9dc58ce8fc3fcf2fdec35180e04de964da5310b1098e

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\gamelib_hot.png
Filesize
1KB

MD5
428ab0566da92e393025855366022ecd

SHA1
04c3bad9fc7eefa952e9bdd8f8780f47f458c1b7

SHA256
78478d3cb7e8e20e92cea4045b547a931ae0fb36a5a7228d99f4321fa6a1ddb2

SHA512
984193111a36e1c8599520a626f5cbce6dfefee8ba90472737e7434db308b349270c4dd41ffe84bd578baf6cf251cc3d6985ffc390cca2b382b68efd29671f1c

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames.png
Filesize
2KB

MD5
5cae3b1af2d7fa15a301bd73e57bb6a8

SHA1
54502662655eac7889fd49b701d2f5f37ea1e219

SHA256
f2af69dd00da4e6b1fe8d930824a892cf0e75c9ae3c7a3132ce66288d17efdcb

SHA512
1effc7f30d2f86404a49fb0a50a470a5427234db9b3b05bd978bdc1f465e38468c0c9d00f366095985d6ac93aec3be26eb06d74d12d8aee15aa957306264ed53

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\mygames_hot.png
Filesize
1KB

MD5
7f7d159e97d63a2e5b1ef6c18869b18c

SHA1
1cb0014172d654a3fc50e21344f8f2f021bba698

SHA256
79abce6749dd99c51dc8c13a9cba57540125df73582176b08d6990758ec09a68

SHA512
f2703f184912f54e200618409cd19211d79cd9a92bafa53b68b6d31b6e2d0ca9a107485e178ad17a64a943a5762fca4582bd498f34c33ad38f56c89e9eff72ff

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\setting\setting.dat
Filesize
530B

MD5
e759313e404abf86e930b2abdc262ea3

SHA1
b9d816d9b56ae0f2356f3f899285d338ae24ffe1

SHA256
13a9660b3115924ee645f8088a344e524d699179f4be201078ea849997d6b9f9

SHA512
f967fa7241db385d126b68561da0aa461d0844d0aa1107808f3d161608c4db42856184970afc13e59ecd9f3a4cf7de71be92f147357bdf5deb8933f068d8bf3f

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\skin.zip
Filesize
197KB

MD5
c5b50396abdda16cfba1e715a677521d

SHA1
4a6f22b5b498996bd5270a3e2fe010616b0f0c10

SHA256
09a4d49d363357809c7e199a634eb88edf0ce3eddf656868c7aac9639588df3f

SHA512
7f16230770ddb0adcd2907e76b5e35033e46a9e4c7d055b812ba2395128b678339041ce065997bc0aa170ca8fda830cd2b1498f297ab974892c2b50c12063310

Download Submit
C:\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
312KB

MD5
010b4d91d539d4e595bc5dfd0cc76d49

SHA1
0a72003557a8676705ebdbdf23b35f62202d0099

SHA256
93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5

SHA512
fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
191KB

MD5
5eae89262df4201c1426f79fa89c07fe

SHA1
6b4285db0f0e81d386a8aa348e556e3dec7125d1

SHA256
386a080996032949b1c0933f243ac907ee0d94392e347150392bb37dfbaca760

SHA512
a516f200f58ef511bfb6ada04166bd780b1f28d5bf25fc26644cfda2e34918ae0d4f4c28f9e772e26c23e8a4e29ae4166b171a78b6e3502cdff4b197dd9946e3

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HFUILib.dll
Filesize
131KB

MD5
78ddc690e92b02955a3f967dfa6d3ade

SHA1
4b2f53359cbde8818d77933b1fe110b0fa30bad0

SHA256
564e42b76ef48bf50b40180e88c0044db2531774a2d71103917f21575ef3a401

SHA512
e6a08795ee570e582c62b1d338b353c7a82f5ed396e1d41de8b9dbbb8ca952d008283bf301aa9272a70666bc902de5fbff4379ed5c4aa081733699dd9966cde3

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
57KB

MD5
46d1e0fd9f109dc5bc622a8951b435b9

SHA1
ae34abe5dcc0a6f8a3ac97749a58636f234f2a24

SHA256
029c251cb40741ffdb503e8f5bf72d7fd0741bfc755fb884676243196143f272

SHA512
6a17b899c25b2bc489c613b31ea7489f784f9ac4741fb1f9b16be9c1b7e6e204a96a8160bf48eee700ab939de8b40fbdb93c21fbba4bc770a41b77fec354a9e4

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
42KB

MD5
06d1705e139fb74b6f6544b23fc4258f

SHA1
5d236caed93e6b7cda5a52856d2571c428185fbf

SHA256
126cfe02a2176a0163c523e5d66c8f4cbcfa1fcf30af39229bcbf2e1386676a6

SHA512
a2a9bca96b0dcfe0c04ec79be23366ef82f29c2842c8ab7ede5398820ba8a285b65e97440868e36fe18e1e7fbc519440cfe580bbed19740c0e30d1ebaeb24913

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
906KB

MD5
4b3374d553c7760b97c8c7cde02193ba

SHA1
dceb5c065fa0ad8ce686a9d3b01a902d982b443a

SHA256
8086caeea1dd297297f1a357861e9b71c859f753adb72b707b3ca20e226501f5

SHA512
e6e68dbf32f3a603ef933ed1327254d90e57df6af313ba71a286a03b6f80621590dffb4ada7a76089d7724d423bd959f6044d8a7dbd3bf9ac7413da4261d74a3

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
Filesize
751KB

MD5
3864965602be57dc6d1f0777d8afac61

SHA1
dd4aba5296e18fd3042310cfc5b25fba3eaaedf3

SHA256
80039c58a3a2184fbec69ac6d646b35d07fc2be6c737e7949b88ce779cd77e3d

SHA512
0fee152bd62d7c5c4feaa9de7f370488071c58d94d0f654703296afbd243817e594ee05fff50e6ac00fab8eb49bfcdae3ce23f0f4fefd53fc5ce9ef1276cbc07

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\IEAux.dll
Filesize
64KB

MD5
3633de4079190b65d9c1a062db39b882

SHA1
70b6f944a6711b69b8d1a992456dccb3bc2618f2

SHA256
71141a084a6ccc601f9ae32b5a56476854efde219bdad3c4abc93865fb5e611b

SHA512
d8a7540713e34c74261ca542d3dc4ec1cb35da3953ba6fb390f4526147df1a14c68d940756a53a44676f6faa7ca9cc0bfb442ce390038c321117a832ace10362

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\hfgwupdate.exe
Filesize
88KB

MD5
c934b4ebc961fd596f2010b11b8dc0ea

SHA1
20f2facf439036afe2e6262fc23013c0d9c4648b

SHA256
c5508a403d4b438ebb9d3af7bb6f535f93434671cd75f36956800a5dd26b9d55

SHA512
0ade7d5b851565a3b582890dde573ecaac478bdde40991188b41e78b74a105fdc5b6f70ed15b81171fc614b1ea3d7efd31c525fb15a6e0defe7fabd00735f68d

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
324KB

MD5
b9aa9543e1214b3dcb98a801399a2508

SHA1
35165098cc59955ad1e8df74b48ec5775941d7d0

SHA256
c1eb02d3b768d5d3c1730c23ff1ff071708a7be4a8165be7d05219b2145b7a0e

SHA512
a74a1d5b3dfae2238e154bbd1343efbf05485f552774c69ce265f76a343236b38ce562a2afd0398ad030b0e5530a3cb0aea505044df750c4d5df9ee7361b6ace

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcp100.dll
Filesize
97KB

MD5
63361b1200a6c80e24896ecfd7dfaead

SHA1
32345aad8966f3ea298dcd0109cc3776c6f204f7

SHA256
4da0477ce551043a1c11a5ef10937c1beedccda7e57212c389bff5debbef754c

SHA512
0b104a72c1fbcd1a619fb5930a85f888b67c23855f5b33098f1b4bff5046e08f225426404ab8b71206efb70e8688c8d088ec78f9a4bb1e3680bbe5520410df90

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
702KB

MD5
b90a188bac8784bd28142d130125ef28

SHA1
0125b1192b273b6f5ca074d0f9c2e827967157e4

SHA256
bf88e3ad88a6e6cdb5f05cd48ec53ca2a3ed49b0a4bd8c0df7b13ead4f41eb8d

SHA512
ab8e685a037fa3c6dbe9f62bae958cb66f0c4f73674c032c0f78c1923957611c1ef795017f00451efd28fe254c12f051362e2f48f0dddd47ce8f9da9872f31cd

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
197KB

MD5
c22517d75310b9e2cdc713e9cfb60f42

SHA1
fb81cbb517b2298778b5f0968d33f8744a989a9e

SHA256
65df8a30e1301f0cd609ff1ae9aa371b6e99bfcb7a5eb429983fef858f4f1e3a

SHA512
1cbc6430473bda78a0a832ba667ab97d04dffed73e2e015b192ef864908407118ff219146d87d1b8157b0a4f92b4925962159d0edddabc1a6feb09ec4bad2e7d

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\msvcr100.dll
Filesize
134KB

MD5
838b0b039a9479c176c4af9e7cb78547

SHA1
5e21bc03860816f1ba6d7d49b7ed622e774103cd

SHA256
39d93950e1f14271f68aebb474ca61e75abd4987b4ff96ba16122f13c626fce4

SHA512
5365d2cef4a33c750970cd1f0d38ce25a9eb9a3265c04a31d452192fb3b7ca6e478b96ef989600f1fb5869d7f76ac0959ed5e208f198febf7d0f16284393e822

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
528KB

MD5
d12d28dce936a741dc0e01858f9f8ec4

SHA1
7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5

SHA256
38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f

SHA512
845a918fe1f08c4879bf381fe65529cd56ad539b0621483b40312ff971a39cf0865abcfcc8e2cc926aa5d65dece77e8f1a5cca6201cbac63c2d0b713f74eabcf

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
189KB

MD5
d825618f882d91270460f280d474bde5

SHA1
5802167751a8ed7445861e3c55a9d09641e040f1

SHA256
9f39019fa5a455c819e2bba6b7c10fc12c9f1384fff3e44cb9ce4c7850bea130

SHA512
7bb164ab901f38f361fd7b08c897c0ca86485c019d2eedb39e7c254dcb21f0f37d9266a7265b4d89a37ecacad3bf560ce3b986522b2f94a2db76484e512316ae

Download Submit
\Users\Admin\AppData\Local\HuofengGameWorld\sqlite3.dll
Filesize
117KB

MD5
15e2d8ce834a6191010f4f7be1c24504

SHA1
efc7d40fee0206c6dc9b554031a78c4cbbfdd486

SHA256
d609e88f7965d87678db486a848feb445e51eaef51c4d03265b20067a56f1f7c

SHA512
a0200ca3e4eee2cacd8aa3b3bc8f3d9d1400bebdcbdb8226006aa74a6a2ccc23f80e914eb9b5fc4e59a5e0d48d5ddb6d5a8d42a81affd511a0000b5412d299c8

Download Submit
memory/444-85-0x0000000000000000-mapping.dmp

Download
memory/528-59-0x0000000000000000-mapping.dmp

Download
memory/1196-78-0x0000000000000000-mapping.dmp

Download
memory/1604-71-0x0000000000000000-mapping.dmp

Download
memory/1608-95-0x0000000000000000-mapping.dmp

Download
memory/1672-54-0x00000000753B1000-0x00000000753B3000-memory.dmp

Filesize
8KB

Download