412de5f617c9115d8199d78ef93e34a9b46e021b81902feb9eef14a4b2c035f0

Analysis

max time kernel
51s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/09/2022, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_papers_please_1.2.76_(54232).exe
Size

40.8MB
MD5

354d10586bd68448685e925e48810bed
SHA1

ddfbe39b92b2277f989e7597af91379d7ec2ef7e
SHA256

412de5f617c9115d8199d78ef93e34a9b46e021b81902feb9eef14a4b2c035f0
SHA512

6f4f17b5dc51b8448184ba21af9b7dda7f7c91f5c4eef609ae6699b8bead4019fdb6280bf83853cd1db98b1a621c8dfaad4bf2fb13305ba726b66aa046bdb469
SSDEEP

786432:pBaa+1a5dqYwSYjm9x+hvRprsSLQWvVyPf/Wj8LT3y53RZYvv/w/go1PIGvUaQvL:ma+1QqYHYSerDHuf/c8LTuT+iNu

Score

10^/10

discovery ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\is-BUTUE.tmp\EULA.txt

Ransom Note

## GOG.com User Agreement ### 1\. ABOUT THIS AGREEMENT 1.1 This Agreement is a contract between you and GOG sp. z o.o., ul. Jagiellońska 74, 03-301 Warsaw, Poland (we will further call ourselves "GOG") and applies to www.GOG.com, your GOG user account, the GOG Downloader, GOG Galaxy, any games or videos or other content which you purchase or access via us, the GOG web forums, GOG customer and technical support and other services we provide to you (we'll just call all this "GOG services" for short). 1.2 Also, when we're talking about games, in-game content, virtual items or currency or GOG videos or other content which you can purchase or access via GOG services, we’ll just call them "GOG games" or "GOG videos" respectively and when we talk about them all together they are "GOG content". Simple, eh? Oh, and one more thing – what we say in this Agreement covers our Privacy Policy too (you can read it [here](https://support.gog.com/hc/articles/212632109-Privacy-Policy)), so the Privacy Policy is part of this Agreement. 1.3 GOG works with trusted partners, including our related company CD PROJEKT S.A., developers and publishers, payment providers, customer service software providers and others („Partners") – more on them later in this Agreement. 1.4 If you're over 18, then welcome to GOG.com! If you're between 13 and 18 (or whatever is the age of adulthood in your country), before we extend an equally warm welcome, please ask your parent or guardian to review and approve this Agreement on your behalf (because in some countries people under a certain age cannot legally enter into contracts like this Agreement). Legally, children below 13 cannot have a GOG account (but their parents/guardians are welcome to sign up themselves). ### 2\. USING GOG.COM AND GOG CONTENT 2.1 We give you and other GOG users the personal right (known legally as a 'licence') to use GOG services and to download and/or stream (depending on the content) and use GOG content. This licence is for your personal use. We can stop or suspend this licence in some situations, which are explained later on. 2.2 When you buy or install GOG games, you might have to agree to additional contract terms with the developer/publisher of the game (e.g. they might ask you to agree to a game specific End User Licence Agreement). If there is any inconsistency or dispute between those ‘EULAs’ and this Agreement, then this Agreement wins. 2.3 With GOG videos, you can also stream purchased video content or download it to watch the way you want. 2.4 Using certain third party scripts is recommended for your full use of GOG.com functionality and, although that usage is optional, we cannot promise full service performance without them. 2.5 A quick word about GOG Galaxy, which is our (optional) online service which not only allows you to buy and access GOG content but also provides online multiplayer and other cool game features like achievements, chat and game-time tracking. You can learn more about it [here](https://www.gog.com/galaxy). ### 3\. GOG ACCOUNTS 3.1 To buy GOG content from GOG services, and in some cases to play/use GOG content where our partners require use of a GOG account, you will need to set up a GOG account. This will involve creating a password (which is encrypted so we can’t access it) and a username, plus giving us (for identification purposes) your email address. Please make sure your login credentials are kept secure and your account is used properly. In your GOG Account settings you can also optionally set your country of residence, birthday and avatar. Our Privacy Policy gives more detail about the information we collect from you and how we use it and protect it. It's at [Privacy Policy](https://support.gog.com/hc/articles/212632109-Privacy-Policy). 3.2 You can use your GOG account to set up a public profile accessible by other people. You can also use your GOG account to connect with other GOG users. Please act sensibly and remember you are responsible for your own actions 3.3 Your GOG account and GOG content are personal to you and cannot be shared with, sold, gifted or transferred to anyone else. Your access to and use of them is subject to GOG’s rules which are set out [here](https://support.gog.com/hc/sections/202834565-FAQ-What-is-GOG-com-), as updated or amended when necessary. ### 4\. SYSTEM REQUIREMENTS 4.1 Because GOG.com gives you access to many different games created at different times, we cannot give you one set of system requirements for all GOG services or GOG content. 4.2 What we can tell you is that using any GOG game will require an appropriate operating system (please refer to the relevant GOG product page) with all service packs and important updates installed on it. All GOG games should be natively installed on a computer that meets or exceeds the minimum hardware and software specifications shown on the GOG product page. GOG games are not tested on virtual machine software and therefore we do not support playing through them. 4.3 For GOG videos, please make sure your video player supports the videos’ format specified in the GOG product page. 4.4 If you have questions about system requirements, please contact us at [here](https://support.gog.com/hc/requests/new?category=info). Just so we're clear, you are responsible for making sure you have sufficient Internet access to download purchased GOG games or GOG videos from us or to stream GOG videos and that your system can play GOG games and watch GOG videos. ### 5\. BETAS 5.1 As GOG.com develops, we may offer you optional access to 'beta' versions of GOG software or services (e.g. new versions of the GOG Galaxy client made available prior to its general release) or GOG content (more on that later) Here are the rules: * a) We (or any applicable publisher/partner) will set the conditions and requirements for your beta access. Providing and maintaining a beta, and who can use a beta, is at our discretion. * b) You may be required to go through a registration process or other requirements to access the beta (and this may include you meeting eligibility criteria). * c) Betas will be time-limited and there may be extra contract requirements. * d) The beta may involve temporary or permanent server/progress/content wipes, resets or amendments. * e) The beta may be subject to confidentiality restrictions (which will be notified to you in advance if so). * f) You may be invited to participate in a feedback process regarding the beta – this is totally optional but would be really valued. * g) The beta is for your use and enjoyment, so you must not sell, loan or otherwise transfer it to anyone else. * h) The point of you getting beta access is to allow you to try something new, but we would expect you to recognise that it will not be complete yet. Therefore betas will be provided 'as is' without any additional promises from us or any liability on us if it is not complete or does not work fully or causes issues. Betas may not be totally feature-complete and there may be feature changes, modifications or removals during the beta. We may provide access to GOG content in beta/pre-release form. For example, a publisher/partner may decide to release a game or a part of it in beta, or may join our ‘Games in Development’ program (see section 7.5-7.7. below). Any such GOG content will also be governed by these rules unless the relevant publisher specififes its own rules (which will prevail over these rules). ### 6\. PAYING FOR GOG CONTENT AND GETTING REFUNDS **Paying for GOG content** 6.1 Surprise surprise, after you decide that you like a GOG game, GOG video or other GOG content, you usually will need to pay for it before you can access it (though we do have some free content too!) You can pay in different ways: (i) using a valid debit or credit card; or (ii) using PayPal or any other authorised payment providers. Keep your payment details secure. 6.2 When you use a payment method to buy GOG content, we're relying on your promise that you're able to use that method. You are responsible for any purchases made using your GOG account or payment method and you agree to the pricing, payment and billing policies applicable to them, as notified to you at the time of purchase. All payments are non-refundable and non-transferable except as expressly provided in this Agreement. Kids – your parent or guardian needs to approve any purchase you make. 6.3 You can always pay for GOG content in US Dollars. However if you happen to live in countries where your local currency is supported (see our Support section [here](https://support.gog.com/hc/sections/202834625-FAQ-Payments- pricing-and-promos) for details), you will be able to pay in your local currency. You might have to pay a currency conversion charge if you are not paying in your home currency and some banks might also add other kinds of transaction fees. 6.4. All prices are visible in the product catalogue page. They’re inclusive of legally applicable sales taxes/VAT. **GOG Wallet** 6.5 GOG offers users a digital account balance called the "GOG Wallet" in connection with your user account, which you can use to make purchases of GOG content. Funds can be added to it in two ways: (i) using your chosen payment method; or (ii) by us as part of our ‘Free Wallet’ program (see below). The GOG Wallet is made available subject to rules which are set out on our GOG Wallet page [here](https://support.gog.com/hc/sections/202834605-FAQ-GOG- Wallet). **Free Wallet and Bonus Codes** 6.6 In some situations we may be able to offer you a credit to your GOG account which you can redeem against GOG purchases (we’ll call this "Free Wallet"). For example, as we explain in section 6.9 we may offer GOG Wallet funds in connection with our Fair Pricing policy in some situations. We may also issue time-limited bonus codes which give you free or reduced price access to GOG content (we’ll call them "Bonus Codes"). 6.7 If you receive Free Wallet or Bonus Codes when you buy GOG content but later decide to return that GOG content, then we think it’s fair for you to return the Free Wallet or Bonus Codes too. Therefore, we will: (i) remove from your GOG account any unused Free Wallet which you received because of that GOG content; (ii) if you have used any of that Free Wallet to purchase other GOG content, then we will deduct the amount of that used Free Wallet from your refund; and (iii) for Bonus Codes, we will terminate it or, if it has been redeemed for a GOG game, that game will be removed from your account. 6.8 Free Wallet and Bonus Codes are subject to our GOG Wallet rules (see section 6.5 above). Free Wallet is valid for one year unless it is mixed with any GOG Wallet funds obtained with real money, in which case the total balance will not have any expiry date until that total balance is reduced to zero (at which point the process resets again). **Fair Pricing** 6.9. We stand by the simple truth that $1 does not equal 1€ - we are trying to apply fair conversion rates. In a perfect world we would apply the same method of pricing to all of the games we offer. However, things are a little bit more complicated, and there are some games in our catalogue that follow a different region-based pricing scheme. However, we wouldn't be GOG.com if we didn't find a way to make it right by the users who end up paying relatively more for such titles. Here's where the Fair Price Package comes in! 6.10. The Fair Price Package applies to all of the titles which we couldn't include in our standard pricing scheme. If you end up paying more for a game in your local currency than its US price, we'll refund you the difference out of our own pocket. The refunded value will be added to your GOG Wallet in the currency of your purchase. You'll be getting GOG Wallet funds that you can use to purchase anything on GOG.com or partially pay for an item that's more expensive. GOG Wallet funds will be credited to your GOG account in the currency in which you bought the relevant GOG content (e.g. if you bought a game in US Dollars, any GOG Wallet funds regarding it will be in US Dollars). These GOG wallet funds will be subject to our ‘Free Wallet’ special rule on duration (see section 6.7). 6.11. Please treat this system sensibly and don't exploit it (for example by using VPNs or other methods to manipulate how your location appears) – that's not cool. ### 7\. REFUNDS AND RETURNS **Statutory refund rights** 7.1. If you are a resident of the European Union or other applicable jurisdictions (excluding the USA), then you have the statutory right to withdraw from a purchase of GOG content within 14 days of your purchase, without giving a reason. However, this does not apply where you have expressly consented to the performance of the GOG content (which is digital content) beginning immediately upon conclusion of the purchase process and have acknowledged the loss of your withdrawal rights. 7.2. Neither this nor any other part of this User Agreement affects your statutory rights. **Our Voluntary Returns Guarantee** 7.3. We understand that sometimes a purchase doesn't turn out how you expected and we want to be fair to GOG users. So here's our deal with you: * a) **Preorders Refund:** if you preorder and pay for a GOG game, you can cancel the preorder and get a full refund as long as we receive a valid request before the game's full release date on GOG.com. * b) **Early Exchange:** you can exchange validly purchased GOG content for a replacement GOG game or video of equal or lower value if your request is made within 30 days of the original purchase, provided the original GOG content has not been downloaded, used or streamed. (For GOG content purchased during discount periods, the discounted price applies.) You can exchange specific GOG content once only. You can’t exchange GOG content you received as an exchange for other GOG content. * c) **Money back guarantee:** if you buy any GOG content and have significant technical issues with it (e.g. there is a major show stopper bug in a game that prevents you from finishing it), we will give you a full refund if all the following requirements are met: * (i) You must have genuine significant technical issues with the GOG content. * (ii) You need to contact GOG Customer Support to request the refund within 30 days of the original purchase (if you received it from a GOG-authorised exchange for another product, then the 30 day period starts running from the date of exchange). * (iii) GOG Customer Support must have a reasonable time period in which to try to resolve the issue before they process the refund to you. * d) **Withdrawal Right:** we give you the right to withdraw from a purchase of GOG content without charge and for any reason within 30 days after you bought that GOG content, IF it has not been downloaded, streamed, activated or used in any way before then. If any of those things happen then your withdrawal right is lost. * 7.4 **Final sale:** a sale is considered final either 30 days after purchase or when you try to download the GOG content or any additional/bonus content. Once either of those happens, you no longer will have any return, exchange or refund options unless you have technical issues covered by paragraph (c) above. Virtual items/currency and GOG Wallet funds are not covered by this section 7 and we cannot therefore offer refund, early exchange, money back guarantee or withdrawal rights regarding them. **Games in Development** 7.5 GOG is releasing games that are still in development (such games are referred to herein as ‘games in development’). This gives you the opportunity to try out new and carefully selected games while they are still unfinished. For more information, see the [games in development FAQ](https://support.gog.com/hc/sections/115000157529-FAQ-Games-in- development). 7.6 Just to be clear, these really are games in development: there may well be incomplete features or gameplay bugs, errors and other problems.

Emails

[[email protected]](mailto:[email protected]

[email protected]

URLs

http://ec.europa.eu/consumers/odr/

https://support.gog.com/hc/requests/new?category=info

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1724	setup_papers_please_1.2.76_(54232).tmp
1588	scriptInterpreter.exe
2044	scriptInterpreter.tmp

Loads dropped DLL 17 IoCs

pid	Process
2020	setup_papers_please_1.2.76_(54232).exe
1724	setup_papers_please_1.2.76_(54232).tmp
1724	setup_papers_please_1.2.76_(54232).tmp
1724	setup_papers_please_1.2.76_(54232).tmp
1724	setup_papers_please_1.2.76_(54232).tmp
1724	setup_papers_please_1.2.76_(54232).tmp
1588	scriptInterpreter.exe
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
2044	scriptInterpreter.tmp
1216	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1724	setup_papers_please_1.2.76_(54232).tmp
1724	setup_papers_please_1.2.76_(54232).tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1724	setup_papers_please_1.2.76_(54232).tmp
2044	scriptInterpreter.tmp

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 2020 wrote to memory of 1724	2020	setup_papers_please_1.2.76_(54232).exe	28
PID 1724 wrote to memory of 1588	1724	setup_papers_please_1.2.76_(54232).tmp	29
PID 1724 wrote to memory of 1588	1724	setup_papers_please_1.2.76_(54232).tmp	29
PID 1724 wrote to memory of 1588	1724	setup_papers_please_1.2.76_(54232).tmp	29
PID 1724 wrote to memory of 1588	1724	setup_papers_please_1.2.76_(54232).tmp	29
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30
PID 1588 wrote to memory of 2044	1588	scriptInterpreter.exe	30

C:\Users\Admin\AppData\Local\Temp\setup_papers_please_1.2.76_(54232).exe
"C:\Users\Admin\AppData\Local\Temp\setup_papers_please_1.2.76_(54232).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\is-62PND.tmp\setup_papers_please_1.2.76_(54232).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-62PND.tmp\setup_papers_please_1.2.76_(54232).tmp" /SL5="$60120,42151039,192512,C:\Users\Admin\AppData\Local\Temp\setup_papers_please_1.2.76_(54232).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\GOG Games\PapersPlease\__redist\ISI\scriptInterpreter.exe
    "C:\GOG Games\PapersPlease\__redist\ISI\scriptInterpreter.exe" /verysilent /supportDir="C:\GOG Games\PapersPlease\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\PapersPlease" /productId="1207659209" /buildId="55257829924550446" /versionName="1.2.76" /Language="English" /LANG="german"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\is-Q267U.tmp\scriptInterpreter.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-Q267U.tmp\scriptInterpreter.tmp" /SL5="$101BE,662929,192512,C:\GOG Games\PapersPlease\__redist\ISI\scriptInterpreter.exe" /verysilent /supportDir="C:\GOG Games\PapersPlease\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\PapersPlease" /productId="1207659209" /buildId="55257829924550446" /versionName="1.2.76" /Language="English" /LANG="german"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      PID:2044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GOG Games\PapersPlease\PapersPlease.exe

Filesize
11.5MB

MD5
503bf5b8fefd351bfb23a3fc1278d183

SHA1
5d66f25f03b9c95e3455c1c5a113df8d35ee092d

SHA256
936e5af2c7f01f7a03782bda924d912d51e7f4df69a3371a4416305375bc71b4

SHA512
667221deb3306338e2cca4a533f32cb3038066eec8656263b4e5439be8bf21ca9e37f5357c3a7c29573e6b8b9a26d88f195cd2ac01be289d417aa175780a7bac

Download Submit
C:\GOG Games\PapersPlease\__redist\ISI\scriptInterpreter.exe

Filesize
1.2MB

MD5
0bc15db65acd786eab042566a1e1210b

SHA1
629e95532563d80e714aa3ce3e40c1f605c70773

SHA256
463e20f2b84d5a0d12049c6677f434ea7dd1a3035f053279e67bda8fd2dfc078

SHA512
d1959c156dc9aaf5a4e4f906352422db89ae687b6947995e782ce8520bcd4af37eb910cb466071e331f346cd29e8c9070dc8150feed024e483fb1d1964790669

Download Submit
C:\GOG Games\PapersPlease\__redist\ISI\scriptinterpreter.exe

Filesize
1.2MB

MD5
0bc15db65acd786eab042566a1e1210b

SHA1
629e95532563d80e714aa3ce3e40c1f605c70773

SHA256
463e20f2b84d5a0d12049c6677f434ea7dd1a3035f053279e67bda8fd2dfc078

SHA512
d1959c156dc9aaf5a4e4f906352422db89ae687b6947995e782ce8520bcd4af37eb910cb466071e331f346cd29e8c9070dc8150feed024e483fb1d1964790669

Download Submit
C:\GOG Games\PapersPlease\goggame-1207659209.info

Filesize
821B

MD5
6745b5c25105be39136b920448c004bd

SHA1
79d521233e0ef7f90c4d9db14e3a2e690e3970c0

SHA256
fad085351fcde0270d84871452607e8cea9178f9ebffc79ee4dd0baeba47682e

SHA512
e5fe8ba247132e309bd9203e45ea95f3d761725fb71e5a2b68aee6b4429f079605d971d976b0f38f2f50263c3c7a0433b5e900646d53425d9eefe8f6a017f0ac

Download Submit
C:\GOG Games\PapersPlease\unins000.dat

Filesize
394KB

MD5
dfb5e580bf2b763a3eb3961ee13ced7f

SHA1
c8e571168767766df01601628f4229d58a74c3f6

SHA256
8d55816acebf1051f1471ec3ce6e248d94f88fb5c574c6ed8f61283a04263f89

SHA512
f42781c5f819d3b9aee414bc9783c5629fe40dd2859ec506447b1e7d16a3c4db6ed6678933a7a9ec8cb46bfd25529c5233591c9aa036a957b480411ad4ba3336

Download Submit
C:\GOG Games\PapersPlease\unins000.exe

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
C:\GOG Games\PapersPlease\unins000.msg

Filesize
26KB

MD5
6eaeb8122c48f67467abaf893c09c65c

SHA1
78edc21bf4fb69dac6b7b01d7bca86ac7f422a18

SHA256
0d411c5cc14d7042221736ffd9566d40b116abfd825115c9c7d1e427fabbeed1

SHA512
1c2a3f3f434f64237cf9384e4ea4bbc283a79396a5ab4bf06fcbd66d2847c6f85bdee674463296cd2a8a2acb2ab5e9be3deae3f6d06de9c1253ae9775eff24bc

Download Submit
C:\ProgramData\GOG.com\supportInstaller\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-62PND.tmp\setup_papers_please_1.2.76_(54232).tmp

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-62PND.tmp\setup_papers_please_1.2.76_(54232).tmp

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q267U.tmp\scriptInterpreter.tmp

Filesize
1.3MB

MD5
5fbb8d112408800bf9cc257f8be6f580

SHA1
c6319048b9af0736212bebb25979a84a74db0a06

SHA256
0963b01b447c641bea6f5e9de250c1e8a0127a34440c8165594b67890026e6af

SHA512
390f4a1703c867d6f9edae3b02334126565b9995989f2edc16d5749dce7b059874373a5f6e870ce742012fa8b06e1c2c0c3ed56fffb864980496d328db8cbe02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q267U.tmp\scriptInterpreter.tmp

Filesize
1.3MB

MD5
5fbb8d112408800bf9cc257f8be6f580

SHA1
c6319048b9af0736212bebb25979a84a74db0a06

SHA256
0963b01b447c641bea6f5e9de250c1e8a0127a34440c8165594b67890026e6af

SHA512
390f4a1703c867d6f9edae3b02334126565b9995989f2edc16d5749dce7b059874373a5f6e870ce742012fa8b06e1c2c0c3ed56fffb864980496d328db8cbe02

Download Submit
\GOG Games\PapersPlease\PapersPlease.exe

Filesize
11.5MB

MD5
503bf5b8fefd351bfb23a3fc1278d183

SHA1
5d66f25f03b9c95e3455c1c5a113df8d35ee092d

SHA256
936e5af2c7f01f7a03782bda924d912d51e7f4df69a3371a4416305375bc71b4

SHA512
667221deb3306338e2cca4a533f32cb3038066eec8656263b4e5439be8bf21ca9e37f5357c3a7c29573e6b8b9a26d88f195cd2ac01be289d417aa175780a7bac

Download Submit
\GOG Games\PapersPlease\PapersPlease.exe

Filesize
11.5MB

MD5
503bf5b8fefd351bfb23a3fc1278d183

SHA1
5d66f25f03b9c95e3455c1c5a113df8d35ee092d

SHA256
936e5af2c7f01f7a03782bda924d912d51e7f4df69a3371a4416305375bc71b4

SHA512
667221deb3306338e2cca4a533f32cb3038066eec8656263b4e5439be8bf21ca9e37f5357c3a7c29573e6b8b9a26d88f195cd2ac01be289d417aa175780a7bac

Download Submit
\GOG Games\PapersPlease\PapersPlease.exe

Filesize
11.5MB

MD5
503bf5b8fefd351bfb23a3fc1278d183

SHA1
5d66f25f03b9c95e3455c1c5a113df8d35ee092d

SHA256
936e5af2c7f01f7a03782bda924d912d51e7f4df69a3371a4416305375bc71b4

SHA512
667221deb3306338e2cca4a533f32cb3038066eec8656263b4e5439be8bf21ca9e37f5357c3a7c29573e6b8b9a26d88f195cd2ac01be289d417aa175780a7bac

Download Submit
\GOG Games\PapersPlease\PapersPlease.exe

Filesize
11.5MB

MD5
503bf5b8fefd351bfb23a3fc1278d183

SHA1
5d66f25f03b9c95e3455c1c5a113df8d35ee092d

SHA256
936e5af2c7f01f7a03782bda924d912d51e7f4df69a3371a4416305375bc71b4

SHA512
667221deb3306338e2cca4a533f32cb3038066eec8656263b4e5439be8bf21ca9e37f5357c3a7c29573e6b8b9a26d88f195cd2ac01be289d417aa175780a7bac

Download Submit
\GOG Games\PapersPlease\PapersPlease.exe

Filesize
11.5MB

MD5
503bf5b8fefd351bfb23a3fc1278d183

SHA1
5d66f25f03b9c95e3455c1c5a113df8d35ee092d

SHA256
936e5af2c7f01f7a03782bda924d912d51e7f4df69a3371a4416305375bc71b4

SHA512
667221deb3306338e2cca4a533f32cb3038066eec8656263b4e5439be8bf21ca9e37f5357c3a7c29573e6b8b9a26d88f195cd2ac01be289d417aa175780a7bac

Download Submit
\GOG Games\PapersPlease\__redist\ISI\scriptinterpreter.exe

Filesize
1.2MB

MD5
0bc15db65acd786eab042566a1e1210b

SHA1
629e95532563d80e714aa3ce3e40c1f605c70773

SHA256
463e20f2b84d5a0d12049c6677f434ea7dd1a3035f053279e67bda8fd2dfc078

SHA512
d1959c156dc9aaf5a4e4f906352422db89ae687b6947995e782ce8520bcd4af37eb910cb466071e331f346cd29e8c9070dc8150feed024e483fb1d1964790669

Download Submit
\GOG Games\PapersPlease\unins000.exe

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
\GOG Games\PapersPlease\unins000.exe

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
\GOG Games\PapersPlease\unins000.exe

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
\Users\Admin\AppData\Local\Temp\is-62PND.tmp\setup_papers_please_1.2.76_(54232).tmp

Filesize
1.3MB

MD5
584b93c043e09f22f0f94d90220b90d2

SHA1
0cc5a8f9c7f6924dc1198001db3218953ac0ad99

SHA256
ca4b29bc6469a8a733431e071a360dcca48cf5d4886f455514161c9c62c44256

SHA512
2039520e5b8d71984e3203d63472d2ee3d1be2d9294f3add58804f0f55fe361c7de2a82855f3a3f18c9920198eb31a9471a2987c69961c0caef74b7671114736

Download Submit
\Users\Admin\AppData\Local\Temp\is-BUTUE.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-BUTUE.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-BUTUE.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-BUTUE.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
\Users\Admin\AppData\Local\Temp\is-I46UP.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
\Users\Admin\AppData\Local\Temp\is-I46UP.tmp\uninstall.dll

Filesize
712KB

MD5
f3a88277fc7e0c057c40e47a7e43f9ad

SHA1
78ae0052b323139a4de7a5361a40503a39339f4c

SHA256
d88bcf910e7a5ce4d76ca48b263ef226911b455d3a8db80c9fa69aeb2b3898a1

SHA512
3c40377600fbb814fe19423404d2fb29f6342ab2a3a6d5dc50f42086fc0f59174184a0870d7f04fb6ee5f84828e1ed282396bfcb70842084af25f5af15cc8a1f

Download Submit
\Users\Admin\AppData\Local\Temp\is-Q267U.tmp\scriptInterpreter.tmp

Filesize
1.3MB

MD5
5fbb8d112408800bf9cc257f8be6f580

SHA1
c6319048b9af0736212bebb25979a84a74db0a06

SHA256
0963b01b447c641bea6f5e9de250c1e8a0127a34440c8165594b67890026e6af

SHA512
390f4a1703c867d6f9edae3b02334126565b9995989f2edc16d5749dce7b059874373a5f6e870ce742012fa8b06e1c2c0c3ed56fffb864980496d328db8cbe02

Download Submit
memory/1588-92-0x0000000001010000-0x0000000001049000-memory.dmp

Filesize
228KB

Download
memory/1588-76-0x0000000001010000-0x0000000001049000-memory.dmp

Filesize
228KB

Download
memory/1588-103-0x0000000001010000-0x0000000001049000-memory.dmp

Filesize
228KB

Download
memory/1724-70-0x0000000074241000-0x0000000074243000-memory.dmp

Filesize
8KB

Download
memory/1724-68-0x00000000011A0000-0x00000000011AE000-memory.dmp

Filesize
56KB

Download
memory/1724-63-0x0000000001180000-0x0000000001195000-memory.dmp

Filesize
84KB

Download
memory/2020-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/2020-61-0x0000000000AC0000-0x0000000000AF9000-memory.dmp

Filesize
228KB

Download
memory/2020-55-0x0000000000AC0000-0x0000000000AF9000-memory.dmp

Filesize
228KB

Download
memory/2044-85-0x0000000000BB0000-0x0000000000C6B000-memory.dmp

Filesize
748KB

Download