5a881ce5b8d76b06607c5d517e709766f7d8f7fe647c754537185dfb22ec0631

Resubmissions

25/10/2022, 10:41

221025-mrdp9acdc4 8

Analysis

max time kernel
271s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/10/2022, 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

S4MP Launcher 0.27.1-public.exe
Size

51.2MB
MD5

7893ca7298afc8bb62ffbd904525b1ab
SHA1

d14b13adb3f4840071b45052a911184071d9d100
SHA256

f6b2d3b09c3ce9209878665985021f1836f8e27fcb5f57c50a9c30e37a61a174
SHA512

e5b3911860c57faa95f22ecbba9d2f6400595619ec39137d5217ab816aa31981ede29218719b23e2e97892e34f4b61e446aa72d8b21690e9c4f2e1aba17a8598
SSDEEP

1572864:VpzKDsE0XmNQYvPDJESUBVG0F66UrvZR4KY7:VpzKgrWvvPtgY6ULD4x7

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1352	S4MP Launcher.exe
4436	S4MP Launcher.exe
4048	S4MP Launcher.exe
4668	S4MP Launcher.exe
4700	S4MP Launcher.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	S4MP Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	S4MP Launcher.exe

Loads dropped DLL 12 IoCs

pid	Process
4876	S4MP Launcher 0.27.1-public.exe
4876	S4MP Launcher 0.27.1-public.exe
4876	S4MP Launcher 0.27.1-public.exe
1352	S4MP Launcher.exe
4436	S4MP Launcher.exe
4048	S4MP Launcher.exe
4668	S4MP Launcher.exe
4436	S4MP Launcher.exe
4436	S4MP Launcher.exe
4436	S4MP Launcher.exe
1352	S4MP Launcher.exe
4700	S4MP Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4048	S4MP Launcher.exe
4048	S4MP Launcher.exe
4668	S4MP Launcher.exe
4668	S4MP Launcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4876	S4MP Launcher 0.27.1-public.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1352	4876	S4MP Launcher 0.27.1-public.exe	85
PID 4876 wrote to memory of 1352	4876	S4MP Launcher 0.27.1-public.exe	85
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4436	1352	S4MP Launcher.exe	88
PID 1352 wrote to memory of 4048	1352	S4MP Launcher.exe	89
PID 1352 wrote to memory of 4048	1352	S4MP Launcher.exe	89
PID 1352 wrote to memory of 4668	1352	S4MP Launcher.exe	91
PID 1352 wrote to memory of 4668	1352	S4MP Launcher.exe	91
PID 1352 wrote to memory of 3852	1352	S4MP Launcher.exe	97
PID 1352 wrote to memory of 3852	1352	S4MP Launcher.exe	97
PID 1352 wrote to memory of 2544	1352	S4MP Launcher.exe	100
PID 1352 wrote to memory of 2544	1352	S4MP Launcher.exe	100
PID 1352 wrote to memory of 4700	1352	S4MP Launcher.exe	102
PID 1352 wrote to memory of 4700	1352	S4MP Launcher.exe	102

C:\Users\Admin\AppData\Local\Temp\S4MP Launcher 0.27.1-public.exe
"C:\Users\Admin\AppData\Local\Temp\S4MP Launcher 0.27.1-public.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1352
- - C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe" --type=gpu-process --field-trial-handle=1696,14931795224202315587,3471858585002321343,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16703155346986200827 --mojo-platform-channel-handle=1704 --ignored=" --type=renderer " /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4436
- - C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe" --type=utility --field-trial-handle=1696,14931795224202315587,3471858585002321343,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=5457006877367433804 --mojo-platform-channel-handle=2152 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe" --type=renderer --field-trial-handle=1696,14931795224202315587,3471858585002321343,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=18210859785998201571 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4668
- - C:\Windows\system32\cscript.exe
    cscript.exe
    3⤵
    PID:3852
- - C:\Windows\system32\cscript.exe
    cscript.exe //Nologo vbs\regList.wsf A "HKLM\SOFTWARE\Maxis\The Sims 4"
    3⤵
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe" --type=gpu-process --field-trial-handle=1696,14931795224202315587,3471858585002321343,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3639524803557268405 --mojo-platform-channel-handle=2020 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\D3DCompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe

Filesize
100.0MB

MD5
5a4947b42624377fc447a27f7723c02a

SHA1
caf43cd29da87d8032751859cc4cb2219a70636b

SHA256
a75e6f494d8a23f613df61ede322b034aa920a7363c6e7cb9a4d20503939eec0

SHA512
8910571ba10cee99c06ab1a38a5e1fa162ada9e189deb2b6ebc7c0e48286133e569858c1f36f0c1b5d5993b44a280e03f8213097171a33cfdfc462c6326895f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe

Filesize
100.0MB

MD5
5a4947b42624377fc447a27f7723c02a

SHA1
caf43cd29da87d8032751859cc4cb2219a70636b

SHA256
a75e6f494d8a23f613df61ede322b034aa920a7363c6e7cb9a4d20503939eec0

SHA512
8910571ba10cee99c06ab1a38a5e1fa162ada9e189deb2b6ebc7c0e48286133e569858c1f36f0c1b5d5993b44a280e03f8213097171a33cfdfc462c6326895f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe

Filesize
100.0MB

MD5
5a4947b42624377fc447a27f7723c02a

SHA1
caf43cd29da87d8032751859cc4cb2219a70636b

SHA256
a75e6f494d8a23f613df61ede322b034aa920a7363c6e7cb9a4d20503939eec0

SHA512
8910571ba10cee99c06ab1a38a5e1fa162ada9e189deb2b6ebc7c0e48286133e569858c1f36f0c1b5d5993b44a280e03f8213097171a33cfdfc462c6326895f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe

Filesize
100.0MB

MD5
5a4947b42624377fc447a27f7723c02a

SHA1
caf43cd29da87d8032751859cc4cb2219a70636b

SHA256
a75e6f494d8a23f613df61ede322b034aa920a7363c6e7cb9a4d20503939eec0

SHA512
8910571ba10cee99c06ab1a38a5e1fa162ada9e189deb2b6ebc7c0e48286133e569858c1f36f0c1b5d5993b44a280e03f8213097171a33cfdfc462c6326895f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe

Filesize
100.0MB

MD5
5a4947b42624377fc447a27f7723c02a

SHA1
caf43cd29da87d8032751859cc4cb2219a70636b

SHA256
a75e6f494d8a23f613df61ede322b034aa920a7363c6e7cb9a4d20503939eec0

SHA512
8910571ba10cee99c06ab1a38a5e1fa162ada9e189deb2b6ebc7c0e48286133e569858c1f36f0c1b5d5993b44a280e03f8213097171a33cfdfc462c6326895f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\S4MP Launcher.exe

Filesize
100.0MB

MD5
5a4947b42624377fc447a27f7723c02a

SHA1
caf43cd29da87d8032751859cc4cb2219a70636b

SHA256
a75e6f494d8a23f613df61ede322b034aa920a7363c6e7cb9a4d20503939eec0

SHA512
8910571ba10cee99c06ab1a38a5e1fa162ada9e189deb2b6ebc7c0e48286133e569858c1f36f0c1b5d5993b44a280e03f8213097171a33cfdfc462c6326895f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\chrome_100_percent.pak

Filesize
173KB

MD5
c56bc01c88f2fd186ae22f10b1bd5900

SHA1
b000e68ccd919010eff8c2e114b7d1b6e702d997

SHA256
d8cbc2234f40b49437a5876bb008b6b43afdf92391dec3f0739be98e448ab671

SHA512
46f9158e0f06a4e415b95a7dabe88cc4f3eecc235cdaf9d744caf4de5e665ae91599e3c2feea0860e9f6eeb2eea45fe4e57542fae95ed9110d44624513de3aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\chrome_200_percent.pak

Filesize
308KB

MD5
9662c1f572ef83f070d2354b0275ec60

SHA1
04ce905a95a1c3b8521a17ac9f57503e7aa3eac9

SHA256
55dd419a1cecca86665ba5e6184d6b58edf714d652e67c5220dd3b407d99afa8

SHA512
b1d34d58f5079b1db9764bce2787969113ac7cb1b83dbc3ebce8c9c287af372a639611ba11246a088243e2098dbd1d6ad51341eff2a57a995868bb0db94a3167

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\ffmpeg.dll

Filesize
2.0MB

MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\ffmpeg.dll

Filesize
2.0MB

MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\ffmpeg.dll

Filesize
2.0MB

MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\ffmpeg.dll

Filesize
2.0MB

MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\ffmpeg.dll

Filesize
2.0MB

MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\ffmpeg.dll

Filesize
2.0MB

MD5
0173d01bdcb90a5027ca96d633686fd3

SHA1
9e008814f94c3abf5a7ba672864f50a4a2a288d9

SHA256
f31b6e70365d1812578c6f96831fbec800ef7420c92566638252193bd7c7e4ff

SHA512
47665ce82bed00eff30dcff8a0e78b2badddd956bdd48be48c1cad75676af25e4abfd513ccba282f74dbf9e659c4fb7502da6876048da1fb8d875ab12c5d9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\icudtl.dat

Filesize
9.9MB

MD5
9e8b247aa7a609e6632518ecd6634fc0

SHA1
cc43315bec76167be7dfbb7dd0b6d61974204d6c

SHA256
18acc07d9ca59b1e599343b022a9e602a0a0c152866f7e5dce1fedd2dbcd33a0

SHA512
7a9590f410c14886317d7cdae606b50b4a0355061e251aa3bcd3e0c614438298e839ff116553089116423e9bc98c131f35796478517d88a180a5a2d08ff7fa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\locales\en-US.pak

Filesize
71KB

MD5
ce30d32061b772148cbc966915291edc

SHA1
4c5edaed4f3ba6e10443f344e757c26f7ceb4ce9

SHA256
88a07be1329cfde3486dd0376de77e289468a750273970aeae6ad4468c0969f4

SHA512
720fa132a3362ea4f5ea10f30c4996378d1f196210cef13c38579dbacc1f11e55d6dfdaa3aa0a6a574670a962f6e2910a2d66a64a1e7e1d6466b20529f5652cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\natives_blob.bin

Filesize
80KB

MD5
1582ffe1b8cb37438bc22edee6cd0a90

SHA1
01af249f33b2e5ffba18ba8f7cd76f2ee0e5f425

SHA256
02586eeaf4ce40d1b34310d885e34fb63e8e9f155fcedbd796536735907cbe80

SHA512
8c66ba4ef15fea573c29f0f6977e290b8fd72f4c8833f31a9b0ef4285f5493e9b27daf3a02c352ed12eadce36cda933d9d97576bfa4dcbbcc04294e73ad9ebfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\resources.pak

Filesize
8.3MB

MD5
95b94a5784a8b31b3dfb56ed309510cb

SHA1
85e290c41d4be9c0d591404b281dc3931bd78c0f

SHA256
43aa558648917a11fde82e73d9f1878d500098196e675ce2915c26361a05e8d5

SHA512
86ebe9904050d8653a029b52effd977a42e727ca40e62c7d2ceed4685dfaf762678a3402c16d90bb0a05357eebb988614964fce6ae19a67636f6cc3f8578bac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\resources\app.asar

Filesize
92.9MB

MD5
ac9f9be8192cba21ffe7c2e85ea25b57

SHA1
7923a65e31981688ecb6a38078a8f7b9be6bbb3e

SHA256
a1a5172da295339856fcad09b00896b6bcf9f2c324dd0042f9ecc59f4d25cd35

SHA512
7aac502cafda398962a9ef34757c3e2dfba0aeca8f2b263c59844037f0ce9c8cbfd2eba8469d0664aadeb6e2d7d1f924e3ad2ada76fbc2679d2e31d65f9b27f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\swiftshader\libEGL.dll

Filesize
333KB

MD5
1a76c3311b6f88a7aeafaae4a4e2e7a8

SHA1
0f57109f7c13b1857dd693344967ab3e67f87181

SHA256
733e0f790eae21e61c38fdd4f790050d11eed5b5057ccf7bbbb572d5440607d1

SHA512
c6daaaacfadb3d662fa1d12799c4bd1f6817df48df44dc9fdcf3c2b185d3e6898f4a6fce7b59a27539d206f5316b1fa0620aec4efb1db7a07893e8a1ede5846f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\swiftshader\libGLESv2.dll

Filesize
3.7MB

MD5
1ce2b05e35cd252c0659d56a662db583

SHA1
1bb3e8becfa0ed3fc506f331a3bf617b2e1d7149

SHA256
e66d9edeed08bfa60e3499c32c8c7f70b3bf237849ebd1c069305f83e1427752

SHA512
096f2b3ef2f8f7a7252d8ea442092d1042cbff4112d76dcca0c8e54232f7b5119fea4a894236331b49a1f55a7da37a039120b45ff53a042f08bb9140cfc391fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\swiftshader\libegl.dll

Filesize
333KB

MD5
1a76c3311b6f88a7aeafaae4a4e2e7a8

SHA1
0f57109f7c13b1857dd693344967ab3e67f87181

SHA256
733e0f790eae21e61c38fdd4f790050d11eed5b5057ccf7bbbb572d5440607d1

SHA512
c6daaaacfadb3d662fa1d12799c4bd1f6817df48df44dc9fdcf3c2b185d3e6898f4a6fce7b59a27539d206f5316b1fa0620aec4efb1db7a07893e8a1ede5846f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\swiftshader\libglesv2.dll

Filesize
3.7MB

MD5
1ce2b05e35cd252c0659d56a662db583

SHA1
1bb3e8becfa0ed3fc506f331a3bf617b2e1d7149

SHA256
e66d9edeed08bfa60e3499c32c8c7f70b3bf237849ebd1c069305f83e1427752

SHA512
096f2b3ef2f8f7a7252d8ea442092d1042cbff4112d76dcca0c8e54232f7b5119fea4a894236331b49a1f55a7da37a039120b45ff53a042f08bb9140cfc391fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\v8_context_snapshot.bin

Filesize
684KB

MD5
791e836529dc39d99117742c225a537d

SHA1
8d035c2446758ec65c41e48d3671004527a55772

SHA256
6baadc6adcd5e51d549a4d2f07b619d2a5b97f99a372f33efd3c84d2a369c747

SHA512
afca91bad91c359af1febc86e5e0cf16b0b2549ccdb6ae1d733f9d66e0d1daa4a3b96273d7888835dfe820722ca8d7e38b1085011dd7d6851a3198cdc18bbac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\vbs\ArchitectureAgnosticRegistry.vbs

Filesize
2KB

MD5
273e11094dc2f43c42fe44f1f58a82c4

SHA1
4e8e8fbff1d0a7a35b5c950feaca54f364bb824b

SHA256
638e532eba8697268194fb9bc9465e8378783ec8f672c1fb0a15dde21bfd953f

SHA512
5c13bc01b1fa915159a9a43445ba2181156f7f2491dcbc93812185a0279c9948b0415f03b23d88d40838613b62c510b5f40a96e33b7c6ab34b6801c72a6a5c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\vbs\regList.wsf

Filesize
1KB

MD5
ff10efec1c790d731188675518f00668

SHA1
fb73204a8ac344cf8d6e9e23e5d9013067cddd88

SHA256
f5aeb884a0562ae4a479f5428dd157586abbfa0a68e5090ec2e3210eefa4106c

SHA512
a8e26a5623922c804d134182646a4743fcf26843797471599c73ddd8648977b001cc451c2d98a3858a09062c86a35af58c766072846b2471c98b009253ac5658

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\vbs\regUtil.vbs

Filesize
8KB

MD5
39068645a01e0f997b403230be0c4f20

SHA1
16932ac24ad433c87810e4cd5f8fc028a517c1f4

SHA256
a716818d86c047551e6cd24868fc19243bf279b9566dd23ac46ec1b84172e9b9

SHA512
33fd67e2169ee01b083cd2cd50090940ce910e1b0e1c8638a2df23e43e98fd7c9bceacdb1d64fd73d5b3ba25e1b3a2d311ccaed088c2054dbc4154e2b7d11e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\2GDLgTYXRYhT8PuIEpu7F54rTtn\vbs\util.vbs

Filesize
4KB

MD5
a64dac36c8222b911edaf467f9c692c8

SHA1
747d3a73f698ff7aeeb800457691a33a2c5fa440

SHA256
9d5fa131d8c89fd42638b8a6054db165eeda0ae759eb386bb78e27f7fbfc2925

SHA512
0faa80648bd2b01684149cd9d405cc1e62b94bd0faea01ef203b9b8fbf5eca2b3e89ef27fcef1d2fe30e7fcebdeb90e0e1d36d1e310716874e7cad6037934194

Download Submit
C:\Users\Admin\AppData\Local\Temp\c8fdacb1-f942-4beb-a254-5d62cb8a7ad6.tmp.node

Filesize
119KB

MD5
d15a21cb2c6e821d79487be724c06ccc

SHA1
3110514dec222b3d8fd0881158b260d301d90fd0

SHA256
176b45dacd3505b28a6ec5e75d3eea57091b42b8b109306914330d7ab34ad3e6

SHA512
0ade74ac1780e2a01ba0d9f10d2b95ba9ea4c3839876d40f5fd6ead8f349be2bd0b4e063dd4e4a23c5fc76b027cb8f5e5c4204bbe68283716e0fdd63b813f111

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbCAC8.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbCAC8.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbCAC8.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit