e1aa00dedd0be1fa6fbb9f9263697393ccef89b7fca1c4453b9d34ea9581bd7d

Analysis

max time kernel
126s
max time network
116s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameManager.exe
Size

60.7MB
MD5

b15ddcdfd9ebffcc3527f120229f8e1e
SHA1

f82438456bad73393ca923ae3709ed9c4859c578
SHA256

e1aa00dedd0be1fa6fbb9f9263697393ccef89b7fca1c4453b9d34ea9581bd7d
SHA512

c76e599192febcb89e1ccd09ec47194a9f759753da722971a05d75e9dff599e0cb5e5c587a17eec133df51b82cb98d8dca154c7d1574993701dab9b626747c1a
SSDEEP

1572864:CtvettMpkfGL3MCwGKXsYvu1hQcvM0fDjp7:Cl043TEOso3fDjp7

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: [email protected]). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, in

Emails

[email protected]

<[email protected]&gt

URLs

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://code.google.com/p/y2038

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

Signatures

Executes dropped EXE 5 IoCs

Processes:

GameManager.exeGameManager.exeGameManager.exeGameManager.exeGameManager.exe

pid process

1940 GameManager.exe
1916 GameManager.exe
1960 GameManager.exe
1628 GameManager.exe
1972 GameManager.exe

pid	process
1940	GameManager.exe
1916	GameManager.exe
1960	GameManager.exe
1628	GameManager.exe
1972	GameManager.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GameManager.exeGameManager.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Control Panel\International\Geo\Nation	GameManager.exe
Key value queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Control Panel\International\Geo\Nation	GameManager.exe

Drops startup file 1 IoCs

Processes:

GameManager.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsBootManager.exe GameManager.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsBootManager.exe	GameManager.exe

Loads dropped DLL 26 IoCs

Processes:

GameManager.exeGameManager.exeGameManager.exeGameManager.exeGameManager.exeGameManager.exe

pid	process
1460	GameManager.exe
1460	GameManager.exe
1460	GameManager.exe
1460	GameManager.exe
1940	GameManager.exe
1940	GameManager.exe
1940	GameManager.exe
1916	GameManager.exe
1940	GameManager.exe
1960	GameManager.exe
1916	GameManager.exe
1940	GameManager.exe
1916	GameManager.exe
1916	GameManager.exe
1940	GameManager.exe
1628	GameManager.exe
1940	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe
1972	GameManager.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

6 ipinfo.io
7 ipinfo.io
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

flow	ioc
6	ipinfo.io
7	ipinfo.io

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

GameManager.exeGameManager.exe

description	pid	process
Token: SeSecurityPrivilege	1460	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe
Token: SeShutdownPrivilege	1940	GameManager.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

GameManager.exeGameManager.exe

description	pid	process	target process
PID 1460 wrote to memory of 1940	1460	GameManager.exe	GameManager.exe
PID 1460 wrote to memory of 1940	1460	GameManager.exe	GameManager.exe
PID 1460 wrote to memory of 1940	1460	GameManager.exe	GameManager.exe
PID 1460 wrote to memory of 1940	1460	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1916	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1960	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1960	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1960	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe
PID 1940 wrote to memory of 1628	1940	GameManager.exe	GameManager.exe

C:\Users\Admin\AppData\Local\Temp\GameManager.exe
"C:\Users\Admin\AppData\Local\Temp\GameManager.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1460

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe
2⤵
- Executes dropped EXE
- Checks computer location settings
- Drops startup file
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1940

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe
"C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\GameManager" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1292,i,3930089331016985930,10506971005227424543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1916

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe
"C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\GameManager" --mojo-platform-channel-handle=1392 --field-trial-handle=1292,i,3930089331016985930,10506971005227424543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1960

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe
"C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\GameManager" --app-path="C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1640 --field-trial-handle=1292,i,3930089331016985930,10506971005227424543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:1628

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe
"C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\GameManager" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1228 --field-trial-handle=1292,i,3930089331016985930,10506971005227424543,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
116.3MB

MD5
d72d906a9aa024e717643236b630c399

SHA1
1b6b947f6d2d32192668e371e1dc86699e2f013d

SHA256
6fb1cc030ce71058da4e4e3565e68fd9e42b95ed61a67c82d635b70033b2f0e9

SHA512
dd1c68a5a66f7a2b52a7b04fe3b4c3e029b4bf40709dcaf119b19ef6a5e140828672935c74fa6e14443d602d07f780ffd4d5cd2a5a4a1ebc69e530de1e5adf70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
112.7MB

MD5
5a25384b9c98cd473f3f30fd0b4c1b0b

SHA1
8265f6d33f60923577f637ee4d55f376b386483e

SHA256
ad90ddc24bd02eca65d39ee3f96e5aca519aa033bdce60e9812a4535cfd33215

SHA512
f72784f1891a1e8942d1cf9fcd94ac6396fa4d868caa1e45d87ff9c1ff1e44f3a3b336d08756b48d0023f314e30cb757fbfe5070e07e6cef77d3c498c1a83ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
115.4MB

MD5
c1e3de6e75cedc0b96032ec0327a9245

SHA1
3f0894c1278db8bb4c3eb56c5395a121047ffa6c

SHA256
090e0480388e3ed4e8e7ec06fb0ee8be66797fa473a68376e4cbfc0805c5bf4a

SHA512
79e81502064562ce0fa0dd297afbc26e98eb0e1ba76f39274ecd5b6886710b5a98c4a3450fec49a58233f4af66d194660935fc4a12abcbdb61e5aa1261f65181

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
114.9MB

MD5
9d635c3ad84c4ecc3407c6d852aae758

SHA1
cd9913510916fcba67992c78f130aef2ff1465e4

SHA256
439b546402cfaab77cca0fc50e5b8be888595241c98c42f5210b7fc90c5385f1

SHA512
82743bc3f8c124bb81d71026a31b22062741a87fd811f2a56379094158f2f9e9c5ab0ebd2d5d81c4b8b6c6820ecc30e1f910c972675938e2eec387751957588a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
110.7MB

MD5
e94ccd33cf702ab74eb392773c4a92a5

SHA1
97cb2bd205ba76b25dad18dafaf48519a24c6e36

SHA256
b34e7a9e3c30fc9272c73800964ffba2ec9f4331c7345258f1a20298945e6c36

SHA512
14b6ab9f710538b85111c70d11eceb14795f972c232fb1b7a2efdcaeb297614bc166a898bed9db3ae3206536b9ac71be63b5a18a889b5709ac7a28c248cd8335

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
133.8MB

MD5
a30d076480b8968b910c93bbf9e4c556

SHA1
1b60644d62003fb58b7e6cc453a39211798abac9

SHA256
e62ddeb71a417002ceb24ac97707fb0b4f187e7fdeb919a16db931e158f7d05c

SHA512
225d963f38a8689e6c6082bcc0164b79785f9d531f60d87449d74b459aaa8380a504af7cbbcd9e2ce30fa39f280fff6332ff8b963fb1bc7010a1bdbdbb642094

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\chrome_100_percent.pak

Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\chrome_200_percent.pak

Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\libegl.dll

Filesize
437KB

MD5
91f11a9181583f75e2b29fcd9050c7f5

SHA1
fd90abc3048f3347435dfbd1075b8051ac6ffabc

SHA256
43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330

SHA512
925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\libglesv2.dll

Filesize
6.7MB

MD5
16deb84c2dd1d55ed938a112b6ce92d4

SHA1
15ed353f418030e2a3d94c2c77d45605ea9cb3c2

SHA256
b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8

SHA512
bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\locales\en-US.pak

Filesize
110KB

MD5
5cc884bf0ec1c702240173b35a421d1b

SHA1
19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31

SHA256
9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601

SHA512
48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\resources.pak

Filesize
4.9MB

MD5
a1e5aafe5a1509ef461d584c98484ff7

SHA1
455a36fff7a12989d0d1fc944a3c8840141d865a

SHA256
dd0cdd9201c5966dcc8b3ac3f587fdb05cad09547e267e0d16b8b1a3cff14772

SHA512
f98e33fe7e89a7798c6c274b4220c7c5262a2cedd0c0a04c7821634679f71145eca78c7a36a9f576712a00ffbabfabf58c958483d2d69fa9960178a7c3581946

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\resources\app.asar

Filesize
26.8MB

MD5
1d831d30fe63a7945ddadad790a7afce

SHA1
ca201b57c0ddcd8805efa60cafe91c87d85a138f

SHA256
5f2d1b1e04aa8c8c4acb27c52889094af8fe7cd1c9f387383a68fb9898a706f1

SHA512
8e2508ad4ff63e9a0acad7c0f69c3052126cb7c3fba7dee188f869b1433833ebcdaef7b258d67bb301aec930fe82494e2f32c0e2c0b395db1a5e4d32a2988121

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\v8_context_snapshot.bin

Filesize
709KB

MD5
dd0d4997dfab65b96aad66d035f6029c

SHA1
65faa1dbb7ccd902f1f1af544f6941234ff679d3

SHA256
f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd

SHA512
86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vulkan-1.dll

Filesize
830KB

MD5
4783d34314ef4feb241f4fdf36499521

SHA1
89296d6ac36cd005045db7307bf31005d0cf29a7

SHA256
6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b

SHA512
7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
118.6MB

MD5
d40b2f8abf2d5c38007fba39683f110c

SHA1
e83bfb7a4fd643a4cabc7ed99aeea1a7397725c6

SHA256
ad30ed65ceaa36ee1b56b74a6e7b0a4f8e52f12ac30f6197ffdf436408e5ee8d

SHA512
4f6ecd8f6242f1c568725f2038e8a29ec3cd6fc57d8e5a5d141f1248ae025cc7f88d88d10e7436b43ef241f093604a0e27e44766e369425c4f0384c4c7f06a7c

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
117.3MB

MD5
afe187f348bcc11656a99e5c1812c56f

SHA1
6a5a3ee44e00d49e1be25dfee3ac883162f64402

SHA256
1a1a306d60be9e4e22d3a5303efabfa66d57653498662c1240da823241f9853e

SHA512
bf5a4830c43cd23f161e2534dcc69dfe22c2dbd927431279d15564956aa61f299ecbc47c9962b788717d419adf7b4c2868a7299f44eb30c81d121144eaf6bae0

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
112.2MB

MD5
ca6d5758509fd278aa535ac08681c656

SHA1
6db6d078db39197215076c6d47717c6cb3dda6d6

SHA256
2cdbbca43798cc0acfae9057f13580f108e2f6516b9ee590dd965eb0dc449214

SHA512
6419f015edafb2e80b27dbb608b8d07630e7653e850a36c8b86706efe9a369d8f4c2536e9258a0103d7a0d18ac7a5f2b64ecbb2c2bf442d7c22af5977674d1d5

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
137.2MB

MD5
5d0ae449a5f4db8c83d5f99b89021e5e

SHA1
6baf794a8b1c27994c85b2429a2e5b80af1b2c10

SHA256
c2e5b936ed78b390ee8f8f35dd97d86e1d0ef947370e02149f605b03e7508b82

SHA512
726ebcd7188d6390f2bf79c04138f26163259eb489c9074bbb601a768e5fe09ead96806cde1f51153a46b280963345d34ce6e54a7fb7931727723ea1eedb976c

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\GameManager.exe

Filesize
115.6MB

MD5
7614c7e77f5d47146ad97e1a242669b4

SHA1
aaa12fbe01ebc528f82fe5bc385612aad316ca72

SHA256
552137f87e07cac720c06b43026691196f5fc2f63159dcdcba0d6cbb02169385

SHA512
4c300109f9c6d070bcce86f4db5f9c6c4ce17a5ac9566e5fcb330f2b53cc0dd5bd8539f5e3d00db334af6dbff315ad36a6a42c8dbecababf73ba863e56b19e9b

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\ffmpeg.dll

Filesize
2.6MB

MD5
21647425561f9dfa567139d2c505f585

SHA1
efd5b3d6a21886c6467d28c73d20be0acb4591e9

SHA256
b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6

SHA512
c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\libEGL.dll

Filesize
437KB

MD5
91f11a9181583f75e2b29fcd9050c7f5

SHA1
fd90abc3048f3347435dfbd1075b8051ac6ffabc

SHA256
43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330

SHA512
925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\libEGL.dll

Filesize
437KB

MD5
91f11a9181583f75e2b29fcd9050c7f5

SHA1
fd90abc3048f3347435dfbd1075b8051ac6ffabc

SHA256
43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330

SHA512
925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\libGLESv2.dll

Filesize
6.7MB

MD5
16deb84c2dd1d55ed938a112b6ce92d4

SHA1
15ed353f418030e2a3d94c2c77d45605ea9cb3c2

SHA256
b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8

SHA512
bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\libGLESv2.dll

Filesize
6.7MB

MD5
16deb84c2dd1d55ed938a112b6ce92d4

SHA1
15ed353f418030e2a3d94c2c77d45605ea9cb3c2

SHA256
b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8

SHA512
bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vk_swiftshader.dll

Filesize
4.4MB

MD5
6b40ce4af617399536d0ea6edc84baad

SHA1
55c91309fe49af121dd3de9c24f60b8cfea680f1

SHA256
c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59

SHA512
9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

Download Submit
\Users\Admin\AppData\Local\Temp\2HdydCOhELO78AAi5yfJfKx6JH2\vulkan-1.dll

Filesize
830KB

MD5
4783d34314ef4feb241f4fdf36499521

SHA1
89296d6ac36cd005045db7307bf31005d0cf29a7

SHA256
6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b

SHA512
7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac

Download Submit
\Users\Admin\AppData\Local\Temp\4e433e0c-3c06-4e39-a7c6-3783cf16e062.tmp.node

Filesize
2.6MB

MD5
10549f42263e31e1a335cdf5824be847

SHA1
b4e736aadc5f66d7a67255c719773721d55b3d52

SHA256
487cec14eea6646be0266a5767b53ed67b49b429036521ee13d0656365fcca20

SHA512
018ed34edfd60de37a73191206ace75521a6ac9c588ac6a05dccc576f41cb5233c3c800e14c303d5f0d7bcd707f556d24151fe86c4b163c09b2f3cc5aac930cf

Download Submit
\Users\Admin\AppData\Local\Temp\d477baca-ecc8-4b15-b860-edc6b053e3c6.tmp.node

Filesize
141KB

MD5
de3e9e455d3bb262955d3e128d2b972e

SHA1
f795f84994befbbd0b695833ce545b6522acb454

SHA256
c56581063cbb78565c0a5f74f2f75c4be68e7c25187159a51f5ef186dc966051

SHA512
f8bd9907ffe8bcbc04ba6e8c023c0bdb710a8e631debb4a30245052a47b5514e30f3bbd278cc30e471e4ec8b615d766bca65fa7f6d3e5296c98c4f58bb3607b1

Download Submit
\Users\Admin\AppData\Local\Temp\nso980D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nso980D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nso980D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1460-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1628-146-0x0000000000000000-mapping.dmp

Download
memory/1916-101-0x0000000000000000-mapping.dmp

Download
memory/1940-59-0x0000000000000000-mapping.dmp

Download
memory/1960-105-0x0000000000000000-mapping.dmp

Download
memory/1972-179-0x0000000000000000-mapping.dmp

Download