453a308a5d60b6370dc09343f193b46fed4dfdd654a24acd0bba01a778660430

Analysis

max time kernel
73s
max time network
156s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/12/2022, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GDLauncher-win-setup (2).exe
Size

74.8MB
MD5

104bc7f2d94943c4474b1f4f469a2cee
SHA1

8f2b5202f00ebac670636806b8c49a2917651f05
SHA256

453a308a5d60b6370dc09343f193b46fed4dfdd654a24acd0bba01a778660430
SHA512

7160b8fd997f18afab6bd70f9f56c34269e840fa41cf7746e7fa3c38ab2e6e1f4f1d1e1a3a58836f4fca2a5da8e467a5696adbcdef116278e69cfed4bbc690ad
SSDEEP

1572864:ZIQQRHNBhCMBSOXaBHgF/Z37vqwTqaZguNAWEctrktH0S+Xg9rXAIVuy2vwWpA8b:Z7QzsTgJtqynROt+4tTjdwYe4RwN

Score

10^/10

discovery ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Programs\gdlauncher\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: [email protected]). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, in

Emails

[email protected]

[email protected])&quot

[email protected]

<[email protected]&gt

[email protected]

<[email protected]&gt

URLs

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

https://github.com/easylist

https://easylist.to/)&quot

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1944	GDLauncher.exe
1596	GDLauncher.exe
1616	GDLauncher.exe
1600	GDLauncher.exe
1920	GDLauncher.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	GDLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	GDLauncher.exe

Loads dropped DLL 29 IoCs

pid	Process
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1636	GDLauncher-win-setup (2).exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
1944	GDLauncher.exe
1944	GDLauncher.exe
1944	GDLauncher.exe
1596	GDLauncher.exe
1196	Process not Found
1596	GDLauncher.exe
1596	GDLauncher.exe
1596	GDLauncher.exe
1616	GDLauncher.exe
1600	GDLauncher.exe
1920	GDLauncher.exe
1920	GDLauncher.exe
1920	GDLauncher.exe
1920	GDLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1320	tasklist.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\ = "URL:gdlauncher"	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell\open\command	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell\open	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\gdlauncher\\GDLauncher.exe\" \"%1\""	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\URL Protocol	GDLauncher.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1636	GDLauncher-win-setup (2).exe
1320	tasklist.exe
1320	tasklist.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeDebugPrivilege	1320	tasklist.exe
Token: SeSecurityPrivilege	1636	GDLauncher-win-setup (2).exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe
Token: SeShutdownPrivilege	1944	GDLauncher.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1944	GDLauncher.exe
1944	GDLauncher.exe
1944	GDLauncher.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1944	GDLauncher.exe
1944	GDLauncher.exe
1944	GDLauncher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1636 wrote to memory of 1724	1636	GDLauncher-win-setup (2).exe	28
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1320	1724	cmd.exe	30
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1724 wrote to memory of 1500	1724	cmd.exe	31
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1596	1944	GDLauncher.exe	35
PID 1944 wrote to memory of 1616	1944	GDLauncher.exe	36
PID 1944 wrote to memory of 1616	1944	GDLauncher.exe	36
PID 1944 wrote to memory of 1616	1944	GDLauncher.exe	36
PID 1944 wrote to memory of 1600	1944	GDLauncher.exe	37

C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup (2).exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup (2).exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq GDLauncher.exe" | find "GDLauncher.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq GDLauncher.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1320
- - C:\Windows\SysWOW64\find.exe
    find "GDLauncher.exe"
    3⤵
    PID:1500

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1184,i,16397989780803146184,16826416240685793447,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1596
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1272 --field-trial-handle=1184,i,16397989780803146184,16826416240685793447,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1616
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1572 --field-trial-handle=1184,i,16397989780803146184,16826416240685793447,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  PID:1600
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1184,i,16397989780803146184,16826416240685793447,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1920
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2220 --field-trial-handle=1184,i,16397989780803146184,16826416240685793447,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:1908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\gdlauncher\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
103.6MB

MD5
3c8058489c6a2e9fe1459b9d0873366c

SHA1
6f1b2521160c60c264de44757159e2275cd8ab88

SHA256
6af4b5044a8edf625912cb24babf1d15fdee7d4b16bc2b4af5186abb9bdd9f53

SHA512
4ed24daa4b8da007f55e03c75b9c7372114dd3ec030554c32cad1760e052dafc96b8ce8abd8898bf4aacc3dd04c44677a60073895d947466be38df3df3ca641d

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
124.1MB

MD5
a1e7d53f020e47aa4828e26fcded20eb

SHA1
28f5a09637b726bff4b12d1f6e00dd8072f50189

SHA256
bf48f0ebfbdfe209e2695d29fa9983a355bbeb81f394d64cb4a5f244f1dc5f44

SHA512
9878a9fde2681a8b73246d5895887b709adee1c9c318b699a3234824f49b4f47e94256f0073c9a03f31a22fb268f14eb5e30108b8e7159901ff96c695d8d5eb3

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
97.4MB

MD5
116e5c4e82bfd3c9790f9b11ce4881e7

SHA1
f5cac5577e9fb53f8c6cc1f4a30f8c568223d5cc

SHA256
37c96d6485cd14498a6ebed582070c45fd26b902ef9d219bb2bed983416ad505

SHA512
e2377cc0517ab59c6d76aa268e7042d9e92d6568976378463fc168f2e268d2dec9f92f0bc744d7e461df1a9c1ac3a6978461df8a2c167512dd58a02cfbc3060f

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
100.9MB

MD5
aa05b51275566095e8010fb2533007d5

SHA1
f102823093004cec1bb03d95a0a41b61d2aa1adb

SHA256
5130e05907743366490f61251207176d02260182df95396393caaf80087cda32

SHA512
906cea99144f0d3c5461972e49406a3054dc7800dddb60360af1b9960a19ae646b8013be2bb1b8d927fe83d41874ccec76ea3eb9b7fd0780e64c415a4b6f04ab

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
89.7MB

MD5
ff92557e5612f308fa183e9af475a60b

SHA1
90a286849d80e9501a16b0f54ae67f86e230f102

SHA256
a8edf7c35a07b1ac357520ff932fdd8286a4e8f463c404ed05edd9c9732e58a5

SHA512
147a0e02d1920a72909f6f424bedee660a180cf0598c258a842142008f95ca439d96870aae12f84e82a8463ba1e8aa78a0a1b0ceb3517936af99e44cfc3574c4

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
14.3MB

MD5
1fd4619f6cc3a34aec167705d93efe79

SHA1
21ae93e8a43088b0b14a0df5e9744f695e1fe8f6

SHA256
62b25ab3fb02beea3a22fb38e3869bb3f418eb31ad5dd275f056908a073290a1

SHA512
67010cd386599b73de3102fc1e2e54229eda5a50b36f38f3fff9c04a10f962f19fd5f5846a1f5c93eb252548271b530a2c3e01649b2e826707dc20d9601b9188

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libegl.dll

Filesize
460KB

MD5
ea860e45c75de5727e54a378d6033e4a

SHA1
a42e9d332bdbb8979b054bb481f86aef213c6649

SHA256
19c411480da0d6039ab972d7e9752448ef793df5ce9e9f01feab5f82d747de90

SHA512
537970d2a8964267afe367c210e93e62b58abd3af98cac0ff743742b9a1a7eb01bf1bfc2a8d4f2802423c6876080a7d9c1e34a7bed3f322048987d0a326d9f60

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libglesv2.dll

Filesize
6.8MB

MD5
0168d2a5de3db2b49aef73effc73343c

SHA1
deefdbb3f66eafcc94aa06298e2cf754f6cbf403

SHA256
21ee09441453557971a8eb76aaf74dd0639ac7c6c8756c0bfc78b8205943700f

SHA512
c120a92ca5dd115923db2b40beaf9f0a424589c00ebc48937a21a1f28da4d3f67415a9681f59756ae8cad88353ff8419b7dbbbdc2167da6bb989aa8d95b860bd

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources.pak

Filesize
4.9MB

MD5
a7307fb7aac4a309eef38cc1f9b1858d

SHA1
5b8206f865391f481bf5acf34c4e6f7c80d86ad6

SHA256
2e1fbd837317ed7cdff0d1e20df259e72314bd7bacafd434942caa72f3104eda

SHA512
a02b3f9ff5f5d8aabd5f995b7f00ab86ad8881a87289377dc9acb1dd12ec75924fda93062129b949feda4e32efb98a65a6cd8dccbe91c447dc8746060b929174

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar

Filesize
40.8MB

MD5
fb80f4b1d51043d847d187cd6991cf50

SHA1
bc1be8470d905091c0295071e6c31f1e9dee7bed

SHA256
62e48d630b2411ab6dc6b17efd0640e4e8e8f3be2850daecea0790421fd14d14

SHA512
2bbfed14f3e7779b3ded2fbb4376eac2da93d6014aabe8355791981ab22fa4d2da5a48834e248f3f76445cbdb9c7b8440804014460ef0d917adf9c4e4435ae0a

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\v8_context_snapshot.bin

Filesize
713KB

MD5
6a8d54fb285210c65f681cfd1282b4fd

SHA1
2a38c1a61672f70b29f08e8a18beb9f6647493a6

SHA256
4fd22738194e793962ca24ef2e47e26916674515a558b0152f662e7dd351ed65

SHA512
14810fee41d192832182101ad25fd0f1b3cfd44be0018cd9ed92c2188e71606f391f61357c4b231ca86dbc467e0bc3ef705a10f0dff7669a7462743e8e0725f0

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
117.2MB

MD5
983c8dfd447b3b4d43ff067b7cc6bbb5

SHA1
16e73881d804c68ac48746dc610571fa9ad3ea60

SHA256
460cf6b45601cbe0ce9013445263e9da187bb3d20e7e93df416afaa0e59a07dc

SHA512
577b9c0eb08a6b755b64eb9c9247468755371f77f11a15548150cfd5b473d1098cca059eb3557095150b46ad6469c759e10e3fb702b603e7d7b73edef8f91b21

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
bf1552a56a5283b8ddbf99da1a2ef3cc

SHA1
ab25c6f11d3bec3b6c8148228ca85c5f3ec14d67

SHA256
074d76fb252c3f491cab03455f77c50bb4055655edbec816009087d308b7414f

SHA512
18ace7c6cec3327e4dbad3cbc4f12ba8459fb9d252b8aca80a52bd75493ab0c84eeb200cc442353d6634a2130ba9d4db526b6f86445d7b5a6de9344f4de3b808

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
abf9e804cf6e85ffc169f544f93670a0

SHA1
d68560a8188c2461fba59ad42c41d3b75a050972

SHA256
3fe1958613e364941133ed95395bf921f57592491d8a1636c2f2abd7e433e062

SHA512
d3d0b748ca632e70a3d3ae973d52a689049df9cd4e35ee6029f19d3d0908d00226f7fa1278a1a7f608dc9689232bf3a6f053496a9f359daf7fcbbe1fa0fd475e

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libEGL.dll

Filesize
460KB

MD5
ea860e45c75de5727e54a378d6033e4a

SHA1
a42e9d332bdbb8979b054bb481f86aef213c6649

SHA256
19c411480da0d6039ab972d7e9752448ef793df5ce9e9f01feab5f82d747de90

SHA512
537970d2a8964267afe367c210e93e62b58abd3af98cac0ff743742b9a1a7eb01bf1bfc2a8d4f2802423c6876080a7d9c1e34a7bed3f322048987d0a326d9f60

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libEGL.dll

Filesize
460KB

MD5
ea860e45c75de5727e54a378d6033e4a

SHA1
a42e9d332bdbb8979b054bb481f86aef213c6649

SHA256
19c411480da0d6039ab972d7e9752448ef793df5ce9e9f01feab5f82d747de90

SHA512
537970d2a8964267afe367c210e93e62b58abd3af98cac0ff743742b9a1a7eb01bf1bfc2a8d4f2802423c6876080a7d9c1e34a7bed3f322048987d0a326d9f60

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

Filesize
6.8MB

MD5
0168d2a5de3db2b49aef73effc73343c

SHA1
deefdbb3f66eafcc94aa06298e2cf754f6cbf403

SHA256
21ee09441453557971a8eb76aaf74dd0639ac7c6c8756c0bfc78b8205943700f

SHA512
c120a92ca5dd115923db2b40beaf9f0a424589c00ebc48937a21a1f28da4d3f67415a9681f59756ae8cad88353ff8419b7dbbbdc2167da6bb989aa8d95b860bd

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

Filesize
6.8MB

MD5
0168d2a5de3db2b49aef73effc73343c

SHA1
deefdbb3f66eafcc94aa06298e2cf754f6cbf403

SHA256
21ee09441453557971a8eb76aaf74dd0639ac7c6c8756c0bfc78b8205943700f

SHA512
c120a92ca5dd115923db2b40beaf9f0a424589c00ebc48937a21a1f28da4d3f67415a9681f59756ae8cad88353ff8419b7dbbbdc2167da6bb989aa8d95b860bd

Download Submit
\Users\Admin\AppData\Local\Temp\0b5314c6-9f28-436b-985e-9333c54d4098.tmp.node

Filesize
276KB

MD5
03eabb71ff56a2682545ed04bba7c81a

SHA1
a6768909523a918c4317d15356109e9adeb6921d

SHA256
8e0e30ac06bdf22c0f8d4251e3fb17df78e723b076bd2ec16b5398a55fa12376

SHA512
4a35fecf27cba7e7e48d5ef223cd896d82cd0dcacbe717b769c10d3597410c5e23f27234288ac38bcc9fc6dd8d181497154219ee03b1e238d8b5847f7bcc7cba

Download Submit
\Users\Admin\AppData\Local\Temp\0c14f1f2-d71a-4434-be6d-14e081935ee3.tmp.node

Filesize
480KB

MD5
409c917f228ba8ce78ce2e894d683ed7

SHA1
6e29580139debfd325ddd1c7489aa978e44aea5a

SHA256
00b00c635779f447abae172be856f2de2cf550d243073bd66ae543113dd3390f

SHA512
ed358efd8bca9b4844c05b0b12ecf5a7f5b181a796b481892eb5bc3a69e50bea64be9fc843670811da79e82c3a7b7c36a9bef2d27c07ba488c8c2bcf694a88d4

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA20.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1636-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download