9a4744a9ea6fa058995157b052e1d96b7063039ab3971ce5660fe9cc29bea7aa

Analysis

max time kernel
35s
max time network
150s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/01/2023, 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GDLauncher-win-setup.exe
Size

73.9MB
MD5

05882ff7f159734468f66e60cb10f316
SHA1

ec0b1d3fd2a67a5f85e2a8b1e04d69f4362b6b4e
SHA256

9a4744a9ea6fa058995157b052e1d96b7063039ab3971ce5660fe9cc29bea7aa
SHA512

70f44f7adf0bda370485ee5c88f58b995d3023d535f9544696c45949b7515879ad8a4c5848e0e82cf8babacc84da6ab73834198a28582ef4870b9e088e433da0
SSDEEP

1572864:wlUFqwL0Iy/oa8Opjvi6zTGAJPpnOkKxnJcasRl:wmbL9g8Opjvi6WA+kumasRl

Score

10^/10

discovery ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Programs\gdlauncher\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: [email protected]). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, in

Emails

[email protected]

[email protected])&quot

[email protected]

<[email protected]&gt

[email protected]

<[email protected]&gt

URLs

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

https://github.com/easylist

https://easylist.to/)&quot

Signatures

Executes dropped EXE 2 IoCs

pid	Process
932	GDLauncher.exe
536	GDLauncher.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	GDLauncher.exe

Loads dropped DLL 24 IoCs

pid	Process
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1520	GDLauncher-win-setup.exe
1272	Process not Found
932	GDLauncher.exe
1272	Process not Found
1272	Process not Found
1272	Process not Found
1272	Process not Found
932	GDLauncher.exe
932	GDLauncher.exe
1272	Process not Found
536	GDLauncher.exe
536	GDLauncher.exe
536	GDLauncher.exe
536	GDLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1120	tasklist.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\URL Protocol	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\ = "URL:gdlauncher"	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell\open\command	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell\open	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\gdlauncher\\GDLauncher.exe\" \"%1\""	GDLauncher.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1520	GDLauncher-win-setup.exe
1120	tasklist.exe
1120	tasklist.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	1120	tasklist.exe
Token: SeSecurityPrivilege	1520	GDLauncher-win-setup.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe
Token: SeShutdownPrivilege	932	GDLauncher.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
932	GDLauncher.exe
932	GDLauncher.exe
932	GDLauncher.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
932	GDLauncher.exe
932	GDLauncher.exe
932	GDLauncher.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1520 wrote to memory of 1716	1520	GDLauncher-win-setup.exe	28
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1120	1716	cmd.exe	30
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 1716 wrote to memory of 1724	1716	cmd.exe	31
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 536	932	GDLauncher.exe	35
PID 932 wrote to memory of 1972	932	GDLauncher.exe	36
PID 932 wrote to memory of 1972	932	GDLauncher.exe	36
PID 932 wrote to memory of 1972	932	GDLauncher.exe	36

C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq GDLauncher.exe" | %SYSTEMROOT%\System32\find.exe "GDLauncher.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq GDLauncher.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1120
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "GDLauncher.exe"
    3⤵
    PID:1724

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 --field-trial-handle=944,i,15905580235862263998,16362294223183305006,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:536
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1280 --field-trial-handle=944,i,15905580235862263998,16362294223183305006,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1456 --field-trial-handle=944,i,15905580235862263998,16362294223183305006,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  PID:548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:2076
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:2172
- C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1692 --field-trial-handle=944,i,15905580235862263998,16362294223183305006,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:1004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\gdlauncher\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
121.7MB

MD5
e572ac25c7273f9f3dbf167c15681e49

SHA1
3bbd81c65e66dd303b08f995870c5c994601ee1a

SHA256
7e9dacbc9782d33f68464a8d5bf4a0a72355dd7269727cedba567b873d3c7b03

SHA512
5d0d84742c213b5d26382872f6fa69511d2a97ee9e5cd59bc9889a110fb621af4897df6debfe1fcaff268fd3042462bd6590e6a017dbfec2d7aecb56d821ede8

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
121.1MB

MD5
5e022e317c878751258edfd78059ae12

SHA1
57b94e94643a5ab5f5e91927bd4fa95990d33c80

SHA256
16aeed371acc540e46804052b43187d4d09608fee02584446b9ee812786f8789

SHA512
2832968cd57a7833ff43cae6a5c000484650048e81973ca507c911ae829a553dc294faa53d630cc895891434a10c22ee0faf2d9b70ac502fca3fd3abd5404693

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
75.5MB

MD5
86bc4ad0a97640b250e0e5496ac2607f

SHA1
df5d1cfebc63328999d7dd4750b8dc1ccd882b6f

SHA256
e479b275ff606f26f448c89932c532eca8dd8c13f379f8a7e0246cf614bf2a5c

SHA512
eea11c6991c98bac62b0d6efa2b459aa689f80d904e5a1df5856325f14a4cbca50c33f901a3c01b6538c4fbc3ecae839bc738b0e293e758a3eb77cd95c45edb9

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
113.3MB

MD5
58623da40373f27f828fbabe6e6c9f72

SHA1
65fd1058febe6897d3396f8600b46eef2e0c233c

SHA256
f2fd3189001006ff0084de7c35dc8d6e93a06b6ea3d998ed640c552ffcf41859

SHA512
d14a169dc157216b58ca9b1f3c6712ffdde277381b6d17dfdbde58fd470abe0eb140ba4567a84a5caefb5909ebe96c5062e0fdd4c42ccf2749e9882fe94d287e

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
71.5MB

MD5
036f53e53f401cfd424cd37fba143d4b

SHA1
2713f81f24cb9aedac4122012c99502a665275b2

SHA256
41d06a11cac3ce3cc33e87563e7a7895a0c7f4cd43836e5d9510c0a7a5807592

SHA512
08f060d7bf4aa0b27c3b82fd30a9490b78693ca8ca08d10c1f806633161c30555fb31b55afeab3fdae7d26ad18f065c81fb804a3757edc96ea34aceea096b898

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
113.5MB

MD5
e0538ffd3293388d451a2132d696dd99

SHA1
ab9099c0df826a8095d7531e01d0c287c8508677

SHA256
107d21167563a056534981f95f8900ff718cc4e0205a1a9c2dcf55ac6e188587

SHA512
f477784f902b95eff3a75c19c2495e98dadbc5a63d18a79f6c3a0a1e583e3129836489190340832688ac67d1a7321e6152ca47e457615261b65d39c83c72b830

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
f459ce9af5091bc1e450eb753f6eb0b7

SHA1
9df32de240dfaa780640361b1d0ca978a611fa27

SHA256
e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9

SHA512
7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libegl.dll

Filesize
460KB

MD5
5de7e395632af0d31d8165ee5e5267dd

SHA1
740ae64850e72e5ab3d49e3bbc785399a30a933e

SHA256
44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a

SHA512
788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libglesv2.dll

Filesize
6.8MB

MD5
f96fc251bae55a5fc0f1ddaed8706015

SHA1
532c2b51f5e3256777ae3b9f40c8067b20eee0a2

SHA256
7897eb2441975523e3e78dbeabf2d9deba66534c69b6cefbf87ea638ee641ea6

SHA512
cf2f9f126204596e37bbe5517500a738ad06f306cb49e7a36bc050e38a61191a767e5d3fecd570410f08d67b64e77019101b2970867e8f0d41b35a6526d3d280

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar

Filesize
36.0MB

MD5
abb13794b0837c4220e8822c1aa64bc9

SHA1
a3067cf077eb8cd3d9fe66ecca54e4c8af19cb5b

SHA256
71fa063cf68d7136bbcd7a32dd75704c7dd97cb913b5366dea227b3584957741

SHA512
9883f709d9b063269f4a0d21153a610b6fa7830c55493b2e13e027d4e8ce3a682349a47355b22985af948e2c44d8aefdd887077caf04769cfde3ffdc4462f6ce

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

Filesize
4.5MB

MD5
11308456ed9d5a9ebfdbc0f86160e797

SHA1
a56a42951a4365b0228bdac44a31cca6b789a60e

SHA256
18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e

SHA512
062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vulkan-1.dll

Filesize
854KB

MD5
acc5484ae9cfff351ffc0341fae483dc

SHA1
616b6e2763a9e4ac5f1c959ebdc4d15b68ac0d7c

SHA256
1c7fe50af9f2c7722274ee55c28bc1e786effbed15943909d8da8f3492275574

SHA512
25a47e2e7947f358f993fee1bd564c4e5df8db1f72ba7fb376b5aed0e671fc024e1b9d47754a78cac90082a84debb0eaef772e91f8121a2d6f35a5df41cb8fe1

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
51dc199e41223520217f34624b276e18

SHA1
0ce3f6b9a26759b21a23bf25ed34b1b7ce624295

SHA256
0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50

SHA512
c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
51dc199e41223520217f34624b276e18

SHA1
0ce3f6b9a26759b21a23bf25ed34b1b7ce624295

SHA256
0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50

SHA512
c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
51dc199e41223520217f34624b276e18

SHA1
0ce3f6b9a26759b21a23bf25ed34b1b7ce624295

SHA256
0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50

SHA512
c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
142.0MB

MD5
51dc199e41223520217f34624b276e18

SHA1
0ce3f6b9a26759b21a23bf25ed34b1b7ce624295

SHA256
0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50

SHA512
c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
106.4MB

MD5
3800e9b8f96bb7c38af1e7679eaff498

SHA1
8e226c6dba55b8f7b1425849ef45546c076617cc

SHA256
9808d56fa7042cf3f28e17328ada56078cf643ccd0e74e143d0b64b0e033729f

SHA512
2f3f39d75ce71068bac0263edcf4d32c4fe2787769f662c73b3ea02fd46b39d2a8744b417c7d6097b1bdcf8343ee7e8ef84638e196bb24dfb78f63ac429ded9c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
136.8MB

MD5
3477a923b31d9c9f8eb197726409cd06

SHA1
676a73ecda4d1810ff63aa57e4978d9a5a294897

SHA256
7cd78fb11a768732b30e9c6fffcb5b01f51f4e6c988362afed4ed8d12fbecd9d

SHA512
33b230feacb392203c73d2647011fab0be686c5b9a56f6cd792da75ce59f4eb24cc2ff99e0a4f6959c7136b53afeb4f1343d000361bc85635f5c74276018b6b0

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
136.9MB

MD5
73fa40cf04fb9388a757ccbb73ff3f59

SHA1
a73bd565a6750d4e213aa8e311283c49a01c6f71

SHA256
8e88f0966c694a0b1e2ab9ad48b85f454ecc7ca1c333b30e8369d06dc9addbb3

SHA512
59da040da9bc19221d33b4fb2240e6a354013f85e65c609ed7890b01db61c83d24d5eed047be17c451ccc00916567dbf00bae7d039d00266c14494243436305c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
136.6MB

MD5
88b417a0b54780812fae12b3b3c306e2

SHA1
a76307a7f89360b5f8831c5f19bfc00f4c82090a

SHA256
0151b1676f812df860e97d9327ae45e01c8ac00640e674c6ce0feaf8ba0a60ff

SHA512
3a20d85a0bbe6bc1d3c4712aa1f74bdcc7c15ee60b89e8e1733b632a4cca1deb8d6af97dc7b2568d89ccc93e6e43e6eceb422d0f417c7f2a31573609a8f84e0c

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
136.8MB

MD5
3f355597a4de0c6a6efdbab635057d6d

SHA1
aa50f4ff50c223cc053be35565e2cfeccb80ef38

SHA256
ca2b3c977f2e10ccb08f791398b34e0f26261774f10698c8282f15bbc63ae122

SHA512
5adab14cf6239e94be936a8f372a49145f86e1e2aab3521992534de84692595c30ab7b9cfc02701c323a6686e450031517fb16f465f8838028305b58886d90ff

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Filesize
95.4MB

MD5
48382e26e339adfcf6ca30907f2a0316

SHA1
1c4b27cadd54b69fe00dd7905bb64015c450a5e9

SHA256
ac28d55ea41476334c924429ccf3aa8be8f07e7a5aec1370a946e306969c15de

SHA512
61084cab7d88a3766cff4c611ae4b12a8ee11c3edf9ee553138c355947a0f4a5f2d140c4711558c0edea61c607c58dea83560b13a01496aaafd7d684c7415f6d

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
f459ce9af5091bc1e450eb753f6eb0b7

SHA1
9df32de240dfaa780640361b1d0ca978a611fa27

SHA256
e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9

SHA512
7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
f459ce9af5091bc1e450eb753f6eb0b7

SHA1
9df32de240dfaa780640361b1d0ca978a611fa27

SHA256
e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9

SHA512
7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
f459ce9af5091bc1e450eb753f6eb0b7

SHA1
9df32de240dfaa780640361b1d0ca978a611fa27

SHA256
e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9

SHA512
7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
f459ce9af5091bc1e450eb753f6eb0b7

SHA1
9df32de240dfaa780640361b1d0ca978a611fa27

SHA256
e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9

SHA512
7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

Filesize
2.7MB

MD5
f459ce9af5091bc1e450eb753f6eb0b7

SHA1
9df32de240dfaa780640361b1d0ca978a611fa27

SHA256
e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9

SHA512
7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libEGL.dll

Filesize
460KB

MD5
5de7e395632af0d31d8165ee5e5267dd

SHA1
740ae64850e72e5ab3d49e3bbc785399a30a933e

SHA256
44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a

SHA512
788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libEGL.dll

Filesize
460KB

MD5
5de7e395632af0d31d8165ee5e5267dd

SHA1
740ae64850e72e5ab3d49e3bbc785399a30a933e

SHA256
44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a

SHA512
788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

Filesize
6.8MB

MD5
f96fc251bae55a5fc0f1ddaed8706015

SHA1
532c2b51f5e3256777ae3b9f40c8067b20eee0a2

SHA256
7897eb2441975523e3e78dbeabf2d9deba66534c69b6cefbf87ea638ee641ea6

SHA512
cf2f9f126204596e37bbe5517500a738ad06f306cb49e7a36bc050e38a61191a767e5d3fecd570410f08d67b64e77019101b2970867e8f0d41b35a6526d3d280

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

Filesize
6.8MB

MD5
f96fc251bae55a5fc0f1ddaed8706015

SHA1
532c2b51f5e3256777ae3b9f40c8067b20eee0a2

SHA256
7897eb2441975523e3e78dbeabf2d9deba66534c69b6cefbf87ea638ee641ea6

SHA512
cf2f9f126204596e37bbe5517500a738ad06f306cb49e7a36bc050e38a61191a767e5d3fecd570410f08d67b64e77019101b2970867e8f0d41b35a6526d3d280

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

Filesize
4.5MB

MD5
11308456ed9d5a9ebfdbc0f86160e797

SHA1
a56a42951a4365b0228bdac44a31cca6b789a60e

SHA256
18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e

SHA512
062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

Filesize
4.5MB

MD5
11308456ed9d5a9ebfdbc0f86160e797

SHA1
a56a42951a4365b0228bdac44a31cca6b789a60e

SHA256
18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e

SHA512
062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

Filesize
4.5MB

MD5
11308456ed9d5a9ebfdbc0f86160e797

SHA1
a56a42951a4365b0228bdac44a31cca6b789a60e

SHA256
18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e

SHA512
062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

Filesize
4.5MB

MD5
11308456ed9d5a9ebfdbc0f86160e797

SHA1
a56a42951a4365b0228bdac44a31cca6b789a60e

SHA256
18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e

SHA512
062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76

Download Submit
\Users\Admin\AppData\Local\Programs\gdlauncher\vulkan-1.dll

Filesize
854KB

MD5
acc5484ae9cfff351ffc0341fae483dc

SHA1
616b6e2763a9e4ac5f1c959ebdc4d15b68ac0d7c

SHA256
1c7fe50af9f2c7722274ee55c28bc1e786effbed15943909d8da8f3492275574

SHA512
25a47e2e7947f358f993fee1bd564c4e5df8db1f72ba7fb376b5aed0e671fc024e1b9d47754a78cac90082a84debb0eaef772e91f8121a2d6f35a5df41cb8fe1

Download Submit
\Users\Admin\AppData\Local\Temp\7ba3c609-dbcf-4358-a0b9-aeccc6a39983.tmp.node

Filesize
495KB

MD5
be94689f0cf2f4e36ef77fff3b573460

SHA1
f7187d89237506e6f50db5418c25b79cd1b3d271

SHA256
a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f

SHA512
83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5

Download Submit
\Users\Admin\AppData\Local\Temp\ce8f283e-8a4a-4b33-8353-3605ae95a7d1.tmp.node

Filesize
281KB

MD5
4cef69a682d9b896b4fff99fca80a08a

SHA1
85fcae77830c3e55badfac97badc97ee53d5ada8

SHA256
bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738

SHA512
cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsiFA19.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/932-85-0x000007FEFB801000-0x000007FEFB803000-memory.dmp

Filesize
8KB

Download
memory/1520-54-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download