Overview

overview

7

Static

static

1

setup Proj....6.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-02-2023 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup Project64 1.6.exe

  • Size

    2.0MB

  • MD5

    eb2d62ed23c4d4486b6649e7b162038a

  • SHA1

    005954395994c0a355c06abae3fc88d10ae84934

  • SHA256

    b8c3e54d1fe3211eea24de7d7ac23f49c3458420724dd8ceb7e8c1c123e3765e

  • SHA512

    4f324a5cd7005213176eb13945f0fcd17c4cd8675ecf76dde70e54d06de6839d0783c99c7dbf66403b1e2e67f099779934207075b4060a90aad3d8ac79434ff5

  • SSDEEP

    49152:bHgGjjjru2mZIem786Btv2KSA8Wt86/fRCUHOZR1lhJQs:LhHgm37BBl2U8WB/JC6OhDJQs

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 11 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 56 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup Project64 1.6.exe
    "C:\Users\Admin\AppData\Local\Temp\setup Project64 1.6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\SysWOW64\MSIEXEC.EXE
      MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Temp\_isBD7A\Project64 1.6.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp"
      2⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4608
      • C:\Program Files (x86)\Project64 1.6\Project64.exe
        "C:\Program Files (x86)\Project64 1.6\Project64.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:4716
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3692
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2212
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4100
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
      1⤵
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:3376
    • C:\Windows\System32\GamePanel.exe
      "C:\Windows\System32\GamePanel.exe" 00000000000C0060 /startuptips
      1⤵
      • Checks SCSI registry key(s)
      PID:2564
    • C:\Windows\System32\bcastdvr.exe
      "C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
      1⤵
      • Drops desktop.ini file(s)
      PID:2788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1020 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:736

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Project64 1.6\Lang\Brazilian Portuguese.pj.Lang
      Filesize

      13KB

      MD5

      d0f3fdfc10e78fa0abc79aa8f38a79f6

      SHA1

      01c5a6084036cc4636aac1c368e9690a87f90dc8

      SHA256

      a56721bf222274e817bc9b570cbb2a02fdf46b0d526fbf5abe2915aa9ada0233

      SHA512

      e9e08d2ce725e51f59d824f9bed384d85e2ec2c2f0dc99efaf0bbff7d18e1f22ab96a1d58db3f900563d748a882a45cee59440f4e5875290216dc303f3b9b39b

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Bulgarian.pj.Lang
      Filesize

      13KB

      MD5

      0c225dae3cedc792056900f9e10a0d48

      SHA1

      aaa6850284bfaa352f324ba3fa1967eb832320e5

      SHA256

      3c7b711680db701fcd3ffc9a67fb6d5812d78aed8b8bde8d5e02d28f07c71d99

      SHA512

      9c6c800137e57cda233f3633aef4bdd49cd08192666a55c50131457f497d8d19a75a49d8e7e3fd59e7c5b3a985434c0d861096f2e2284f8c45bcc75409f78ee8

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\ChineseB5.pj.lang
      Filesize

      10KB

      MD5

      fb157beb9b916402f2a368387bca5d8d

      SHA1

      d33cf0cb1d3e5b0fd676e6fa0f46b4b8ff7769c0

      SHA256

      bbac41a27f7a579acacef035a447abe3b4a34b513d5d0824e8d54eb4488838a1

      SHA512

      bf495640f15c953f3a29caafd2b7815a2e8d1a2c96c9b62605eab15d409fd0d3acf9ae7178d31027375f87ec1ba291d8c4d8ad905fdda4ee9421ccf9cbf47655

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\ChineseGB.pj.lang
      Filesize

      10KB

      MD5

      c75b9be0b2c3cce0306ac39041178fb8

      SHA1

      81ea9cb8f14450764b76c5f6a3a54de081c4b7e7

      SHA256

      c8b921a7d47a0c37ebb602be7e7bad139b0efe1512074b0183e92babfa7c1c24

      SHA512

      9e40d208ce13ad71e30b0fda447fdbb021993f434903eccae74d6032f348cbc44a0e9855a7839053ed51ffdf8d550cbf20334e6126655cf307b582b423b40f71

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Czech.pj.Lang
      Filesize

      13KB

      MD5

      6e379d6c937ef3b39368c80a2ecccb84

      SHA1

      56c8ac7b4254e652d48dac1293d2c6f77ad40c5a

      SHA256

      eb7b17c1bcf49f927cead14fd97460d23b07325be8edf40351bc5a72e152da46

      SHA512

      75b3c75c180115609efa86b924835944e980adf9bf8b758c506771ad58151e594e385c3d82518c461ef48f487f12a84087e21acda3337c9378c718af8f852fc9

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Danish.pj.Lang
      Filesize

      12KB

      MD5

      71c2f4f94b713e9ee217af3c0e109eb8

      SHA1

      761f254fd13c29b409019ddfe911e468da59cc68

      SHA256

      2bb2413b73023d52b22385a96f3202a1087497c6c7a778212f567427a779def0

      SHA512

      450c88bd35c87a060acd4c83e99bdec5a97cc94efa173c2865e2931fc6834c33f2b24690d154ed456e6542b1e5f2e8a874189b06056c8148b4aec06c0839204d

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Dutch.pj.Lang
      Filesize

      12KB

      MD5

      4ff8eafe585420223079f0cf198d1616

      SHA1

      9d041784e086dfabc366bbabd6d40052af6b8e98

      SHA256

      98be38024e9a9d923f95c094054265d7f5432df8b4db7a2569b58e5a2115f9cd

      SHA512

      4a660db227fba83907bd531aa0318a4d4331ebab85fbebe9eab9943598b5023612c7be5e4273aaa8ddb21a44c353086fb6b764af01098c64b9baa12e37d65a81

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\English.pj.Lang
      Filesize

      12KB

      MD5

      51148881ece3aa328615cbe2bc75d865

      SHA1

      6e22e02d51dbc259617de41245eb7580b679df9d

      SHA256

      c37fb9b1804346c830e436af8c40ae396c27dcafdba1b4a3f0171641d7fcd661

      SHA512

      65d7252891973c738755a4146d34a55e4ef920da1762d4574c8f0325685472ae665675ad7242ec5d4a8147c5f97a6592b6d3564bfda3ac803c4fc1c5b4bed3e5

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\English_alternative.pj.Lang
      Filesize

      12KB

      MD5

      f4dd92b3913359e965eb9e5e5912b945

      SHA1

      75f72d4ac8ac7c08826c126fbd0499f7ffec99a5

      SHA256

      09b466dcf92fbfe4559f4f5f7b28b93878161df206d7ce0ef7e0219a5a2c31ea

      SHA512

      af2a9748126ac965d9e9687a10176b10d0e0510ba8c1cb8ed2413fd59c30d5dafd6e8d730c733490036b10b206dbf7cf63c36a3ccedd5e5ada9bc4b412f23e67

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Finnish.pj.Lang
      Filesize

      13KB

      MD5

      a93a4e659d71595ed2c02071b64a6167

      SHA1

      eec1b5c109f1a78cc2b0e2c3fabbb3db3ae945c4

      SHA256

      973eebab5d2e2ca6cc22db201910f6c86919749734a930954c1a141c245dec9f

      SHA512

      6f0ea41316d9521206ef76725d2765f71fa6109d70c3f57ca1dfa2dd3807508e1c1aef36ab0be609e06246c652aa2b63c3ffbd098b5b00950231547ca3c9bcca

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\French.pj.Lang
      Filesize

      14KB

      MD5

      18c03bd409d42717d6bc56621225ce9a

      SHA1

      af87f8ffb669be578203dce3d36930703f6bb56f

      SHA256

      b6e9751ab25f75373c574adf43e86a284af5913a4ca463a16e11a6de44c841cb

      SHA512

      3f636cbc973a624d42ae4897a8268c27c6825547647d12fdfc961205693c61a20a453567b544be5542e61eca6a25a1a3b49d1b96c8d8b3f1c8a77e58302867e5

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\German.pj.Lang
      Filesize

      13KB

      MD5

      ce9d84252f7747099d1df992465c0792

      SHA1

      c59121b234281c72afa5bb25f8592c58189fca3e

      SHA256

      2280928fc4f59a68177961c1c85fc0140ab5b031cb2d920148b5aa00e3604958

      SHA512

      2e86ce2ae0dd8107c2aac56ff70b234a193e1e2f5518d66cce54a4fd0ba6e2dbeb9171dbceaa5e8988fb30f64075d06e8051675bea49de50e9f0f491273cbd9b

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\German_localised.pj.Lang
      Filesize

      13KB

      MD5

      243b1c0a49eb81e3e42430d0e1712b7b

      SHA1

      5b330b3db4446e3277b297a689e190f120fef7e2

      SHA256

      11689bbe4da4b8fd88d8ceae21f151b655837090026d12857ced7246c8626498

      SHA512

      dfdde13e25d61051acd9db1b54bf3a321310cad27a4154c6a833218db41e463ef637c63d68e6d90a57e0b593922c2ae54c3500adc129f196e1ddabe028f402d1

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Greek.pj.Lang
      Filesize

      13KB

      MD5

      bc7e8bcea8c52ac1273b052dd9c65648

      SHA1

      a17d709336df6b887cf0cec10872f145112814c3

      SHA256

      9334d62719d3fe4219681152926a324350ac9d59845e1ea06dc756ed8fc8b615

      SHA512

      f1c4c7099ab23e6e5a1b8766a3af956a5add3cd0f0391005aa140692528cc5262b6780f6fa1ac00c67593f705a60672449d90dbeb50a1f23d25f253e37f08d2f

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Italian.pj.Lang
      Filesize

      13KB

      MD5

      e28ad3d2aae90fd8d3a9d32759242b0b

      SHA1

      59d16dafc292f8936d4494cd399c9fda339e19d9

      SHA256

      f868a8c15271292c37dab4a37f8cbcba6c19f6e40b95c5c3a2307da356826da3

      SHA512

      df350d3ef74fe81f7220edefd6127f9d73a0b68e32116ba3aa7375b8f8bc5df160ddd218a6454a0bbd2ca11107f937b9ea41e53bb7bce5478535725417a6237a

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Italian_alternative.pj.Lang
      Filesize

      14KB

      MD5

      724d6f8594cd3fdcaf9c3fe40d4e86b5

      SHA1

      bacafdbf7196ab790d374d54315c55c06974c82a

      SHA256

      f23f5f299ab9bba58b44d710b052e25a8e9b9bade07f08a7372a494fcf6af10e

      SHA512

      eadbcc45c170300ea8a680682b13e4e3f321e327bff83455a2ca0750cdaa16d61fdb6f4778ee1d73f529651a95a7070608e50242d7b1d8d37097d17c6594d21e

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Lithuanian.pj.Lang
      Filesize

      14KB

      MD5

      e2ea69118e4266d912c2f37500124a4b

      SHA1

      fbbd426c0cb821147977b4f80cf167bde82eccf0

      SHA256

      6b27d5bdd38b19136e499738bb4fd97f62d9853c8446be9940e27a99f8ddc575

      SHA512

      a713d19efe95a08ae6d53c7999ac7c61eeb68f30f15061452fb71404d77a164c6a6c396873bf42da200037426ceece356d658dbf3fc98a36ea17a84cab6d3810

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Norwegian.pj.Lang
      Filesize

      13KB

      MD5

      ab28501ac90334a4044abc0f641c735d

      SHA1

      319a8d7544dc236061b5994625eeeeb83f32838d

      SHA256

      eeee1d4bb8827c19f78d1714b76b0f0c6e0e2a6a9588887ced40a250c38c6d9e

      SHA512

      b3d090ce5e9878d573dbb0ebee79c3737a206454efc42d7ed7233ff7df8af245adc9bf1c37415be9d58b20bc2371c956fd553b3f46e175b682112deb3ca741ff

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Russian.pj.Lang
      Filesize

      12KB

      MD5

      fa0b6e59b1a6cf31a59962ed3704d7b1

      SHA1

      215c01287606b2bb27ab304d31513c5143bdcbe5

      SHA256

      ee89f110c00734252326a3240b4d6abf325e215abc5dfaefd19f3e9c6c7d68cf

      SHA512

      f8a12349e9be7478cbabf4dd5cb091c92ca98049c03d5e79355ac7f7e560175f0a85876389a973da0802287fc80d2ea344686bb928575453f0438189f1246054

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Spanish.pj.Lang
      Filesize

      13KB

      MD5

      681fa4a69920fb18928ecdbd3bb93f01

      SHA1

      4c497b5ca7f860112d005a03a9e445d0a7abfe79

      SHA256

      3a0a851868414fdd81771ea9ff437c910f04fb4ed0f950781e348ba810e35d83

      SHA512

      52d5d6f7d8b55ca559f9990724e3d984da345601c4c208a3918a7419256759f61a89b08010bbc43d68d006f8b8efbc0cc95aa094799137b8d68424c4bfe3bb43

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\T-Chinese.pj.Lang
      Filesize

      10KB

      MD5

      a1ee4b47e8216905ee7596b86f66b97c

      SHA1

      83c2037cafc4ba8d604d72891783f115297011a2

      SHA256

      29ed74a59c722749edd86eef3cdf4885fcaa8ca98a32b022d6fbb9a734b03fda

      SHA512

      a816f017afcc7796e2d2b58c918cd9a2849b6b742188f39ad86799c829b6e1dc8dd473e7e8f4c37a48251ef78ed9c7857bbc91a235d6f27ed148bc969f414f8e

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Lang\Ukrainian.pj.Lang
      Filesize

      12KB

      MD5

      07360765e73317663a61c5d798c46978

      SHA1

      bc5d1dd703561e66391f4af58d7a07ed4299045a

      SHA256

      414f7dd275dced88787b080a76feaab17b6a9b7b48cd7c175f0f3391dda1aaa7

      SHA512

      b84aab6b3976975a74a821bfbd1636d549266c42664f25019ae269493e83ab985da5748172fd1dc983cccbb084961ae0f701f524d140381131c799f29bf1111b

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Plugin\Jabo_DInput.dll
      Filesize

      67KB

      MD5

      d5f798c360aaac128b0fc4a211688ccd

      SHA1

      4b55d92fda42f108bd0e22503afd905754e95caf

      SHA256

      0468fc03d5bfd4e47fb0c5f69c657cab62e4bbb2c8948949b4a1d106648ab99e

      SHA512

      517bce1e5fd1ce06d9d8986e936a0029bf05fd8b6518ea56df7257eb540a2fa722bb799ac2c36a2223f973f074cee29c648720fe01c7b25a77578e828bb1b5d5

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Plugin\Jabo_Direct3D8.dll
      Filesize

      232KB

      MD5

      ff57f60c58ede6364b980edcb311873b

      SHA1

      5ec6e231f780d9eafa6ee855e0f4968a7f8c347d

      SHA256

      05536c82c764f24038bd6f22d47a5427318ce3118bbe1bb798c8309d40f00fcf

      SHA512

      1e3b5d1bd93cf36dcd862869374d7931eedb1578ceec635c1972f302bd1abaa2d9a63721a2ca9ab4fe1fda8f268f352c70e8a35c8bae91253cb2b4eb1bc7234d

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Plugin\Jabo_Dsound.dll
      Filesize

      53KB

      MD5

      d5f1a6d72a4eb2e7adf1f5b803e97419

      SHA1

      d8a93e436e488279d40e0e79a4a04f4ff175f36a

      SHA256

      9955b91ace2f7e87ec5034274228906e43dac4961abbd296aedfb378b7b3ccf6

      SHA512

      238b8fd0115f6a820498445d6a2c1cd21e46138272edcb7355cce28ae8aad070e10065c99c95e5d4b03238b8d3b66d2652ad6162e1bb687a99ee6d900ce17ec7

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Plugin\RSP.dll
      Filesize

      107KB

      MD5

      23706412ee7a8e7c2c2aa218f9258dd8

      SHA1

      67fab0e559f4068298b4ca8a682dd2e63be4ac07

      SHA256

      cdf1a04e877aa9ed57f9446b34a2bdf12cf263542bd461f6a4354d458721abf9

      SHA512

      b77e1ff74269c7c031bec751162e92305038192952d282e8853d37766f71db62b0dfb99ffcd1139fe866f7b1290a41804c279d7e06fc4718bb7c1c3e2c6404a8

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Project64.exe
      Filesize

      189KB

      MD5

      be5961ce4de0b363069910edb897498b

      SHA1

      ffed3dd42551d0e560eb2596defdd16547d8d5fa

      SHA256

      8d7d373d024206f7513721b320ef3359b885aa6ea73dc2c14b3a42f0c099be2b

      SHA512

      a4c73543926b68922c86000ed3b966acba53fb25521cf473d3f5f98b4bb416dc9ba50224406764d3bf890c9fbd9394cb1a5c9d4eb88d7fbff3869c73f7b2013d

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Project64.exe
      Filesize

      189KB

      MD5

      be5961ce4de0b363069910edb897498b

      SHA1

      ffed3dd42551d0e560eb2596defdd16547d8d5fa

      SHA256

      8d7d373d024206f7513721b320ef3359b885aa6ea73dc2c14b3a42f0c099be2b

      SHA512

      a4c73543926b68922c86000ed3b966acba53fb25521cf473d3f5f98b4bb416dc9ba50224406764d3bf890c9fbd9394cb1a5c9d4eb88d7fbff3869c73f7b2013d

      Download Submit
    • C:\Program Files (x86)\Project64 1.6\Project64.rdb
      Filesize

      340KB

      MD5

      e66224fd74128603f88caf84a2be7b5c

      SHA1

      55d8a2cb7e075dc5d940182435e94cfcb27d0570

      SHA256

      14852edd261c00f392f331862b2313bf04ac0b5f0a67d22b0f87049d3240de63

      SHA512

      8d4ab2db73640382981c14751d1483976e96fe5faf65540ea919c87fa37ca263c22e2ef5734c81ea2f544e067cd351deb8f0e4c2271b5f5bfe094941c3f5f0b4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      f60b261fa864803670980251960b8d45

      SHA1

      0423aa6407d944a6f826e8ff197014a75114572b

      SHA256

      e55b79fb46ab833b600da6bcc39eedf6650e6dc890485c85e41e14d11ccd0055

      SHA512

      2e8ba8c5e37d8fa0d26237bac4c47928a28762959bb2873269721c7d9be7b66b10e6d058d9c855486948ee8eb591e5fd3a57fb091e44e4ad16436af74b4da357

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      04589dc3f4905052f87c858a3c64dd2e

      SHA1

      c8c83c652268c816ac6a58f4e85270d33e2e51a5

      SHA256

      2e0481df63cd88a51cbac6e8e575ba66c237d5826c830bb3bf328c32398082ab

      SHA512

      dca1378720761d52f6487fa8c89efaf89e13e9ad0bf9db65334f64655b5b7e5b760795014866b79d3c0b9ea0d0d16b7ce75b5a6e916923d1ae3f44575aa1d3cb

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_isBD7A\Project64 1.6.msi
      Filesize

      1.8MB

      MD5

      3bb7516962c50f2bbd6c922c8e397561

      SHA1

      37495a93ef0190993cd74a1c4d277dab2e37e3b7

      SHA256

      359e0e05c52f5c62680064e8716c95889dafe8f23972162feb6d6148d2ff9ada

      SHA512

      919ff915f3c2799585f5795bef27fa062100cc86bd913df45e1275703feda1c584643cf2c763579b1a5d86229cd87d5aa089bb5a1b09ff8770bb0bff9b7215e6

      Download Submit
    • C:\Users\Admin\Videos\Captures\desktop.ini
      Filesize

      190B

      MD5

      b0d27eaec71f1cd73b015f5ceeb15f9d

      SHA1

      62264f8b5c2f5034a1e4143df6e8c787165fbc2f

      SHA256

      86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

      SHA512

      7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

      Download Submit
    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      25.0MB

      MD5

      677a900fe7d255886af793c9287a2645

      SHA1

      0e90e2b679c867f4405b2560a134995f7ae771a2

      SHA256

      67915a27baac59c94df35b224e96255577d55c2944eecf68cc1d628f5fce38f5

      SHA512

      26fd2478965c691e8b7fee3d943531d7bbe52bfc2d751790685fad11d753a021ef2c15cb17956bfee7af880dab5c576744b911971e6606fb16ae6352699bb827

      Download Submit
    • \??\Volume{b79df8d1-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{521b1fed-314c-444e-aca3-6e69b104428e}_OnDiskSnapshotProp
      Filesize

      5KB

      MD5

      5837d4158d37889c968e36fd3cd300a2

      SHA1

      2f6c1dccebb20fb1902c34bd0d18cccb4a5d7fd9

      SHA256

      8ffef4cf73bdada569b4f81df777d02dcd7aeb112195655ed89c7a57a0abf560

      SHA512

      6e783e43535357ff6b1f75c47a237a2f88ba817fbb6156c69327721e625ff9460cae5d13c5aaddc040db165fa3a7fa2478f6b86162cd71f467ac786e583909f3

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\Jabo_DInput.dll
      Filesize

      67KB

      MD5

      d5f798c360aaac128b0fc4a211688ccd

      SHA1

      4b55d92fda42f108bd0e22503afd905754e95caf

      SHA256

      0468fc03d5bfd4e47fb0c5f69c657cab62e4bbb2c8948949b4a1d106648ab99e

      SHA512

      517bce1e5fd1ce06d9d8986e936a0029bf05fd8b6518ea56df7257eb540a2fa722bb799ac2c36a2223f973f074cee29c648720fe01c7b25a77578e828bb1b5d5

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\Jabo_DInput.dll
      Filesize

      67KB

      MD5

      d5f798c360aaac128b0fc4a211688ccd

      SHA1

      4b55d92fda42f108bd0e22503afd905754e95caf

      SHA256

      0468fc03d5bfd4e47fb0c5f69c657cab62e4bbb2c8948949b4a1d106648ab99e

      SHA512

      517bce1e5fd1ce06d9d8986e936a0029bf05fd8b6518ea56df7257eb540a2fa722bb799ac2c36a2223f973f074cee29c648720fe01c7b25a77578e828bb1b5d5

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\Jabo_Direct3D8.dll
      Filesize

      232KB

      MD5

      ff57f60c58ede6364b980edcb311873b

      SHA1

      5ec6e231f780d9eafa6ee855e0f4968a7f8c347d

      SHA256

      05536c82c764f24038bd6f22d47a5427318ce3118bbe1bb798c8309d40f00fcf

      SHA512

      1e3b5d1bd93cf36dcd862869374d7931eedb1578ceec635c1972f302bd1abaa2d9a63721a2ca9ab4fe1fda8f268f352c70e8a35c8bae91253cb2b4eb1bc7234d

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\Jabo_Dsound.dll
      Filesize

      53KB

      MD5

      d5f1a6d72a4eb2e7adf1f5b803e97419

      SHA1

      d8a93e436e488279d40e0e79a4a04f4ff175f36a

      SHA256

      9955b91ace2f7e87ec5034274228906e43dac4961abbd296aedfb378b7b3ccf6

      SHA512

      238b8fd0115f6a820498445d6a2c1cd21e46138272edcb7355cce28ae8aad070e10065c99c95e5d4b03238b8d3b66d2652ad6162e1bb687a99ee6d900ce17ec7

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\Jabo_Dsound.dll
      Filesize

      53KB

      MD5

      d5f1a6d72a4eb2e7adf1f5b803e97419

      SHA1

      d8a93e436e488279d40e0e79a4a04f4ff175f36a

      SHA256

      9955b91ace2f7e87ec5034274228906e43dac4961abbd296aedfb378b7b3ccf6

      SHA512

      238b8fd0115f6a820498445d6a2c1cd21e46138272edcb7355cce28ae8aad070e10065c99c95e5d4b03238b8d3b66d2652ad6162e1bb687a99ee6d900ce17ec7

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\RSP.dll
      Filesize

      107KB

      MD5

      23706412ee7a8e7c2c2aa218f9258dd8

      SHA1

      67fab0e559f4068298b4ca8a682dd2e63be4ac07

      SHA256

      cdf1a04e877aa9ed57f9446b34a2bdf12cf263542bd461f6a4354d458721abf9

      SHA512

      b77e1ff74269c7c031bec751162e92305038192952d282e8853d37766f71db62b0dfb99ffcd1139fe866f7b1290a41804c279d7e06fc4718bb7c1c3e2c6404a8

      Download Submit
    • \Program Files (x86)\Project64 1.6\Plugin\RSP.dll
      Filesize

      107KB

      MD5

      23706412ee7a8e7c2c2aa218f9258dd8

      SHA1

      67fab0e559f4068298b4ca8a682dd2e63be4ac07

      SHA256

      cdf1a04e877aa9ed57f9446b34a2bdf12cf263542bd461f6a4354d458721abf9

      SHA512

      b77e1ff74269c7c031bec751162e92305038192952d282e8853d37766f71db62b0dfb99ffcd1139fe866f7b1290a41804c279d7e06fc4718bb7c1c3e2c6404a8

      Download Submit
    • memory/2212-245-0x0000000000000000-mapping.dmp
      Download
    • memory/2844-149-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-135-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-166-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-165-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-167-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-168-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-121-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-122-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-123-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-124-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-125-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-126-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-127-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-128-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-129-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-130-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-131-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-132-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-133-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-134-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-164-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-136-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-163-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-162-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-161-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-160-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-137-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-159-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-158-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-138-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-157-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-156-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-155-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-145-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-153-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-154-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-150-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-152-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-151-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-120-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-148-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-147-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-146-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-144-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-143-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-142-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-141-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-140-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2844-139-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-180-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-186-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-179-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-185-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-184-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-183-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-182-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-181-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-178-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-170-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-169-0x0000000000000000-mapping.dmp
      Download
    • memory/4608-171-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-172-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-176-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-175-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4608-173-0x0000000077320000-0x00000000774AE000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4716-334-0x0000000010000000-0x00000000100A0000-memory.dmp
      Filesize

      640KB

      Download
    • memory/4716-358-0x00000000083F0000-0x0000000008437000-memory.dmp
      Filesize

      284KB

      Download
    • memory/4716-359-0x0000000008440000-0x0000000008460000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4716-248-0x0000000000000000-mapping.dmp
      Download
    • memory/4716-335-0x0000000007BE0000-0x0000000007C7A000-memory.dmp
      Filesize

      616KB

      Download
    • memory/4716-279-0x0000000000400000-0x0000000000554000-memory.dmp
      Filesize

      1.3MB

      Download