42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be

Analysis

max time kernel
142s
max time network
105s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28-03-2023 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
Size

3.2MB
MD5

3f2d772ee9e420732d5abdabd357a499
SHA1

f2627c87d88cb903c0bd8024880252d4b6cef46d
SHA256

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be
SHA512

93d52ab002b0a4a52fe86a9e4ba0e0c2bb53495a32e43b4c3cdcf25146a581f7a8dd60d7e2df2e1d645e70bdaf7d55136aa645d10d09c6bc50a5a03ada201ddc
SSDEEP

49152:z2gPu/65UFT4zAygZRZ8ruPAqxT51VUBM:m/PpxOuTZVUBM

Score

8^/10

evasion trojan upx

Malware Config

Signatures

Downloads MZ/PE file
Deletes itself 1 IoCs

Processes:

gametcp.exe

pid process

1200 gametcp.exe
Executes dropped EXE 2 IoCs

Processes:

gametcp.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid process

1200 gametcp.exe
1916 42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid	process
1200	gametcp.exe

pid	process
1200	gametcp.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Loads dropped DLL 9 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exegametcp.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid	process
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1200	gametcp.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\??\c:\users\admin\appdata\local\temp\update	upx
\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe	upx
C:\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe	upx
behavioral1/memory/1916-224-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-256-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-258-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-259-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-260-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-261-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-262-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-263-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-264-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-265-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-266-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-267-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-268-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-269-0x0000000000400000-0x000000000073D000-memory.dmp	upx
behavioral1/memory/1916-270-0x0000000000400000-0x000000000073D000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Drops file in System32 directory 2 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

description	ioc	process
File created	C:\Windows\SysWOW64\gamelsp.dll	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
File created	C:\Windows\system32\gamelsp.dll	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exegametcp.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid	process
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1200	gametcp.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

description	pid	process
Token: SeDebugPrivilege	1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
Token: SeDebugPrivilege	1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid	process
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid	process
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

pid	process
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
1916	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exegametcp.exe

description	pid	process	target process
PID 1212 wrote to memory of 1200	1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe	gametcp.exe
PID 1212 wrote to memory of 1200	1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe	gametcp.exe
PID 1212 wrote to memory of 1200	1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe	gametcp.exe
PID 1212 wrote to memory of 1200	1212	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe	gametcp.exe
PID 1200 wrote to memory of 1916	1200	gametcp.exe	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
PID 1200 wrote to memory of 1916	1200	gametcp.exe	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
PID 1200 wrote to memory of 1916	1200	gametcp.exe	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
PID 1200 wrote to memory of 1916	1200	gametcp.exe	42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe

C:\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
"C:\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1212

C:\Users\Admin\AppData\Local\Temp\gametcp.exe
"C:\Users\Admin\AppData\Local\Temp\gametcp.exe" 42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1200

C:\Users\Admin\appdata\local\temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
"C:\Users\Admin\appdata\local\temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1916

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
Filesize
1.5MB

MD5
14768590b995f933919d86c4c68d04fa

SHA1
593201c82a9c512c6a2290cd247e2d768c240999

SHA256
c682dc66cf266e926bf8fe99e96510a0ab4615767180aaae3d358d8de50859e1

SHA512
4bcd77befd3acdb285ed0f61462564dc48501f69a89ac72d5d992d0e1f32c0d5ccb76d4706ed373864f94d3271d2c33dc7f342d3d720c7d399e27e3a44c4bd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gamecap.ini
Filesize
670B

MD5
c4f905491c1ba5f0c179a997433f3d30

SHA1
49f24d5418efc9937dd7bd7bfb1627accffce594

SHA256
91863126f4c02c9e3ca71c39137ba65438defe93012bb9fb677ab8100829f1d6

SHA512
09bbcadd2d2dea6e312444e53f5f08a640d813476c921c09fa827da068ce32f76838b899eee8c08bc87fff3a386c2f31058990c1015c8e523f4d73ebd4cea666

Download Submit
C:\Users\Admin\AppData\Local\Temp\gametcp.dll
Filesize
106KB

MD5
4ce646681eb745dabd8061948bc988e5

SHA1
240495e42ad8ca40fef00d0544a81e8925a01c77

SHA256
108258ad36bba562fee46341a11e7a1b09db43ba7291c6f5d44a0ad31826a041

SHA512
9104cb123c6357f828c16795cc4114403d2b4dc9f9fc9d807f31b139201472c8777346cdd27e75a9e970650ffa12ef43849cff4bc81dd1c65649d88dfa9be739

Download Submit
C:\Users\Admin\AppData\Local\Temp\gametcp.exe
Filesize
108KB

MD5
f37a19932537349f282de537f99ee55d

SHA1
cb2d6fb4a074c2cc77b3a14d47cae44aa26c266e

SHA256
215390a2f20e1136c9204922d17f6bc63e3451f77eda9b28f3fedf6aaf763429

SHA512
42742f7b454dbb2c3e0649975f35b60f14876b67fec2b2acca3f2fa243ac0c46ec46a1870674d52456a7b505cdc5c1b6c992e808b91c81c04f0eacf3a9aff81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\gametcp.exe
Filesize
108KB

MD5
f37a19932537349f282de537f99ee55d

SHA1
cb2d6fb4a074c2cc77b3a14d47cae44aa26c266e

SHA256
215390a2f20e1136c9204922d17f6bc63e3451f77eda9b28f3fedf6aaf763429

SHA512
42742f7b454dbb2c3e0649975f35b60f14876b67fec2b2acca3f2fa243ac0c46ec46a1870674d52456a7b505cdc5c1b6c992e808b91c81c04f0eacf3a9aff81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\gametcp.ini
Filesize
1KB

MD5
1ecbc7793cf3fef46724885301feafe0

SHA1
621eea1267a1b37b8f6ab8411e71eb9f47fd0179

SHA256
b5c9f6fe27c361fd38695bcd0e0a71d5de05cb2dd387127df4838111acbea69a

SHA512
3bfab3ae75062303d003710ad405569f073c71530e3a044b48a828b30852523fd146c713a851d84f31e72c447478a0406f326b62610dd3873aaf01a61d2890a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\gameudp.dll
Filesize
124KB

MD5
2b0f87d2145773c2ca8642e5034c7e4a

SHA1
0bc043c95aada9d02444b43f90d9845ae84a805d

SHA256
42fbbda16e6084e0c151f802548fc5603a9d247bbbc9336c7b677123a8f93b24

SHA512
8a88b374a4a05663e2e22f5360ce6706aa596f0f43ad4d32140f3e5dccad0c433e60c115f747ed15284dc46163d87b97b2f96485267adc6e8c2b5b16c0a40910

Download Submit
C:\Users\Admin\AppData\Local\Temp\versiontest.dll
Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
C:\Users\Admin\appdata\local\temp\gamecap.ini
Filesize
680B

MD5
83507c3e98047c8ed6e2dfee60efa902

SHA1
69e4095e752e64e0bbd63c75315034b78caee46e

SHA256
b989706d34e25ad8955f5cac698abe0591ec2774160bccb3b37d40c0636b4922

SHA512
b283698e8211610c32652009d70dfb9115977ce9159cb6c83d1c68474bca82686e159a8935b4649a28fc6018b34c7799dfc28abd52767985e8a825093d458678

Download Submit
C:\Users\Admin\appdata\local\temp\gamener.jpg
Filesize
14KB

MD5
8797970732ae180a6846c5d3cd6e5048

SHA1
59e015117844a27686990835074d35bcee2a1fbb

SHA256
3cd9d764768dd87e774fd317c3fa024515b16e876883c031affe0f06bab594ce

SHA512
1e3b4bf0c80d67395624c6b3beb247601a3e27c5674fac0c04af8e7946db45a7f8c5979ee025c2456b0000f8078258ef9e5d8c38b7611f685cbaf40d7ac72138

Download Submit
C:\Users\Admin\appdata\local\temp\gametcp.exe
Filesize
108KB

MD5
f37a19932537349f282de537f99ee55d

SHA1
cb2d6fb4a074c2cc77b3a14d47cae44aa26c266e

SHA256
215390a2f20e1136c9204922d17f6bc63e3451f77eda9b28f3fedf6aaf763429

SHA512
42742f7b454dbb2c3e0649975f35b60f14876b67fec2b2acca3f2fa243ac0c46ec46a1870674d52456a7b505cdc5c1b6c992e808b91c81c04f0eacf3a9aff81f

Download Submit
C:\Users\Admin\appdata\local\temp\gametcp.ini
Filesize
1KB

MD5
1ecbc7793cf3fef46724885301feafe0

SHA1
621eea1267a1b37b8f6ab8411e71eb9f47fd0179

SHA256
b5c9f6fe27c361fd38695bcd0e0a71d5de05cb2dd387127df4838111acbea69a

SHA512
3bfab3ae75062303d003710ad405569f073c71530e3a044b48a828b30852523fd146c713a851d84f31e72c447478a0406f326b62610dd3873aaf01a61d2890a0

Download Submit
C:\Users\Admin\appdata\local\temp\versiontest.dll
Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\??\c:\users\admin\appdata\local\temp\update
Filesize
1.5MB

MD5
14768590b995f933919d86c4c68d04fa

SHA1
593201c82a9c512c6a2290cd247e2d768c240999

SHA256
c682dc66cf266e926bf8fe99e96510a0ab4615767180aaae3d358d8de50859e1

SHA512
4bcd77befd3acdb285ed0f61462564dc48501f69a89ac72d5d992d0e1f32c0d5ccb76d4706ed373864f94d3271d2c33dc7f342d3d720c7d399e27e3a44c4bd0b

Download Submit
\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
Filesize
3.2MB

MD5
3f2d772ee9e420732d5abdabd357a499

SHA1
f2627c87d88cb903c0bd8024880252d4b6cef46d

SHA256
42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be

SHA512
93d52ab002b0a4a52fe86a9e4ba0e0c2bb53495a32e43b4c3cdcf25146a581f7a8dd60d7e2df2e1d645e70bdaf7d55136aa645d10d09c6bc50a5a03ada201ddc

Download Submit
\Users\Admin\AppData\Local\Temp\42a824ecdfdace498cc08dbf101092f79bdf8d8049fbe129d972ba236706e9be.exe
Filesize
1.5MB

MD5
14768590b995f933919d86c4c68d04fa

SHA1
593201c82a9c512c6a2290cd247e2d768c240999

SHA256
c682dc66cf266e926bf8fe99e96510a0ab4615767180aaae3d358d8de50859e1

SHA512
4bcd77befd3acdb285ed0f61462564dc48501f69a89ac72d5d992d0e1f32c0d5ccb76d4706ed373864f94d3271d2c33dc7f342d3d720c7d399e27e3a44c4bd0b

Download Submit
\Users\Admin\AppData\Local\Temp\gametcp.exe
Filesize
108KB

MD5
f37a19932537349f282de537f99ee55d

SHA1
cb2d6fb4a074c2cc77b3a14d47cae44aa26c266e

SHA256
215390a2f20e1136c9204922d17f6bc63e3451f77eda9b28f3fedf6aaf763429

SHA512
42742f7b454dbb2c3e0649975f35b60f14876b67fec2b2acca3f2fa243ac0c46ec46a1870674d52456a7b505cdc5c1b6c992e808b91c81c04f0eacf3a9aff81f

Download Submit
\Users\Admin\AppData\Local\Temp\gametcp.exe
Filesize
108KB

MD5
f37a19932537349f282de537f99ee55d

SHA1
cb2d6fb4a074c2cc77b3a14d47cae44aa26c266e

SHA256
215390a2f20e1136c9204922d17f6bc63e3451f77eda9b28f3fedf6aaf763429

SHA512
42742f7b454dbb2c3e0649975f35b60f14876b67fec2b2acca3f2fa243ac0c46ec46a1870674d52456a7b505cdc5c1b6c992e808b91c81c04f0eacf3a9aff81f

Download Submit
\Users\Admin\AppData\Local\Temp\gametcp.exe
Filesize
108KB

MD5
f37a19932537349f282de537f99ee55d

SHA1
cb2d6fb4a074c2cc77b3a14d47cae44aa26c266e

SHA256
215390a2f20e1136c9204922d17f6bc63e3451f77eda9b28f3fedf6aaf763429

SHA512
42742f7b454dbb2c3e0649975f35b60f14876b67fec2b2acca3f2fa243ac0c46ec46a1870674d52456a7b505cdc5c1b6c992e808b91c81c04f0eacf3a9aff81f

Download Submit
\Users\Admin\AppData\Local\Temp\versiontest.dll
Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\Users\Admin\AppData\Local\Temp\versiontest.dll
Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\Users\Admin\AppData\Local\Temp\versiontest.dll
Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\Users\Admin\AppData\Local\Temp\versiontest.dll
Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
memory/1212-54-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1212-211-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/1916-223-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1916-224-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-256-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-257-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1916-258-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-259-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-260-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-261-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-262-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-263-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-264-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-265-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-266-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-267-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-268-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-269-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download
memory/1916-270-0x0000000000400000-0x000000000073D000-memory.dmp

Filesize
3.2MB

Download