b62ba92718d40eeffe0c3348f1e81d625beba92a6dd6d069625ed5261d5199b1

Analysis

max time kernel
131s
max time network
375s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Pizza Tower by Igruha/setup.exe
Size

2.3MB
MD5

b6540768922216e64f81ef52224484c2
SHA1

f27b8ed1f2bb2568e10ab7d846e946d3e0a7081b
SHA256

7d3c719e42fbb0ca69fbab1af36097b7f92c2d266dd9387828ca2b4fccc8341d
SHA512

18d6daecc48770db36c67f391eac9b033a9ed7c7b2a808f1eeb77bc9e47f79fe3d2d1cb13eabc79f74fb51a3d42e005c970078047cc51e07d380790f179b9d72
SSDEEP

49152:Tv3UUTfHfvQLeTpNTyAthwegyNe1rkLuET6L+WhFDKiYZPxMwL/40cVvnj:D3tnvQLeHOAthwxyct9ET6LRhoikewLs

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

setup.tmpcls-lolz_x64.exePizzaTower.exePizzaTower.exe

pid process

1996 setup.tmp
340 cls-lolz_x64.exe
1444 PizzaTower.exe
2524 PizzaTower.exe

Loads dropped DLL 35 IoCs

Processes:

setup.exesetup.tmpPizzaTower.exePizzaTower.exe

pid	process
1760	setup.exe
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1964
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1996	setup.tmp
1264
1264
1264
1264
1264
1444	PizzaTower.exe
1444	PizzaTower.exe
1444	PizzaTower.exe
1444	PizzaTower.exe
1444	PizzaTower.exe
1444	PizzaTower.exe
1264
2524	PizzaTower.exe
2524	PizzaTower.exe
2524	PizzaTower.exe
2524	PizzaTower.exe
2524	PizzaTower.exe
2524	PizzaTower.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 57 IoCs

Processes:

setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Pizza Tower\options.ini	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\listen_port.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\images	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\sound\Desktop\Master.bank	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\credits.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_api64.dll.bak	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\lang\english.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\user_steam_id.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\unins000.dat	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\gameframe_x64.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\PizzaTower.exe	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\options.ini	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\DLC.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\account_name.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\data.win	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\fmod.dll	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\Steamworks_x64.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\Steamworks_x64.dll	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\credits.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\DLC.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\language.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\sound\Desktop	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\achievements.json	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_api64.dll.bak	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\user_steam_id.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\sound\Desktop\music.bank	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_api64.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\sound	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\sound\Desktop\Master.strings.bank	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\sound\Desktop\sfx.bank	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\PizzaTower.exe	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\fmodstudio.dll	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\lang\english.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\sound\Desktop\Master.bank	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_api64.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\account_name.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\is-BLT83.tmp	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\settings	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\fmod-gamemaker.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\fmod.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\language.txt	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\lang	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\achievements.json	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\sound\Desktop\Master.strings.bank	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\fmodstudio.dll	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\gameframe_x64.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\data.win	setup.tmp
File created	C:\Program Files (x86)\TI\is-QR2US.tmp	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\sound\Desktop\music.bank	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\steam_appid.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\steam_settings\settings\listen_port.txt	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\unins000.dat	setup.tmp
File created	C:\Program Files (x86)\TI\is-OHMJ0.tmp	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\sound\Desktop\sfx.bank	setup.tmp
File created	C:\Program Files (x86)\Pizza Tower\fmod-gamemaker.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Pizza Tower\steam_settings\steam_appid.txt	setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

setup.tmpchrome.exe

pid process

1996 setup.tmp
1996 setup.tmp
744 chrome.exe
744 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	process
Token: 33	608	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	608	AUDIODG.EXE
Token: 33	608	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	608	AUDIODG.EXE
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

setup.tmpchrome.exe

pid	process
1996	setup.tmp
1996	setup.tmp
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

PizzaTower.exePizzaTower.exe

pid process

1444 PizzaTower.exe
1444 PizzaTower.exe
2524 PizzaTower.exe
2524 PizzaTower.exe

pid	process
1444	PizzaTower.exe
1444	PizzaTower.exe
2524	PizzaTower.exe
2524	PizzaTower.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

setup.exesetup.tmpchrome.exe

description	pid	process	target process
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1760 wrote to memory of 1996	1760	setup.exe	setup.tmp
PID 1996 wrote to memory of 340	1996	setup.tmp	cls-lolz_x64.exe
PID 1996 wrote to memory of 340	1996	setup.tmp	cls-lolz_x64.exe
PID 1996 wrote to memory of 340	1996	setup.tmp	cls-lolz_x64.exe
PID 1996 wrote to memory of 340	1996	setup.tmp	cls-lolz_x64.exe
PID 744 wrote to memory of 972	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 972	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 972	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 592	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 1460	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 1460	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 1460	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe
PID 744 wrote to memory of 396	744	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Pizza Tower by Igruha\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Pizza Tower by Igruha\setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1760

C:\Users\Admin\AppData\Local\Temp\is-GMTEH.tmp\setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GMTEH.tmp\setup.tmp" /SL5="$8001C,1895367,139264,C:\Users\Admin\AppData\Local\Temp\Pizza Tower by Igruha\setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1996

C:\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz_x64.exe
"C:\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz_x64.exe" d - - -idx=00
3⤵
- Executes dropped EXE
PID:340

C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
"C:\Program Files (x86)\Pizza Tower\PizzaTower.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x544
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5949758,0x7fef5949768,0x7fef5949778
2⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:2
2⤵
PID:592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:8
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:1
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:1
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1240 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:2
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1280 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:1
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=1192,i,11017437935620863554,9805791844943137952,131072 /prefetch:8
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1660

C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
"C:\Program Files (x86)\Pizza Tower\PizzaTower.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3028

C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
"C:\Program Files (x86)\Pizza Tower\PizzaTower.exe"
1⤵
PID:2436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
C:\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
C:\Program Files (x86)\Pizza Tower\Steamworks_x64.dll
Filesize
484KB

MD5
dddff8b3c67e40ba51ab322122f50f0a

SHA1
85eed85a3b6c00dab448267b42b13060128584c1

SHA256
03c6b308f2433a6f144e1731075481f50713b58dc3af1d5f90eb3c9ed037b404

SHA512
4e6a51ffd2469dcefda5016719b622941982c71b9d92fd350ba99c2c711ef02b2792c2b97dbccba870df8440467b7eeca32630b43fba930ab1098fd36cd6678d

Download Submit
C:\Program Files (x86)\Pizza Tower\credits.txt
Filesize
29KB

MD5
eb1de0dd6df9b60cdf4ed9a2e925f367

SHA1
79d5bb3c0a35d4610d9590af08f016e82a5c70ed

SHA256
fc8aca9e8fbba501e02584adf8c7611b0245b2c7269c7643207daea46f4ce4a8

SHA512
66adad84c3436f7395ecf9421d33b180c7099175f16ef5c2ccb3d3f7e0b6597d58a8f5521b98f8b2e623bbfad3d1914c857e664991348108ad399c6c8a397974

Download Submit
C:\Program Files (x86)\Pizza Tower\data.win
Filesize
83.2MB

MD5
7baebb150eb9cc1577a83fee7fac0536

SHA1
5f0fe28ac345ab3ec69775f9db793277c426fa2a

SHA256
2d2024a6ee1965dc5e14e01a7ce58d3166212940087d87c6fa30abf78251f84b

SHA512
8053853e5f671f143f67dd92214a3aec0bc7befb1d6c809c4d355ea39e69aab70b50c6d2f4ace9ba7dcaa40bc4e1596240a14e3dd25d68df99ffda5c57bc074d

Download Submit
C:\Program Files (x86)\Pizza Tower\fmod-gamemaker.dll
Filesize
35KB

MD5
7d03df224eef39d3c507e33fe2165158

SHA1
c8a1f626079a3a7e750d5205d1ed92f3f9d6c499

SHA256
0cbb76f9bd8987c194b891c3c0b14c3ffb15ae0f676623a811090ca7619bd3b3

SHA512
2dd05d7495456cda7bbea293032569ea6956b22f9e96e2a68de291bb3cc54e5240471d3994a04ff3481f4d76ded694803e55a870490a8aa8ba806a82d596ab54

Download Submit
C:\Program Files (x86)\Pizza Tower\fmod.dll
Filesize
1.8MB

MD5
bf5815e7bbcbe5d2d5cb84900527536f

SHA1
b6f4c2e0d57a17c0096d287679f855e2a3f68f6a

SHA256
e78d09eafe87c4699e23e7b1fa88d99e4d031538c452d8647e3961bc104dbe09

SHA512
7933df1990b9cddd2f50737e8980c7fdbf572586cd74a76a9f9e2f2e35b26a3bae9e0f66d45d5d9fdd400de29274cf042ff98e84a3c6441b919281f6d7cfaed4

Download Submit
C:\Program Files (x86)\Pizza Tower\fmodstudio.dll
Filesize
1.4MB

MD5
3aa316d24bac9601e3136d73cee0193d

SHA1
9448c6c683239b9b67a73831112a8a2d3e077541

SHA256
489e8d08b760579a1974de3865a16c9c5e6dd989a09c831cf1c8c7db7c1ea50f

SHA512
e2f2093665b40b2aa705e6e92cd93a823361928e8d527d40cb42f4d548b6dfba72d0aa05b4046225ec2a00fe84b25f0c5cf41af091a2355c41a119dc08c30d8c

Download Submit
C:\Program Files (x86)\Pizza Tower\gameframe_x64.dll
Filesize
6KB

MD5
d2503d70b9ada6302b9424caf6987522

SHA1
ba327c52f3ab987b1218f8cda363c4003e6b4db6

SHA256
bf6699ee52f7e52dc2444de4afece133a37127d194272e323509120497b7d974

SHA512
fa40bc000aab587b0642863016eab43bd67331e9653fd4f5e4a8863ed284e362c01866b7deecf6ad7f05acdc6b741bab8ac9f83a0f4ddc6ad8ddcc5c19e18a04

Download Submit
C:\Program Files (x86)\Pizza Tower\lang\english.txt
Filesize
24KB

MD5
a68480b9a10835f7ad2983e2d75df190

SHA1
410efb384afbf02967f90cdc7de2b12298f61257

SHA256
991ceb7e331fe8c63083adc2376f2c3ad390aebde90272e060e0fec0defcbd3f

SHA512
dd4b5c58f2c68ab236069a705ee9317d1b0d90ec54bd2211c76592832647f717db92cadd8385a9c19357136d2bfc54955af5873ddd345e7fa3c27a370acd703f

Download Submit
C:\Program Files (x86)\Pizza Tower\options.ini
Filesize
189B

MD5
33beb59698e4fea0b68028adabbd63a5

SHA1
20d0cc39b2b2b4848feec1fb12eae882e8bc283c

SHA256
c0f242dd5e4d449751ade764ca001cf9bc10ac57f78256e93b3592e7c2ff4db3

SHA512
b3bb5641f14f1dac89c400d26d11877f172aa642fd711ddeb3da650ab8ac97a3cef045fb52caa132966e9d5c15a61a5bc8f4f58f14481c2cc6fcd4d8299ecc2b

Download Submit
C:\Program Files (x86)\Pizza Tower\sound\Desktop\Master.bank
Filesize
4KB

MD5
0736935e0499061ddec22ebebc3bd121

SHA1
3d2508ddafbe5aafb34b170a267f4c7c787ebd00

SHA256
178857ef7c1df95583db3d3d3f7498eb61fe609e85e01fedd148808793a219ca

SHA512
86456f017a5b59bda648388fc19aa6eea5c6287b9e8daa6f2a222fee3f6f1e09c420a0c6656f2de09d4ed68e47e0d41e3a918fb6c52ff96f31f7338005d53203

Download Submit
C:\Program Files (x86)\Pizza Tower\sound\Desktop\Master.strings.bank
Filesize
24KB

MD5
01c7b0d7c96b9a41bc5153a613b6b5cf

SHA1
065c74990eef7b644ef06750c8abdccfe6ab8f00

SHA256
1eff7cf32fca3641a7dd7ce26b4a3c1f31fd2b25c41a610692586f1adb201d60

SHA512
193edc1b586f78e50ff4dc31d1bee936ddeb22d680b4a7661a06d048ca218c4848482707203f5cdc1a083559e822c0dd2a7c160db118c50a28ba05e558e0ce95

Download Submit
C:\Program Files (x86)\Pizza Tower\sound\Desktop\music.bank
Filesize
137.4MB

MD5
04458a6da5891c6af8966f3357f5306e

SHA1
4578461b8eb9316b5a7966e1129f93a3af4a57de

SHA256
093388e585a8e8bef9a480e6d6cc57719534c853b835dcab781a66700d8a5bba

SHA512
e171e7946db49df2e191ca7c1abae460d1b01e58db0f5356e877d72b432f8d980e7da80db33daf3ecd38c14416184f70ec3a5186ba754ec89edcfbefcdb887ba

Download Submit
C:\Program Files (x86)\Pizza Tower\sound\Desktop\sfx.bank
Filesize
13.5MB

MD5
2e3e608fa08fa153a5a7eb7afb59ec63

SHA1
8d4e97d911c8f4c4d3403b51dd4baef8d0853cac

SHA256
e99d22821bad567e9c47d9b7624204d376984086b681d8b235312b758ca1dbba

SHA512
8acbd70042054ea0d6ff7e2c4ac93e4c594596f57256324576c20be02d186a8f81a712d7f5ee856d7318a1b2eab83e9723a586e1d0e94a932d1fd42767a03954

Download Submit
C:\Program Files (x86)\Pizza Tower\steam_api64.dll
Filesize
1.9MB

MD5
37a7e0deae6e7bd1154f8fd059f9a241

SHA1
5787b8db0d0d656d13474cd7d2caf66c443e181c

SHA256
eb9b78ef3c339591c1993c9c364098de386edd391e1169ea0a6daa39ae9735a9

SHA512
6d375c3abceb83a48b277ebafa7da24128fa97cdde7b3f3e89970671582ff3af8a413fead8d074127a97fc34cc423fd218f878ee3a218f6f28be3aededbf83f7

Download Submit
C:\Program Files (x86)\Pizza Tower\steam_settings\DLC.txt
Filesize
32B

MD5
71c8318642fb78b91941b36799511719

SHA1
85ce126fb430fe5d1821738b28f4e1b152a96978

SHA256
378f2bb51e7a03b033eb190bdafab026e77264c600f49c26f6499a9033e26a95

SHA512
956a2196d90ef2009eebb5480a75100f641cbd43609fd0ce4cf1299031a5578d53598953b069d6f6df616ae12269653b33829b7f05374ec832a31e1c1c93d597

Download Submit
C:\Program Files (x86)\Pizza Tower\steam_settings\steam_appid.txt
Filesize
7B

MD5
dde252f7803a15ad36a0ef0f34ef864e

SHA1
a5a6b88cdca3f9b2d9e3982ae065cd383494c0c8

SHA256
c59137fc29f29154bd5de44e5ad2642115538bd4bda343c590f81b15d443ad9a

SHA512
aa3a37b29b4d12fdb5d477bc8442d6b3490255e0829f64460046d42f18ed003a17aa0b008c9f83464724ad5700e84c15a302c5a9e2595c5ffe52ebb7cd04d275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\98e89745-2bfc-4b77-a65e-6e6e1ae92a82.tmp
Filesize
4KB

MD5
cb97186b3a289460549b38a4f427948f

SHA1
f456249868f5b5b3147fbc21a68af4da254e0f2d

SHA256
edfb34427138503d3d69207b3a31a7f22212293cd1356e248b41454ad45d9e37

SHA512
33a12b0ef1107d7e5efaa5dc6046048004958228c9c23c1b0bf01e9757dff640408f59be43dffa2239c8bc4fe4c943429d34ba9239a6474ba957d16f6836d42c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6f9148.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
f71b16955c0e2218833de5481c9db05e

SHA1
c46576916e9a7985303452488d30ce26e80beb95

SHA256
f3cbe56c857d537604fc919ab38707da072875c69fdfa174312d92b487827563

SHA512
2b0543bb2540ebaaedcada10de1f54498b229963baaacc2c19b2bf2121138de012f05ad5b69adf1e1803f0097f78cbb668d255cc0accd73ff6d5b0d79bad1fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
955B

MD5
f7b4380e55cfc74391e39c5e4e776efc

SHA1
b112b39be8a89f5d73e7e56d725d622a75c6a3f7

SHA256
7d0a9192bc84a4d54bbf6436f02f371af6aed7b7ad2892fa45631834fdd1f717

SHA512
9cf42771ed71597fa1cb0ae184acbd55c5e158444811f08f81ff425e8cc32adf116ad9f25e73670e349fcf9724e58f9a2a1e9821174843a2045b813a05a80548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
3d4c8eb13781f2ebf2a9eca1fae05cd3

SHA1
5d0e77cafcc0a812d49599c007ff72c1d6bada04

SHA256
3bfca209dc0b4a5c1e30e0d93ac25ced8417fc61e0d762c7557823fb2e24bf3b

SHA512
428513cec533a8a754d889fe323f315fb5bdf65d8280bf6db8eae6f79be07087a5000854480fc25cfcfc749259d8d1e030db65c6797d41546e9c3acb7a31c45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
effd53bfbc93ed3849b7096edafca45d

SHA1
31cd3ac76f5155935af35b79b8dfa68c21a532ad

SHA256
f5cf19dfb584e05a42414298614c6f06b3167c5b6cd8f3622a400766870f8d6d

SHA512
8061c1d6be5ac79f3f29aed01a615a0516ba8561b6178df61adfbe4ce9468472e30976c547b085a6f0d29c0458953961ea6d2a647ca2ec4320eac2fb6dbe7c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\CLS.ini
Filesize
310B

MD5
6641dd0e55cf8069fa8dac408b77cf2d

SHA1
5a1a7aba00c9084d533e04efd39fa8c8e482c247

SHA256
b06b3eee3aec6ae55b2c6a4dba800b3c8a3cfe7f453575be98ebb659b6f73654

SHA512
8f95f577fbb924f92c4f13a6b41d63126eca048ad6e5556a13f1bb0607be2b9acc0254d1727645b550edbd864f59e2043b31815bc0f6e02ab14d5dfae8f44184

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz_x64.exe
Filesize
335KB

MD5
7234c4334a7523b1ac6f51c072497071

SHA1
e06a12c60a99bc4ccc2a21774c82c80a6159aa67

SHA256
d92f7c60256509f74e36d9b5aab041fe44999b1a3910d70aa83c9d01f062ea29

SHA512
9e51c0348ed975ba62482486581a03d5d6c17707542dd46eaa09ca15bcc85aab0f489092d974a4a998c3595a7de9873901e6e590ea25c739c6e976997dd86503

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GMTEH.tmp\setup.tmp
Filesize
1.4MB

MD5
7dc792e0a35f3ed48d2e8b5ae4a74158

SHA1
0326989b6266ee6dd741e13bb3bffa8a66171a17

SHA256
3d86432f3a410f6e8f53c8eee0fb05a323a35be0cf2387a56f5f5fadc2350551

SHA512
6e892b2e4629952d04481e35864b393d1491185aa519ea8ed12df7c891e02be63817bf6ae004877afb3b71385b2003ef326f245159e9cee3bbf6a03371bdec1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GMTEH.tmp\setup.tmp
Filesize
1.4MB

MD5
7dc792e0a35f3ed48d2e8b5ae4a74158

SHA1
0326989b6266ee6dd741e13bb3bffa8a66171a17

SHA256
3d86432f3a410f6e8f53c8eee0fb05a323a35be0cf2387a56f5f5fadc2350551

SHA512
6e892b2e4629952d04481e35864b393d1491185aa519ea8ed12df7c891e02be63817bf6ae004877afb3b71385b2003ef326f245159e9cee3bbf6a03371bdec1b

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\account_name.txt
Filesize
4B

MD5
654e1c2ac6312d8c6441282f155c8ce9

SHA1
b601eaa0f87fe94355f635b77a7608b971ea8825

SHA256
bc3a7860cd4f58f3e1e66a20e3cb2930477121c46b9e030636bc6c5cfd050071

SHA512
a3adcc6bef462dcea21dd995bec6b4466c68ee85c8059c27fba7bb33ec57ec00c6bed9528be92d1044100b749a68ee439f84c9b8a37d1dd13d7fccbe231ed31a

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\listen_port.txt
Filesize
5B

MD5
76bf79e9a0a4c128d97dbd6900773f4b

SHA1
8abb38a924d5bf8a1ee12fe96aa2d2be942704d6

SHA256
45095e3e3f29ea73ffab2e23158b7cd2afa6532004b5a9b6f06d4e5e068a89aa

SHA512
8cd54c07d87c41103d963eb7dfd2642b07bb67ceb731b477fc9cd9b736ab03833dc2e2d0b2eb399002d76d405a20d5816d19d77ef760d7dac0c1a67d80662535

Download Submit
\??\pipe\crashpad_744_QWVXYCTLNZOVIKDM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\PizzaTower.exe
Filesize
6.7MB

MD5
2f7b788caca5b7377fbd78ec311f4dfc

SHA1
858d6eedfb5e0a94646c5fff7cc8e89d3df69d35

SHA256
51fcebe74e2d27e5ae84492621eabcff3ba746b5a22807e0e61fdf892decdb5f

SHA512
29c19f0a4a5f098112d7d7d1a8818a59915de8656665af88993f710fb1427893f3aafa33706b594c4c4f622b541a4b5e8c5b643557e953e1fe7ad905805ed50d

Download Submit
\Program Files (x86)\Pizza Tower\Steamworks_x64.dll
Filesize
484KB

MD5
dddff8b3c67e40ba51ab322122f50f0a

SHA1
85eed85a3b6c00dab448267b42b13060128584c1

SHA256
03c6b308f2433a6f144e1731075481f50713b58dc3af1d5f90eb3c9ed037b404

SHA512
4e6a51ffd2469dcefda5016719b622941982c71b9d92fd350ba99c2c711ef02b2792c2b97dbccba870df8440467b7eeca32630b43fba930ab1098fd36cd6678d

Download Submit
\Program Files (x86)\Pizza Tower\Steamworks_x64.dll
Filesize
484KB

MD5
dddff8b3c67e40ba51ab322122f50f0a

SHA1
85eed85a3b6c00dab448267b42b13060128584c1

SHA256
03c6b308f2433a6f144e1731075481f50713b58dc3af1d5f90eb3c9ed037b404

SHA512
4e6a51ffd2469dcefda5016719b622941982c71b9d92fd350ba99c2c711ef02b2792c2b97dbccba870df8440467b7eeca32630b43fba930ab1098fd36cd6678d

Download Submit
\Program Files (x86)\Pizza Tower\fmod-gamemaker.dll
Filesize
35KB

MD5
7d03df224eef39d3c507e33fe2165158

SHA1
c8a1f626079a3a7e750d5205d1ed92f3f9d6c499

SHA256
0cbb76f9bd8987c194b891c3c0b14c3ffb15ae0f676623a811090ca7619bd3b3

SHA512
2dd05d7495456cda7bbea293032569ea6956b22f9e96e2a68de291bb3cc54e5240471d3994a04ff3481f4d76ded694803e55a870490a8aa8ba806a82d596ab54

Download Submit
\Program Files (x86)\Pizza Tower\fmod.dll
Filesize
1.8MB

MD5
bf5815e7bbcbe5d2d5cb84900527536f

SHA1
b6f4c2e0d57a17c0096d287679f855e2a3f68f6a

SHA256
e78d09eafe87c4699e23e7b1fa88d99e4d031538c452d8647e3961bc104dbe09

SHA512
7933df1990b9cddd2f50737e8980c7fdbf572586cd74a76a9f9e2f2e35b26a3bae9e0f66d45d5d9fdd400de29274cf042ff98e84a3c6441b919281f6d7cfaed4

Download Submit
\Program Files (x86)\Pizza Tower\fmodstudio.dll
Filesize
1.4MB

MD5
3aa316d24bac9601e3136d73cee0193d

SHA1
9448c6c683239b9b67a73831112a8a2d3e077541

SHA256
489e8d08b760579a1974de3865a16c9c5e6dd989a09c831cf1c8c7db7c1ea50f

SHA512
e2f2093665b40b2aa705e6e92cd93a823361928e8d527d40cb42f4d548b6dfba72d0aa05b4046225ec2a00fe84b25f0c5cf41af091a2355c41a119dc08c30d8c

Download Submit
\Program Files (x86)\Pizza Tower\gameframe_x64.dll
Filesize
6KB

MD5
d2503d70b9ada6302b9424caf6987522

SHA1
ba327c52f3ab987b1218f8cda363c4003e6b4db6

SHA256
bf6699ee52f7e52dc2444de4afece133a37127d194272e323509120497b7d974

SHA512
fa40bc000aab587b0642863016eab43bd67331e9653fd4f5e4a8863ed284e362c01866b7deecf6ad7f05acdc6b741bab8ac9f83a0f4ddc6ad8ddcc5c19e18a04

Download Submit
\Program Files (x86)\Pizza Tower\steam_api64.dll
Filesize
1.9MB

MD5
37a7e0deae6e7bd1154f8fd059f9a241

SHA1
5787b8db0d0d656d13474cd7d2caf66c443e181c

SHA256
eb9b78ef3c339591c1993c9c364098de386edd391e1169ea0a6daa39ae9735a9

SHA512
6d375c3abceb83a48b277ebafa7da24128fa97cdde7b3f3e89970671582ff3af8a413fead8d074127a97fc34cc423fd218f878ee3a218f6f28be3aededbf83f7

Download Submit
\Program Files (x86)\Pizza Tower\steam_api64.dll
Filesize
1.9MB

MD5
37a7e0deae6e7bd1154f8fd059f9a241

SHA1
5787b8db0d0d656d13474cd7d2caf66c443e181c

SHA256
eb9b78ef3c339591c1993c9c364098de386edd391e1169ea0a6daa39ae9735a9

SHA512
6d375c3abceb83a48b277ebafa7da24128fa97cdde7b3f3e89970671582ff3af8a413fead8d074127a97fc34cc423fd218f878ee3a218f6f28be3aededbf83f7

Download Submit
\Program Files (x86)\Pizza Tower\unins000.exe
Filesize
1.4MB

MD5
abf7c97d52ad535881b65039c42b59f0

SHA1
7cb88e70205aebf837ed8e26aba77942fa736eb5

SHA256
5ea16d3919e523544a556dc0723444b51081ac89e6e07f0c4ab586f565c4a3bb

SHA512
0011987635ebf43dcbe00e6c02216fa5297bf613f7f53c95b23fd637ce7c7ab78b4d0018cd782333d25f80b51f4b0bb58088822338a2c4e0cdf64060b6757b47

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\CLS-srep.dll
Filesize
90KB

MD5
e68c32297a0b144d13c0b5870ca8c8d8

SHA1
c58efb877ee8691900702faaf1e90e35d7b90cbb

SHA256
6954112104ba041d18760de5eb7e6825cc14cec98ff49939a587cc6b27908bd2

SHA512
2f7c36451ffd6ae7af29c003c6e03e954e478c44fa2ca13b6080b9ffbd44bb45a7e17149f9f72e2f18488d9cfeedff3c501bab24a336d6a62f43938b54dbc035

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\CallbackCtrl.dll
Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\ISDone.dll
Filesize
452KB

MD5
4feafa8b5e8cdb349125c8af0ac43974

SHA1
7f17e5e1b088fc73690888b215962fbcd395c9bd

SHA256
bb8a0245dcc5c10a1c7181bad509b65959855009a8105863ef14f2bb5b38ac71

SHA512
d63984ee385b4f1eba8e590d6de4f082fb0121689295ec6e496539209459152465f6db09e6d8f92eec996a89fc40432077cbfa807beb2de7f375154fef6554bc

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\WinTB.dll
Filesize
75KB

MD5
a2eee508e6a51c6335650532e05ac550

SHA1
8703fb138bb8443f17c0c24da7edd69b1f2660b1

SHA256
75fb2984e1b06f4278fb7b3c77e9fec84e02a3b4bf82d35120f8cbe7bdbc76bf

SHA512
14e1abea3109c17f1fbe6ec455593bf91ba1b811ea302806a83a97a96bf582f1c46e8fe635e1d8739c5c007298eabd41311e07e50961ec2084cf97bde0595370

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\b2p.dll
Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz.dll
Filesize
16KB

MD5
9e1e200472d66356a4ae5d597b01dabc

SHA1
8d93246907a422d2333697cfe999cd9aeaea764c

SHA256
87df573ac240e09ea4941e169fb2d15d5316a1b0e053446b8144e04b1154f061

SHA512
dd16e9c0831e72d19b1bf1431a2c8c74bcc183cfa16f494b5f11f56168209948744e0add7f2afe62db7f34adddf940fd570e28d60bebf636e07f57a0bf0346cc

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz_x64.exe
Filesize
335KB

MD5
7234c4334a7523b1ac6f51c072497071

SHA1
e06a12c60a99bc4ccc2a21774c82c80a6159aa67

SHA256
d92f7c60256509f74e36d9b5aab041fe44999b1a3910d70aa83c9d01f062ea29

SHA512
9e51c0348ed975ba62482486581a03d5d6c17707542dd46eaa09ca15bcc85aab0f489092d974a4a998c3595a7de9873901e6e590ea25c739c6e976997dd86503

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz_x64.exe
Filesize
335KB

MD5
7234c4334a7523b1ac6f51c072497071

SHA1
e06a12c60a99bc4ccc2a21774c82c80a6159aa67

SHA256
d92f7c60256509f74e36d9b5aab041fe44999b1a3910d70aa83c9d01f062ea29

SHA512
9e51c0348ed975ba62482486581a03d5d6c17707542dd46eaa09ca15bcc85aab0f489092d974a4a998c3595a7de9873901e6e590ea25c739c6e976997dd86503

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\cls-lolz_x64.exe
Filesize
335KB

MD5
7234c4334a7523b1ac6f51c072497071

SHA1
e06a12c60a99bc4ccc2a21774c82c80a6159aa67

SHA256
d92f7c60256509f74e36d9b5aab041fe44999b1a3910d70aa83c9d01f062ea29

SHA512
9e51c0348ed975ba62482486581a03d5d6c17707542dd46eaa09ca15bcc85aab0f489092d974a4a998c3595a7de9873901e6e590ea25c739c6e976997dd86503

Download Submit
\Users\Admin\AppData\Local\Temp\is-8U4CJ.tmp\unarc.dll
Filesize
317KB

MD5
c8600ee0bad1cb2a899b792cb6c1869b

SHA1
2aab7be28ae6535eb9b0982ee44467751cc42cf3

SHA256
b670f7e828aeff88bbe6351bf3b0775af39adc1bfac3b84af4061a4c78ed174a

SHA512
ebc03d7ffec0ea3751e4e5a31dce1fd212f1ba31134712b022f15bba7d610f77fab02e7590a28528ff6219c0e3753b80ad6e985605b37fb70b56a7de243c4d11

Download Submit
\Users\Admin\AppData\Local\Temp\is-GMTEH.tmp\setup.tmp
Filesize
1.4MB

MD5
7dc792e0a35f3ed48d2e8b5ae4a74158

SHA1
0326989b6266ee6dd741e13bb3bffa8a66171a17

SHA256
3d86432f3a410f6e8f53c8eee0fb05a323a35be0cf2387a56f5f5fadc2350551

SHA512
6e892b2e4629952d04481e35864b393d1491185aa519ea8ed12df7c891e02be63817bf6ae004877afb3b71385b2003ef326f245159e9cee3bbf6a03371bdec1b

Download Submit
memory/340-121-0x0000000140000000-0x0000000140057000-memory.dmp

Filesize
348KB

Download
memory/340-172-0x0000000140000000-0x0000000140057000-memory.dmp

Filesize
348KB

Download
memory/1444-263-0x000007FFFFFA0000-0x000007FFFFFB0000-memory.dmp

Filesize
64KB

Download
memory/1760-220-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1760-85-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1760-54-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1996-79-0x0000000003A50000-0x0000000003A5F000-memory.dmp

Filesize
60KB

Download
memory/1996-219-0x0000000000400000-0x0000000000578000-memory.dmp

Filesize
1.5MB

Download
memory/1996-87-0x0000000002DE0000-0x0000000002E57000-memory.dmp

Filesize
476KB

Download
memory/1996-196-0x0000000003A50000-0x0000000003A5F000-memory.dmp

Filesize
60KB

Download
memory/1996-84-0x0000000003A40000-0x0000000003A42000-memory.dmp

Filesize
8KB

Download
memory/1996-83-0x0000000074630000-0x0000000074641000-memory.dmp

Filesize
68KB

Download
memory/1996-192-0x0000000000400000-0x0000000000578000-memory.dmp

Filesize
1.5MB

Download
memory/1996-89-0x0000000003A50000-0x0000000003A5F000-memory.dmp

Filesize
60KB

Download
memory/1996-90-0x0000000004820000-0x0000000004821000-memory.dmp

Filesize
4KB

Download
memory/1996-86-0x0000000000400000-0x0000000000578000-memory.dmp

Filesize
1.5MB

Download
memory/1996-125-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1996-198-0x0000000061080000-0x0000000061112000-memory.dmp

Filesize
584KB

Download
memory/1996-193-0x0000000002DE0000-0x0000000002E57000-memory.dmp

Filesize
476KB

Download
memory/1996-71-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1996-120-0x0000000005730000-0x0000000005787000-memory.dmp

Filesize
348KB

Download
memory/1996-69-0x0000000002DE0000-0x0000000002E57000-memory.dmp

Filesize
476KB

Download
memory/1996-118-0x0000000074360000-0x0000000074367000-memory.dmp

Filesize
28KB

Download
memory/1996-119-0x0000000005730000-0x0000000005787000-memory.dmp

Filesize
348KB

Download
memory/1996-126-0x0000000004880000-0x0000000004881000-memory.dmp

Filesize
4KB

Download
memory/2524-371-0x000007FFFFFA0000-0x000007FFFFFB0000-memory.dmp

Filesize
64KB

Download