40bc64c453610aeedee40524e454a7cb5910b5d8ba7738b110ea40385f0c900f

Analysis

max time kernel
30s
max time network
161s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04/05/2023, 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dt-lg-v1.0.5.exe
Size

137.2MB
MD5

528cc0674c91b4ff950cb16ae1ff030e
SHA1

9d7e44f502e34833991aeb17937bdef990f9f6b0
SHA256

40bc64c453610aeedee40524e454a7cb5910b5d8ba7738b110ea40385f0c900f
SHA512

d92bfe3fc24cdd47483599d992b47b9f9fb2a9fc99f3058a403aa23f3af522d7470072d33be1bb433dcdb9f431ddbb5c7df2234cdb9dac9d54da087e5aea1c64
SSDEEP

3145728:3QRjgX5eVhfMS7gvtU3CtfymhaMBAx/BGNbrz1r5Z7pqeWVkKvILr+Z9F5Sy:3QRjM5eViS7JCU+6xJGNbvBToeWVkFAN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 35 IoCs

pid	Process
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171	dt-lg-v1.0.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\shell\open	dt-lg-v1.0.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dt-lg-v1.0.5.exe"	dt-lg-v1.0.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dt-lg-v1.0.5.exe"	dt-lg-v1.0.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\shell\open\command	dt-lg-v1.0.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\shell	dt-lg-v1.0.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\ = "URL:Run game 747397094297436171 protocol"	dt-lg-v1.0.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\URL Protocol	dt-lg-v1.0.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\discord-747397094297436171\DefaultIcon	dt-lg-v1.0.5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1912	chrome.exe
1912	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: 33	1756	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1756	AUDIODG.EXE
Token: 33	1756	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1756	AUDIODG.EXE
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
576	dt-lg-v1.0.5.exe
576	dt-lg-v1.0.5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 844	1912	chrome.exe	28
PID 1912 wrote to memory of 844	1912	chrome.exe	28
PID 1912 wrote to memory of 844	1912	chrome.exe	28
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1828	1912	chrome.exe	31
PID 1912 wrote to memory of 1908	1912	chrome.exe	32
PID 1912 wrote to memory of 1908	1912	chrome.exe	32
PID 1912 wrote to memory of 1908	1912	chrome.exe	32
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33
PID 1912 wrote to memory of 836	1912	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\dt-lg-v1.0.5.exe
"C:\Users\Admin\AppData\Local\Temp\dt-lg-v1.0.5.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:2
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1344 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1340,i,12613622207610176778,14359890794180280194,131072 /prefetch:8
  2⤵
  PID:2436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6857ab01b483df4798c099fbd0eaf78a

SHA1
54fc4d62f720aae2d0f2d2e83c7f33bb54dde371

SHA256
e753ff8477fcb2d15ae05e8996c56824ecb2b0a95e48bca9505b34a43f8dcba5

SHA512
7c67212317ab5782c192be07dec4b9df55d6a402634e1f6956f8ee1c294406e9c5d8de3134ae7895fb408a39b565c189d89c061c2a535682956503042a5fab8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c1c55612-e69a-45de-a1bc-7c932a5e06bc.tmp

Filesize
4KB

MD5
4effa4b8d0e9f24839980cc577bade9a

SHA1
36994a0a3016938e103a8cc57d78dddf20e854f4

SHA256
cb2df44dec388375841675b4253eacf22be920b789f765787f7aa1278a1c0d43

SHA512
5720053de53c862ea8308b3eb1eaa9302483629278332ed3d25d3e4895815e5e2c4a6d20a0ee3ea2d942f4dabe41db837ade9f9a9fe169617105b53da84beb64

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\save

Filesize
269B

MD5
6f1ffb55185e40c59b5fa15f439cab09

SHA1
92bbe7b1df1e0f09b7440795f8026c7afce01e2e

SHA256
766ff6b185baf63c346cc4288e9bf90c9f1c6f3f663de0e14e258ea07b9b33f4

SHA512
44c698a5566d9f1e1d6323aaf387638a22aa80492dc6c6532d2d6ab58790979f4b85620f40123e589f030691981304c8f55e6d0a5544163c01e971393fe4ce37

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Box2DBase.mfx

Filesize
284KB

MD5
15c1f5c080b99d1ea6f3b70c7a69af8c

SHA1
79e85e2d054dc6a07c0f9f611978e129e98ebf69

SHA256
286605641cdba584c563d7241c106bc9ea9d3e5a22028ed92e7f5cabd33e1e4b

SHA512
c540e8a1d1dfb60daec7694ff0f1cad210f7a061f80f6aea1a507b172a6295960c6ceaf80a808d1f752ec0ad8e4e97ad9941fd85c3926a4351095ae00aaaf1c7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Box2DBouncingBall.mvx

Filesize
128KB

MD5
842546403980acef6097a09f1f4c2fda

SHA1
b245e699e9f930353fe8f435844b88b69d1193fc

SHA256
1f8cfd04f3aa7376204756d216b07959d4e9064ca28eb7b89fe5aa64d0a35912

SHA512
a66d0ee4fda261779171c93ebbd8c8c8668dbabf49d16fac49c8de56d70c484f662843128cd85fbfa5a7ec118d8e29baae9adec8f5c09d9fc617d79c9a69ef25

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Box2DStatic.mvx

Filesize
115KB

MD5
f1bc91e391c8526976533bffda783e33

SHA1
db42f9049cc787c0cfa9abfac3b42543f3761cf3

SHA256
7e93b5cb2042e2b2940fceb4b923bbea8005acc6024db044d90f1d7b283ada0a

SHA512
65afee345ee3e2c1e60ffbea30b57d264ad5bc4e84c58f29147ecb2c240d2f974e1662ff951b7511fbdb38ffdccb2ea36a12957b0b7399f06280c7127f0a6313

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\DRPC.mfx

Filesize
1.8MB

MD5
7b78ab9a2798746a19a991261d150cde

SHA1
6f6ccb465d518c6b70a2ced376afd6a9779b4768

SHA256
a16fac771f5b676dc0963a538491922d42f5efbe5bd673ef5a05e4fcd1caee7a

SHA512
048a271b5d441e8a6356d42de9c384e9d43e4fe93b7b43677e4030239340812aa510d236b0d2fc037daf932c4ed277d7d338febd80ddc78f2afa3921a22918ba

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Easing.mfx

Filesize
181KB

MD5
c3728db47cf34a1dd117c42511ae7213

SHA1
8e006ab527da565312c9877effaa76ec17b440d2

SHA256
d0409d7558ef6b61574f5907179fd77e8b41553be0a588940243ffa2d1cdf9c2

SHA512
f61e49ba1e1fe8d1e4c13605f34663b1bd25b16c8bc6adfe5de6dd443633a54881c0d105426c3c1d6cd9649a5a6380db9ab6859c9e1036f22a3f5bf95a0bbc85

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\InAndOut.mvx

Filesize
68KB

MD5
e0a46539bf68ea083867457c962b0edb

SHA1
1345276d8a0e2ffbc90bfd7a1aa7f75d9b908b77

SHA256
678073eea715bdb105d7316a2ccbdfbf6185b6bd23c3cd9528ebfeafb9ade716

SHA512
d23a7e70602bdcd5e3de488c86d83a97038762fa42d588d385cd0ef00a60f32b2344c730a3208352cd0b7fd9de9534e6e8527e8d1e9a5bb36da315724e602e21

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\KcSyso.mfx

Filesize
24KB

MD5
4f344a32138c2db1824a9d5502f7edae

SHA1
7ebdd28c348073cabd7df361a88e57afc05b050c

SHA256
6fba807e4327c18c01c478c532d2e19c32ec8fdb04a14682b7e9ca38a293cec8

SHA512
14185b93b7dbaee83c1ae0bf3262e1860c4b749128fb5ca98feba967973a296ad0d379036944d3e11f999fe78df9eb9dff33301e38cde49551a723155ce53b5a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Layer.mfx

Filesize
122KB

MD5
8bba7602e13f66901207e4d7bdc99ff2

SHA1
7efda2baa3eee70df450110bb89d934417bec3e1

SHA256
9e9d49c81e02cdef2ea10f53fee958bb750a96e7567d680f86202f0e28e267a8

SHA512
7f31819c1ac931ff51df57b1ee0bad9a6d22c97c0e0bd6fdfc1bcec990f1c581773e90b3af609c734f9248736fa663136573298c9e0c5873307180cd2b9beb20

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Perspective.mfx

Filesize
24KB

MD5
2df0fc606f26c7261c67a0330e641740

SHA1
2a2b47b8c3f5904c411f8ee20ed4d082987986b1

SHA256
42285d953d9688e2d44f3b2a11d78b6a97ad3a26ed8042ab3a98527678e82bba

SHA512
82fce30edec7a59119e482875e93d162c83448ccde435dae7407a4d67df556088fa8af4a716f6be8d78c2ba97125122b0d2f1ab4e6d55c32751f8e9a9eeccc02

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\PowerSystem.mfx

Filesize
136KB

MD5
cb313248835e1e4a32c5e85353b08cd2

SHA1
fc7143115d405b4d135052abf7c8ad3b69b9f54e

SHA256
1f1e8f649a33fedf8754b730606e7c863e9fe7dd137662c2dcabea504bc4658b

SHA512
053be3f040cf8b97c2892f84ab6683feb7fbfa73d76061caf12309ba31809734d3d3d0a685e660204bdedeca22fada241ab1cd6aba6e6275ceab455746367309

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\Viewport.mfx

Filesize
11KB

MD5
441ee6d834d6a08d16140cbf0e1490fc

SHA1
873146150b21c0f75d025c70d84beb111d78be8f

SHA256
69f35a440c5d153bba6c36ae3e2e7b6c8365f6a2ca9fe4eb216cd8a0bf784551

SHA512
984ff7c644ce13a9348e3ec0fbd85225af25a2b14d1d348d9c90b45fed9a6f00e198e3bf15a58fe12c93961273ce9a9ececeba2c1375e91fa7a52deea691f751

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\aviflt.ift

Filesize
24KB

MD5
97b3b613ed1f994389b1a963b6e781c9

SHA1
13b38afdfd6ea283a2012bb8e5c652e13175440c

SHA256
cb5f43c24df39973b983b7fda4abcef60f425061d880c7dd9514b501b84790f8

SHA512
97cb23d76d926fe03573c127862b738217f91b0cb61517df7514597fdc50844ccb3d4f799b9a8b23b8da37a2b802ee2bd1e56b5e9fdb699bc3d511868ffd417c

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\bmpflt.ift

Filesize
24KB

MD5
a73a9c8e91ef95cf4eabadf8f7334abf

SHA1
763195d19f5467c593ab638dbdd0a0277a3048f3

SHA256
02d03c4847e34c9029cca452e37ada5ef40167406d4474a9393e11aace024c3d

SHA512
cb5f451d8e637d466fec2dde865d5daac5a15ea44b6e2ce0506070c123ffad506f5f9739a9ea440f01c8f331cc9d42802cc14f82e1252ac667fa7318bcdf3acb

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\clickteam-circular.mvx

Filesize
28KB

MD5
670cfc229784a242beb960a430ae9764

SHA1
9818a8a255e58e28c1e7617aa7ab38f29067e4f5

SHA256
671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

SHA512
7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\clickteam-movement-controller.mfx

Filesize
34KB

MD5
ce21daa75b795f8b9f5cb01d8a94022e

SHA1
8edd4a13c489e695670e6e77cc9cb805e6cd7b14

SHA256
90c756676b9ce8b6f99695ffa79664d50fe5b264d767959fecd88b52909b4615

SHA512
99a8d9c5b8beb2271e417918b61c44b0c7b33ad674dcdafa16bab17a23baec97d2b5ddabb5375f990ba0774a38a489672de64b798644766cb1f9fcf8b3681978

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\clickteam-vector.mvx

Filesize
32KB

MD5
fb1d240db01b491174fc5c5547f18a9e

SHA1
ccb2cf55106198e1f4e373b3b8b581e1b21ec582

SHA256
621e16dc09011a87780f0dedd39a83a0eb45675ff71bf040f310f2df94acf5db

SHA512
c2c782ed0e1861b8b690051411d6c9135a08d176f50a5a2d23f6e1c5854ba691479dc5d4a8c9226fa3de6afe20b6a046acb3b3d3622b7502c9b516be753d420e

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\ctrlx.mfx

Filesize
52KB

MD5
c132d7446cc3fdaaff25b143e2c91c0d

SHA1
2af70a0cf892f71b2f69a49a5b98654328b638e0

SHA256
1c955f3cfa9a79a222b43238d153c59032cfd0cd9b54bb26a2d44e546bc2462f

SHA512
9b7b90c5e172b59bdcd6783e66ac4e11b47e69298e6c0da1e163296cb8e96de3a9780b60011b8e9d487a2b58c12b1abca5d1d37aceb9503258f5947cfd88f61d

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\fliflt.ift

Filesize
28KB

MD5
91b37f29180a7bcca82dd4682d677b3d

SHA1
bca27cb7ddb271e6649f264777e04970f5ad1276

SHA256
4b651eaa60da09038984a9b7027826941f61f6da58d3f57d11349c8c1896a6d4

SHA512
2fb10952f2671e6a42a9748279aa94e9ce9b307d57d562f9ebbaaa88e27ca96eda36a5fa209df0f791adab7e8d896916b30330ba759b9278cac4bff43600d6e2

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\fontembed.mfx

Filesize
24KB

MD5
2328b5d9fe439136d6b316c536e4f4ae

SHA1
977f20a2ce9b3c4135740595a645b7bf16976a47

SHA256
fe31bbec80dce0cf6e5ec48493f3bc8dda68d30c514204674a5c59244c05809c

SHA512
87b22669cd2c90a93fb9933666da04e095fbf604f273425c0c94fc711973c2f45ccad75bf25917f991e9cdcfa01f6f6bd19e8a0f58e76fb66b310531cefdaf57

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\gifflt.ift

Filesize
28KB

MD5
9a1a0b8e7045c06c47abeb52d861c377

SHA1
6a1c36eb8354f62d5eab6d7c62316fd7d0e1aa92

SHA256
8fadc250c2afc00b0430c5df576cfd2d444367ad928027334c5d03829241cf92

SHA512
918a672f82be50a42c237eeb361b971c724a1d7b11cab183dfd5125bdb7663cae588fa92b142dc99a88407a133bbe58bd7bc0c5c60d93287c470375fc094f079

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\jpgflt.ift

Filesize
96KB

MD5
ba4a1f5006fc3fc33f30e82a964cd7b3

SHA1
8099283e645b6ef523757afdf552da3dc9b72924

SHA256
5bcaaff4c698581603d4165308260412b38ac6cf708486b53bda3bc76241098d

SHA512
8eaa1bae465a0ddd498372fcc9bd9c2b3bd9ba861abcc9158a0e3b8cf14f2a6fc8aae8fb129f96ea090c023247dec56524b2f42fa25239c08145dbe7c664a11e

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\kcanim.mfx

Filesize
28KB

MD5
49273a618d5a89f2301e77c85d028edd

SHA1
560ac67a7b9fb7f58431ae3223f3a8985de7a6fb

SHA256
141d4c3e4e5f931d9773f5cb33ca87bfdafb2f8659fce2f4579bb939e5480080

SHA512
fc25d2fe8df371f1e5a123fedaf9b5962f1d41fd702d8064ffa32ad2c45d04f062939904d614d9b2b0ff61538ab173f1d1177d4727bdae9420fd2df39d10b4ed

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\kcini.mfx

Filesize
330KB

MD5
a6ad14845999c5aa7adf2911671a7c5b

SHA1
98dfd5a9584d1c1b330c2c104c1779bd55ded211

SHA256
5af175ffb932fb653873dad095dd40f2ab8d3fb56f287213c21bb68652ddad2d

SHA512
32bb59826b82d47ec420ac2532e1387a85422d2f0ce5370ad2c95b914a7615d3b122dbf4dd045105eb8ffea49324dac57659f0e5f2500b4d0eb75047cb36dfd8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\kcriched.mfx

Filesize
52KB

MD5
f87aa2c9d701cdeed79902287df7ac37

SHA1
40a83b1bc10e9a8478bff47f02894e2cf63ad579

SHA256
c0c39e02b74a5e05f1e55513c11b78fda6a8243188eeffb0e8e7719d07416a0a

SHA512
b99f1790ffb5b1940b18d054c58475e3bb24fac435f22ce9a5d75e918f75dd6ec6549095cf38638ba1845f25cb32df3a1860c3f1a15ea9475b7eca0ac227c4e3

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\kcwctrl.mfx

Filesize
63KB

MD5
fa3aa3c51150eb5410dc3d74484d84bb

SHA1
3ffca600b9d8b2d580c99021c95e8c6400d9a824

SHA256
0666e52ea54bb2bdb81216443ea0787b8fcc6292b64d6bdf285eebf42e1bbae6

SHA512
81ec7ec2a5877d1b226dfb4ccc8c3946b61fb409d5c53c789e6f8c310a0dc0b3ce1681613cc110a5559540a0ab302e6c36a00d0df07acb41c5a7c35b37d4594a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\mmf2d3d11.dll

Filesize
541KB

MD5
839633898178f35f6de0b385b7de0ec7

SHA1
5396e52c45954f0953cc8cf2095b122f7353180e

SHA256
5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

SHA512
b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\mmfs2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\parser.mfx

Filesize
40KB

MD5
aecd3e2e63217d6fe7f15e950555f9bc

SHA1
9fc29cd71decdceaed7da262e09b498a3fb21dbb

SHA256
19417d80bbcf961e4941ad9fc839a7f266fa58cc6156ccb012c9a09eb4929054

SHA512
03cbf4b6253029008112883209ccd1713303b2ee0ab2aac91d975083c0c2019f3f5b4f5feda8365082b7ce498d1222b8f05506377eb75c5eda3865e0e49c2ddc

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\pcxflt.ift

Filesize
24KB

MD5
56f80b514fa7cc1dd7fb24ef195c30eb

SHA1
e61d7dcbbb623219c625bc67ed0f382f26308600

SHA256
c9e1db8689c11a87f9ab30ebc705eeccc0fbd909ca493a6f589d6a9a5c2a1b15

SHA512
f391e04bd3e67317b3bb1f9541c94782d14e8b8287f5fd3e2f753688d85cc38bf5164c8faa5dc85b8c44a480f81462a4ddc16aafe64313601d21a608b546e721

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\pngflt.ift

Filesize
288KB

MD5
d57365ca275388910be7b09d95ee65b9

SHA1
477e9afa81c0ba97323be56d15ade8fb17c45d78

SHA256
df948630fdb53ddad68d66994f5d2b18a67df32478b6b8b3720c28f40bde7b1f

SHA512
b6a7266c47245cdd5ccc1e4c1b490a22996cac3db53500405354d1a5892896f66aba255ff725808770489a199626a844a86cb80e081a47ed27671bd82ca1cfbb

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\tgaflt.ift

Filesize
24KB

MD5
00a5f50c4a0f8a2c8704fb0640dfcfb6

SHA1
960ff3909de1395de49bd9f36600b989851591ea

SHA256
756725f247592504d42c67257c3957e972ee490af06f12b00467b389e0ee6bbc

SHA512
2be74193a33f1b70f39be9a5565326d425ce02b6eb98b783f8749a209b95fdcbe8724c38c9dbd33e4a12b40756c5ad9177e557f62748b52be2cd7c4bc344b577

Download Submit
\Users\Admin\AppData\Local\Temp\mrt3988.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/576-154-0x0000000001350000-0x0000000001371000-memory.dmp

Filesize
132KB

Download
memory/576-174-0x0000000002A20000-0x0000000002A38000-memory.dmp

Filesize
96KB

Download
memory/576-186-0x0000000002F50000-0x0000000002F74000-memory.dmp

Filesize
144KB

Download
memory/576-135-0x0000000000A10000-0x0000000000A38000-memory.dmp

Filesize
160KB

Download
memory/576-114-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/576-142-0x0000000000A60000-0x0000000000A72000-memory.dmp

Filesize
72KB

Download
memory/576-111-0x0000000000380000-0x000000000038E000-memory.dmp

Filesize
56KB

Download
memory/576-145-0x0000000000C10000-0x0000000000C34000-memory.dmp

Filesize
144KB

Download
memory/576-106-0x00000000003B0000-0x00000000003F9000-memory.dmp

Filesize
292KB

Download
memory/576-98-0x0000000001130000-0x0000000001343000-memory.dmp

Filesize
2.1MB

Download