c1f38c1db278fec87611b113569a8c68e38cb4eab8a47d3d0d1b845c6f300a2e

Resubmissions

27/06/2023, 18:12

230627-wtjhysfa73 7

27/06/2023, 18:03

230627-wndqhsfa64 7

27/06/2023, 17:58

230627-wj98xsfh3x 7

Analysis

max time kernel
113s
max time network
34s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
27/06/2023, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup PLAY 6 v6.1.9.exe
Size

169.8MB
MD5

538e486d41130db86ca64ce79204ec0f
SHA1

1ee0c2a2234fa1fc6320989286814df1bf7842b6
SHA256

c1f38c1db278fec87611b113569a8c68e38cb4eab8a47d3d0d1b845c6f300a2e
SHA512

bbd2ac4140f7767e74683d1b3c97c1a3e941297b267f14b27af27490a2ab6bb410fd16a924be8b0010d1d036468e27a36ff0f2dd61c687a982f7d7f8e45354e0
SSDEEP

3145728:BX/eF9C3O3I84fVoJpe/F/vvi+prTQPbs6i2SJJt8Ov:Fo6VoEF/va+prUPbs6iR2k

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1260	Setup PLAY 6 v6.1.9.tmp

Loads dropped DLL 12 IoCs

pid	Process
1696	Setup PLAY 6 v6.1.9.exe
1260	Setup PLAY 6 v6.1.9.tmp
1260	Setup PLAY 6 v6.1.9.tmp
1260	Setup PLAY 6 v6.1.9.tmp
1260	Setup PLAY 6 v6.1.9.tmp
1260	Setup PLAY 6 v6.1.9.tmp
1260	Setup PLAY 6 v6.1.9.tmp
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\East West\PLAY 6\Documentation\is-6NCNV.tmp	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\Common Files\VST3\East West\is-54CO9.tmp	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\East West\PLAY 6\unins000.dat	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\East West\PLAY 6\is-0UKGI.tmp	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\East West\PLAY 6\Documentation\is-T66JQ.tmp	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\East West\PLAY 6\Documentation\is-MAA6A.tmp	Setup PLAY 6 v6.1.9.tmp
File opened for modification	C:\Program Files\East West\PLAY 6\play_x64.exe	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\East West\PLAY 6\Documentation\is-HRKAI.tmp	Setup PLAY 6 v6.1.9.tmp
File created	C:\Program Files\East West\PLAY 6\is-H0UFS.tmp	Setup PLAY 6 v6.1.9.tmp
File opened for modification	C:\Program Files\East West\PLAY 6\unins000.dat	Setup PLAY 6 v6.1.9.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1260	Setup PLAY 6 v6.1.9.tmp
1260	Setup PLAY 6 v6.1.9.tmp

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1648	AUDIODG.EXE
Token: 33	1648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1648	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1260	Setup PLAY 6 v6.1.9.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1260	Setup PLAY 6 v6.1.9.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27
PID 1696 wrote to memory of 1260	1696	Setup PLAY 6 v6.1.9.exe	27

C:\Users\Admin\AppData\Local\Temp\Setup PLAY 6 v6.1.9.exe
"C:\Users\Admin\AppData\Local\Temp\Setup PLAY 6 v6.1.9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Users\Admin\AppData\Local\Temp\is-RFG5T.tmp\Setup PLAY 6 v6.1.9.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RFG5T.tmp\Setup PLAY 6 v6.1.9.tmp" /SL5="$70120,177582603,121344,C:\Users\Admin\AppData\Local\Temp\Setup PLAY 6 v6.1.9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1260

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1648

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Options_RunDLL 7
1⤵
PID:668

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Options_RunDLL 7
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-1RURR.tmp

Filesize
458B

MD5
04fd2a54a03d1476be39216b89fe3e2b

SHA1
650d828651cb8cca89117b68c7a20a7d67c7087b

SHA256
12bc1b36caff1b5de67b54dcd60b73c0802d914c00fdf02db8b4628670ce8268

SHA512
b2f706a5cc68322992719f063a46da28d13cb92972bcdf9e5ea3149ca426834bfb8a775bd120118650e92a762466dc870f4cb50e6701bc36025e72f4ac73d1dc

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-2QJ1C.tmp

Filesize
379B

MD5
54dca3d5326d220ecdcad05ddf216cd6

SHA1
eb7ec517e45e05c102dc83cec0e985b80d88ddac

SHA256
1d4e22280eb2a48ba415ab51196d2aef7f2879b93af010462122e25be6bbfede

SHA512
005b6bce02604f6ed5dc33e58cae022ed90fb53409a6b80349bb447d187477b2b1092c75f40b7656aea17a230d8866c7dfaace904e12b1928fa02385e65582cc

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-39GGV.tmp

Filesize
1KB

MD5
27d63dfc310ec9a95bcbe1bd86eacdc1

SHA1
6695321c656b8783fc7e0225186709589fc72f3c

SHA256
e096cecfc6b5bbccc4d26b761a2550105b1117a3d798bc72ce95ad67f9001b42

SHA512
d548461a17d9facc3d8aa4dc116d90d8729439ddacc0bf584ba6d7f2397970ed10ca4609105e8b076e914290ee4a62873aa693540efe0d6e8faef7efb512d357

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-3AJ4Q.tmp

Filesize
2KB

MD5
7ac973eec1200db94301a35465fb2a09

SHA1
56fcb731e8aea41b1bef338f84fd89d955cd098a

SHA256
31ea03c6f9cdf9355d746abb8e53dba5c62d885280f80f5caf2e6aadb78b9fa1

SHA512
6f1e718528446e048b68883c1a7685472e0d57fd6d99669ad5ac0fce7be3d22134a6f4bf031d6fa3117630523a639ffba414ec8e12fb0713e020a13b77b7f43a

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-42AEP.tmp

Filesize
262B

MD5
afad24f3b437b505431b38d8b4eb5cfc

SHA1
2186e4ebeb99464f5266ca15afa15486581fef04

SHA256
8980e4cd091014f31ddbe888e9dce82c8fccf66a86ca7aedbb940214a5939357

SHA512
506b8d4cfe3841a4a0f6704f0fe75abf679c3ad5b48a250277ebe339fad37c8b7a70438df4083d9a16f23f77427bf93b0a61e762092c45d8d85c89d703f72a2e

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-5953V.tmp

Filesize
540B

MD5
3b2d3269c7aa2d7d62a03c766b90027d

SHA1
3872f5a9c5f2ae28fdf41f6b194c586921b1214d

SHA256
baf89355771b249f47062518ee251486576e860740d47b99abf042472a78a1ba

SHA512
9b078d3ea60daf5d73d5bba24fd7667583a964278871a0315fc1b17f36a18103d375d5a1e021fe4d48a8ed66cac0904edfb3ce8e4ce74872e84ad735b7b52653

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-69MDP.tmp

Filesize
480B

MD5
8d14120038e876663a1ffcb1db2c7d8f

SHA1
317da420850eb03ea80ef03ed08ebee78ce05ae1

SHA256
0b7935239a52d965491a6cea950478998a6282c214d1f3fa413035fe4324a17c

SHA512
b60884d42cc595dd46035ea20074d819d32e12c55d0560826bd179c48d526349b79914fc338d199012f5b1ab4a496b8d407786b95f420337e180f22b89c25953

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-6I6G2.tmp

Filesize
801B

MD5
f131d93a494e949a761910bcb3fb2934

SHA1
a607924f6e3098401c442dd5afa0278d5f64b869

SHA256
9d6ef14baef7ae3744a0a273879ecaf2394e596c6ca46a9cac1c07b9c6a712f2

SHA512
3010d94754c9dea17f0fe9c5a3e342c4c3a8cafab0faf3ed5e2c5ff487004c1570a1e11e3527cc246c35230323c9bcdce0219832fd271bbb6b3c4ef600a82dbd

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-6PTAN.tmp

Filesize
553B

MD5
4301f68cd50ca0d100ca2c14abdbc2e4

SHA1
67b26682b20889131c98d4c8e0f66de1510baa85

SHA256
aa25e0ef32fba0db382a196c7cb815d2f758b6ad5958e3f45c6def1b307b862f

SHA512
08a882c1d3007a26ded77b5f9e7fa2d993e783afac13961a526f7966749855a961cac6a34c85a5696ba66f2a56bb2b2c4e85c0a17b7de85f521c710a4ba1a541

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-90NOA.tmp

Filesize
446B

MD5
4b9d4ce9f3e5871beee1cd90b8604ee6

SHA1
22d72f462814d9156aed157a74db429e9b0ae048

SHA256
aceb30cdc6b4193ca671c843e134bb3aaa060ff943fdf4a25bcbea2afd3e2eed

SHA512
d19794fde8bee6a79be79dd6b13fbbffcddb19a8f020c86ff740bc0dc3534fbef513b21fd38a198235b8a9a570e3508e1d93a7ad4d8b66b8d39bcb1588cab01e

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-AFJDF.tmp

Filesize
392B

MD5
7ae8fd9de2ed3ab5563652d00dbf1062

SHA1
f11bef61bf9cb4a0b0e84bd1f8d8774ed9fbe8e2

SHA256
f61e31393623519feabef336bc621c69e25482935066266dc513dcc84a67c55d

SHA512
62ad9e23bf60a6074fc94e7883e97a205b5b7daa7806ef3a531f82c0b5cd4eb0a958370291969aacb6539448b2540581261710ce80d1eb29a44ad7fe90fa27ce

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-DGSC4.tmp

Filesize
509B

MD5
f4538ffaa1fc78a2fdc291f3187a06f2

SHA1
f7bb68e9428ecf540a7d46b2c9c06bd0ecb236c3

SHA256
1934daaef6512238d15180f39e11ae423459e4d82eb402afd7613a17ecf32cb8

SHA512
8e68be2d1c14327498e015e6c733d05a06b07a10e9eecc53a654c27711cbcc41d737059a16fe7da1de2f8f7c5d9a56cd58779f1865162cfb6534b0c8bae46198

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-DQTUB.tmp

Filesize
503B

MD5
36fd63a2d80ccfa7a2e39552a5f156c2

SHA1
7b18fae61ddd36cfcbb11911ee8715d5c3bdcd59

SHA256
32313e9320238380ad142d01df262d6380e5bbfbc535a3750f6d0f85f47100af

SHA512
8fec99a9e2ca866eaed8c79faaf4f284da9ad97721a8916392c95ad9df470a495f296894d4bad2b3fa2625d0c092fb74d4520840c341dc5eb7ca2ae7f26377e3

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-F9VK1.tmp

Filesize
594B

MD5
c07434896228723e0a8bde933ad738d4

SHA1
a74c1f0dc664a76c5fb8070392b0f56ce4a5bf31

SHA256
85297856cc5e8ddccfcb491b0a1bfdaffe211b7ee5b0a0162dbf0707c157f9b5

SHA512
217960de42e837ee309d6ca16e528aa548e7ccdcc6bc16309952640f4c7218f5f702d92c960f4b2af0337c6d420cb121e7120f1ef4a7a597d3099d5fe7106369

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-FMLPE.tmp

Filesize
499B

MD5
5eb161bffecd6451e34ee8d6312bec1f

SHA1
41438aa0251b9b6053dcc3fad6218e2f284ead94

SHA256
5027868b125b8ce89bdd525cfb125e58b48fd6014667843cbcc21179f9d01998

SHA512
76be0ef0802deb38a396fe717e35879bd025ef29bc0359d518fe07045e9e380a6a20e89d4778f65b9d3d2e88abf4433a5f04c618074d6dff57e3e7e939415354

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-GOGH1.tmp

Filesize
525B

MD5
34ec3fe5984cbc2b029084417b586aa3

SHA1
2d123655389c9a9487eb44a600361f9a1fa9ccf3

SHA256
6b63a29b3c92bd0a9b5c55501c74b76246116fa65d1e4373449bf476803f2c75

SHA512
65d55361ff738fe4af40b2c3805b2ee3c082859ac6706e9e2cc722e956e83551ce3069ce7349256909a648daa3adf0d7ec33ddf790a5420872ec4ac0df323aba

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-I5RIR.tmp

Filesize
385B

MD5
bdb19a9e0fc0191e41df88f85a008c19

SHA1
df576d634c489b586e0c045704fe7e189cce7a7c

SHA256
ee2db974af36eacbd4205cce2f8959b755e12c136913704ad4e40f902a31592a

SHA512
bbb5616fcce5341cf411238360d90b768c0e36d27762cb9e27a52b2ea57a383a0fb3afc0ae0bbeaf69dc9c69d24d539ce42de101193eb79d020144d75028373a

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-IMBL6.tmp

Filesize
532B

MD5
998e8b15a236180f59308556d05c282d

SHA1
fbc43901268f550808565723d8d5414085d9abd8

SHA256
d8056f9eff96dbab284630ec42f5ebca075b5293a594b9dbcd0aaa4bac896e48

SHA512
4b1fd0898377974cddcb5dca70ac085a542fec46f383cef8636124d965c02e48c1cc2901a3c1cd1aab6b3f06c4035eb576d74dfb1cc5dcf3f95495c296471b75

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-KGOHM.tmp

Filesize
636B

MD5
2769330377718ebbbc6632edef221eac

SHA1
fb43072f481dd3bbf834ed708a4a17957fdf3a47

SHA256
2f31eb62c20aea5c8b9b2c1f2c7a7899f2cee10724d01ae1a3854fb6205d9ab2

SHA512
3239ba17413132686b584d0bbb0a3f0e60c07034d585fb97757202b83d7d4075db8fd42a9d58eba8b14ec66758d794230041b9257ddee6b213a5066d644944d8

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-MUGA5.tmp

Filesize
450B

MD5
6d03b0cb2469d85eccc6d952c1ed0343

SHA1
dce7f2cd943414371d4962c4d22f67d08f64dcd1

SHA256
9f4c1ff9fb5d47af7ecf69883fc1af92e07b8d897b00a1c3191e965363978dba

SHA512
bb4ce0d58d3a67d3f311b2ad03cd66d4cac3f87c39c810b29a318c8795da76c39244b230cabf467ecc218ef584a06949d9e39cb4d006004739431ec25175d5ea

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-NEPR9.tmp

Filesize
356B

MD5
51b646ff12d83707a2bd48342e7b26f6

SHA1
d3e10e890122e661f9b10b5658a96cfb2b7ae4c5

SHA256
13c32e721b926553c41e00c1e87e2cdf43b36e300476c43edfbc3c59dbfadd89

SHA512
9fea02bed415a2ef32794983890119bbe536b3c3968051b9fc8963c2b2738472e16c71299fea32633f653aa313c0552e87bde5eb30d3977934470e863dbef1e1

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-NTBV2.tmp

Filesize
878B

MD5
532faba8ad0fc0ddfc366cc5e38c99de

SHA1
8b90aee35c0cc671f2f2b150b1cb62b1e49011de

SHA256
b4255e8be498ce6c59cc4ed7b69716cf30c332fcbb4c91d17f4afb0f0ae601aa

SHA512
4d8a235a6b74a2505c54ac3878da40370ef68889f97015bb585c974331fda9886273b9d50b9c96afe5da70d198c7e32057c8de45db1d22d0c58780bf0212109f

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-O4I08.tmp

Filesize
487B

MD5
c2ba2682e12412b1c44ce98bcb5933cb

SHA1
d41607894d33ee2b252aa79ee368b8ec76e64db5

SHA256
e6a785309062d9a0215914c005faa3b377b61027de8d86303babb1641cd4d83c

SHA512
d63dbfca5c2aec6ee162cd340dbc399300252a4905fc2eb657b017e983a3caa8343a185fa7458819a951d29dff2b12e5fdbd16efeacad0f827204e95dcbe9b0a

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-Q1R2V.tmp

Filesize
662B

MD5
9c9bf644dfe788a3dd46d90fb92d8047

SHA1
71ea1aee25e044dcd3b3b6da32e1abffed2a21b1

SHA256
3ff32e5a383c3056ac818efe9b757a93a98c0fb239772002f9731fccca2aebf9

SHA512
f2c0f40772d8d6d1602f9cb35e7b79d9b3213aa6173dca6daaeddbb82cf3c77cdd58a145058f5a34f2c92d16de69e55d981fa381919bd5b9d7427f509aa1b605

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-Q206T.tmp

Filesize
449B

MD5
468de8def8a7ccce899fb768b7f68277

SHA1
c49b200a6fbd78a93ba085f128571d52cca0becd

SHA256
074a1c3bdca43b4676d388d52109bb756024b022ac69d1934cc6f02cbff82184

SHA512
40ad8bfb270dc8cf5a0186f8a21f0a519910e968d9f96b7c8e2842120913bc3b0751f8a858d4fd0c9e5a0071e0e530f78ef55a08780ae23907bd2ce109e69189

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-Q84DD.tmp

Filesize
537B

MD5
703dcb72fb170fc1a05222ecda2500bc

SHA1
fa9abbbb476bcfccb0c5f14ddee53439e7366f4f

SHA256
7b29a770e05170b1ff0dc84f28e86199b0bcd10b22d68fafc046dcc657852652

SHA512
a622db8495c0c8bf05028d4dc0dd569cf9794e93a53ad678512c54a4e1c53703961a2290e5eb3a862c5492ec8d5e00d5142bc44c9712475d0f6f8b6d6d1ceb38

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-QBAMN.tmp

Filesize
442B

MD5
2637d347a2c9efc6a03164af53a59227

SHA1
11e8ee5c8ce805390f3778a9657378aee4ccf09e

SHA256
1be01f672c4572bbede17988cc991be25d85c405761ec424fb77ccdc366b2cee

SHA512
775bf9d6115321b911ed97f8461ce2fd45552de7c74bf3f271e653a57d495304b8f0598d12de9129f783e35330ba6aec1ca3f76930cba74d9318765f3253c23e

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-QH40K.tmp

Filesize
479B

MD5
82da96a2c7e47c6cb027a2038d963aff

SHA1
9a5170be5949a7b23cf63aeb712175a361aca063

SHA256
99ce36851ebcf50f756eba440871a07bffd55debf4f35ebb76243387dc6c00de

SHA512
aa588dfdea756dd6078ad254be76b21a4c2143a80239146426ae2ecca66284246061ed57a7e283ceab4cf8501d48a0e38c6c3ef647daff5dbbe40bfc713e7a2b

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-RN0QK.tmp

Filesize
341B

MD5
487c3e95096360c95259723ee6a3827f

SHA1
239eb328a4fc5862aaf37d8b5b49b44fefe83410

SHA256
833f334ff4a5faa17ac1916f3f598b003ee0277b019a2354a9e8df9a5d5a17c8

SHA512
8f06b420c292186736dcdf4fd70cbdd6b7c1dec8c2bc983c219afbb68d08c8fee49ec41cf058758a8c97f8300e908bfde68b46fbbec774879a809d6897833500

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-TCSCQ.tmp

Filesize
707B

MD5
8909a42e3840d7c24cb5a0ea3d9be97a

SHA1
eebb27c8ee71e83740f94a95bb789b5f033a6272

SHA256
440e68913e43f0d37584dd9663c9ec2ba382acc105da5cae92062d8013763709

SHA512
aad82c64172deeca6c6836048575bff2baab322529ed3ef46bdd114093d2e00f627ea7dc5034435c7ea0250ab8e4f396fdfe9828e668f57b0bd7a420afd2b470

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-TUQDF.tmp

Filesize
451B

MD5
ec8989a98ba1991a8a6d15a82e81581a

SHA1
b25becb805017e8dd6e87bc2c2e01f42b2b5d622

SHA256
18e8b48c2421659b5ff9f2ac36323e4e29bae2e946738eca4ba5fe3c52076559

SHA512
ae1e63ea90de411a7405686dff80496d8da9ebbad3c94062773bc01b4d8ffd7ecafff7d56eab2b5fc384cd95a32734ba0ddec75387bf7c020fd77b51eaf733ae

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-U4755.tmp

Filesize
523B

MD5
cefd6c043617f894142944cd7eec6180

SHA1
4571f3a6f39b8f30afdcf3c886be2df81400bd90

SHA256
a7c32703132121aae3bb2588fa2fb88052f07a94da5efebd5b39e6a1426ad40e

SHA512
2a53cf9d91c4e7c05dd80ceb0bbfe0f1c2f40c47319148a8ef07aaa9c211e0959622a37aca2be366b0089a3596761df9ac92978b648ebfa17db8e59f0a703f12

Download Submit
C:\ProgramData\East West\WordBuilder\Phrases\English Phrases\is-UMV8P.tmp

Filesize
481B

MD5
db4f73d6060c14204af082871b6d9c93

SHA1
14237ae9b12b15aa86218d8b70e344aec7a3b2eb

SHA256
b081e426fbc20b59e7e9bf648afe51afc4cc163cc3cd90445a1f6021c031f186

SHA512
0a8a150c4bcd8ae56ac100ca72e821a208a985a2b762c5449e4e335f234f0afddc4a3fbe540f9469ca971e1daa8c27a1eb0a3838bd0ec8017a4107a99ecd544e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RFG5T.tmp\Setup PLAY 6 v6.1.9.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RFG5T.tmp\Setup PLAY 6 v6.1.9.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\play_x64.exe

Filesize
45.1MB

MD5
0002fc4edf5020c817e8ca6ac35b7415

SHA1
e0bd6c98be447909984a3473b3e17fbfade0e890

SHA256
f62ab001949e24de69c53cefdda30b8df6b6521129b206934422578cb1614f45

SHA512
7419813ea75ed31a482c90ced55b53ebf7352224e77058d3458889e0961be3b33c1ac27d030e813207ef19405b892d9f2d22ee18e613496b53dd7b097599b021

Download Submit
\Program Files\East West\PLAY 6\unins000.exe

Filesize
1.2MB

MD5
5606bd4891eaa813be691e664df612fa

SHA1
203360fdbd6b8226c0aa6b5fa7a3948e6a180af7

SHA256
28dc2b36c083238e2eb99beb96f19cadf79559fc99435a67203ea724a06b2e53

SHA512
4f3cd56e197db261f03154d6ee5af789041a27465b75939c75205af8d7c74be6d7a389dfaf75ebf972624cd55c956c6035fdeb0e71c1a8b0b2114e7de81ec9ac

Download Submit
\Users\Admin\AppData\Local\Temp\is-4IIE7.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-4IIE7.tmp\R2RINNO.dll

Filesize
4KB

MD5
fe369a9470426cf1570198224f8922b0

SHA1
82cf9e81262feaa0648b20c90c88b53c9d1e9e01

SHA256
75e01c305e8e28eea25dea2b4b83c3d230ee6ec4ae4fe017bc7b52292e27b961

SHA512
fb31b0a0dd982f1e25f68027ae39ab2eeaeb53d570b0f60204fa058d356773c70d56fa420c12a4ee8cfaf6040be320304e16f6a8343b4b70ae231dbb3291570f

Download Submit
\Users\Admin\AppData\Local\Temp\is-4IIE7.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
\Users\Admin\AppData\Local\Temp\is-RFG5T.tmp\Setup PLAY 6 v6.1.9.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/1260-94-0x00000000768F0000-0x0000000076947000-memory.dmp

Filesize
348KB

Download
memory/1260-106-0x0000000075650000-0x00000000757ED000-memory.dmp

Filesize
1.6MB

Download
memory/1260-119-0x00000000744A0000-0x000000007452C000-memory.dmp

Filesize
560KB

Download
memory/1260-120-0x0000000074460000-0x0000000074492000-memory.dmp

Filesize
200KB

Download
memory/1260-121-0x00000000743E0000-0x0000000074419000-memory.dmp

Filesize
228KB

Download
memory/1260-122-0x00000000742E0000-0x00000000743D5000-memory.dmp

Filesize
980KB

Download
memory/1260-123-0x0000000075650000-0x00000000757ED000-memory.dmp

Filesize
1.6MB

Download
memory/1260-124-0x00000000768B0000-0x00000000768D7000-memory.dmp

Filesize
156KB

Download
memory/1260-125-0x00000000020B0000-0x0000000002111000-memory.dmp

Filesize
388KB

Download
memory/1260-126-0x0000000076A20000-0x0000000076AC0000-memory.dmp

Filesize
640KB

Download
memory/1260-127-0x0000000074760000-0x0000000074769000-memory.dmp

Filesize
36KB

Download
memory/1260-128-0x0000000074740000-0x0000000074752000-memory.dmp

Filesize
72KB

Download
memory/1260-129-0x0000000074870000-0x0000000074A0E000-memory.dmp

Filesize
1.6MB

Download
memory/1260-130-0x00000000768F0000-0x0000000076947000-memory.dmp

Filesize
348KB

Download
memory/1260-132-0x00000000755C0000-0x0000000075643000-memory.dmp

Filesize
524KB

Download
memory/1260-133-0x00000000744A0000-0x000000007452C000-memory.dmp

Filesize
560KB

Download
memory/1260-134-0x0000000074460000-0x0000000074492000-memory.dmp

Filesize
200KB

Download
memory/1260-135-0x00000000743E0000-0x0000000074419000-memory.dmp

Filesize
228KB

Download
memory/1260-136-0x00000000742E0000-0x00000000743D5000-memory.dmp

Filesize
980KB

Download
memory/1260-137-0x0000000075650000-0x00000000757ED000-memory.dmp

Filesize
1.6MB

Download
memory/1260-332-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1260-117-0x00000000747D0000-0x00000000747E3000-memory.dmp

Filesize
76KB

Download
memory/1260-115-0x00000000769A0000-0x0000000076A1B000-memory.dmp

Filesize
492KB

Download
memory/1260-114-0x00000000768F0000-0x0000000076947000-memory.dmp

Filesize
348KB

Download
memory/1260-113-0x0000000074870000-0x0000000074A0E000-memory.dmp

Filesize
1.6MB

Download
memory/1260-112-0x0000000074740000-0x0000000074752000-memory.dmp

Filesize
72KB

Download
memory/1260-111-0x0000000076CA0000-0x0000000076D3D000-memory.dmp

Filesize
628KB

Download
memory/1260-110-0x0000000076A20000-0x0000000076AC0000-memory.dmp

Filesize
640KB

Download
memory/1260-107-0x0000000074250000-0x0000000074286000-memory.dmp

Filesize
216KB

Download
memory/1260-109-0x0000000075450000-0x00000000754DF000-memory.dmp

Filesize
572KB

Download
memory/1260-108-0x00000000020B0000-0x0000000002111000-memory.dmp

Filesize
388KB

Download
memory/1260-118-0x00000000755C0000-0x0000000075643000-memory.dmp

Filesize
524KB

Download
memory/1260-105-0x00000000742E0000-0x00000000743D5000-memory.dmp

Filesize
980KB

Download
memory/1260-104-0x00000000743E0000-0x0000000074419000-memory.dmp

Filesize
228KB

Download
memory/1260-103-0x0000000074460000-0x0000000074492000-memory.dmp

Filesize
200KB

Download
memory/1260-102-0x0000000074530000-0x000000007464F000-memory.dmp

Filesize
1.1MB

Download
memory/1260-101-0x0000000074690000-0x00000000746A7000-memory.dmp

Filesize
92KB

Download
memory/1260-100-0x00000000746B0000-0x00000000746E8000-memory.dmp

Filesize
224KB

Download
memory/1260-99-0x00000000755C0000-0x0000000075643000-memory.dmp

Filesize
524KB

Download
memory/1260-95-0x00000000759C0000-0x000000007660A000-memory.dmp

Filesize
12.3MB

Download
memory/1260-96-0x00000000769A0000-0x0000000076A1B000-memory.dmp

Filesize
492KB

Download
memory/1260-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1260-93-0x0000000074870000-0x0000000074A0E000-memory.dmp

Filesize
1.6MB

Download
memory/1260-92-0x0000000074760000-0x0000000074769000-memory.dmp

Filesize
36KB

Download
memory/1260-91-0x0000000076A20000-0x0000000076AC0000-memory.dmp

Filesize
640KB

Download
memory/1260-90-0x0000000076610000-0x000000007676C000-memory.dmp

Filesize
1.4MB

Download
memory/1260-89-0x0000000075450000-0x00000000754DF000-memory.dmp

Filesize
572KB

Download
memory/1260-88-0x00000000020B0000-0x0000000002111000-memory.dmp

Filesize
388KB

Download
memory/1260-87-0x0000000075650000-0x00000000757ED000-memory.dmp

Filesize
1.6MB

Download
memory/1260-86-0x00000000742E0000-0x00000000743D5000-memory.dmp

Filesize
980KB

Download
memory/1260-85-0x0000000074460000-0x0000000074492000-memory.dmp

Filesize
200KB

Download
memory/1260-84-0x0000000074C30000-0x0000000074C5A000-memory.dmp

Filesize
168KB

Download
memory/1260-83-0x00000000744A0000-0x000000007452C000-memory.dmp

Filesize
560KB

Download
memory/1260-82-0x0000000074530000-0x000000007464F000-memory.dmp

Filesize
1.1MB

Download
memory/1260-81-0x00000000746B0000-0x00000000746E8000-memory.dmp

Filesize
224KB

Download
memory/1260-80-0x00000000759C0000-0x000000007660A000-memory.dmp

Filesize
12.3MB

Download
memory/1260-79-0x00000000768F0000-0x0000000076947000-memory.dmp

Filesize
348KB

Download
memory/1260-78-0x0000000076CA0000-0x0000000076D3D000-memory.dmp

Filesize
628KB

Download
memory/1260-77-0x0000000076A20000-0x0000000076AC0000-memory.dmp

Filesize
640KB

Download
memory/1260-76-0x0000000076610000-0x000000007676C000-memory.dmp

Filesize
1.4MB

Download
memory/1260-75-0x0000000075450000-0x00000000754DF000-memory.dmp

Filesize
572KB

Download
memory/1260-71-0x00000000020B0000-0x0000000002111000-memory.dmp

Filesize
388KB

Download
memory/1260-68-0x00000000020B0000-0x0000000002111000-memory.dmp

Filesize
388KB

Download
memory/1696-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download