b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2023, 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
Size

7.7MB
MD5

1dbceab4370d4d93e2c450595d8d4285
SHA1

206dd4f2104ff6320f258a92f01a0b67ca6bbda2
SHA256

b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91
SHA512

4a1243fe3a0ade224e91b215661c31fc1deadfc9492c1f266bf9242fa2ddb482d737f22281960639d1c1d61bf26690d4a94079c30cc5e80e0feb1e40b73e0f07
SSDEEP

196608:SmQOIrSQFHE0pFAHqoGv69hs+IIczZ8cH:SzS+HE8eH069hs+IlV

Score

8^/10

bootkit persistence upx

Malware Config

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000231f2-15.dat	acprotect
behavioral2/files/0x00070000000231f2-13.dat	acprotect
behavioral2/files/0x00070000000231f2-17.dat	acprotect
behavioral2/files/0x000c00000001ead0-72.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
3708	update.exe
2112	MiniThunderPlatform.exe

Loads dropped DLL 18 IoCs

pid	Process
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
3708	update.exe
3708	update.exe
3708	update.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe
2112	MiniThunderPlatform.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000231f2-15.dat	upx
behavioral2/files/0x00070000000231f2-13.dat	upx
behavioral2/files/0x00070000000231f2-17.dat	upx
behavioral2/memory/2520-18-0x0000000004750000-0x0000000004C32000-memory.dmp	upx
behavioral2/memory/2520-19-0x0000000004750000-0x0000000004C32000-memory.dmp	upx
behavioral2/memory/2520-59-0x0000000004750000-0x0000000004C32000-memory.dmp	upx
behavioral2/files/0x000c00000001ead0-72.dat	upx
behavioral2/memory/3708-75-0x0000000010000000-0x000000001009E000-memory.dmp	upx
behavioral2/memory/2520-134-0x0000000004750000-0x0000000004C32000-memory.dmp	upx
behavioral2/memory/3708-172-0x0000000010000000-0x000000001009E000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
File opened for modification	\??\PhysicalDrive0	MiniThunderPlatform.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
Token: SeDebugPrivilege	2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
Token: SeManageVolumePrivilege	2112	MiniThunderPlatform.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
3708	update.exe
3708	update.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 3708	2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe	89
PID 2520 wrote to memory of 3708	2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe	89
PID 2520 wrote to memory of 3708	2520	b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe	89
PID 3708 wrote to memory of 2112	3708	update.exe	90
PID 3708 wrote to memory of 2112	3708	update.exe	90
PID 3708 wrote to memory of 2112	3708	update.exe	90

C:\Users\Admin\AppData\Local\Temp\b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe
"C:\Users\Admin\AppData\Local\Temp\b56ab55d19032dd6ca3a3919aed402f038002fedefa0ea890194a3caf253fb91.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\update.exe
  C:\Users\Admin\AppData\Local\Temp/update.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Users\Admin\AppData\Local\Temp\XLDld\MiniThunderPlatform.exe
    "C:\Users\Admin\AppData\Local\Temp\XLDld\MiniThunderPlatform.exe" -StartTP
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of AdjustPrivilegeToken
    PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7-zip32.dll

Filesize
251KB

MD5
b47f35506e4c1a5f7da6b5f3fb3b735f

SHA1
085e3186754943f7627f9a8be80c06d81029581e

SHA256
8702364360f9070aeb7ce22b81ae02e558938d1e703a26245e2b0e0611b041e5

SHA512
755bc38fd198c295ece6f17621aa0ef2cc60418f8efe8476de307a1906df7f6835050ddc6757bc5f8448879778d04bfed785cd9a59e1ebf560133f8696dd27a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RegDm.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\ATL71.DLL

Filesize
87KB

MD5
79cb6457c81ada9eb7f2087ce799aaa7

SHA1
322ddde439d9254182f5945be8d97e9d897561ae

SHA256
a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a

SHA512
eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\MSVCP71.dll

Filesize
492KB

MD5
a94dc60a90efd7a35c36d971e3ee7470

SHA1
f936f612bc779e4ba067f77514b68c329180a380

SHA256
6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

SHA512
ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\MSVCR71.dll

Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\MiniThunderPlatform.exe

Filesize
258KB

MD5
20398e582f3f76eae6a0105ff4525a4f

SHA1
9c77f47f2d5fe7f518ac3c9b936718fbe9c59193

SHA256
372952c48f6472762809c5c3f1e813a384c5045bdb5968afad20506f8d11b22a

SHA512
aeecd0b61acbf367a52a577b926faa105f3f76b5128b278053b820d0915b94dcec6c7f886b5c84774e634bba7d8665f3525b3dbc56a1367044564c51baf15d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\MiniThunderPlatform.exe

Filesize
258KB

MD5
20398e582f3f76eae6a0105ff4525a4f

SHA1
9c77f47f2d5fe7f518ac3c9b936718fbe9c59193

SHA256
372952c48f6472762809c5c3f1e813a384c5045bdb5968afad20506f8d11b22a

SHA512
aeecd0b61acbf367a52a577b926faa105f3f76b5128b278053b820d0915b94dcec6c7f886b5c84774e634bba7d8665f3525b3dbc56a1367044564c51baf15d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\MiniThunderPlatform.exe

Filesize
258KB

MD5
20398e582f3f76eae6a0105ff4525a4f

SHA1
9c77f47f2d5fe7f518ac3c9b936718fbe9c59193

SHA256
372952c48f6472762809c5c3f1e813a384c5045bdb5968afad20506f8d11b22a

SHA512
aeecd0b61acbf367a52a577b926faa105f3f76b5128b278053b820d0915b94dcec6c7f886b5c84774e634bba7d8665f3525b3dbc56a1367044564c51baf15d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\XLBugHandler.dll

Filesize
98KB

MD5
92154e720998acb6fa0f7bad63309470

SHA1
385817793b9f894ca3dd3bac20b269652df6cbc6

SHA256
1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096

SHA512
37ba81f338af7de7ef2ac6bcf67b3aec96f9b748830ee3c0b152029871f7701e917b94a6b51acd7be6f8f02aea2b25f3b14ced1a218bf4868af04f5207bb5fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\XLBugHandler.dll

Filesize
98KB

MD5
92154e720998acb6fa0f7bad63309470

SHA1
385817793b9f894ca3dd3bac20b269652df6cbc6

SHA256
1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096

SHA512
37ba81f338af7de7ef2ac6bcf67b3aec96f9b748830ee3c0b152029871f7701e917b94a6b51acd7be6f8f02aea2b25f3b14ced1a218bf4868af04f5207bb5fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\XLBugReport.exe

Filesize
242KB

MD5
67c767470d0893c4a2e46be84c9afcbb

SHA1
00291089b13a93f82ee49a11156521f13ea605cd

SHA256
64f8d68cc1cfc5b9cc182df3becf704af93d0f1cc93ee59dbf682c75b6d4ffc0

SHA512
d5d3a96dec616b0ab0cd0586fa0cc5a10ba662e0d5e4de4d849ac62ca5d60ec133f54d109d1d130b5f99ae73e7abfb284ec7d5ba55dca1a4f354c6af73c00e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\atl71.dll

Filesize
87KB

MD5
79cb6457c81ada9eb7f2087ce799aaa7

SHA1
322ddde439d9254182f5945be8d97e9d897561ae

SHA256
a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a

SHA512
eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\dl_peer_id.dll

Filesize
89KB

MD5
dba9a19752b52943a0850a7e19ac600a

SHA1
3485ac30cd7340eccb0457bca37cf4a6dfda583d

SHA256
69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

SHA512
a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\dl_peer_id.dll

Filesize
89KB

MD5
dba9a19752b52943a0850a7e19ac600a

SHA1
3485ac30cd7340eccb0457bca37cf4a6dfda583d

SHA256
69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

SHA512
a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\dl_peer_id.dll

Filesize
89KB

MD5
dba9a19752b52943a0850a7e19ac600a

SHA1
3485ac30cd7340eccb0457bca37cf4a6dfda583d

SHA256
69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

SHA512
a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\download_engine.dll

Filesize
3.2MB

MD5
3c2b7b3ff7de18fe47a77b712ff00a00

SHA1
6d1768acfdee1efb942ef3c28934e127659125ef

SHA256
4360f3b0dc6ae9aa5b7fb6a6e170e09505bf01df3e42846f2e5270d186f9fa06

SHA512
6a795af49d14bcd8fb37a2d36788e226f0f4a040a46c7bbb683fc2b8f4eb18d60b992ea414a89f4ed8020c6b2235c1e490e2924b935e24649a81f890ae78cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\download_engine.dll

Filesize
3.2MB

MD5
3c2b7b3ff7de18fe47a77b712ff00a00

SHA1
6d1768acfdee1efb942ef3c28934e127659125ef

SHA256
4360f3b0dc6ae9aa5b7fb6a6e170e09505bf01df3e42846f2e5270d186f9fa06

SHA512
6a795af49d14bcd8fb37a2d36788e226f0f4a040a46c7bbb683fc2b8f4eb18d60b992ea414a89f4ed8020c6b2235c1e490e2924b935e24649a81f890ae78cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\download_engine.dll

Filesize
3.2MB

MD5
3c2b7b3ff7de18fe47a77b712ff00a00

SHA1
6d1768acfdee1efb942ef3c28934e127659125ef

SHA256
4360f3b0dc6ae9aa5b7fb6a6e170e09505bf01df3e42846f2e5270d186f9fa06

SHA512
6a795af49d14bcd8fb37a2d36788e226f0f4a040a46c7bbb683fc2b8f4eb18d60b992ea414a89f4ed8020c6b2235c1e490e2924b935e24649a81f890ae78cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\id.dat

Filesize
40B

MD5
925b251198f03d8b12e3661d79b2842e

SHA1
aec7c58d23b8ae797fcc5ecc1f08392daa91ec25

SHA256
67498eaa5a98715f3d6870c7d4c72bc85cd37f263abd13a5a9bffd137f67ab8d

SHA512
53a4b61169489f286542663b0941e05c2fa71110a7bb67ad8fb0d61e68985c8009c5cd51a3edb9d7402e9b76a8771c4c20ce9b9528e447f28715562003fdd935

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\msvcp71.dll

Filesize
492KB

MD5
a94dc60a90efd7a35c36d971e3ee7470

SHA1
f936f612bc779e4ba067f77514b68c329180a380

SHA256
6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

SHA512
ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\msvcr71.dll

Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\msvcr71.dll

Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\xldl.dll

Filesize
242KB

MD5
1aab854acc05b79d7b51422eca21f86f

SHA1
e3404521242311a5ac3dd2ae8e7f9d872753c1e5

SHA256
118c39db185d89a5e98c1fe204dddf0c8a2a7f012d88278e493621f07c2a5764

SHA512
1b5e36df1aba3742bfa6384ed7627505ea977e80307106b986a46a4882563a078fffe248285ebce4c1508abc9a16a8069038d4af41c19a8d24803f33108f9c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\xldl.dll

Filesize
242KB

MD5
1aab854acc05b79d7b51422eca21f86f

SHA1
e3404521242311a5ac3dd2ae8e7f9d872753c1e5

SHA256
118c39db185d89a5e98c1fe204dddf0c8a2a7f012d88278e493621f07c2a5764

SHA512
1b5e36df1aba3742bfa6384ed7627505ea977e80307106b986a46a4882563a078fffe248285ebce4c1508abc9a16a8069038d4af41c19a8d24803f33108f9c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\xldl.dll

Filesize
242KB

MD5
1aab854acc05b79d7b51422eca21f86f

SHA1
e3404521242311a5ac3dd2ae8e7f9d872753c1e5

SHA256
118c39db185d89a5e98c1fe204dddf0c8a2a7f012d88278e493621f07c2a5764

SHA512
1b5e36df1aba3742bfa6384ed7627505ea977e80307106b986a46a4882563a078fffe248285ebce4c1508abc9a16a8069038d4af41c19a8d24803f33108f9c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\zlib1.dll

Filesize
58KB

MD5
89f6488524eaa3e5a66c5f34f3b92405

SHA1
330f9f6da03ae96dfa77dd92aae9a294ead9c7f7

SHA256
bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56

SHA512
cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLDld\zlib1.dll

Filesize
58KB

MD5
89f6488524eaa3e5a66c5f34f3b92405

SHA1
330f9f6da03ae96dfa77dd92aae9a294ead9c7f7

SHA256
bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56

SHA512
cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
3.7MB

MD5
9fc92bbf7571c4bb87b66e2568020409

SHA1
6e4397a7b400300c290d02384aff0316abd05050

SHA256
ff02150249c62b8435421dd4a1a35c7c536eab2aba6c55a3b5d3e0eb22121f80

SHA512
5c255facff05b1c664125da3e40bc4d8f8f8089234cd8e96009f6d7fd75de8d9fb72b457fe03600f55b1ce4a7c5063a9f20ace76bda151f52fa2dc7951fc33ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
3.7MB

MD5
9fc92bbf7571c4bb87b66e2568020409

SHA1
6e4397a7b400300c290d02384aff0316abd05050

SHA256
ff02150249c62b8435421dd4a1a35c7c536eab2aba6c55a3b5d3e0eb22121f80

SHA512
5c255facff05b1c664125da3e40bc4d8f8f8089234cd8e96009f6d7fd75de8d9fb72b457fe03600f55b1ce4a7c5063a9f20ace76bda151f52fa2dc7951fc33ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
3.7MB

MD5
9fc92bbf7571c4bb87b66e2568020409

SHA1
6e4397a7b400300c290d02384aff0316abd05050

SHA256
ff02150249c62b8435421dd4a1a35c7c536eab2aba6c55a3b5d3e0eb22121f80

SHA512
5c255facff05b1c664125da3e40bc4d8f8f8089234cd8e96009f6d7fd75de8d9fb72b457fe03600f55b1ce4a7c5063a9f20ace76bda151f52fa2dc7951fc33ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\index.ini

Filesize
17B

MD5
af90c9fa7c6767323add9ceef7b4566f

SHA1
a4bd3b7abf93045ea6f86d71ad88bcf3ae1a8404

SHA256
836e1de99effd23aab2089c11ff1375184c6bed5cf223222a672429a51929b45

SHA512
31ecc7080084f6004ed88eaf3ee9f40629f4462aca9f61a02dd233d9c7460c3fe7bf2ee8260bf9cbad1e29b6531fa474cec1417340818d2f949bdae4c8d5d69a

Download Submit
C:\Users\Admin\AppData\Local\Temp\setting.ini

Filesize
42B

MD5
dd887a4fd2f82137c8cfb5f073c9ffdd

SHA1
89fa8a96c43c46297a96c51150c319bbd19b4161

SHA256
a8aee7569052cecea337e818ce079299aeb5a078311f571044c207abadbda6bd

SHA512
9782e71c896c84aa3b4f89b75e88c4199a176c9353ac16ed77864a9ebf5736b1fb60696dad7a64e58e9d997ea5f035e6c00a202ca088c1fb59c834be51ef9d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\update.exe

Filesize
2.6MB

MD5
1f32590806fce5e330e7868e1e757daf

SHA1
32572a29bccb9947785138d164890a63078677f0

SHA256
9146d06c13d5572c8780cd00ab20710dfa5e3c042c1796c1caff9948c1875fcf

SHA512
61312d10d1fd86233b70b231ecc29cad29016c62602911a17cb4885e90b8723eb9f3498a9f6455720f9c923b065bf9969e0892530354f123937f880b30307cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\update.exe

Filesize
2.6MB

MD5
1f32590806fce5e330e7868e1e757daf

SHA1
32572a29bccb9947785138d164890a63078677f0

SHA256
9146d06c13d5572c8780cd00ab20710dfa5e3c042c1796c1caff9948c1875fcf

SHA512
61312d10d1fd86233b70b231ecc29cad29016c62602911a17cb4885e90b8723eb9f3498a9f6455720f9c923b065bf9969e0892530354f123937f880b30307cac

Download Submit
C:\test_game\DmReg.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
C:\test_game\DmReg.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
C:\test_game\DmReg.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
memory/2112-148-0x00000000026A0000-0x00000000029DE000-memory.dmp

Filesize
3.2MB

Download
memory/2112-142-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2112-184-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2112-174-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2112-140-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2520-26-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-33-0x0000000002FF0000-0x0000000002FFF000-memory.dmp

Filesize
60KB

Download
memory/2520-95-0x00000000060A0000-0x00000000060A1000-memory.dmp

Filesize
4KB

Download
memory/2520-101-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-80-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-58-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2520-60-0x00000000778E3000-0x00000000778E4000-memory.dmp

Filesize
4KB

Download
memory/2520-57-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2520-56-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2520-55-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2520-54-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2520-53-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2520-39-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-23-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-38-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/2520-147-0x0000000005460000-0x0000000005D5A000-memory.dmp

Filesize
9.0MB

Download
memory/2520-27-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/2520-134-0x0000000004750000-0x0000000004C32000-memory.dmp

Filesize
4.9MB

Download
memory/2520-141-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-85-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-65-0x0000000004C40000-0x000000000545B000-memory.dmp

Filesize
8.1MB

Download
memory/2520-143-0x00000000778E2000-0x00000000778E3000-memory.dmp

Filesize
4KB

Download
memory/2520-88-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/2520-24-0x0000000002D50000-0x0000000002D66000-memory.dmp

Filesize
88KB

Download
memory/2520-37-0x00000000778E2000-0x00000000778E3000-memory.dmp

Filesize
4KB

Download
memory/2520-22-0x0000000002D70000-0x0000000002D72000-memory.dmp

Filesize
8KB

Download
memory/2520-59-0x0000000004750000-0x0000000004C32000-memory.dmp

Filesize
4.9MB

Download
memory/2520-21-0x0000000005460000-0x0000000005D5A000-memory.dmp

Filesize
9.0MB

Download
memory/2520-20-0x0000000004C40000-0x000000000545B000-memory.dmp

Filesize
8.1MB

Download
memory/2520-19-0x0000000004750000-0x0000000004C32000-memory.dmp

Filesize
4.9MB

Download
memory/2520-135-0x0000000005460000-0x0000000005D5A000-memory.dmp

Filesize
9.0MB

Download
memory/2520-132-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2520-18-0x0000000004750000-0x0000000004C32000-memory.dmp

Filesize
4.9MB

Download
memory/2520-12-0x00000000778E3000-0x00000000778E4000-memory.dmp

Filesize
4KB

Download
memory/2520-151-0x0000000002D50000-0x0000000002D66000-memory.dmp

Filesize
88KB

Download
memory/2520-10-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-11-0x00000000045E0000-0x00000000045E1000-memory.dmp

Filesize
4KB

Download
memory/2520-9-0x0000000077870000-0x0000000077A13000-memory.dmp

Filesize
1.6MB

Download
memory/2520-7-0x00000000778E2000-0x00000000778E3000-memory.dmp

Filesize
4KB

Download
memory/2520-150-0x00000000778E3000-0x00000000778E4000-memory.dmp

Filesize
4KB

Download
memory/2520-8-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/3708-172-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/3708-75-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/3708-117-0x0000000002490000-0x00000000024CD000-memory.dmp

Filesize
244KB

Download