d1f16e5ca25aed157c5b2897a3cdcf60416eda1bdef6f7769cc3d76575e64c04

Analysis

max time kernel
363s
max time network
401s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GMStudio-Installer-1.4.1763.exe
Size

114.8MB
MD5

3b426c69ebe375d31365fbb60b05ac17
SHA1

57390e662c72ecf76292d0e71a109934ec046fee
SHA256

d1f16e5ca25aed157c5b2897a3cdcf60416eda1bdef6f7769cc3d76575e64c04
SHA512

341fd35a4fa47ed31cb5998e27eced4e0ec107c72e8c0139f5f1d0523c5573021cdeb2869bd81c1c7b8568f9261009e8ac2d654ed5e64191771ca450618ca353
SSDEEP

3145728:U7v9Yo2MjcOcmlLnDndMzkd/J4h6Fe391FYpsxppd8w7cahrx:UiDMAOLdndMrw291j4EcahN

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
2916	GameMaker_Player.exe
1204	vcredist_x86.exe
2372	vcredist_x86.exe
2956	dxwebsetup.exe
2992	dxwsetup.exe
2852	GameMakerPlayer.exe
2908	GameMaker-Studio.exe
2188	GameMaker-Studio.exe
2104	5piceIDE.exe

Loads dropped DLL 61 IoCs

pid	Process
2940	GMStudio-Installer-1.4.1763.exe
2940	GMStudio-Installer-1.4.1763.exe
2192	cmd.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
1204	vcredist_x86.exe
2372	vcredist_x86.exe
2916	GameMaker_Player.exe
2956	dxwebsetup.exe
2956	dxwebsetup.exe
2956	dxwebsetup.exe
2956	dxwebsetup.exe
2992	dxwsetup.exe
2992	dxwsetup.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2916	GameMaker_Player.exe
2940	GMStudio-Installer-1.4.1763.exe
2940	GMStudio-Installer-1.4.1763.exe
2940	GMStudio-Installer-1.4.1763.exe
2908	GameMaker-Studio.exe
2908	GameMaker-Studio.exe
2908	GameMaker-Studio.exe
2908	GameMaker-Studio.exe
2908	GameMaker-Studio.exe
2908	GameMaker-Studio.exe
2908	GameMaker-Studio.exe
2188	GameMaker-Studio.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} = "\"C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_x86_20231103165758.log\" /quiet /norestart ignored /burn.runonce"	vcredist_x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	dxwebsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	dxwsetup.exe
File opened (read-only)	\??\S:	dxwsetup.exe
File opened (read-only)	\??\T:	dxwsetup.exe
File opened (read-only)	\??\R:	dxwsetup.exe
File opened (read-only)	\??\W:	dxwsetup.exe
File opened (read-only)	\??\Z:	dxwsetup.exe
File opened (read-only)	\??\E:	dxwsetup.exe
File opened (read-only)	\??\G:	dxwsetup.exe
File opened (read-only)	\??\J:	dxwsetup.exe
File opened (read-only)	\??\M:	dxwsetup.exe
File opened (read-only)	\??\P:	dxwsetup.exe
File opened (read-only)	\??\Q:	dxwsetup.exe
File opened (read-only)	\??\U:	dxwsetup.exe
File opened (read-only)	\??\A:	dxwsetup.exe
File opened (read-only)	\??\B:	dxwsetup.exe
File opened (read-only)	\??\K:	dxwsetup.exe
File opened (read-only)	\??\O:	dxwsetup.exe
File opened (read-only)	\??\V:	dxwsetup.exe
File opened (read-only)	\??\X:	dxwsetup.exe
File opened (read-only)	\??\Y:	dxwsetup.exe
File opened (read-only)	\??\H:	dxwsetup.exe
File opened (read-only)	\??\L:	dxwsetup.exe
File opened (read-only)	\??\N:	dxwsetup.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\directx\websetup\dsetup32.dll	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\DirectX\WebSetup	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\DirectX\WebSetup\filelist.dat	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\SETD3C3.tmp	dxwsetup.exe
File created	C:\Windows\SysWOW64\directx\websetup\SETD3C3.tmp	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\dsetup.dll	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\SETD3D4.tmp	dxwsetup.exe
File created	C:\Windows\SysWOW64\directx\websetup\SETD3D4.tmp	dxwsetup.exe

Drops file in Windows directory 48 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msdownld.tmp\AS781009.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7824FF.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS782B94.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77FB80.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7809E1.tmp	dxwsetup.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	GameMaker-Studio.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	GameMaker-Studio.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77F548.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7841D2.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS78471F.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7865A7.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS782B94.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS78471F.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7865A7.tmp	dxwsetup.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\msdownld.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS7809E1.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS781009.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS7824FF.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\security\logs\scecomp.log	dxwsetup.exe
File opened for modification	C:\Windows\Logs\DirectX.log	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77FB80.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7824FF.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7841D2.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS78471F.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS7841D2.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS785FFC.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS7865A7.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77DA4A.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77DA4A.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77E9C4.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77F548.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS7809E1.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	GameMaker-Studio.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	GameMaker-Studio.exe
File opened for modification	C:\Windows\WindowsUpdate.log	vcredist_x86.exe
File created	C:\Windows\msdownld.tmp\AS77DA4A.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77E9C4.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77E9C4.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS782B94.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77F548.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77FB80.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS781009.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS785FFC.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS785FFC.tmp	dxwsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 9 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016cde-12.dat	nsis_installer_2
behavioral1/files/0x0006000000016d2e-23.dat	nsis_installer_1
behavioral1/files/0x0006000000016d2e-23.dat	nsis_installer_2
behavioral1/files/0x0006000000016d2e-22.dat	nsis_installer_1
behavioral1/files/0x0006000000016d2e-22.dat	nsis_installer_2
behavioral1/files/0x0006000000016d2e-24.dat	nsis_installer_1
behavioral1/files/0x0006000000016d2e-24.dat	nsis_installer_2
behavioral1/files/0x0005000000019329-174.dat	nsis_installer_1
behavioral1/files/0x0005000000019329-174.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	5piceIDE.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	5piceIDE.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	GameMaker-Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	GameMaker-Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	5piceIDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\5piceIDE.exe = "8888"	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	GameMaker-Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	5piceIDE.exe

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe

Modifies registry class 50 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\ = "URL:GMPlayer Protocol"	GameMaker_Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmxfile	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\.gmz	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\DefaultIcon\ = "GameMakerPlayer.exe,1"	GameMaker_Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\URL Protocol	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell\open\command	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmzfile\Shell	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmz\ = "gmzfile"	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmxfile\Shell\open\command	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmx	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell\open	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmx\ = "gmxfile"	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell\open	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\shell	GameMaker_Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\shell\open\command\ = "\"C:\\Users\\Admin\\GameMakerPlayer\\GameMakerPlayer.exe\" \"%1\""	GameMaker_Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\DefaultIcon\ = "C:\\Users\\Admin\\GameMaker-Studio 1.4\\GameMaker-Studio.exe,1"	GameMaker-Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmzfile\Shell\open\command	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\ = "GameMaker File"	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmxfile\ = "GameMaker File"	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell\open	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmxfile\Shell	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmzfile\Shell\open	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer	GameMaker_Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\ = "URL:GameMakerStudio Protocol"	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell\open\command\ = "\"C:\\Users\\Admin\\GameMaker-Studio 1.4\\GameMaker-Studio.exe\" \"%1\""	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell\open\command	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmzfile	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmzfile\ = "GameMaker File"	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmz	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell\open\command	GameMaker-Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmxfile\Shell\open	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\URL Protocol	GameMaker_Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\shell\open\command	GameMaker_Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\.gmx\ = "gmxfile"	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\.gmz\ = "gmzfile"	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmzfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\DefaultIcon	GameMaker_Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\DefaultIcon	GameMaker-Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\.gmx	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000_CLASSES\gmxfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmplayer\shell\open	GameMaker_Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\ = "GameMaker File"	5piceIDE.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d461d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67080b00000001000000140000005500530045005200540072007500730074000000140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d8090000000100000016000000301406082b0601050507030306082b060105050703080f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	GameMaker-Studio.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2908	GameMaker-Studio.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2916	GameMaker_Player.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeBackupPrivilege	656	vssvc.exe
Token: SeRestorePrivilege	656	vssvc.exe
Token: SeAuditPrivilege	656	vssvc.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2984	DrvInst.exe
Token: SeLoadDriverPrivilege	2984	DrvInst.exe
Token: SeLoadDriverPrivilege	2984	DrvInst.exe
Token: SeLoadDriverPrivilege	2984	DrvInst.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeRestorePrivilege	2992	dxwsetup.exe
Token: SeDebugPrivilege	2908	GameMaker-Studio.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2188	GameMaker-Studio.exe
2188	GameMaker-Studio.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2188	GameMaker-Studio.exe
2188	GameMaker-Studio.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2188	GameMaker-Studio.exe
2188	GameMaker-Studio.exe
2188	GameMaker-Studio.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2104	5piceIDE.exe
2188	GameMaker-Studio.exe
2188	GameMaker-Studio.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2192	2940	GMStudio-Installer-1.4.1763.exe	29
PID 2940 wrote to memory of 2192	2940	GMStudio-Installer-1.4.1763.exe	29
PID 2940 wrote to memory of 2192	2940	GMStudio-Installer-1.4.1763.exe	29
PID 2940 wrote to memory of 2192	2940	GMStudio-Installer-1.4.1763.exe	29
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2192 wrote to memory of 2916	2192	cmd.exe	31
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 2916 wrote to memory of 1204	2916	GameMaker_Player.exe	32
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 1204 wrote to memory of 2372	1204	vcredist_x86.exe	33
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2916 wrote to memory of 2956	2916	GameMaker_Player.exe	38
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2956 wrote to memory of 2992	2956	dxwebsetup.exe	39
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2940 wrote to memory of 2908	2940	GMStudio-Installer-1.4.1763.exe	43
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2908 wrote to memory of 2188	2908	GameMaker-Studio.exe	44
PID 2188 wrote to memory of 2104	2188	GameMaker-Studio.exe	45
PID 2188 wrote to memory of 2104	2188	GameMaker-Studio.exe	45
PID 2188 wrote to memory of 2104	2188	GameMaker-Studio.exe	45
PID 2188 wrote to memory of 2104	2188	GameMaker-Studio.exe	45

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\GMStudio-Installer-1.4.1763.exe
"C:\Users\Admin\AppData\Local\Temp\GMStudio-Installer-1.4.1763.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\cmd.exe
  cmd /S /Q /C ""C:\Users\Admin\GameMaker-Studio 1.4\GameMaker_Player.exe" /NOSTART=1"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\GameMaker-Studio 1.4\GameMaker_Player.exe
    "C:\Users\Admin\GameMaker-Studio 1.4\GameMaker_Player.exe" /NOSTART=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe
      "C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe" /q /norestart
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Drops file in Windows directory
      Suspicious use of WriteProcessMemory
      PID:1204
    - - C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe
        
        "C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe" /q /norestart -burn.unelevated BurnPipe.{444CE4B9-0D01-4AAF-BE87-6388C8991D41} {EF05D514-62AB-4D17-87C7-4B53198AB340} 1204
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe" /Q
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2992
- C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe
  "C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe
    "C:\Users\Admin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe" --YYOriginalFilename="C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2188
  - - C:\Users\Admin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe
      "C:\Users\Admin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:2104

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:656

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000578" "000000000000005C"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2984

C:\Users\Admin\GameMakerPlayer\GameMakerPlayer.exe
"C:\Users\Admin\GameMakerPlayer\GameMakerPlayer.exe" "gmplayer:///"
1⤵
- Executes dropped EXE
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d54af72d3771096042a1f1338bf00464

SHA1
965de7f4e7f5db261d4fae9901f1135ddb71d165

SHA256
e38a5db434930611e4143e3f203f24d7556e83fd5bc89580e7a45ad7d3e0e233

SHA512
43005e1ee34142b56092741b2fb0ddc4589102770648ff78427e17d70406cf2ece2898bdbacc143b4538b81b6a714eb5e2a84cac1778424646485afa3ca9016e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef3d7f326c3d6cf078f7e381cfc2175c

SHA1
b85e4d9e784a1f70230909751c56d1c8dd76ab17

SHA256
3b952a24f6f755b8240ab54b4d82368fdffd8bdf4dee5fcfe02addfea07cdb7d

SHA512
d5ea23eaff7dfcc1e838087c5f21a0a420cfbac86a32ed75ce5da10f81fa78c6a0994c7b391c8b63741266d70ba1ba484e98193fbc041b1d87c6fe204ce20cbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2d04e5ce2ae71b872ac73a0cc77d23a

SHA1
7ff8ed20d231d552a1f31bfa6dc2067233d0dd4b

SHA256
2d4f76f1698bf8242e965198ddccbfc0d26b17e54b1301088521e225bd25dd38

SHA512
288360ae9dce23c58ac6f22d125ec719f1e4c543fc58d2b67012725700319fd0bfc02c37323c9f95a385f3ce50991f5836e96e0d7fa026199d718a826f95d1b5

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Trace.log

Filesize
4KB

MD5
4590245cc9b5c6314acec7aeac71a821

SHA1
067657c83f6fcf3a7354b62675283223f6add958

SHA256
ea82d0ae12fb4b915f12ce9c832de867027ab6902f0885d508f488af10439d79

SHA512
96dfa39be9e0c04b7db270af5f06438ae8d647411b3b4fe4c712cba3c774e2c3fb3105589593b3f97cecf9bccd30ee77e07f2e90e019c9ac51ce145edd8591a9

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Tutorials\style.css

Filesize
890B

MD5
28f81cb6640f48d797fb8af39eca5794

SHA1
77787869b42d31231d7af872a43cccb745bee354

SHA256
359f18fc35dce2ceeec481e8ab00fc57c3ea9d43f2e8e7d3ed6eef757b37922b

SHA512
015948e0dc3268b9fa18f12f15acfeaeb0f40b8fe429c8838169a1c9e99fc0a153a0b35142c654a6af1c1defe6bf117ef5724682646661a553abda446cffb325

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\Configs\Default\windows\Runner_finish.bmp

Filesize
150KB

MD5
2d015346a56c8d68d53f9ee63bb577d2

SHA1
9f19560a08e5bec7fbe3a82361c366372b195e3a

SHA256
68dd967e1bae586bea54cbab55cd5dcdca1b51ac0338455c1e7d836bddeb83d9

SHA512
d4b5328e046a2b32ff1df6ee96d333ea10adc5063313e87446b1acdb14a144160715f3f7cf2b9649d64ad9c7e4be8fcbd0e32abbec6769282dca8fce4a931287

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\Licenses\YoYo_License.txt

Filesize
11KB

MD5
e78c5cc3bb492832bc62b471cf26bf9c

SHA1
9e2d1e70acd88a31849558d04863f8d1369dfb9f

SHA256
9fd940bb46f050628ebaf7e50d6aac085ff722b21243de4231bef8c220ec4efe

SHA512
c418b30c600ad616b6cb16c9b0191cb918bb3b0d2704e47497e708883d02060bdf9060d2bd290c4e888dd1f1f713e148241f599a65d40d3e72469e6964355cb8

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\d3dcompiler_43.dll

Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\makensis\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\skins\GMGreen.col

Filesize
615B

MD5
f91b660f798d67be637bacd72e81994e

SHA1
407d2c890482c064d885cb5b6452f88b8b35dea8

SHA256
1c69e55ba1a5a1be2fe00ef85775ee4525f6ccabe0ad132bbe4253d74c285c46

SHA512
5b2d1900119b0b1f7b0004fa2cb504002831d7386a43de0414b7dcf68f4db34876360b013b6d5e3b18f2f3a74ee63ef07d47df1d994a2fbb79355305fac9b23b

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\snippets.txt

Filesize
761B

MD5
dac1b1276f34f329f420f2d74e8a2c99

SHA1
00020a74cb4d1486692ff5cc7ec678c45d837847

SHA256
fca3a25097dc96aedafb59d1850ecfbd062656c3a14ad948d1dc61355cad971e

SHA512
1bffd456685438ed551ac985c7cff12b78c95a388096ea1f958467e8ad6cad526730aa6a89f6a616e66383e7ef405b77a0c3177857c32c648f3cf05907e67eab

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD9AE.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll

Filesize
93KB

MD5
984cad22fa542a08c5d22941b888d8dc

SHA1
3e3522e7f3af329f2235b0f0850d664d5377b3cd

SHA256
57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

SHA512
8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll

Filesize
1.5MB

MD5
a5412a144f63d639b47fcc1ba68cb029

SHA1
81bd5f1c99b22c0266f3f59959dfb4ea023be47e

SHA256
8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

SHA512
2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

Filesize
56KB

MD5
2c4d9e4773084f33092ced15678a2c46

SHA1
bad603d543470157effd4876a684b9cfd5075524

SHA256
ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a

SHA512
d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

Filesize
56KB

MD5
2c4d9e4773084f33092ced15678a2c46

SHA1
bad603d543470157effd4876a684b9cfd5075524

SHA256
ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a

SHA512
d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

Filesize
56KB

MD5
7b1fbe9f5f43b2261234b78fe115cf8e

SHA1
dd0f256ae38b4c4771e1d1ec001627017b7bb741

SHA256
762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce

SHA512
d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Filesize
515KB

MD5
ac3a5f7be8cd13a863b50ab5fe00b71c

SHA1
eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

SHA256
8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

SHA512
c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Filesize
515KB

MD5
ac3a5f7be8cd13a863b50ab5fe00b71c

SHA1
eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

SHA256
8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

SHA512
c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf

Filesize
477B

MD5
ad8982eaa02c7ad4d7cdcbc248caa941

SHA1
4ccd8e038d73a5361d754c7598ed238fc040d16b

SHA256
d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

SHA512
5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDC50.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\YoYo_Games_Ltd\GameMaker-Studio.exe_Url_tmwjvsi05rbi32pmac2nvo0gy0h1nezl\1.4.1763.41504\user.config

Filesize
316B

MD5
a64a3e47158f029baee7bcd60a799798

SHA1
41b14c0f151148ca40777b5ed12a2797fc67d0b0

SHA256
f90c30cde06650d2026871f7b1e4aa5b00f69a5a54dc28080cf1496d360b60c7

SHA512
f2e1081a0bc0f54e8fae4dde7c9a50572ad86c39a98560ed1af3439da98692d5d874f1bce2c1547290249951e047c77490b85c64ce07db91c0d39173ea1de0da

Download Submit
C:\Users\Admin\AppData\Local\YoYo_Games_Ltd\GameMaker-Studio.exe_Url_tmwjvsi05rbi32pmac2nvo0gy0h1nezl\1.4.1763.41504\user.config

Filesize
585B

MD5
b898d3a09d23bb14803b93d1c53aabc7

SHA1
cb8c5d2ec6fb779f38f4c06a3bd8d83af679eb80

SHA256
cd48300a0e24d02138f55b64b26da0e668a0e8a776028d1637850d0fa9d5a0d4

SHA512
cb500d449ddc62a3c20d27c3948f5b4c36a44688802badc8a0900134b70ecd64386490a2a99e53e207a653d1b39e9239c13c27d9e2f37304f6fd8a90faff7085

Download Submit
C:\Users\Admin\AppData\Local\YoYo_Games_Ltd\GameMaker-Studio.exe_Url_tmwjvsi05rbi32pmac2nvo0gy0h1nezl\1.4.1763.41504\user.config

Filesize
719B

MD5
fb9c81fe4bb70f6a75a804f4b884d7f3

SHA1
bbecbcc0d7cc526ae4306b9a35f3cc51c077fcaa

SHA256
22aef6dd6450e1a870ac2bdfd20c153f5a678733f2582e730af0745855db835c

SHA512
96480955c448545b4deb3c3735af22da566a55f1897b2682963c74eb144327612725461041bac614c7edac0936f862cc40dea438a4220503796c80f421537629

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\BouncyCastle.Crypto.dll

Filesize
1.3MB

MD5
3036a3274333ba0f2d1c6cb67bcf5d2e

SHA1
c20d5d7aeec3aa37cdc689d779df55805b026f94

SHA256
6dd63e39473e31da764fc6fda93e8e8a2c456af36cc1a48aed01f9380467dfe9

SHA512
eaf473feadbcdb644877fdb1b0f564adba51fcb00c9a9e50f982fedbb740637c68b28d1193c5ea5f938327cf4e53a8d711a6aa46fa927a95073c5f19c82c69c8

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\Configs\Default\windows\License.txt

Filesize
2KB

MD5
e1c64620d09a3ea5b6e40a64d79b8e59

SHA1
a6405105345eb6fcc3eb58148e3f1e9574bafc3f

SHA256
d7fa6ca4077f5319942b079113e918c12099866b4d74b1fcc0c74437463aafe8

SHA512
c9f90f274094019d30ab6e9840ab225588f404aa514fa5fc13361576de85b5bfdcb02eb81572799ffaac0184351182478ad48cda9af710dd384e8169cc6c4eec

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe.config

Filesize
2KB

MD5
f0b64a65ca4a5c35d830fc1d09710025

SHA1
9a032805fba3903f2ac06b3f900cd0b7f75d7c8a

SHA256
606b976708ace6298f4ca3b3858e4222a123de8c6fccade412d34f37911a7c5b

SHA512
e7cdb89226d43c5d4cfe5984daa8b922bb479c686794045160da0c7807520da49dba2fa1428ef8f355b66a9282a4b39bd53775216ac229535079aad19faf65b7

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\ICSharpCode.SharpZipLib.dll

Filesize
200KB

MD5
ec7b5754b46ec29aa9cdd61312fea125

SHA1
187fa75ed91ee355b69cb97c3f55565d36db970c

SHA256
8e7fe33f3a1b9be8131e01a54994c6a23e3d3e92ec00743916b7064bedf5dce7

SHA512
b227ae3ea3db551e9ecdeb9960cfebfb2696973bc5272279242483f4ad375c87b284df7b525bc3f6ca1c8a542cc8846dc1a06ca83ea40c8ba2ac46db6732aada

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\TraceIDE.log

Filesize
953B

MD5
d0a34f9cd8cf799d3c6ad2a50b5241c5

SHA1
9e80c756f510aeb1277c5134055459fc44f82977

SHA256
641beda068011079409ee79a395fb82d44db2a3ee7d449e60dd24f3928a4cc94

SHA512
4793cfe24477b1fe8e25648bcc1c5d3ce3310e8555a64e594f477d29f7715d79bc4f68c8acb85de1150cdda562f155345d7a6e22ccb811a9af9732c11099197b

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\TraceIDE.log

Filesize
5KB

MD5
cdcc4f19646a13a5882c29425be78095

SHA1
2ba68ece9ddf55fa37af955ab3c278e51118e0d2

SHA256
4885ac2a812e6f33248d745821b211b168f17de55025a91ff1e8429e391ffa61

SHA512
0fd0994ce72a0758f03cb84083c0fd03d34e02cc6eb5ae2f0562e8218b74b5fee0d5ca6728f8c8055437e98842461afc5b304f47785ea9376e1458841ecba2d9

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe

Filesize
220KB

MD5
d4becc04ded7ea496126d832d77e2259

SHA1
2f952ebed6d4d907d553df221d037983d50f7fe1

SHA256
159051677eff6f520eeda3fe13a7930be2a93010c49162dff8d7e7a95fe3ade0

SHA512
cc1c0c47c08784806b1e0ee9c4b90eafd402d4608ad58821fe7b28a5900613cc8fe6a794b14bb399ee7f7aeebbbc2437ebf6bf20ec95de7a1afa090f10cd4665

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe

Filesize
220KB

MD5
d4becc04ded7ea496126d832d77e2259

SHA1
2f952ebed6d4d907d553df221d037983d50f7fe1

SHA256
159051677eff6f520eeda3fe13a7930be2a93010c49162dff8d7e7a95fe3ade0

SHA512
cc1c0c47c08784806b1e0ee9c4b90eafd402d4608ad58821fe7b28a5900613cc8fe6a794b14bb399ee7f7aeebbbc2437ebf6bf20ec95de7a1afa090f10cd4665

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe

Filesize
220KB

MD5
d4becc04ded7ea496126d832d77e2259

SHA1
2f952ebed6d4d907d553df221d037983d50f7fe1

SHA256
159051677eff6f520eeda3fe13a7930be2a93010c49162dff8d7e7a95fe3ade0

SHA512
cc1c0c47c08784806b1e0ee9c4b90eafd402d4608ad58821fe7b28a5900613cc8fe6a794b14bb399ee7f7aeebbbc2437ebf6bf20ec95de7a1afa090f10cd4665

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe.config

Filesize
2KB

MD5
f0b64a65ca4a5c35d830fc1d09710025

SHA1
9a032805fba3903f2ac06b3f900cd0b7f75d7c8a

SHA256
606b976708ace6298f4ca3b3858e4222a123de8c6fccade412d34f37911a7c5b

SHA512
e7cdb89226d43c5d4cfe5984daa8b922bb479c686794045160da0c7807520da49dba2fa1428ef8f355b66a9282a4b39bd53775216ac229535079aad19faf65b7

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker_Player.exe

Filesize
36.2MB

MD5
a86f9b07806e3dedb86a3acae207eb38

SHA1
e7d79cce909a3b1611abe4486349d1baa85600be

SHA256
cdd8a1e5da8a0779fa351ab999e4a110c120cfe7d203ebddccf0f767af873946

SHA512
e59dc83a7ddd2d0920ce9cf011365acc57838db8eb15961d214a4fedb8713c4942c0105bec21c43a6e04e5b18c330d820c7dfa0f267b6be1c01a8c8d40a8931a

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker_Player.exe

Filesize
36.2MB

MD5
a86f9b07806e3dedb86a3acae207eb38

SHA1
e7d79cce909a3b1611abe4486349d1baa85600be

SHA256
cdd8a1e5da8a0779fa351ab999e4a110c120cfe7d203ebddccf0f767af873946

SHA512
e59dc83a7ddd2d0920ce9cf011365acc57838db8eb15961d214a4fedb8713c4942c0105bec21c43a6e04e5b18c330d820c7dfa0f267b6be1c01a8c8d40a8931a

Download Submit
C:\Users\Admin\GameMakerPlayer\GameMakerPlayer.exe

Filesize
3.8MB

MD5
00af090a733c86aac704628fa2010ab9

SHA1
78da46f5a47d5e58ad30dd748a887c38d0083e5a

SHA256
b72f3a20ed2ca16d75e74ddaed40f6ae615e95b37e4ce5bb9f5d3676ca650051

SHA512
5aadf8867239a22af00836c94ee90dc9df620aacce515a66299f3517976f50a09a438507cbca236cebcbea8c1b37403c10494b5594ddbfa3b95582963429ff69

Download Submit
C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe

Filesize
6.3MB

MD5
7f52a19ecaf7db3c163dd164be3e592e

SHA1
96b377a27ac5445328cbaae210fc4f0aaa750d3f

SHA256
b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386

SHA512
60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b

Download Submit
C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe

Filesize
6.3MB

MD5
7f52a19ecaf7db3c163dd164be3e592e

SHA1
96b377a27ac5445328cbaae210fc4f0aaa750d3f

SHA256
b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386

SHA512
60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b

Download Submit
C:\Users\Admin\GameMakerPlayer\vcredist_x86.exe

Filesize
6.3MB

MD5
7f52a19ecaf7db3c163dd164be3e592e

SHA1
96b377a27ac5445328cbaae210fc4f0aaa750d3f

SHA256
b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386

SHA512
60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
1KB

MD5
3d850625cb8021be05766086d95fbd45

SHA1
2e7a9e7a46247c1808eeeb05c3cd26cbcdcfab57

SHA256
5fad474b41173d899e5a71ecff74a66d0dd340510ad1558fd2e912f31911ce96

SHA512
4b9b03700faf429de917da1bbc6a2b0e756ef05b0e47084886c97e0907b868f9b5425bc24de602c4e38ad76e9e2e226b89cc8315cf0e9937100d00ea6ac93379

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new

Filesize
980B

MD5
ca1dd4af90efb203f69f85c37c88fafd

SHA1
e9e31a89b1994ab56339ab6515bebdd34f969b17

SHA256
566e946750dc404648dc43f920079d5a0a58b2b53d2be8a91657797382638171

SHA512
78a49e423f0ef8ef31561bb8445a110c8ee1ce054b43daca666825e27c294d172363fdf75128ba119a026a3db47d079e18708aa9c82e049a57f20420f9f22f20

Download Submit
C:\Windows\SysWOW64\directx\websetup\dsetup.dll

Filesize
93KB

MD5
984cad22fa542a08c5d22941b888d8dc

SHA1
3e3522e7f3af329f2235b0f0850d664d5377b3cd

SHA256
57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

SHA512
8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

Download Submit
C:\Windows\SysWOW64\directx\websetup\dsetup32.dll

Filesize
1.5MB

MD5
a5412a144f63d639b47fcc1ba68cb029

SHA1
81bd5f1c99b22c0266f3f59959dfb4ea023be47e

SHA256
8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

SHA512
2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

Download Submit
C:\Windows\SysWOW64\directx\websetup\filelist.dat

Filesize
111B

MD5
d6f81567baaf05b557d9bc6c348cb5f1

SHA1
0c840165fcd34d996c85b6b44b00c7206bf772b6

SHA256
e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359

SHA512
09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Filesize
515KB

MD5
ac3a5f7be8cd13a863b50ab5fe00b71c

SHA1
eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

SHA256
8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

SHA512
c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Filesize
515KB

MD5
ac3a5f7be8cd13a863b50ab5fe00b71c

SHA1
eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

SHA256
8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

SHA512
c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Filesize
515KB

MD5
ac3a5f7be8cd13a863b50ab5fe00b71c

SHA1
eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

SHA256
8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

SHA512
c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

Download Submit
\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
\Users\Admin\AppData\Local\Temp\nsyC93A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyC93A.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFAE3.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll

Filesize
126KB

MD5
d7bf29763354eda154aad637017b5483

SHA1
dfa7d296bfeecde738ef4708aaabfebec6bc1e48

SHA256
7f5f8fcfd84132579f07e395e65b44e1b031fe01a299bce0e3dd590131c5cb93

SHA512
1c76175732fe68b9b12cb46077daa21e086041adbd65401717a9a1b5f3c516e03c35a90897c22c7281647d6af4a1a5ffb3fbd5706ea376d8f6e574d27396019c

Download Submit
\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe

Filesize
220KB

MD5
d4becc04ded7ea496126d832d77e2259

SHA1
2f952ebed6d4d907d553df221d037983d50f7fe1

SHA256
159051677eff6f520eeda3fe13a7930be2a93010c49162dff8d7e7a95fe3ade0

SHA512
cc1c0c47c08784806b1e0ee9c4b90eafd402d4608ad58821fe7b28a5900613cc8fe6a794b14bb399ee7f7aeebbbc2437ebf6bf20ec95de7a1afa090f10cd4665

Download Submit
\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe

Filesize
220KB

MD5
d4becc04ded7ea496126d832d77e2259

SHA1
2f952ebed6d4d907d553df221d037983d50f7fe1

SHA256
159051677eff6f520eeda3fe13a7930be2a93010c49162dff8d7e7a95fe3ade0

SHA512
cc1c0c47c08784806b1e0ee9c4b90eafd402d4608ad58821fe7b28a5900613cc8fe6a794b14bb399ee7f7aeebbbc2437ebf6bf20ec95de7a1afa090f10cd4665

Download Submit
\Users\Admin\GameMaker-Studio 1.4\GameMaker_Player.exe

Filesize
36.2MB

MD5
a86f9b07806e3dedb86a3acae207eb38

SHA1
e7d79cce909a3b1611abe4486349d1baa85600be

SHA256
cdd8a1e5da8a0779fa351ab999e4a110c120cfe7d203ebddccf0f767af873946

SHA512
e59dc83a7ddd2d0920ce9cf011365acc57838db8eb15961d214a4fedb8713c4942c0105bec21c43a6e04e5b18c330d820c7dfa0f267b6be1c01a8c8d40a8931a

Download Submit
\Users\Admin\GameMaker-Studio 1.4\uninstall.exe

Filesize
40KB

MD5
0b731920413040b36403d5fbeb065112

SHA1
61c8d5d62e80950ff2bfc00b4e7cb602116a367b

SHA256
fc3381f25d94c64ec44d1e19aa5eb987cfec8e1f6c606749c1291d7882f009ce

SHA512
7196c5905aa8e9f03754bff955d0a18fb276c88ca19175c18cc70515ad6c786c8bb981045b04d4774a78eb4de35793c8a4958bc4d09e957767df526b0bb13c28

Download Submit
\Users\Admin\GameMakerPlayer\GameMakerPlayer.exe

Filesize
3.8MB

MD5
00af090a733c86aac704628fa2010ab9

SHA1
78da46f5a47d5e58ad30dd748a887c38d0083e5a

SHA256
b72f3a20ed2ca16d75e74ddaed40f6ae615e95b37e4ce5bb9f5d3676ca650051

SHA512
5aadf8867239a22af00836c94ee90dc9df620aacce515a66299f3517976f50a09a438507cbca236cebcbea8c1b37403c10494b5594ddbfa3b95582963429ff69

Download Submit
\Users\Admin\GameMakerPlayer\uninstall.exe

Filesize
135KB

MD5
8ab6e78472c29e6140003d27e9840055

SHA1
011ccea330eb33881655bbbacf5c6515b4fcdc71

SHA256
4878fbf5b107aad37a2c64ad5cf67a395fb4390d76fa885527c1b7bec764e36d

SHA512
5cca7f1c1e2fd2b0b3e07c1ec4ccb8da0e705d2958eeed19d92fda98a2a0460d0d9b0c0d9c7e4b0a2383d91b7e2dfa9b1db50bb30c32a53024de912116b50e2d

Download Submit
\Users\Admin\GameMakerPlayer\vcredist_x86.exe

Filesize
6.3MB

MD5
7f52a19ecaf7db3c163dd164be3e592e

SHA1
96b377a27ac5445328cbaae210fc4f0aaa750d3f

SHA256
b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386

SHA512
60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b

Download Submit
\Users\Admin\GameMakerPlayer\vcredist_x86.exe

Filesize
6.3MB

MD5
7f52a19ecaf7db3c163dd164be3e592e

SHA1
96b377a27ac5445328cbaae210fc4f0aaa750d3f

SHA256
b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386

SHA512
60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b

Download Submit
memory/2104-7744-0x0000000005090000-0x0000000005091000-memory.dmp

Filesize
4KB

Download
memory/2104-7731-0x0000000009AD0000-0x0000000009B16000-memory.dmp

Filesize
280KB

Download
memory/2104-7944-0x0000000000400000-0x0000000001086000-memory.dmp

Filesize
12.5MB

Download
memory/2104-7622-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2104-7888-0x0000000000400000-0x0000000001086000-memory.dmp

Filesize
12.5MB

Download
memory/2104-7824-0x0000000000400000-0x0000000001086000-memory.dmp

Filesize
12.5MB

Download
memory/2104-7645-0x0000000005090000-0x0000000005091000-memory.dmp

Filesize
4KB

Download
memory/2104-7666-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2104-7752-0x0000000008AF0000-0x0000000008AF1000-memory.dmp

Filesize
4KB

Download
memory/2104-7675-0x000000001ED00000-0x000000001ED01000-memory.dmp

Filesize
4KB

Download
memory/2104-7676-0x0000000024900000-0x0000000024901000-memory.dmp

Filesize
4KB

Download
memory/2104-7677-0x000000002C700000-0x000000002C701000-memory.dmp

Filesize
4KB

Download
memory/2104-7678-0x0000000024B00000-0x0000000024B01000-memory.dmp

Filesize
4KB

Download
memory/2104-7680-0x0000000017E00000-0x0000000017E01000-memory.dmp

Filesize
4KB

Download
memory/2104-7679-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/2104-7751-0x0000000008AE0000-0x0000000008AE1000-memory.dmp

Filesize
4KB

Download
memory/2104-7694-0x0000000008010000-0x0000000008011000-memory.dmp

Filesize
4KB

Download
memory/2104-7749-0x00000000087E0000-0x00000000087E1000-memory.dmp

Filesize
4KB

Download
memory/2104-7750-0x0000000008920000-0x0000000008921000-memory.dmp

Filesize
4KB

Download
memory/2104-7713-0x00000000087D0000-0x00000000087D1000-memory.dmp

Filesize
4KB

Download
memory/2104-7714-0x00000000087E0000-0x00000000087E1000-memory.dmp

Filesize
4KB

Download
memory/2104-7748-0x00000000087D0000-0x00000000087D1000-memory.dmp

Filesize
4KB

Download
memory/2104-7716-0x0000000008920000-0x0000000008921000-memory.dmp

Filesize
4KB

Download
memory/2104-7717-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2104-7719-0x0000000008AE0000-0x0000000008AE1000-memory.dmp

Filesize
4KB

Download
memory/2104-7747-0x0000000008010000-0x0000000008011000-memory.dmp

Filesize
4KB

Download
memory/2104-7728-0x0000000008AF0000-0x0000000008AF1000-memory.dmp

Filesize
4KB

Download
memory/2104-7746-0x0000000000400000-0x0000000001086000-memory.dmp

Filesize
12.5MB

Download
memory/2104-7745-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2188-7825-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7890-0x0000000006CD0000-0x0000000006DD0000-memory.dmp

Filesize
1024KB

Download
memory/2188-7952-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2188-7599-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2188-7826-0x0000000006CD0000-0x0000000006DD0000-memory.dmp

Filesize
1024KB

Download
memory/2188-7712-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7600-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2188-7951-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7664-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2188-7620-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7889-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7634-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7727-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7715-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2188-7693-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2188-7601-0x00000000006E0000-0x0000000000720000-memory.dmp

Filesize
256KB

Download
memory/2908-2745-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2908-2746-0x0000000000AB0000-0x0000000000AF0000-memory.dmp

Filesize
256KB

Download
memory/2908-3321-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2908-7615-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2908-2744-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2908-4042-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/2908-2829-0x0000000000AB0000-0x0000000000AF0000-memory.dmp

Filesize
256KB

Download
memory/2908-4509-0x0000000000AB0000-0x0000000000AF0000-memory.dmp

Filesize
256KB

Download
memory/2916-2698-0x0000000000390000-0x0000000000392000-memory.dmp

Filesize
8KB

Download