Analysis Overview
SHA256
8b0c547c863e0665a191b7d1d473d26b4aa29b0dbbe27081a765762a7b1fc271
Threat Level: Known bad
The file rpg-maker-vx-ace-1-0-21.exe was found to be: Known bad.
Malicious Activity Summary
Banload
Checks BIOS information in registry
Executes dropped EXE
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-12 15:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-12 15:26
Reported
2023-11-12 15:33
Platform
win10-20231020-en
Max time kernel
329s
Max time network
332s
Command Line
Signatures
Banload
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-6MR9C.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\Male\is-ELK3Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-VF6NH.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Parallaxes\is-O8HH4.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\is-NFVLA.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-LSIVH.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-VGTTM.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-TJBRU.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\System\is-1FCMJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-8K9US.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\Male\is-3LKSA.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-ML2OQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-IJE3Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-EBIOL.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-NFVEF.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-RGNPE.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\is-1D8MV.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-817VJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-PSV27.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-I0HK8.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-1OEE4.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-A6P3M.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-7K1GG.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-BH1QU.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-4R4AU.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\Male\is-4HF24.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-41OTQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-H29KO.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-J2RJJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-450O4.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-9S9M5.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-QBTG8.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-AI6NB.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-3UJ2D.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-C16HU.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-6G0GV.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\is-AP7N9.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-3UEG4.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-SPJAB.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-QGNPR.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-4UPHH.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Faces\is-UHV1Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-0PC7G.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-3F2MQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-TKABB.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Titles1\is-DBGCV.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-E65V1.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-TBP5D.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-88JUN.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-VADSO.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-RS1E7.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-8S95O.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-K4B16.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Titles1\is-NN6MJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-GMORT.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-FHA3M.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-14L2J.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-MDCFD.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-H00RQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-LPAC2.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\is-3JN5Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Parallaxes\is-3E4OF.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-N3F1N.tmp | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| File created | C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-2PCNM.tmp | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\ = "RPGVXAce Project" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rgss3a\ = "RPGVXAce.Archive" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\",1" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\" /n \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\erxihJX = "`sPET_\x7fBInhg|FQi_x@wR[ugi_kn\\}" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\oltIiakcz = "xkrbYA_^bxogbtHJVPnmXd_" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell\open | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell\open | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\ = "RPGVXAce Data" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rvdata2\ = "RPGVXAce.Data" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\erxihJX = "`b[D@iea_ztOT\\{mo_Qk[^\\_lu|^XE" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\" /n \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\iaxkuBruxsG = "grjQVoSJKAehbFgOJX@ygbAD^" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.rvproj2 | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell\open | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\tUpnArvk = "_thVyBo_~|I{AJ^Rfqw" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\nptbdcFd = "@mxcHdOEOHIaC@StjxemnPp" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rvproj2\ = "RPGVXAce.Project" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\",2" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\",3" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375} | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\gmjb = "wFgIgYSlPiqddtede@_t}ivH\x7f~w" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\InProcServer32 | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\InProcServer32\ = "%SystemRoot%\\SysWow64\\twinui.dll" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\nptbdcFd = "ia{~d[Eghg_Mmv`HIELcTE`" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\gmjb = "blytBf@GYwb\x7fzGAJk`ZGYu[`Hpi" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.rgss3a | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\ = "Immersive Window Message Service" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\trPutaewdlMre = "g\\v~\\x~`tiPkZ|\x7flTm\x7f\x7fNOW" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\aoOgtlfval = "z^[NDUCVvpD{TncH" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649} | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\tUpnArvk = "_zV[\\YHgMkjMMLdlvav" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\oltIiakcz = "XSFZWjX{`GD_ICdY]APSqoL" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\trPutaewdlMre = "RbEGdCgcX[qnY^YQOiGmmJT" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.rvdata2 | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\ = "RGSS Encrypted Archive" | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\aoOgtlfval = "{ReEuXfFSrNfg\x7fuu" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\iaxkuBruxsG = "mDnmX\x7f][Jx@LXm^ux]k~e|lUt" | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe
"C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe"
C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp
"C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp" /SL5="$5021C,233070670,56832,C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe"
C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp" /SL5="$20262,140800,0,C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe"
C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
"C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\b2b2ceeeeee54033b401bb2c95169aa2 /t 4148 /p 356
C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
"C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
Files
memory/4132-0-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4132-2-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp
| MD5 | a2c4d52c66b4b399facadb8cc8386745 |
| SHA1 | c326304c56a52a3e5bfbdce2fef54604a0c653e0 |
| SHA256 | 6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a |
| SHA512 | 2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6 |
C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp
| MD5 | a2c4d52c66b4b399facadb8cc8386745 |
| SHA1 | c326304c56a52a3e5bfbdce2fef54604a0c653e0 |
| SHA256 | 6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a |
| SHA512 | 2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6 |
memory/1200-7-0x0000000000650000-0x0000000000651000-memory.dmp
memory/4132-12-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1200-13-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-H5246.tmp
| MD5 | af9db7d33b1e2e5c9f67e165d1840237 |
| SHA1 | e663f552e255b005a81aa5568625950d780ff004 |
| SHA256 | b4b1fe94ba267a4f592052065b6df2a858df6428505d397397d4de3f51b65c3b |
| SHA512 | 96d8b58df9ab2652569649ff7da59591e68b75442d4bc3b7c72b09f071b24415c504c1d833532a77a7b4f509a63134dc3f0fcd7e34d25e72d2b41ac6389e7bb4 |
C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-JJ2AN.tmp
| MD5 | 19b83551223078fe186959d484179b6f |
| SHA1 | 87a630170ad67e874bc2aa00e15d36d7e04376af |
| SHA256 | 77d2a8382a86dc9a1596c79f7b28492f6c378098a57f574363c012f403f1ffd5 |
| SHA512 | bc739e66c715cfdd1f7ea8958b1375d0b76bda094e15de4fe83cf5bcd11b28ec4e57fd11639c19ec05d79267d9e5b805c35ac0133c40037b0fa296a61853b4ad |
C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-OQDUU.tmp
| MD5 | cc940e99358c11633c90ce062bcc6b1a |
| SHA1 | 0521ee566f8af821552a15f707a1f4fc8b25f95c |
| SHA256 | ca6edc9efe0d1e0e23f859b45aba8ff3c64e193cc446eb21641457c0cbfc2d0a |
| SHA512 | 1b3dad721955d54092b47c4b9efe02686e655d6c31056ccffc17044bd2e5779dce3357b8162a9375ce8592763ff6e2728be5d2fc22da65ea1a4ed5759cda1ec6 |
memory/1200-1487-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/1200-1550-0x0000000000650000-0x0000000000651000-memory.dmp
memory/1200-1552-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
| MD5 | 389821e858a9485ed770aa1d572adc96 |
| SHA1 | ef010c28466d6a31d3c99c4112f1ed43cf8d99f5 |
| SHA256 | 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa |
| SHA512 | c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2 |
memory/1200-1575-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe
| MD5 | f3a1050bac829eebf38a553db08c02e1 |
| SHA1 | 8a6a2a4e825b1b9de88791c03d7404e181fb0241 |
| SHA256 | 3b178f718655dab3c444857b5e6fd755dc611de72dc229de486b3e06d8548fd2 |
| SHA512 | 9e52b8e46192f72eb06971ee06bad397304db7714df4fd0b8397e2bd9d23c1aacdb10667ec1dfeb3b03b600875656f2a60e3b8582ccb6e86aefcae4a38a895f7 |
C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe
| MD5 | f3a1050bac829eebf38a553db08c02e1 |
| SHA1 | 8a6a2a4e825b1b9de88791c03d7404e181fb0241 |
| SHA256 | 3b178f718655dab3c444857b5e6fd755dc611de72dc229de486b3e06d8548fd2 |
| SHA512 | 9e52b8e46192f72eb06971ee06bad397304db7714df4fd0b8397e2bd9d23c1aacdb10667ec1dfeb3b03b600875656f2a60e3b8582ccb6e86aefcae4a38a895f7 |
memory/3476-1581-0x0000000000400000-0x000000000042D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp
| MD5 | 394289faec0a43faea574588cb367018 |
| SHA1 | b02982a816782c3c16ad5a321dce0a79cab124a2 |
| SHA256 | 89c8d27247ff86f189ebba01e27c47daa184a04c5f002130f9d336ca80d71202 |
| SHA512 | e99977ed9b3ea6607d347fe3e339cff40e70166db6a93443046cb7e0bc2a6f7c598503a55030f7d9ae0e8ede8b706bb4bd682bbdadf215641247b96bae0d09f4 |
C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp
| MD5 | 394289faec0a43faea574588cb367018 |
| SHA1 | b02982a816782c3c16ad5a321dce0a79cab124a2 |
| SHA256 | 89c8d27247ff86f189ebba01e27c47daa184a04c5f002130f9d336ca80d71202 |
| SHA512 | e99977ed9b3ea6607d347fe3e339cff40e70166db6a93443046cb7e0bc2a6f7c598503a55030f7d9ae0e8ede8b706bb4bd682bbdadf215641247b96bae0d09f4 |
memory/3172-1587-0x0000000000680000-0x0000000000681000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-SK0IP.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup-1.bin
| MD5 | ea09acba289913f099ef98489af42ddb |
| SHA1 | 1c7baefae9fde53fb7503bb53f679cc4bb7dee1b |
| SHA256 | 28a732b1e84201f829455ecc3e750f231d3d60761c8041769eb9016bed86bf0c |
| SHA512 | 18fd5d4e6559c819de4c5f68dfbb2d5d298c60b447e3bf714b32a47c161df199567de541084ec6d00b5edcb870d17c76eee93e841fe3f946d5dc1583a9a63f70 |
memory/1200-1620-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/3476-1641-0x0000000000400000-0x000000000042D000-memory.dmp
memory/3172-1642-0x0000000000400000-0x0000000000526000-memory.dmp
memory/3172-2444-0x0000000000400000-0x0000000000526000-memory.dmp
memory/3172-2681-0x0000000000680000-0x0000000000681000-memory.dmp
memory/3172-3147-0x0000000000400000-0x0000000000526000-memory.dmp
memory/3172-3173-0x0000000000400000-0x0000000000526000-memory.dmp
memory/3172-3182-0x0000000000400000-0x0000000000526000-memory.dmp
memory/3476-3183-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1200-3186-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/4132-3187-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
| MD5 | 389821e858a9485ed770aa1d572adc96 |
| SHA1 | ef010c28466d6a31d3c99c4112f1ed43cf8d99f5 |
| SHA256 | 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa |
| SHA512 | c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2 |
C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
| MD5 | 389821e858a9485ed770aa1d572adc96 |
| SHA1 | ef010c28466d6a31d3c99c4112f1ed43cf8d99f5 |
| SHA256 | 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa |
| SHA512 | c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2 |
memory/356-3190-0x0000000000400000-0x0000000000E14000-memory.dmp
memory/356-3191-0x0000000005070000-0x0000000005274000-memory.dmp
memory/356-3197-0x0000000005070000-0x0000000005274000-memory.dmp
memory/356-3201-0x0000000005070000-0x0000000005274000-memory.dmp
C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-background.png
| MD5 | 5396339fb9f3aca3050451e6a55120ec |
| SHA1 | 9f6c46bdce22f63c3676cf2c5681eb25b5f00bf2 |
| SHA256 | 7b3d5d2fbf0eb9141dd6101b9d78587b8de236bca918d351e324cd71a59b5597 |
| SHA512 | 9953438e1d9e275e0719d9c3f37d59138e3ec4b82e9902f1082e8358546dc836b0fff5c348fc802b27eff886c9157b136a7d150d9e9f0d31f2058b11093ae96f |
C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-continue.png
| MD5 | ff708a85d46bc03f24dbf1e5119aadab |
| SHA1 | 39882cb9b2c82f8d1fbcefe1e0b0b41acbff5205 |
| SHA256 | dba7d3497b93f4752169ea3b19ee9a2727aed3dc0f58f722908d77e315851497 |
| SHA512 | f1869c1f5f46d8d906cbe142aa4f1b08e21ce388265e80622dbc099ecdc1987709a20546f8b33018cfc4806d8c4eda3e1b4ee1f362a77802bc0eb592e30c3fd4 |
C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-activate.png
| MD5 | 592adc03e205672e8a4f790f685c658f |
| SHA1 | 70e40b322ad187e9860d3619edac25d30624d17f |
| SHA256 | aabb33a465c18dcba522190d57100cf3e07107651084275645785625f3f4ff7e |
| SHA512 | c21e1eaee0ced3e57e518bc72c87b9cfa615d84d44081e868dcaa4f5fcb95273028a1ebb7854d7feab098973e066a607d586b537b5ad2ac2a04f88e7048ec03e |
C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-buy-now.png
| MD5 | ffffdaaf9f1c7c47a4761df64f4ee56b |
| SHA1 | 6a3fd89cf56f9341bd872fad778af56f39a418f2 |
| SHA256 | c4c87ffce5df52d6acf28a94aa5414fd7305d44825394fe4cb809ca20e6bcf54 |
| SHA512 | b19ddd75a6a6d1dc44e70c30a01c7474bed5eab02d366786ef063be756a4993896038f0a368a00b5e383d639005ecf1f2e0f1d4223133b0b40340f8d777d0c2d |
memory/356-3209-0x0000000005070000-0x0000000005274000-memory.dmp
C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-key-box.png
| MD5 | eadb31339a5c394073a734e151ad0fed |
| SHA1 | 54132f04705eed3f109e8c0139a3e00c42345379 |
| SHA256 | 6ec62452f556a7f1fbe39855c719795064a7467af6ebf8b9428ff17ba6f2391c |
| SHA512 | d4b2a97aa17c395a3f206bb5245ea947aed11b1d3d53aecaa9aca731d570d23a718488dc674a2bb5f797c3804a9264980f19b724ca657eb97f19c7ccc2776efc |
C:\Users\Admin\AppData\Local\Temp\HTMB7DC.tmp
| MD5 | c8d4944a0627d473e62047bf90ec4e65 |
| SHA1 | 8fbf6963b7e9c668b14e796be4d0832127d7e0f8 |
| SHA256 | 3abb532b3a4c6bad448c974a27b3f4a62a5175abc0cdf1868be94253ebec6d5d |
| SHA512 | d486d67608053176fc69306565b7db421c1f2a1b172e37f1664429551e5eba7fe25fa2de00735df6fc824c3ffb001fa5e21ecf46e245f1f2a8a474592dab9826 |
memory/356-3212-0x0000000000400000-0x0000000000E14000-memory.dmp
C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe
| MD5 | 389821e858a9485ed770aa1d572adc96 |
| SHA1 | ef010c28466d6a31d3c99c4112f1ed43cf8d99f5 |
| SHA256 | 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa |
| SHA512 | c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2 |
memory/1188-3214-0x0000000005070000-0x0000000005274000-memory.dmp
memory/1188-3221-0x0000000005070000-0x0000000005274000-memory.dmp
memory/1188-3225-0x0000000005070000-0x0000000005274000-memory.dmp
memory/1188-3229-0x0000000005070000-0x0000000005274000-memory.dmp