Malware Analysis Report

2024-10-24 18:45

Sample ID 231112-svbb7age6x
Target rpg-maker-vx-ace-1-0-21.exe
SHA256 8b0c547c863e0665a191b7d1d473d26b4aa29b0dbbe27081a765762a7b1fc271
Tags
banload discovery downloader dropper trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8b0c547c863e0665a191b7d1d473d26b4aa29b0dbbe27081a765762a7b1fc271

Threat Level: Known bad

The file rpg-maker-vx-ace-1-0-21.exe was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper trojan

Banload

Checks BIOS information in registry

Executes dropped EXE

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-12 15:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-12 15:26

Reported

2023-11-12 15:33

Platform

win10-20231020-en

Max time kernel

329s

Max time network

332s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe"

Signatures

Banload

trojan dropper downloader banload

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-6MR9C.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\Male\is-ELK3Q.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-VF6NH.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Parallaxes\is-O8HH4.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\is-NFVLA.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-LSIVH.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-VGTTM.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-TJBRU.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\System\is-1FCMJ.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-8K9US.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\Male\is-3LKSA.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-ML2OQ.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-IJE3Q.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-EBIOL.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-NFVEF.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-RGNPE.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\is-1D8MV.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-817VJ.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-PSV27.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-I0HK8.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-1OEE4.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-A6P3M.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-7K1GG.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-BH1QU.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-4R4AU.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\Male\is-4HF24.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-41OTQ.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-H29KO.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-J2RJJ.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-450O4.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-9S9M5.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-QBTG8.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-AI6NB.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-3UJ2D.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-C16HU.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-6G0GV.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\is-AP7N9.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-3UEG4.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-SPJAB.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-QGNPR.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-4UPHH.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Faces\is-UHV1Q.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-0PC7G.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-3F2MQ.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-TKABB.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Titles1\is-DBGCV.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-E65V1.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-TBP5D.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Female\is-88JUN.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-VADSO.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-RS1E7.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-8S95O.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-K4B16.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Titles1\is-NN6MJ.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-GMORT.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-FHA3M.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-14L2J.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-MDCFD.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\SampleMap\is-H00RQ.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\Male\is-LPAC2.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Mini\is-3JN5Q.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Parallaxes\is-3E4OF.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-N3F1N.tmp C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
File created C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-2PCNM.tmp C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\ = "RPGVXAce Project" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rgss3a\ = "RPGVXAce.Archive" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\",1" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\" /n \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\erxihJX = "`sPET_\x7fBInhg|FQi_x@wR[ugi_kn\\}" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\oltIiakcz = "xkrbYA_^bxogbtHJVPnmXd_" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell\open C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell\open C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\ = "RPGVXAce Data" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rvdata2\ = "RPGVXAce.Data" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\erxihJX = "`b[D@iea_ztOT\\{mo_Qk[^\\_lu|^XE" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\" /n \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\iaxkuBruxsG = "grjQVoSJKAehbFgOJX@ygbAD^" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rvproj2 C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell\open C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\tUpnArvk = "_thVyBo_~|I{AJ^Rfqw" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\nptbdcFd = "@mxcHdOEOHIaC@StjxemnPp" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rvproj2\ = "RPGVXAce.Project" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\",2" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\",3" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375} C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\gmjb = "wFgIgYSlPiqddtede@_t}ivH\x7f~w" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\InProcServer32 C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\InProcServer32\ = "%SystemRoot%\\SysWow64\\twinui.dll" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\nptbdcFd = "ia{~d[Eghg_Mmv`HIELcTE`" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\gmjb = "blytBf@GYwb\x7fzGAJk`ZGYu[`Hpi" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rgss3a C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\ = "Immersive Window Message Service" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\trPutaewdlMre = "g\\v~\\x~`tiPkZ|\x7flTm\x7f\x7fNOW" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\aoOgtlfval = "z^[NDUCVvpD{TncH" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649} C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\tUpnArvk = "_zV[\\YHgMkjMMLdlvav" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Project\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVXAce\\RPGVXAce.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\shell C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\oltIiakcz = "XSFZWjX{`GD_ICdY]APSqoL" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\trPutaewdlMre = "RbEGdCgcX[qnY^YQOiGmmJT" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rvdata2 C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Archive\ = "RGSS Encrypted Archive" C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61D912F0-2C8A-FC67-805C-EDB1D3C71375}\aoOgtlfval = "{ReEuXfFSrNfg\x7fuu" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RPGVXAce.Data C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\{85343687-B3B3-13D1-B2E4-0060975B8649}\iaxkuBruxsG = "mDnmX\x7f][Jx@LXm^ux]k~e|lUt" C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4132 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp
PID 4132 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp
PID 4132 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp
PID 1200 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe
PID 1200 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe
PID 1200 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe
PID 3476 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp
PID 3476 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp
PID 3476 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp

Processes

C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe

"C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe"

C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp

"C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp" /SL5="$5021C,233070670,56832,C:\Users\Admin\AppData\Local\Temp\rpg-maker-vx-ace-1-0-21.exe"

C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp" /SL5="$20262,140800,0,C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe"

C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe

"C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\b2b2ceeeeee54033b401bb2c95169aa2 /t 4148 /p 356

C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe

"C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp

Files

memory/4132-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4132-2-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp

MD5 a2c4d52c66b4b399facadb8cc8386745
SHA1 c326304c56a52a3e5bfbdce2fef54604a0c653e0
SHA256 6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a
SHA512 2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

C:\Users\Admin\AppData\Local\Temp\is-J757F.tmp\rpg-maker-vx-ace-1-0-21.tmp

MD5 a2c4d52c66b4b399facadb8cc8386745
SHA1 c326304c56a52a3e5bfbdce2fef54604a0c653e0
SHA256 6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a
SHA512 2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

memory/1200-7-0x0000000000650000-0x0000000000651000-memory.dmp

memory/4132-12-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1200-13-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-H5246.tmp

MD5 af9db7d33b1e2e5c9f67e165d1840237
SHA1 e663f552e255b005a81aa5568625950d780ff004
SHA256 b4b1fe94ba267a4f592052065b6df2a858df6428505d397397d4de3f51b65c3b
SHA512 96d8b58df9ab2652569649ff7da59591e68b75442d4bc3b7c72b09f071b24415c504c1d833532a77a7b4f509a63134dc3f0fcd7e34d25e72d2b41ac6389e7bb4

C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-JJ2AN.tmp

MD5 19b83551223078fe186959d484179b6f
SHA1 87a630170ad67e874bc2aa00e15d36d7e04376af
SHA256 77d2a8382a86dc9a1596c79f7b28492f6c378098a57f574363c012f403f1ffd5
SHA512 bc739e66c715cfdd1f7ea8958b1375d0b76bda094e15de4fe83cf5bcd11b28ec4e57fd11639c19ec05d79267d9e5b805c35ac0133c40037b0fa296a61853b4ad

C:\Program Files (x86)\Enterbrain\RPGVXAce\Generator\Face\is-OQDUU.tmp

MD5 cc940e99358c11633c90ce062bcc6b1a
SHA1 0521ee566f8af821552a15f707a1f4fc8b25f95c
SHA256 ca6edc9efe0d1e0e23f859b45aba8ff3c64e193cc446eb21641457c0cbfc2d0a
SHA512 1b3dad721955d54092b47c4b9efe02686e655d6c31056ccffc17044bd2e5779dce3357b8162a9375ce8592763ff6e2728be5d2fc22da65ea1a4ed5759cda1ec6

memory/1200-1487-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/1200-1550-0x0000000000650000-0x0000000000651000-memory.dmp

memory/1200-1552-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe

MD5 389821e858a9485ed770aa1d572adc96
SHA1 ef010c28466d6a31d3c99c4112f1ed43cf8d99f5
SHA256 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa
SHA512 c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2

memory/1200-1575-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe

MD5 f3a1050bac829eebf38a553db08c02e1
SHA1 8a6a2a4e825b1b9de88791c03d7404e181fb0241
SHA256 3b178f718655dab3c444857b5e6fd755dc611de72dc229de486b3e06d8548fd2
SHA512 9e52b8e46192f72eb06971ee06bad397304db7714df4fd0b8397e2bd9d23c1aacdb10667ec1dfeb3b03b600875656f2a60e3b8582ccb6e86aefcae4a38a895f7

C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup.exe

MD5 f3a1050bac829eebf38a553db08c02e1
SHA1 8a6a2a4e825b1b9de88791c03d7404e181fb0241
SHA256 3b178f718655dab3c444857b5e6fd755dc611de72dc229de486b3e06d8548fd2
SHA512 9e52b8e46192f72eb06971ee06bad397304db7714df4fd0b8397e2bd9d23c1aacdb10667ec1dfeb3b03b600875656f2a60e3b8582ccb6e86aefcae4a38a895f7

memory/3476-1581-0x0000000000400000-0x000000000042D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp

MD5 394289faec0a43faea574588cb367018
SHA1 b02982a816782c3c16ad5a321dce0a79cab124a2
SHA256 89c8d27247ff86f189ebba01e27c47daa184a04c5f002130f9d336ca80d71202
SHA512 e99977ed9b3ea6607d347fe3e339cff40e70166db6a93443046cb7e0bc2a6f7c598503a55030f7d9ae0e8ede8b706bb4bd682bbdadf215641247b96bae0d09f4

C:\Users\Admin\AppData\Local\Temp\is-OJMEO.tmp\Setup.tmp

MD5 394289faec0a43faea574588cb367018
SHA1 b02982a816782c3c16ad5a321dce0a79cab124a2
SHA256 89c8d27247ff86f189ebba01e27c47daa184a04c5f002130f9d336ca80d71202
SHA512 e99977ed9b3ea6607d347fe3e339cff40e70166db6a93443046cb7e0bc2a6f7c598503a55030f7d9ae0e8ede8b706bb4bd682bbdadf215641247b96bae0d09f4

memory/3172-1587-0x0000000000680000-0x0000000000681000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-SK0IP.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\is-BGHDJ.tmp\Setup-1.bin

MD5 ea09acba289913f099ef98489af42ddb
SHA1 1c7baefae9fde53fb7503bb53f679cc4bb7dee1b
SHA256 28a732b1e84201f829455ecc3e750f231d3d60761c8041769eb9016bed86bf0c
SHA512 18fd5d4e6559c819de4c5f68dfbb2d5d298c60b447e3bf714b32a47c161df199567de541084ec6d00b5edcb870d17c76eee93e841fe3f946d5dc1583a9a63f70

memory/1200-1620-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/3476-1641-0x0000000000400000-0x000000000042D000-memory.dmp

memory/3172-1642-0x0000000000400000-0x0000000000526000-memory.dmp

memory/3172-2444-0x0000000000400000-0x0000000000526000-memory.dmp

memory/3172-2681-0x0000000000680000-0x0000000000681000-memory.dmp

memory/3172-3147-0x0000000000400000-0x0000000000526000-memory.dmp

memory/3172-3173-0x0000000000400000-0x0000000000526000-memory.dmp

memory/3172-3182-0x0000000000400000-0x0000000000526000-memory.dmp

memory/3476-3183-0x0000000000400000-0x000000000042D000-memory.dmp

memory/1200-3186-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/4132-3187-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe

MD5 389821e858a9485ed770aa1d572adc96
SHA1 ef010c28466d6a31d3c99c4112f1ed43cf8d99f5
SHA256 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa
SHA512 c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2

C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe

MD5 389821e858a9485ed770aa1d572adc96
SHA1 ef010c28466d6a31d3c99c4112f1ed43cf8d99f5
SHA256 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa
SHA512 c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2

memory/356-3190-0x0000000000400000-0x0000000000E14000-memory.dmp

memory/356-3191-0x0000000005070000-0x0000000005274000-memory.dmp

memory/356-3197-0x0000000005070000-0x0000000005274000-memory.dmp

memory/356-3201-0x0000000005070000-0x0000000005274000-memory.dmp

C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-background.png

MD5 5396339fb9f3aca3050451e6a55120ec
SHA1 9f6c46bdce22f63c3676cf2c5681eb25b5f00bf2
SHA256 7b3d5d2fbf0eb9141dd6101b9d78587b8de236bca918d351e324cd71a59b5597
SHA512 9953438e1d9e275e0719d9c3f37d59138e3ec4b82e9902f1082e8358546dc836b0fff5c348fc802b27eff886c9157b136a7d150d9e9f0d31f2058b11093ae96f

C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-continue.png

MD5 ff708a85d46bc03f24dbf1e5119aadab
SHA1 39882cb9b2c82f8d1fbcefe1e0b0b41acbff5205
SHA256 dba7d3497b93f4752169ea3b19ee9a2727aed3dc0f58f722908d77e315851497
SHA512 f1869c1f5f46d8d906cbe142aa4f1b08e21ce388265e80622dbc099ecdc1987709a20546f8b33018cfc4806d8c4eda3e1b4ee1f362a77802bc0eb592e30c3fd4

C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-activate.png

MD5 592adc03e205672e8a4f790f685c658f
SHA1 70e40b322ad187e9860d3619edac25d30624d17f
SHA256 aabb33a465c18dcba522190d57100cf3e07107651084275645785625f3f4ff7e
SHA512 c21e1eaee0ced3e57e518bc72c87b9cfa615d84d44081e868dcaa4f5fcb95273028a1ebb7854d7feab098973e066a607d586b537b5ad2ac2a04f88e7048ec03e

C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-buy-now.png

MD5 ffffdaaf9f1c7c47a4761df64f4ee56b
SHA1 6a3fd89cf56f9341bd872fad778af56f39a418f2
SHA256 c4c87ffce5df52d6acf28a94aa5414fd7305d44825394fe4cb809ca20e6bcf54
SHA512 b19ddd75a6a6d1dc44e70c30a01c7474bed5eab02d366786ef063be756a4993896038f0a368a00b5e383d639005ecf1f2e0f1d4223133b0b40340f8d777d0c2d

memory/356-3209-0x0000000005070000-0x0000000005274000-memory.dmp

C:\Program Files (x86)\Enterbrain\RPGVXAce\drm\drm-key-box.png

MD5 eadb31339a5c394073a734e151ad0fed
SHA1 54132f04705eed3f109e8c0139a3e00c42345379
SHA256 6ec62452f556a7f1fbe39855c719795064a7467af6ebf8b9428ff17ba6f2391c
SHA512 d4b2a97aa17c395a3f206bb5245ea947aed11b1d3d53aecaa9aca731d570d23a718488dc674a2bb5f797c3804a9264980f19b724ca657eb97f19c7ccc2776efc

C:\Users\Admin\AppData\Local\Temp\HTMB7DC.tmp

MD5 c8d4944a0627d473e62047bf90ec4e65
SHA1 8fbf6963b7e9c668b14e796be4d0832127d7e0f8
SHA256 3abb532b3a4c6bad448c974a27b3f4a62a5175abc0cdf1868be94253ebec6d5d
SHA512 d486d67608053176fc69306565b7db421c1f2a1b172e37f1664429551e5eba7fe25fa2de00735df6fc824c3ffb001fa5e21ecf46e245f1f2a8a474592dab9826

memory/356-3212-0x0000000000400000-0x0000000000E14000-memory.dmp

C:\Program Files (x86)\Enterbrain\RPGVXAce\RPGVXAce.exe

MD5 389821e858a9485ed770aa1d572adc96
SHA1 ef010c28466d6a31d3c99c4112f1ed43cf8d99f5
SHA256 8c4a7a905d42814a26841157a59c3f4bb941fa417b993ee819255a9e3d97c5fa
SHA512 c0ccec4f1b10845ffa80870bff5f47eaf5ceab8aa2491e938fa4114c3c5bbe12f2419d3c9670aabe669d621034cbc6f5a73a936bcfc7b93cf55f20ae6def38e2

memory/1188-3214-0x0000000005070000-0x0000000005274000-memory.dmp

memory/1188-3221-0x0000000005070000-0x0000000005274000-memory.dmp

memory/1188-3225-0x0000000005070000-0x0000000005274000-memory.dmp

memory/1188-3229-0x0000000005070000-0x0000000005274000-memory.dmp