snakebot | bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82

Analysis

max time kernel
307s
max time network
319s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe
Size

39.4MB
MD5

41ebf2a8592555752b292eb79dcd4999
SHA1

9d545a5d5301be624d984cb9e5c548724d2469fa
SHA256

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82
SHA512

ede55bd5c9127b1dea72090678eb63974419c6db17267619a9216fc943878b5b7c2753442056f369f4fc7f8b71c0477e369011e894f1aee7488f532e7e9614e7
SSDEEP

786432:7AFxHgmsbPsgpFGhcmfQyHHY6asgYYj4xh7ITHLmujOcVD4:0PgmsbPs8HmIyArYI4DCKkO64

Score

10^/10

snakebot discovery snakebot

Malware Config

Signatures

SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
snakebot

Contains SnakeBOT related strings 1 IoCs

snakebot

Processes:

resource	yara_rule
F:\3H3Game\铃儿响叮当街机版\mame.exe	snakebot_strings

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\is-EHQRI.tmp\WaterLib.dll	acprotect

Executes dropped EXE 3 IoCs

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmpSTEAM_dangyou01_2.0.0.2328.exe开始游戏.exe

pid process

2308 bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
1364 STEAM_dangyou01_2.0.0.2328.exe
752 开始游戏.exe

Loads dropped DLL 14 IoCs

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exebb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmpSTEAM_dangyou01_2.0.0.2328.exe开始游戏.exe

pid	process
2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
1364	STEAM_dangyou01_2.0.0.2328.exe
1364	STEAM_dangyou01_2.0.0.2328.exe
1364	STEAM_dangyou01_2.0.0.2328.exe
1364	STEAM_dangyou01_2.0.0.2328.exe
1364	STEAM_dangyou01_2.0.0.2328.exe
1364	STEAM_dangyou01_2.0.0.2328.exe
752	开始游戏.exe
752	开始游戏.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

description ioc process

File opened (read-only) \??\F: bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

description	ioc	process
File opened (read-only)	\??\F:	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

Drops file in Program Files directory 17 IoCs

Processes:

STEAM_dangyou01_2.0.0.2328.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\hsgj\bin\res\steamgame_129376.download	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\res\steamgame.ico	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\Launcher.exe	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\Uninstall.exe	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\crashreport\BugReport.exe	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\res\99box.ico	STEAM_dangyou01_2.0.0.2328.exe
File opened for modification	C:\Program Files (x86)\hsgj\bin\config\ver.ini	STEAM_dangyou01_2.0.0.2328.exe
File opened for modification	C:\Program Files (x86)\hsgj\bin\Res\99box.ico	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\uninst.exe	STEAM_dangyou01_2.0.0.2328.exe
File opened for modification	C:\Program Files (x86)\hsgj\bin\res\Launcher_5074.download	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\GameCore.dll	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\config\config.ini	STEAM_dangyou01_2.0.0.2328.exe
File opened for modification	C:\Program Files (x86)\hsgj\bin\config\config.ini	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\res\Launcher.png	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\99box.exe	STEAM_dangyou01_2.0.0.2328.exe
File created	C:\Program Files (x86)\hsgj\bin\res\youxiguanjia.ico	STEAM_dangyou01_2.0.0.2328.exe
File opened for modification	C:\Program Files (x86)\hsgj\bin\Res\youxiguanjia.ico	STEAM_dangyou01_2.0.0.2328.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEbb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp开始游戏.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Cache = a803000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	开始游戏.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MINIE	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEB90781-BDBE-11EE-A297-464D43A133DD} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.hao123.com/?tn=94031167_hao_pg"	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

Modifies registry class 2 IoCs

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.knl	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.knl\ = "lnkfile"	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

STEAM_dangyou01_2.0.0.2328.exe开始游戏.exe

pid process

1364 STEAM_dangyou01_2.0.0.2328.exe
752 开始游戏.exe
752 开始游戏.exe
752 开始游戏.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

pid process

2308 bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp

pid	process
1364	STEAM_dangyou01_2.0.0.2328.exe
752	开始游戏.exe
752	开始游戏.exe
752	开始游戏.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmpIEXPLORE.EXE开始游戏.exe

pid	process
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
1376	IEXPLORE.EXE
752	开始游戏.exe
752	开始游戏.exe

Suspicious use of SendNotifyMessage 2 IoCs

Processes:

开始游戏.exe

pid process

752 开始游戏.exe
752 开始游戏.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

开始游戏.exeIEXPLORE.EXEIEXPLORE.EXE

pid process

752 开始游戏.exe
752 开始游戏.exe
1376 IEXPLORE.EXE
1376 IEXPLORE.EXE
1552 IEXPLORE.EXE
1552 IEXPLORE.EXE

pid	process
752	开始游戏.exe
752	开始游戏.exe

pid	process
752	开始游戏.exe
752	开始游戏.exe
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1552	IEXPLORE.EXE
1552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exebb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmpIEXPLORE.EXEIEXPLORE.EXE

description	pid	process	target process
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2992 wrote to memory of 2308	2992	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
PID 2308 wrote to memory of 2368	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 2368	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 2368	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 2368	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 1364	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	STEAM_dangyou01_2.0.0.2328.exe
PID 2308 wrote to memory of 1364	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	STEAM_dangyou01_2.0.0.2328.exe
PID 2308 wrote to memory of 1364	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	STEAM_dangyou01_2.0.0.2328.exe
PID 2308 wrote to memory of 1364	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	STEAM_dangyou01_2.0.0.2328.exe
PID 2308 wrote to memory of 752	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	开始游戏.exe
PID 2308 wrote to memory of 752	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	开始游戏.exe
PID 2308 wrote to memory of 752	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	开始游戏.exe
PID 2308 wrote to memory of 752	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	开始游戏.exe
PID 2308 wrote to memory of 2288	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 2288	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 2288	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 2288	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	cmd.exe
PID 2308 wrote to memory of 3032	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	IEXPLORE.EXE
PID 2308 wrote to memory of 3032	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	IEXPLORE.EXE
PID 2308 wrote to memory of 3032	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	IEXPLORE.EXE
PID 2308 wrote to memory of 3032	2308	bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp	IEXPLORE.EXE
PID 3032 wrote to memory of 1376	3032	IEXPLORE.EXE	IEXPLORE.EXE
PID 3032 wrote to memory of 1376	3032	IEXPLORE.EXE	IEXPLORE.EXE
PID 3032 wrote to memory of 1376	3032	IEXPLORE.EXE	IEXPLORE.EXE
PID 3032 wrote to memory of 1376	3032	IEXPLORE.EXE	IEXPLORE.EXE
PID 1376 wrote to memory of 1552	1376	IEXPLORE.EXE	IEXPLORE.EXE
PID 1376 wrote to memory of 1552	1376	IEXPLORE.EXE	IEXPLORE.EXE
PID 1376 wrote to memory of 1552	1376	IEXPLORE.EXE	IEXPLORE.EXE
PID 1376 wrote to memory of 1552	1376	IEXPLORE.EXE	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe
"C:\Users\Admin\AppData\Local\Temp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\is-GFDH7.tmp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GFDH7.tmp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp" /SL5="$4017A,40791816,508928,C:\Users\Admin\AppData\Local\Temp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2308

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c
3⤵
PID:2368

C:\Users\Admin\AppData\Roaming\WebGames\STEAM_dangyou01_2.0.0.2328.exe
"C:\Users\Admin\AppData\Roaming\WebGames\STEAM_dangyou01_2.0.0.2328.exe" /S
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:1364

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c
3⤵
PID:2288

F:\3H3Game\铃儿响叮当街机版\开始游戏.exe
"F:\3H3Game\铃儿响叮当街机版\开始游戏.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:752

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://www.3h3.com/plus/success/
3⤵
- Suspicious use of WriteProcessMemory
PID:3032

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.3h3.com/plus/success/
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1376

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1376 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1552

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-GFDH7.tmp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
Filesize
1.5MB

MD5
8972cf5f35f7ef8daeb1c31d8d7b2bc6

SHA1
eaf6abc59306636636237cbdd056e4b55fde0cf0

SHA256
16cc8a7eb6a44d52884fef0a91829d10253ea227632e3f0b86c276df1c39f3c6

SHA512
d4d076a10067ac7a4037ebc869083a02e9fd2cbc34372873b6b5ec949984bd808873eee0c2bfc26fb472ebf0b53cb38615433f9546d76fdb312c71f51e651492

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GFDH7.tmp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
Filesize
1.1MB

MD5
3b0d4d9edd2030d4976e7d496e98451c

SHA1
32809ce9671f690cc9bf7c54cc2ac1dd765a4f19

SHA256
8a1c44621656e9ac1e06084086da3f43a794b9df726af42dccd160f0452c34e7

SHA512
9c7ccd4d695fb85f61a52ef10012324dcda00c9107cc207202b2df77921bb5194370a5844981acc6c0561952458bad23ce5ad93bb471c80c7665af2bd7bb7f48

Download Submit
C:\Users\Admin\AppData\Roaming\WebGames\STEAM_dangyou01_2.0.0.2328.exe
Filesize
9.3MB

MD5
7b38da2d405e735e31deb4b5995ff204

SHA1
b521db2a376ee3490f93bd8b6cc3cd48497baf8b

SHA256
c80ab67c3646e105a58b3e0a01c2d123eaa6281bc67b3536b0f979e0ed592cc2

SHA512
72efdd502d1607282525affcc895fa1ca557c94dba4c02b81337e4d20bb06d4cc86a8545c03cbbe4b31319873843656165545fc7d07e0c35d0d0c69e83b4aa23

Download Submit
C:\Users\Admin\AppData\Roaming\WebGames\STEAM_dangyou01_2.0.0.2328.exe
Filesize
11.3MB

MD5
d96f4327102640760c48eb356cbdecdc

SHA1
6211b48440e1ecfe0ee2fc7ff3ac6ce86c7684fc

SHA256
038593c63c3ca6e060541dc5354fe3dcc4eda9f85bf0efe8dd5314c1a52d06f0

SHA512
edbc28149e97af53bcca8a87324bc3db0ed13e4f9bc7873f3a2634ef074dbb5b16bafca692ca050185d487d6752c63cabac4e75b7556e728df7b9339836e1198

Download Submit
C:\Windows
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
F:\3H3Game\铃儿响叮当街机版\Main_gamex.ini
Filesize
166B

MD5
bda70c1a4011057ad36fb4047a272e59

SHA1
052bbf296f745573c4aeb01295537a232dde1840

SHA256
9b58a3dab696b6ed343d1207761455bc2ab4ca5073b2b97b822d697bd17fe50b

SHA512
56dde9a92ab5bc7d1c9df40036b9b75b4141dd7d49ef8010bd9933a740d7990c6b2d9896ce0aa421dcc8b0ea3528428bf947b94868ea758b500be5607aae0e0c

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\effects\hlsl\is-GD03T.tmp
Filesize
208B

MD5
0292f333e537a810651fc84a5fbb267f

SHA1
04263143e2dcddeb55ac1672843948a77d121d5e

SHA256
969af8275fd3212c7f5517b19294911ba6760776d313f7c67d6719cbaed9a7bb

SHA512
41d22dac930f0d79f947cf1347e712cff8998649f29193c5c28c60b4cbdec53728a625b54a82dc29179595c3f388a62343365c4461c43658c4f879290a901735

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\effects\is-Q4KUT.tmp
Filesize
1KB

MD5
3ed1fa7b09ba9276b71cc9a4e421a0ae

SHA1
893564bd075c6448509f80ddb41e72577242e446

SHA256
5fc8b8f58bb4ddf0ac6d6e001ee0272a9603ee68baaf110d8ec2bd46628a6209

SHA512
65f394fd3c8f58cd0326042b29d878c61a3bf82220e239f3935e5ed1b2eef05b765949778079ab4981f504c145029e0d9273773c3071c9898f471890d6d20de6

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\default\is-5TG4Q.tmp
Filesize
396B

MD5
5c281cabda95b2c0fc2477dafec5ac22

SHA1
e82d55ed88df93a70a0ea9c84a547f3497b56654

SHA256
7b65eab9036a1a704b8c0305adccfa3217ecd5b6815027abfd239d9c69cebe6d

SHA512
4b02867cc3a1dce82b66632b81882810c3b460efdf9c2d4a7822216f72fbb56c9ee872b65b53be57d9610bd68387e801c7b9b1d10ddc9498010473aa69fe4804

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\default\is-ND0E1.tmp
Filesize
575B

MD5
e05892c67dcd1b02b3710905fe9f9a2b

SHA1
43274b2f469ea43f72d01d30fc7677ee09b0a6b1

SHA256
c2fb9dbfbb55a2338de3b2488313b322c029cc608980e057a5932912fedd951d

SHA512
3d439d1c6a585e7ff7e10146a39ff1785dc4fce088cdbea9ec0cb3f4909c83efaff820bf4d93a744e7eb879f0093b006d88591de1f2c6924b4e57ec38ca41064

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\hqx\is-OFU0J.tmp
Filesize
909B

MD5
dcf2d658b07e3fe1394825bf10bdc253

SHA1
da4a71fab0ed1d0da0ab7a0e896a25679bbea9f7

SHA256
7bca5a72ed2165dc03dab74379392163fe61f8838980203f95ab7b0b8107486a

SHA512
542dd68e9cecc3ef196189a90850c99a1f12a274b8c454981afdb55df269a7c53cbe21f543e95a347af6692f1307b1ecd0849904fededcd2d24fa1d92737c2e8

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\pillarbox_right_horizontal\is-L4EL8.tmp
Filesize
2KB

MD5
40973563cf6df5a9377bd020837c5d7a

SHA1
1e67a5d1d1421f959083da66f9d6335afad0bd24

SHA256
cd1be6751b8b13716184bd144cba09201f2d963ab4fc837094e589f1fbe6c48e

SHA512
a551280328daf1b411a84e0febab927c2a3aa357de7d33991689363e45aac5507c9684ac65ef599ae05a02248a4c5413d975e98a99dd5696c0ba68a42f207867

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\xbr\is-FDVNF.tmp
Filesize
1KB

MD5
e3dd7d656fa68da1bcdba36eb894f3ab

SHA1
443182da7a774a3352f36f1e5b584e2982934b27

SHA256
6e48dc9ea68adceb4e9c38181a9aab10097680f939b596ab8e285116bc8c0bcc

SHA512
5e459ccb8ee94db06a71e27b6baead81391116abed363abdb95c2b37e6f97609e6ab3269a91fe5058f9245232c193e899bb425d7b675d530ca1417b924a5ed09

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\xbr\super-xbr\is-SAEFJ.tmp
Filesize
1KB

MD5
2d3821345911c831934f874bb7abae2e

SHA1
47ee954a1f3c8cb71de77785538e17cff773a0d6

SHA256
3cfdc5916f6ef92791c2fe8a5b814512f9859004865b3f7f0713ec22e95b3d31

SHA512
b4b72cd4b219cbc302216f5ec3d3e79ac8347010f51f7e5daf5620e3072ebb761d52831d0c450d0a8269a70b39cb0384b8503473b646cce72e4a540664092ffb

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx11\chains\xbr\xbr-lv2-multipass\is-LSSBS.tmp
Filesize
829B

MD5
025b715d18f9a8547f2a6a8b8ce3195f

SHA1
8cdfb252235dee8121b194c185fdd28034992ebd

SHA256
e25603839a3016fa888b9ad805886a205b03ed49b4e8611382512efa0c8d5a72

SHA512
7e26f174fc22c8965925f84e74bb5c8cb81e2ee08e71f748d02437ac4ba5543446e41b0c45315547782c4d3e4cef8895774afe7dd49ba1fce836848116aff2fc

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\default\is-HH6A5.tmp
Filesize
330B

MD5
f5369ab44ca5a380a6c3fdcdb442eafc

SHA1
ac60658b990524ad0dc0a1ecc3f156af1fd42335

SHA256
bd3cdcc8ffa136c2df88e6b66359b9c63f44c0be196949f1dc4a186af24c8f31

SHA512
0bfb61a750cf782b597a8eced776a2fae37478ad462a690690ce79cdba5d0de578aba89ba647f0db84ca16a45eaf9a5f127d5ad01036a77c30c0782ba118e25d

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\default\is-K9O6U.tmp
Filesize
241B

MD5
9a0e2cd9a35a7a5984dea6629bb095c5

SHA1
6a2d54beb0678ad25965a8861877de140f3a2393

SHA256
feee78e5729276567b86d697d767b02e53fa575c7370dfec3e5743bff119eb25

SHA512
2ed30afff43b46f2afe66d9579f2abab91c5686242d9ad63ba94092fc6cbd07717567f7914e7cb5514e5b41032c3974eb4a60f2ea61f3dac0b277ad5b531e7de

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\hqx\is-P980G.tmp
Filesize
576B

MD5
94bd21f58e6022eb70304e6cbeba81ad

SHA1
1bb83b621b7794f7f4c54a3ef70cf862ef455a78

SHA256
13fb355f6e3a53dee8a24bb24c16f1ed0a1363a4be19a763d67560abb3d44cf0

SHA512
d8fab6a82b5b040eb712591505087f96a2cb0a4d1ca253ed4e91795d3799835809e6692021db1a25885e86b45787a335e5a46b3dfc6dcf4acf04cb89e1a8e75b

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\pillarbox_right_horizontal\is-135DQ.tmp
Filesize
1KB

MD5
af59e612d04ae4c69e97f666603269db

SHA1
e2c67f1f4b5e962ec2987c2fafe0805f9c4af5f7

SHA256
63e6d21b60bfb8ccbd7c1ffe2ca601e3e678cb94ed7cc260dec117a170e62c90

SHA512
b21f0329a25897eb1fb6621de7d1317001a10bb3befc0f1f7f5b8303634937d5e56968e13f9132790b178bbb7c757489336cc8b11dc927f6044286be6fd9503d

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\xbr\is-HH0EP.tmp
Filesize
780B

MD5
58483a15c2421ff06748072f37943d4e

SHA1
2073e35d022a340a724c81a28a993eae4515ab9c

SHA256
a6038e29efc2b6dbbf1c399d89af867bf5785fe5170c586f7d2a520210f21c81

SHA512
2e447cc76038b31e22570a52eba77a4f4207d4b23ec69d7d7b6717dd81e5b8f658cc1088d3996d01aad7ec43029d7aaac3d4d4ffb675c7498d48dda7e702a777

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\xbr\super-xbr\is-337LL.tmp
Filesize
660B

MD5
e72fb7b77f3505ec92ce1ecf366ddefa

SHA1
6d5d70f47460de041a2b1c8d422b0f89e646090a

SHA256
85cc680bc0376dc87a45f5109ca6b79b9ff25fbc545c8b8511b773575b37d908

SHA512
8a2566714678bfcc5544970a4081136e5ca23182ad3cb831105792b57fa015d4d6fda0049b5f0011b8de1e9c7e55441c01215ef1b33952dabe73fe13ca8cc2a9

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\dx9\chains\xbr\xbr-lv2-multipass\is-SAFB4.tmp
Filesize
532B

MD5
9246197e48e894d6f8afd3246eac740c

SHA1
0eadf97a49a990f85588670ac269738b8ff03e15

SHA256
39b94e2954c903c5686feed9b15c615345b2e73616c01f268e54e66d1f82deac

SHA512
a59b61ca064b89ceeadd80c6214f921465900e34511dc57a9c5ab5b6cf6051c5f3fa35c35847ad3b27649dbca9cb73fae9954c4b6e3851ea42a9d6d9c338c591

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\default\is-89S1J.tmp
Filesize
419B

MD5
28714941c7f4cdc216abb4bc068d2ca0

SHA1
6c349bedfd1d522964a8e108c3d222180ac05aae

SHA256
214282b43ce33d77d51baefce3b746d3face04fb8319f663053a55cb467a95f1

SHA512
50fdd23a44f26e5c86626d82d491812cfdf9c769e2e9d767604b84b0e9138ada6c2c67dc68c3f3c91ded53a3c707281f81e9316abe40dde4e10148caabd0a271

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\default\is-FAUDN.tmp
Filesize
238B

MD5
637a5a2a2f8946b9c8c6af023bf38446

SHA1
e365a38477a8466380006a70ac1668e3df4a00e3

SHA256
e49779ea36bacd79b75b8de2d33cdd81abfa77ea3f932266dd4744afc7de0dc9

SHA512
f53cde2c7b8f1b351ba97f6dad617e1485889ff41a826c396e7a16428a184ccb67a5606f64b8bb427ae116c172f71daa9155ed84b4da62584cebe740861cc1d8

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\hqx\is-L67L1.tmp
Filesize
1KB

MD5
1681a75d0f65a3b9cac9efdec41ad64f

SHA1
93f1f95c865e99d97f8e47905950f1ab3c20ba72

SHA256
ee969aeea5e2407d7a92b54bbfeea4d1670c08b8b9cfd458da1b10614b4d8823

SHA512
4cec686cf5ff7634fb35b9922b4efe89e154a784138478a5c6d3f29260bb7fed40e8fc66c6b488b3ef81b9aefd835f12eb9b470c8965843ab4f6fd34ecef006a

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\pillarbox_right_horizontal\is-VU387.tmp
Filesize
2KB

MD5
6215790c13f2a8cff7f203696eacc540

SHA1
7aae3903ff04d2c7fe8f790af1d7cbe2e8bee8d8

SHA256
a3ff9261a5e193c731778fd91624e762e323cfa28ac7a531dd1d71f87750399d

SHA512
8930dde9d044b975d26b76517236a65a3ba618b3725e924a040258be0d72330be8820f3c19a8cdb4269a2113b84c714ec63a6071ff43e4d5b08e3f480bb2868e

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\xbr\is-M8K85.tmp
Filesize
2KB

MD5
9c8d54ab8fdb128d1b61a4347c9e36ba

SHA1
72053dbd0c2e8bc5573de31f208c6ad93e52ab4c

SHA256
933c6b3d91940800076324ba114b49df8143e954ea1466e1bb93c875e57f1a38

SHA512
f241d9d60130c052d7bc2d22d3d18d8587b5a9a5d48fee624acc0ffcfb5b5341d3675dde7a57a2a4c78fd8f445093e31b421833e56d3c36bf0b342650514b230

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\xbr\super-xbr\is-AOJ00.tmp
Filesize
1KB

MD5
24bb13831649499c51c2e20d82b30848

SHA1
efdee9cc1381298549dff27d72a2b5fa522ad72b

SHA256
fdb6a9bb56d02fec6cc4accccb07dba4010f0f7a123804eb5b4d40d9d17d3261

SHA512
163ab6af760475a195b31e16e0bae30cfda103a654e624995679cb528220df567678121fe8ec53d83e704662aa8813744dee7c3da4885af4c7f22c610cbbe108

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\gles\chains\xbr\xbr-lv2-multipass\is-7O6A0.tmp
Filesize
911B

MD5
0960efd7af44743e4ceaeaa9e1da9d45

SHA1
147f9c5eff754f90269871001845bbe1f1e85e85

SHA256
b30a5c18ec895b2c15c4c60d8b1f35afe74e305e394ec52a606f40dae4ebe752

SHA512
b954218bb5bec670743b64909f7f431c735efbced116881435f0c35ded494db58369ca1c447edc3ea84909825de9cc53f58f37ffae5ccd95bb3b2c03b454c5dc

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\default\is-646G1.tmp
Filesize
181B

MD5
3ac2fbe17797ac61bfefff74ff37ed59

SHA1
711f2c22b0c32b229918f8098825a62327ad2860

SHA256
4ebc192676981d675c397218543568cefaeadc6240cb10fbd3f143b0bd448336

SHA512
85fc2362541b5640935c27f14577de5c147545437d9bfd5bdfd8082872e2630b3afb6528435d0a2b1b2047da34764f63d64d8d9595fa13e1665f5bdfb57d439b

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\default\is-F8F6I.tmp
Filesize
377B

MD5
44aea973f6101ef79bd83a0e4d6a8896

SHA1
e6c52714e0dd0d6be386ea44d06da62784cbe99f

SHA256
81b4dfd5bccbaaa5f093a4c240e4ec1a676663454ed4879979c6c03f8e28b6bb

SHA512
742b6033cc3c4adbab7a4d9cf384c46d59e7d9c129c9d8883833b95cc1c04318f2339e36bb2b444f086bdb6d3f19d82cbcc90e11111c2d283625c52f4e56f778

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\hqx\is-9SLHO.tmp
Filesize
1KB

MD5
349a69e1ed556a383721f810b79e0cfe

SHA1
3704d2adc72dd1d7ef5955c01438901040b79b92

SHA256
b90f3cc3b85d627ec1f23b36bcfbfcd92a8360e8697722d62274502b23e3c62d

SHA512
30d3bc2217d95aa942cd47e75b5eefa83facb67e1f8f1a94fd2976fba67c4730d5d1a20e71af3d6c750acb2cc9238a0028b009a1f22a540ba3201577f26cb4b3

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\pillarbox_right_horizontal\is-OGC0K.tmp
Filesize
2KB

MD5
aaa5e68166095b611d5d21105cbc0ab6

SHA1
43a6c2f8af750f265a7691c4b4914c93855af7ba

SHA256
335ba3a123659ca47ee22db489a7eb2262f26e2ddc8e55c9f79efc8c40814435

SHA512
58306c4d252758e81c4f301c2f23bb91c77696f67fcce237ad9acef95c4122a685247887234a95e8a0e4071dad819fe08043fdda23ab80f6e2eb1d6d3e841078

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\xbr\is-3F5K6.tmp
Filesize
1KB

MD5
1d9775125f2795d1b22b6f7c5bada4d9

SHA1
553ab2b8dc3580488e9a1f800d7ec121777dbceb

SHA256
bef95cf45a24e1bfe3ca3982a67e38a8c422109021def1e0dea9fdafc778a9f2

SHA512
35c73684760ddf0f27838e66ba76a193943988bd7a6dd581a73f9dd4f36f9c1dcfa0c2e6de84fa86d916450426e40113d4044aa9be473bb4278b3d3e768d88c2

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\xbr\super-xbr\is-3CG2B.tmp
Filesize
1KB

MD5
202f9ae7598e40edcd8b4de9a65a6cc0

SHA1
50e36146a7747bfaf742164ab171eda72b4702a3

SHA256
ccd2ae5a6554ef0160b587d46b5a7a02e23eb5f29b76dfa4174960effdf5f1fa

SHA512
ae056ab1dad2cd4db622e9bdb415492dbeac901d10c6f7c6898f507f051395e3e43ab0c76e97f9db6dbe737aea8c11749b02ceabf202629a748ad0dbd0de0705

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\glsl\chains\xbr\xbr-lv2-multipass\is-92TT5.tmp
Filesize
833B

MD5
917bbc8ae166762ea3c2c9eb91b7ca21

SHA1
6da61229405e007e6cf8f5351d10089dfc759a63

SHA256
d17744dc081b527339b9451bcabd8d00ea958568b0036bfdf8df6437092e4c0b

SHA512
c6019aa421577e3b0d83f7a4a353aa2acd6232f76cc596f46a1a085bda79d5c3f44037f1e7d1017f63a726082c509da2b9a8c39f0e76e53bf139610631a765c0

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\default\is-E0L8G.tmp
Filesize
757B

MD5
f6b1834aa1c369535c3981f43376743c

SHA1
7f5bcb3663444d070b437fef2611a461afe25063

SHA256
34735917561a271ca87b567bbfb17796e0e41441ebb412a088e3f027ec2e9ffa

SHA512
8c4cd66ba393ab11de0cc1b8c446db865f9b7a577f0e27491bead006598f077e94d6d96f4798af05387186354e3aedbfb62449942df041ca3a74a73d436a9188

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\default\is-K1QGT.tmp
Filesize
634B

MD5
5d598f9146460ad456ff234e10672496

SHA1
a515a3d70d31f57509b84ed60110bbc0a6f6a40a

SHA256
26137a17d3d41ea8ac722e377d9c6318c03ee94957adc0ba6960b01deb31e122

SHA512
d8bd0e169dccc7e61a6070d19a12442f9d9e4ac3b75c04c67f0d68d0d00f4558dc0f3650835a4abbc06d89a26b3e77511af87195ce02bbbb24ead0dba42c0920

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\hqx\is-9DVDA.tmp
Filesize
1KB

MD5
2f92f5d75100709c0f2233d40816b0c7

SHA1
a354ab65b4cbd21901c4f46e05498dd80fec89b6

SHA256
e977d5d55c4e819cce331df560e33281d3fba4a15efdbffdd9486908f3637120

SHA512
50047fbaf9d0b08af3768e6fda0e24e1ea625236ed6307c2429edebadcd6af77eae20cf73acd6d42fb366fa1d34dff12ed256a8cca00f8fe53578d05a5cee8e4

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\pillarbox_right_horizontal\is-FC3TB.tmp
Filesize
5KB

MD5
703315922c5484499587d9b6c18e330c

SHA1
8ecb67df20c9aa8678d7f70d74fb920729d2d228

SHA256
0318c1509682f779645c3b7aeec56a8ce64a2575a485a655f63ecd8156763a40

SHA512
d8709f164d42b5dced0e64bf02330d07a84fe80cf755e09e3d9dd897966dfb716e4f96dd599ec84a0fb042efc4f9ed5d8af821dd6283eff0219e92e3c1ecc5f2

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\xbr\is-H3QPO.tmp
Filesize
2KB

MD5
bdf40ff1dacf7c90e5f646760d0eddd5

SHA1
0f639dd62c88633ec7bb861ac48b468090dfd47b

SHA256
e081b3bb503db08f028d56a0e91dfb610d3356202fb5716a7bbc7f3eaa7bca0b

SHA512
9f7cb0b986ab0da7f1570f82c6e206684571b8c7e37cf42ae5680ee862de318fc571017624c60d9d93205f587ec995925fd774101b802716f596b12ae88f7def

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\xbr\super-xbr\is-5K44K.tmp
Filesize
1KB

MD5
df12e450c7bbed300a3b302230f30639

SHA1
684b048779ff4d654b65d1a37f0e9230153c4e4a

SHA256
1a9dc106b633e1492bb4431b3bad23c281151dba43a36c834b051c2f137c47dd

SHA512
92fd993258d98168967a02a553fde4074946c8e2e9330fd2cb0bf61509301041bf5d52e7be868c6c1c7c2a0af2f52b9d0811a3d67bd7ab1c609f5ed1769394e8

Download Submit
F:\3H3Game\铃儿响叮当街机版\bgfx\shaders\metal\chains\xbr\xbr-lv2-multipass\is-SO9DV.tmp
Filesize
1KB

MD5
0d8134465231818cb40be82e6257dff3

SHA1
cd721c1b5ce4d6017a674517cfe74f37b819b8b7

SHA256
eea5ff743033e1468a55c88262621aa73212b86c8f487f3898e4bcd5fa3e37df

SHA512
80a6c0654a92dd240a375f09e1f0da8caeb1f01891a6441a8aecf357b0064e5baf4314f1ca205679dbf61bd01f6554a43cfa76802911dcd49dbb61486a6aa5da

Download Submit
F:\3H3Game\铃儿响叮当街机版\hash\is-S93CF.tmp
Filesize
6KB

MD5
f2b7417e4e84de8d729f1a205103181d

SHA1
71fc7b42e6f0a6aa0b794eb92f9b746f0f69d3d4

SHA256
4d2eef679d5faf924534bcc132646322e9a852ce50ae5616694e0b95f7b8275d

SHA512
615782ab0f666aa16bcdbdb799b97b4c5b0b53e8af34b7ec17e84afaaf715242095b615da620eefdcb986656ea26b20d8a4ffc046f86f102e0e356bc9206defb

Download Submit
F:\3H3Game\铃儿响叮当街机版\mame.exe
Filesize
6.5MB

MD5
880155045f058d5a3d4e37e7d8fcc250

SHA1
5b987bb67413aef9dcd123c27dce782317fb3042

SHA256
b7e2d4cd0ce707c573611ca0647d07a54dfbd299f48611886f3fb949f94648c8

SHA512
308785f0661ce8f5e262960a542cbf17f5e564a6fcf0e60b098881a6433127e94772071d632e8da7567012e14a4b29e9467a36351280ec62afb0310bbf6075c3

Download Submit
F:\3H3Game\铃儿响叮当街机版\开始游戏.exe
Filesize
4.6MB

MD5
dc9e5ccb906ad5c07b81236e9ccaf697

SHA1
8c162bb3427f02c8ca227a72345e8050abe581f6

SHA256
492c699db2522c623809b807e7ec44b5c87b70b82a20b776a02a8534dd6f56e9

SHA512
6cb59c2c603125a0b60ea30a7d5087a24ef0b86b7736e5506a4834deab6435dfa4fee4c2ae88edf9b208200d1a8b34c3a4afe6210b3723f0b2d5361ac29a6a18

Download Submit
\Program Files (x86)\hsgj\steamgame.exe
Filesize
5.2MB

MD5
f445a4d1333de480be8bae8494055e54

SHA1
8af84a0caffe801955d9aeb9ce59a3480fc42dd1

SHA256
dbcfc425ac0ee71e8f31c1d8cf5abbe34f453c0387dee452f7d4890b86acf502

SHA512
8210460c2df7dc9cb91c373f7070d1a98b0fb9ebc55e424b4db30e248213fccfd0334dc2782d0adcc0609472cdb90caa432d953a9d116b178200fb45da8900f4

Download Submit
\Users\Admin\AppData\Local\Temp\is-EHQRI.tmp\ItDownload.dll
Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
\Users\Admin\AppData\Local\Temp\is-EHQRI.tmp\WaterLib.dll
Filesize
123KB

MD5
b4ae1b26b68545a823f067738a6877f9

SHA1
a90a812cac906afb2fbe2a400746de67c845ecb0

SHA256
57ec9023fddd0e0dedffc93bae937442eebd648a4d14383b22fb1a787582cbbc

SHA512
64b6e3ac5eba6231dabe61b73feb8bbeb2015cf871858aa0163fbc84b41912f8453aa16d6939f4d82f235929dbe333c5534965ceb2c83c67720f5f336ca3ccef

Download Submit
\Users\Admin\AppData\Local\Temp\is-EHQRI.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-GFDH7.tmp\bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.tmp
Filesize
1.2MB

MD5
8e0ddb4adaf6be75c54eb51e2a841cf4

SHA1
3e7c3d2ff1cf1ab840dec2fc36cf9bd6082bde35

SHA256
226e75f77ab964903d60045f7c9172e8851649370051eb6acad7d94691e945b0

SHA512
5a3e8184523b932e388643d6c51b0ef831e8e12ce5be2e6618bc373ab8e16404ea3d79b5b5651f243af3463ff35caf05a2355e5ecf587a7dd7b0b590cead3f27

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7CA0.tmp\System.dll
Filesize
19KB

MD5
e4ff29178a7b9e12d5b4fa9c66330f62

SHA1
09545df66c7446b35b9557225e2d28f867dd17ab

SHA256
d3e634ab9b67b94d48e5cbf14a0e5cf320a1c2e0e20e2bf5dd6b6380e264bfc1

SHA512
e86bcdd3e4ffd3cfd4d75390f64edd45b66f9bb3c7901ef2d4d575e3572ca94ec2a9736cd218f21c09b10c6c0440be23eab5be8bffd0d783dc3acbb1ffdafaa9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7CA0.tmp\nsCommon.dll
Filesize
2.9MB

MD5
1ff2114b98454d114a37206f492a38e1

SHA1
194b040c0eb7804c2beae992eefb528c4944feb5

SHA256
80c4e88a0a9679f4dbe73063de109434c8ef3dd78228a7ccc7e474522fe25e2f

SHA512
b3ab9408015f2f61c876507465a0ee8da80cff60c1b2e68872e52c74ed912ed676d9311c05557ffabd7c30285cee4b31d6f9d8787c7df7e0a54b61323818440c

Download Submit
\Users\Admin\AppData\Roaming\WebGames\STEAM_dangyou01_2.0.0.2328.exe
Filesize
5.4MB

MD5
4e8f17884078d90fe7d0d6594d06e42c

SHA1
6d13a8fa1f89d0eb1fabb83a059c162e53b684ce

SHA256
99dde8d11794e1e941210511f5b567d156eee02505fb5543480ffe0551a57fd1

SHA512
3b024a4e835c01a290df1f886690fae000909cecd7917db0aa2c654c45d9081af5563f30b2c9e141d866802886d84f1527bbf73e3462b34437ce631886c07189

Download Submit
memory/752-3183-0x0000000000400000-0x00000000008B2000-memory.dmp

Filesize
4.7MB

Download
memory/752-3142-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/752-3200-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/752-3204-0x0000000000400000-0x00000000008B2000-memory.dmp

Filesize
4.7MB

Download
memory/2308-3053-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-31-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2308-3048-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2308-21-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-396-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-16-0x00000000030B0000-0x00000000030EC000-memory.dmp

Filesize
240KB

Download
memory/2308-26-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2308-27-0x00000000030B0000-0x00000000030EC000-memory.dmp

Filesize
240KB

Download
memory/2308-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2308-28-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-29-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2308-78-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2308-3119-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2308-3121-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-3120-0x00000000030B0000-0x00000000030EC000-memory.dmp

Filesize
240KB

Download
memory/2308-33-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-34-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2308-3154-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2308-38-0x0000000003B20000-0x0000000003B77000-memory.dmp

Filesize
348KB

Download
memory/2308-36-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2992-3155-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2992-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2992-25-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download