cc0ba57d22a109c9d0ea815a79f3a533fca7dbde2489cbee4785582954df3f0e

Analysis

max time kernel
311s
max time network
307s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17-02-2024 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpeedTree_Games_v9.0.1_Windows.exe
Size

770.8MB
MD5

688a99b27edf0211f2d2aa20cd4f96f4
SHA1

f4fa9c3eaa9a4aa54eb9bef005d1c79893eb800f
SHA256

cc0ba57d22a109c9d0ea815a79f3a533fca7dbde2489cbee4785582954df3f0e
SHA512

2167d571f32308864b06872b95159e43a7f71e2fbe17070c41427cd49b69dfc72947861a7eb0dbd97d3f8276d8026167e271d12f20250f65bdb635a2e90cfb90
SSDEEP

25165824:Ag8+gY/aRaR7Ap+NLunF9URSDD+M76cYyP:Agzgiagt2NntDL76cZP

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	SpeedTree_Modeler_Games.exe
File opened for modification	\??\PhysicalDrive0	SpeedTree_Modeler_Games.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Conifer\Leaves\is-7PF47.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Asset Bars\is-GK3F0.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Asset Bars\is-KS8S2.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Property Bar\is-R03H4.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Property Bar\is-6TOC8.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Property Bar\is-89LN5.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-0G3HG.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-RSFN1.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\light_presets\is-2HAUK.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Leaves\Dried_Palm\is-5EHH5.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\templates\_Decorations\is-VPKQF.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Conifer\Cluster\is-0RQLG.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\templates\_Decorations\is-78NR9.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File opened for modification	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\ssleay32.dll	SpeedTree_Games_v9.0.1_Windows.tmp
File opened for modification	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\vt.dll	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\is-LBCGN.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Force Models\is-0VL9I.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-1IC17.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Leaves\is-PQ6SS.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File opened for modification	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\boost_date_time-vc141-mt-x64-1_75.dll	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\is-POAID.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-5E5QH.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Photogrammetry\All_Mesh_Tree_Example\is-S5QJB.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Generation ToolBar\is-CFVG5.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Property Bar\is-EHHLR.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-JQ4F4.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Bark\is-1CV70.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\blend_masks\standard\is-9UUBF.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\is-ASQQV.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Asset Bars\is-OIHVM.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Asset Bars\is-JKHL2.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\light_presets\is-6QPMB.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Clusters\Whole_Frond_Cluster\is-OFL0S.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\is-9VL57.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\render_modes\_Material\is-F2QSK.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File opened for modification	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\pcp.dll	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\is-7625D.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-GE08I.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\sketch\is-6908O.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-3GEKG.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Photogrammetry\Oak_Photogrammetry\Mesh\is-F47VP.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-GS8N5.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-I638M.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Bush\Leaves\is-7POTG.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\render_modes\_Wind Weights\is-URCIJ.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Bush\Cluster\is-LHHVA.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Conifer\Cluster\is-VTQGH.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\is-3N74B.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-PT6H2.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Cursors\is-SUOGA.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Tree Window ToolBar\is-RDES5.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\usd\usdLux\resources\usdLux\is-0P03F.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\usd\usdRender\resources\is-C4APA.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Photogrammetry\Oak_Photogrammetry\Stitch\is-SSMHH.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-IIUAP.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\usd\usd\resources\codegenTemplates\is-9LDKT.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-PH9UM.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Clusters\Whole_Frond_Cluster\is-N12R8.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\texture_packing\is-HLFDU.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Force Models\is-FK53O.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Bark\is-R7GF8.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\is-48EV8.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-G5KFI.tmp	SpeedTree_Games_v9.0.1_Windows.tmp
File created	C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\AppStyle\is-8OMES.tmp	SpeedTree_Games_v9.0.1_Windows.tmp

Executes dropped EXE 5 IoCs

pid	Process
4820	SpeedTree_Games_v9.0.1_Windows.tmp
4464	vcredist_x64.exe
3616	Setup.exe
4640	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe

Loads dropped DLL 64 IoCs

pid	Process
3616	Setup.exe
3616	Setup.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.spm	SpeedTree_Games_v9.0.1_Windows.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.spm\ = "SPM File"	SpeedTree_Games_v9.0.1_Windows.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\shell\open	SpeedTree_Games_v9.0.1_Windows.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\shell\open\command\ = "\"C:\\Program Files\\SpeedTree\\SpeedTree Games v9.0.1\\Win64\\SpeedTree_Modeler_Games.exe\" \"%1\""	SpeedTree_Games_v9.0.1_Windows.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File	SpeedTree_Games_v9.0.1_Windows.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\ = "SPM File"	SpeedTree_Games_v9.0.1_Windows.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\DefaultIcon	SpeedTree_Games_v9.0.1_Windows.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\DefaultIcon\ = "C:\\Program Files\\SpeedTree\\SpeedTree Games v9.0.1\\Win64\\SpeedTree_Modeler_Games.exe,0"	SpeedTree_Games_v9.0.1_Windows.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\shell\open\command	SpeedTree_Games_v9.0.1_Windows.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPM File\shell	SpeedTree_Games_v9.0.1_Windows.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\ProgramData\Reprise\:lgylqfxlctqffeusff`npefmfs`hbnftqfh	SpeedTree_Modeler_Games.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4640	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4820	SpeedTree_Games_v9.0.1_Windows.tmp
4820	SpeedTree_Games_v9.0.1_Windows.tmp
3616	Setup.exe
3616	Setup.exe
3616	Setup.exe
3616	Setup.exe
3616	Setup.exe
3616	Setup.exe
3616	Setup.exe
3616	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4640	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4820	SpeedTree_Games_v9.0.1_Windows.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4640	SpeedTree_Modeler_Games.exe
4640	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe
3832	SpeedTree_Modeler_Games.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 4820	4328	SpeedTree_Games_v9.0.1_Windows.exe	85
PID 4328 wrote to memory of 4820	4328	SpeedTree_Games_v9.0.1_Windows.exe	85
PID 4328 wrote to memory of 4820	4328	SpeedTree_Games_v9.0.1_Windows.exe	85
PID 4820 wrote to memory of 4788	4820	SpeedTree_Games_v9.0.1_Windows.tmp	94
PID 4820 wrote to memory of 4788	4820	SpeedTree_Games_v9.0.1_Windows.tmp	94
PID 4820 wrote to memory of 4464	4820	SpeedTree_Games_v9.0.1_Windows.tmp	96
PID 4820 wrote to memory of 4464	4820	SpeedTree_Games_v9.0.1_Windows.tmp	96
PID 4820 wrote to memory of 4464	4820	SpeedTree_Games_v9.0.1_Windows.tmp	96
PID 4464 wrote to memory of 3616	4464	vcredist_x64.exe	97
PID 4464 wrote to memory of 3616	4464	vcredist_x64.exe	97
PID 4464 wrote to memory of 3616	4464	vcredist_x64.exe	97

C:\Users\Admin\AppData\Local\Temp\SpeedTree_Games_v9.0.1_Windows.exe
"C:\Users\Admin\AppData\Local\Temp\SpeedTree_Games_v9.0.1_Windows.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Users\Admin\AppData\Local\Temp\is-D9ARP.tmp\SpeedTree_Games_v9.0.1_Windows.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D9ARP.tmp\SpeedTree_Games_v9.0.1_Windows.tmp" /SL5="$20248,807209388,831488,C:\Users\Admin\AppData\Local\Temp\SpeedTree_Games_v9.0.1_Windows.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\Win64\SpeedTreeShellExtension_Install.bat" /q"
    3⤵
    PID:4788
- - C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\vcredist_x64.exe
    "C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\vcredist_x64.exe" /q
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - \??\f:\0b38a463f771c73698ef82c0\Setup.exe
      f:\0b38a463f771c73698ef82c0\Setup.exe /q
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:3616

C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\SpeedTree_Modeler_Games.exe
"C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\SpeedTree_Modeler_Games.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4640

C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\SpeedTree_Modeler_Games.exe
"C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\SpeedTree_Modeler_Games.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\Force Models\is-3B511.tmp

Filesize
199KB

MD5
1ce5c238abdb39b68324ebdc14d9050e

SHA1
e7712abe4d00ccceea2fe0a8343f1dbc75a85036

SHA256
cace9a5bf2407b424c9b55b3de71c4e6c7ed23558a197c80377130adebb6bf20

SHA512
f00553dc7933543867f9a14a7ddeea4cde4e7e446d480f7640cf5fe006d122e05423e618aed0f2a8a88edb1f3e1715e5223b9f864c57104ad566d07da207bedc

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\is-72AL9.tmp

Filesize
256KB

MD5
a4243c6c0953fd7f566f799ca93e9cd6

SHA1
609fd3b4deadc662a48a7f93acbe8da269756946

SHA256
2ceaf742de56f569879b5615efa5ac10b04a722e48755274e2ceca6fff9b0bf9

SHA512
fd4c90e5534899e28c156b82a6638be7f532bed1dca5436dd89cafe8b1c7ed179238be09df3cb8768657f2271a0b64bfe75bcd52fd5b74127fb2accd1414e1b5

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\app_data\is-CKASP.tmp

Filesize
256KB

MD5
d0275164a2d1e9deb72a4df057cbb743

SHA1
45e882086c24fb59d6c72087ce9ccd304ec25295

SHA256
30e33ca23ff8bb5ebd27790024a566b4c61da877732dfa9a17aa45290d638a85

SHA512
1b13ec1c8a82252953e5ddcb589af7835c46cd59bb5ddc8858aaaafc8383680f78e4a9d5666dbea33096f4057d3f94bd4479fd5860fcb6092fe7c3f23524c638

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-1EPM2.tmp

Filesize
1.8MB

MD5
1e44ddaf8c3de09671684843d92c4d32

SHA1
bf045e1ac0fc3fd7cfeb39e0af0a9a02b2fa227f

SHA256
169c5166f8f59c0cf4a395c9cd3e60cbec0ebc24b7b26820b610fa87c6bfc7d3

SHA512
14d75b6250982a0f1e6fe9cd555bfe071f57d3df2f55ba8b21163626bf0b499b2b4f216e87e084d732abde253cf0c5966aee6990b49f692cb4f335e0cb418d1e

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-6OI7U.tmp

Filesize
179KB

MD5
b634c45662df083a4e29b8a101a16ed4

SHA1
ee6447f2a878ba781c115e0c796bc30ca262db91

SHA256
a0c0bc33b1552adef5ac3345d7e8e7724d02bceb9df3267664466ccd369eeddf

SHA512
5f0859e40c98bba1916334c91a99e28082a6ee05b7e055da7ed1c3701d679f15da916944c6e54857a7d0a435ef0693f35c34fb94b5aa61ab10d689ceb462b534

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-6R3UV.tmp

Filesize
753KB

MD5
0628a6162116586d1da6392f4ec09107

SHA1
51dabebf271b4c2d9d0fbb26754f6b11efc5b49a

SHA256
9ce30852d174cb87ba3f25fb9695e4b3e4cae4b43e39b8e81e15d1a76642f4a4

SHA512
78da2dc24d1feff59fa9e810f757fce89199576bbbbbdad6eff5bcd76fb905b5bb08d7e9cf81b4dcf2b53fc3b289fc286d170dbb5af0a749fa7afc5afcd417c7

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-AUC80.tmp

Filesize
951KB

MD5
bc49b35e48527d5b73337a9ff124f51a

SHA1
dd04f4ece8b8ff0b8390a07b29ac9f767f1fa9ce

SHA256
b5711255fdc5e8c82efdeaae095a2eeccf305914fb774b54dd4f0e0b42048745

SHA512
18aaf4a92951e3004789d614f3c1d18058c2043a560922e08336bf044536c4ea1e94ae6d11ade46308ca217b1debbe03146e6817998ecbbb0078027cc8e994ac

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-NMRI8.tmp

Filesize
233KB

MD5
5ade0e7bd1f56c265d1a911b815a5684

SHA1
fd6ee30b74aac6fcf6888978ebac7769fe30e06e

SHA256
6ae8a64e658565ecf902e120b988427ab9f65aff75fc44077c6e86cc7c09e207

SHA512
9cc37206d0121c6b827eff84482da6d35def15c8808839f4c39105878f0c7759d93598365a1fda9118e07c00b836c7e704dfbccafcc80cc93c90eb008829df62

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-PH9UM.tmp

Filesize
70KB

MD5
a7d0c2e7158791cdb06ee1e3daaedfe7

SHA1
80fd08d513987e06d20d9910104cd797dfd83994

SHA256
ca0186ac67828d3105f47af90ea39e0abad0fb36dc2b5b1eb3950e8b9431aa05

SHA512
3901edc601cfba42daa8b4e776eab7334ad68bf417e248d2761df96a986bcbcd8bb09cae8178d17e50f8486afa4dba079a71c35c33d769b6ef9583abfccefdcf

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Broadleaf\Clusters\is-SHREE.tmp

Filesize
88KB

MD5
97542a643b5bf512fbbc05f3d4481a17

SHA1
a6d1257d8f8673bd168f0351a8b567a4cf57dad3

SHA256
43629d322a86f0bc913c83d6167822f808de14fdb39de6c13bcf0018962d2779

SHA512
4de89488036583970c68b49ca9d0059b5369c1f5f24a21ef098dc6daa83a031e33b0ac0be9d885cbea7c0deb7e3297111a34118131fc36be4ec104e6e454f7bd

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Conifer\Cluster\is-0RQLG.tmp

Filesize
67KB

MD5
38e68ec43aee730d5ffd24130b5831a0

SHA1
28ada05ce1eb7c8a4f3cf6fbbae088fbbf6e041a

SHA256
272a9871ef7a21537140fb1eae5d5a5c8560baa7ea42dd3bcd02b20d5a49e980

SHA512
5fd34cf28eb81ff2f32d932e432bef9f341e9f1b43f4a001c4f1ec9a25ac2e67cdf35d5cb0540ef1430a66a62ffddcd230d5ef5baec6a1711c7adb5f01bcd925

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Conifer\Cluster\is-NU5B1.tmp

Filesize
17KB

MD5
b4a1f47b50137bf3dec1d99a24b3dfd8

SHA1
eb6fa69f02ee46d2c628a3e93f56e51e7ec123d0

SHA256
f1716482f255766f94bf7629e401cd8d07733e055edcd988288767282d17fcbc

SHA512
cde2aa01ba13eab6692c66cbe750873ba98934cf9439be5d22cc40bedd81147564f3e89a7bf99f6011564f85ca8e88f52761be5ceffe1ef413820de800fb0be8

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Clusters\Leaf_Desktop_Cluster\is-6ON9P.tmp

Filesize
16KB

MD5
2c883cb6cf5a0e019315e8c005470d5c

SHA1
c2e7bb3377441dfa41ef44b6783c75b1c57f32c0

SHA256
dbb92c608c33031900df23984de58e34644ead980408ec47a886bb81645aa7c4

SHA512
d7ba7eb3308da34a468ea3788571cecb1f345eae5791daea85c8e927e1d7ad471f44cea59822798f3c7b12b6f274cea8b618d4b4b3b272443191fd2c1db8928b

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Clusters\Leaf_Desktop_Cluster\is-R556C.tmp

Filesize
82KB

MD5
29a4c1cfa70f7829d9699a96737d3b7f

SHA1
cf525fc3843c5d8ccb0084b138120e07d35d285d

SHA256
e4d00fe81a976460a1f74959d29912f9a530144b79389ec1b75f5ac4c3b4a722

SHA512
be41f3a64f49bc7495b300c3e305f7e6eba00c690e94de660979e4d284006730ca001bd7001611a06ff51e4aa08a2fdcde118768e025d2121f178efb2ef0c50c

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Palm\Clusters\Leaf_Desktop_Cluster\is-T8EOR.tmp

Filesize
90KB

MD5
5bd4f24dfb87ae0b610f6d76d07ed626

SHA1
7066d3eec62e554e2e9c605cf4eab7ead017fe92

SHA256
766f5d3e60612ed3e1eebb513cb5db134979b3dba534083a26494ec7f4617ef9

SHA512
5685928dd2fc693182908c115a6b2fe733949447fee3cbb52adf6df3f0764eb1a122445fad44ab9d709741470d12a9e8a63024a6afccbc73eb93c7a99ab9a539

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Photogrammetry\All_Mesh_Tree_Example\Meshes\is-3FDKH.tmp

Filesize
587KB

MD5
31e2be230d2cafd49b6f7af252cd329d

SHA1
791d53fbef824eae3f4a89b8535b97e0a7884c93

SHA256
d6882e7969c741dfbbccd03fe61164d025a8778c0bf1f97c7eddd57226430f77

SHA512
1e7f53960d0ce5d5969791595a920edd46fce9d791ef8ac891aebda6220ba57b7a1f73eda78d03499569e441b937593d8c2d2fe10c83d7cc3091aeaad5c1a06e

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Photogrammetry\Oak_Photogrammetry\Mesh\is-V4D4H.tmp

Filesize
913KB

MD5
9c9c1b078997c5f3d527d3f96c38e185

SHA1
6b15acb18e77f657dac904c7ef04cb524b6c1208

SHA256
57fde547c36f326e879e0a3d3a030c5d45d26f46107a1eb57dffb3e1825cc914

SHA512
c0e2a53a3469309147a8a6a6a92ef109680e27c167484f03a1569e9b8aa772af0de460fabbda86520bdeb6432b854cd841aae7ddcf1f57bd467576f33fbd9e5c

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\samples\Photogrammetry\Oak_Photogrammetry\Stitch\is-N9G4K.tmp

Filesize
361B

MD5
5adb4f85ab6e92d455510d219f1d1b55

SHA1
1b1a62b3fa0ab3ed618ae85032ed1ddf40da7f11

SHA256
7868db213681974ef2c1b9903ad23659502ddeee8bc2891d27171242bced95a0

SHA512
f758e89bb8750745e9950a0eea22dbbd9197a31bc2e449703435b7a587d9c9158b6b9692e390da17cc3231a6b08a11d9e9d7c2fd34a718d6dfcc887ddb070204

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\Alembic.dll

Filesize
256KB

MD5
782fce9debee3854b447c75783444d6a

SHA1
8af8c25c25fd493d8bf531dc22d00216be8e9f9c

SHA256
225baebdb48018e28c72e8e9a538d50841ec1420b1d83a3f4f5be6e3e58f2b36

SHA512
41717f47d823176402acddfc53ce0b743aaa84dc29599bc91d3d637ce457639036f5442d02ab3b69c02b321be9bc9167af4b445d87a95e2200b69b3846f350d3

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\Alembic.dll

Filesize
1.8MB

MD5
27b3d2d1f3b15882377db54b39e3049a

SHA1
cb46b7dce307ec0eb03ca0c320258113054413db

SHA256
5be49a6f720b9754a2b87c6f95cfb7031566902af1c450409753a43aabaab6cd

SHA512
cfcf30f044d3430d5eb5985d926132f0e055971cebfda01d6f603187a827b33925169b63fff8d2f7dc5d6f7d7b7a43eb8da71de40dff3f848fdf157d5ee4f410

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\FreeImage.dll

Filesize
1003KB

MD5
d2402a8a78173dbd4f9416174694aa70

SHA1
cdf9f83755dd2be3768ea92d55cdaa2f07abb7b8

SHA256
eea61443dc9cea823a236698e9f59477da3093cd29d113b635581f9161cd8e40

SHA512
d89afc0374f8366a424cc039cd54102897c43a3da2b8d4c64e7039c687084d86f223b95ad037ddf379e85c898f5a643f9c25668e395cf83f5b38e08ead33d42e

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\Half-2_5.dll

Filesize
128KB

MD5
7a2ca66e68b668dfb6df9c925d184141

SHA1
ca83904e6486241ea0fecff111275d433e8c8f9f

SHA256
a666a552eff4ed53fdab8ca8705d70d46b95171cde3d53ebd086b3c4223294ef

SHA512
d0101423daec74afbae22f872108278d1a11189d4b5990c27b19e976f0aba2e27301fb34f2f6fecb4f0b737b8d6a02816fe3edb3da7abe159e1b279eda97bec3

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\IlmImf-2_5.dll

Filesize
2.7MB

MD5
745b3d20c225f58b7eacdf545f2d93c0

SHA1
db5113caf29dffef4cc540a180b0308c91b0ee05

SHA256
a4c2bb60d81ed6b17aea0df50b69f4c05e623f3097ae01dd3296ad6da02b8df8

SHA512
6423e5846d7b84e64ec32d41b628cc920992b714c5a832a5483727722fedfe7a37240765bb0b71a97e0571a3af1c692b07885b221e6c7bb0a143848b051df8c3

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\Imath-2_5.dll

Filesize
84KB

MD5
1f28a32ada5099f878e0e7060e7e690d

SHA1
49dafbdb0a18f09d70cc2d7386da2a5303cad5be

SHA256
a272c2d1932ca964e30e4afe3c5ecf1d11851d21938cb6c802365e90f247cfd0

SHA512
126e50c4d773d966a56595cb6b2c3579b763a7279b130f9251a3b887330d39b5cec10a9f0bea9286142ac3133fe639c11c18fc7d58df7a4eafe4cfc001b7f86f

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\SpeedTree_Modeler_Games.exe

Filesize
1.4MB

MD5
1824a987f446caad8ac360c29bdc2ab9

SHA1
4a2034a70613c019c84557b793a08c35ecd91889

SHA256
7913282a40daa891c907024bedb14ad4856b5b00e5ce29366c19fd6ed8e1fb26

SHA512
a9dc4b1395338c3315bcaf94e641c6b25d9879d2441f42e05491c0681b8eeebf4298cb2120c052ab8ae3a3a0a07865bb28f2ed4cd12d589d5b545e2f47bc5c9e

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\SpeedTree_Modeler_Games.exe

Filesize
960KB

MD5
2e70382d1a7a6a7e78bea34b86898758

SHA1
a29f23ccc33072f90de07a4a91aa297a8c65fd26

SHA256
f27060b3f0f1501d80f95006cefe568aa3e39741b52010cbf7e5396a8e4a87ee

SHA512
95a3080b1760e91e830d3c3a78ceb4572069344c376b06c13b15da65103d71c9fc31979f8dd154aa8814e26e9f883d20afe896a8094115eb250025292d9fdd97

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\embree3.dll

Filesize
3.3MB

MD5
b7f8ef5c796901a21fdede7fa3b9c8ae

SHA1
0850d997d2909fb2de21a685dafdb57fc1b421b4

SHA256
b3211da278f3b8729e9f289672c587870da9f480eebafa78069f4405fc6fd8bf

SHA512
199850f58241cc00e2cb114797ef1bfa87becdc5a8bb5e5788bf3022519c403a1dd11e0e1c187bef234b9ce62f0ef540896c9a341d0f3dadf4aa6f088deb27dd

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\gf.dll

Filesize
558KB

MD5
8751d298a3e010b8d9bb61a0ed2835f2

SHA1
ff2df5299ed220a683498a84b2c07c5a27350c9c

SHA256
e55390f755e029ba4ee6adf1afc6f98c922b97d17d9aa2c13a78c932f2e8f3ca

SHA512
59f835d6c2e7fc16af08732bec905286f92b84b204ddfc68cf0ce2fa201cb4a4d0d57959c15a7a09a6c23b0ef54e2cf2819806184f57b657b7dc3fc59b037446

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\glew32.dll

Filesize
446KB

MD5
027b80e5dd088f1f7e2a3de2885427aa

SHA1
17ed52982a4bbc74c62825879a047b6d61352c2e

SHA256
0dbae8f2e0943899ace651a7f34bae111a655d692119f773b831bfabe4ed1706

SHA512
adf58cbb8205a6fa6f2f996647b5d3c4c73595de6d02bdb15c7e919dc6459198b8dc391621b64958796a6128c5dab580d721a4b2375475efc0d6f19243411d06

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\hdf5.dll

Filesize
1.3MB

MD5
5afd2c4d25d86a70c491728e0cca6906

SHA1
710f907b022887a932526cf8249848cc371e5756

SHA256
ad8fc76bc2d53d8e369c59b4dde1cd101577590a6e04161c7b7d9b5e7c9db451

SHA512
0a36fe26c90d87dce369cd1779927a1b3e0b38a92158e74be654cd02bf709c13c1458b4c4e4b80bb584019ffb6baf8d27afc6de232827f1f4d87c3b1b9f0a618

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\hdf5.dll

Filesize
128KB

MD5
3760884f431c3d58661bd99d54097fbb

SHA1
a9ba51ef9c51f0217ce5398658f392ad6e30b858

SHA256
6ddc9150192f9e0249d329ec89e799dbab1179952d5043108c4ee78ec59d0ae3

SHA512
bf2561dc6769fcca694fb164251665925e3f039d713025f5369dd96695bce72991647bcde93e3acc83bc75f5acb13e9bde17bcc9279c0b10e067d2ba0b8a2bc9

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\libfbxsdk.dll

Filesize
3.1MB

MD5
8f4bfa9dddc1ff539ab5e8a815c9bf20

SHA1
013b417728eca81815040d3ecb635c523d1c1d65

SHA256
6da9b9300401021b1bef8a09289cbe0c9dd158f34d5c07c80746c1c970e7e638

SHA512
f95c5bdad880cfdf61acb8ff67828904ecf2c22a7eb448189748744a4ed551bbeed1517e21b16d9e4afee0640ed1cba1b39b98b0f84090bd4085f7dcbeca5fca

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\libfbxsdk.dll

Filesize
1.5MB

MD5
a7056ac9c4c14772170a9653679e99cf

SHA1
a3f57424ffb1a9861c879af8db06784e57da1919

SHA256
3f85256ad640b9911150c390dfdaa13e733d51a523a71f7ed8184d6c12a3508d

SHA512
f4e5f25ec777c5cfc8834d3fea1806f4ea1ecc8f4d6990ffdfca5164d12ca54113083f7622151019a6adb5d2a6f3646d1d09b9d2bd7288498d56770fba99300e

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\lua.dll

Filesize
229KB

MD5
6c5ba874afdf510e93c19e51b220707e

SHA1
4c87399a16628768fcceac40b12c65b6e623456e

SHA256
92864ff817e7b493e9175e482fe9376f004edab62130ab68ee1485f0aff42249

SHA512
169593e188a817e372213f6296ea68d988456b6d1b696d61d8dc064136e969ab2ac6f68bcee993a8918bce41a1650b7c55a5e62b9d2c0a2b8e6e3ea31142270e

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\plug.dll

Filesize
236KB

MD5
cc7dd776bc46e4758afa7de33bc8bbc7

SHA1
ce42e8fc9ad10a6dc0590b1394060b09d5494a9b

SHA256
5b184b6939a4dfd7eff24a473372412eb97dd02a1ad3eecb0de294d71bfb9edb

SHA512
b8238787771a0fd87eb18d9ba46340fbf4b5edd4abeee1c9459b13e53e2837d7bbe0e07cdf05cf6ab74197da796c845a6c2b275290189177ee8ba33383468bbc

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\pugixml.dll

Filesize
173KB

MD5
0c37110e8786527888c8e1cbd09275ed

SHA1
b7de676c12448110d6ad0f36469034e1dc9e0a61

SHA256
033949649e1d414ddcd9af941a8e96a1f85ba50c69a2c0eaefed9180889735a9

SHA512
6409b0bbf4e6910de1b7f4683182abf8cc2ce733e80fce53a2265ebac6678e50ebd88961d3ebe18343e40b106c216453393a985498edd7819415fad709cf7d6f

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\sdf.dll

Filesize
1.4MB

MD5
e8abdf0d920214b429ad014b750935f3

SHA1
9e6601df5da4957afd47b8b472bab73ccd002abf

SHA256
4a4df021fc534a9b38ecdda89f0fd7e09862d59ff8444b65d4e37cb0e075c362

SHA512
e1256c156e30e1faf21fb74100983ecb76e73e879a2a4cfb76709337909661e106537d563c672db0911c1024d4f9c328f2f42e0ccc4520f2e605ae05de8c6807

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\tf.dll

Filesize
700KB

MD5
cb455095e1272eac9b2167c81c87408d

SHA1
2e68a19f5487d4834bb6ef7794640e8284b5d395

SHA256
61964ad56eb399cb7bf1b072ed02daa4808b60c06f5f8e7fac1c83ddcb5993c7

SHA512
b5237249290c2e47fce3b6a0ec64dcbbb00f45f6de00fd058cff70324618c6544abda0f22d6c4c50915b30fff1b60e1dfb7dee4f6d47a75513f812b982f56526

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\usd.dll

Filesize
1.4MB

MD5
856e96dc46a3bda9381c9024c64ac6d6

SHA1
b7bd554e3d0a6e4247ee752860e7275ba6b4e7ca

SHA256
0ab7669e9ae6104e4a26e33c1537c9959aab63435c6bb7f7353dbb7040467edd

SHA512
16b01f6849a29f73beacdddd4bf47cb1bc5beec6be0b1da4431065ce562d79de28cfe945f5f14036d258fc7b5443a5c8a3179a94ce9b42910ee26a60727254d2

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\usd.dll

Filesize
128KB

MD5
597b702ce40d4c1da72a8d091c520c87

SHA1
29e44a950cafee8d8290279a2fef568ee9d651c5

SHA256
d1acc0ef8b1e44b016048e279432521a1b4c087552af0be86eb3f1b5dc6f644a

SHA512
cf6710705a432c6eff11249f871b7de13198ec32f48c85cd1efb4892055c8d0e8574a3e65391d282954ec037d89730aaa7dd7f475ee0ee9e08f1ac5192690e80

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\usdGeom.dll

Filesize
1.0MB

MD5
3d5e2d0f2b406d3c3b511fc12de64731

SHA1
c1086dc077c6ec41e0e5a3f060716758280975b7

SHA256
a702664fcead201a6c7c2c7f869d23c4f3cc38bfbc33e59a18c77adc4c022aff

SHA512
7993a53a45d7165af1a93d20c58d5806ed435974d87d7ee1f5676593dcd6bd5776ef05b2b7f8c9e690168fce6db799a589a72c5e1370c254e7f98168536838cf

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\usdShade.dll

Filesize
404KB

MD5
1ce467731944d8e826abda84cbf912a0

SHA1
4c2e44a69989838f2b8370982ea43e7eeb456e0e

SHA256
519b7d0a5c527c568de9937841d631e5e9ad256f043984c62b39e78ee67a1614

SHA512
db39f8047a433b5f9ec0c807b702d52761bbb4c9286819d021b9829d142f41b22b0544c652a7bd0d83d046c8396994fb34c030fbf4f2d5f2e7ed1373bebf7176

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\vcredist_x64.exe

Filesize
5.5MB

MD5
630d75210b325a280c3352f879297ed5

SHA1
b330b760a8f16d5a31c2dc815627f5eb40861008

SHA256
b06546ddc8ca1e3d532f3f2593e88a6f49e81b66a9c2051d58508cc97b6a2023

SHA512
b6e107fa34764d336c9b59802c858845df9f8661a1beb41436fd638a044580557921e69883ed32737f853e203f0083358f642f3efe0a80fae7932c5e6137331f

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\vt.dll

Filesize
383KB

MD5
0b9f772f0bc268f3cb1a7d07d72e8a84

SHA1
4bf22ef84d19802179ffa347d918df7aae66f619

SHA256
3f9c46dad9fdc79e3ad7880040b5ac7239ad8b1a0f445a37719b5cd3c3cccb29

SHA512
b832d0e38ab6f3b2526bd87a7760552121983b245a15e27159b125fd220a6f0ce0a5c50a4c14aabc5855cea808179e2d6bab788d4c8d0cd814cc32cd3bd69863

Download Submit
C:\Program Files\SpeedTree\SpeedTree Games v9.0.1\win64\zlib1.dll

Filesize
83KB

MD5
cd24791205e546a89766deecd3f38552

SHA1
fa7bb2a99e82413f48867158fcb37bfc550e23e6

SHA256
441d7306c890270b23c3820ca835f1dadfeb40177d0529b2d1bf3f8c1c407257

SHA512
507ccc78a2a8fc40282eaa7ce9616e7142e2254929f882f28a2f8bcffe82c0df4dbd2254382df982d3f737906a7bcca1613dcc1342fbe6fe5f4b7e04554d1d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Modekler.lic

Filesize
155B

MD5
0b4a890e93edc3a2227da682d6fb3426

SHA1
82828a73de4e9ec3a860af98c3912208361f840e

SHA256
366b39f0ef24230f53dc256af7378ca9cf5169b01f226ba34cdafe6aa0888ef6

SHA512
ec6b3f9cc73651428090c637cfdbd6d4abe7bd91e5fe2cc75e6d921b169be8430f59a00195a96d8f1aa6fd893df35fd67ab934e292b29bb2fa931af64e512294

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup_20240217_094144230.html

Filesize
16KB

MD5
098e5dcf59eaf710f9e6abf3da5b166f

SHA1
61e80641ad3f6b818264c4ca7cb7523b8da99774

SHA256
ff2aaf450c0718ecdb1d0477d57fac5a3834c225f1bc8bb866f894077c8af3ac

SHA512
477ccf3e8c5613c675f2058dd61b1d010dab69571c587f164f9876cacdc1f0b05de97dc3ea4f13951c9cf1606f26239390b08826ad61a7fc477ab7a7240e093d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D9ARP.tmp\SpeedTree_Games_v9.0.1_Windows.tmp

Filesize
3.0MB

MD5
6a1fa4a3ba413e619a7e1c98bd8ac8fa

SHA1
144cb64f3f4130f499c5d97843d0c9abb2a89881

SHA256
f05eea1e77f1517a49be92b8cd8b5948f94d3004374e6f659955d816a16ea5cf

SHA512
8c5dc9520155b262fed67a25b80c0ff7d97a4fa6c6c2d0981e54a162a7bbc0d0c004f945a67acdd02671d66acccf877a7cabc89d253036b3549a01b7c1f4505b

Download Submit
F:\0b38a463f771c73698ef82c0\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1028\LocalizedData.xml

Filesize
29KB

MD5
12df3535e4c4ef95a8cb03fd509b5874

SHA1
90b1f87ba02c1c89c159ebf0e1e700892b85dc39

SHA256
1c8132747dc33ccdb02345cbe706e65089a88fe32cf040684ca0d72bb9105119

SHA512
c6c8887e7023c4c1cbf849eebd17b6ad68fc14607d1c32c0d384f951e07bfaf6b61e0639f4e5978c9e3e1d52ef8a383b62622018a26fa4066eb620f584030808

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1031\LocalizedData.xml

Filesize
40KB

MD5
b13ff959adc5c3e9c4ba4c4a76244464

SHA1
4df793626f41b92a5bc7c54757658ce30fdaeeb1

SHA256
44945bc0ba4be653d07f53e736557c51164224c8ec4e4672dfae1280260ba73b

SHA512
de78542d3bbc4c46871a8afb50fb408a59a76f6ed67e8be3cba8ba41724ea08df36400e233551b329277a7a0fe6168c5556abe9d9a735f41b29a941250bfc4d6

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1033\LocalizedData.xml

Filesize
38KB

MD5
5486ff60b072102ee3231fd743b290a1

SHA1
d8d8a1d6bf6adf1095158b3c9b0a296a037632d0

SHA256
5ca3ecaa12ca56f955d403ca93c4cb36a7d3dcdea779fc9bdaa0cdd429dab706

SHA512
ae240eaac32edb18fd76982fc01e03bd9c8e40a9ec1b9c42d7ebd225570b7517949e045942dbb9e40e620aa9dcc9fbe0182c6cf207ac0a44d7358ad33ba81472

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1036\LocalizedData.xml

Filesize
40KB

MD5
4ce519f7e9754ec03768edeedaeed926

SHA1
213ae458992bf2c5a255991441653c5141f41b89

SHA256
bc4ca5ad609f0dd961263715e1f824524c43e73b744e55f90c703b759cae4d31

SHA512
8f2ff08a234d8e2e6ba85de3cd1c19a0b372d9fca4ff0fc1bba7fe7c5a165e933e2af5f93fc587e9230a066b70fb55d9f58256db509cc95a3b31d349f860f510

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1040\LocalizedData.xml

Filesize
39KB

MD5
fe6b23186c2d77f7612bf7b1018a9b2a

SHA1
1528ec7633e998f040d2d4c37ac8a7dc87f99817

SHA256
03bbe1a39c6716f07703d20ed7539d8bf13b87870c2c83ddda5445c82953a80a

SHA512
40c9c9f3607cab24655593fc4766829516de33f13060be09f5ee65578824ac600cc1c07fe71cdd48bff7f52b447ff37c0d161d755a69ac7db7df118da6db7649

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1041\LocalizedData.xml

Filesize
33KB

MD5
6f86b79dbf15e810331df2ca77f1043a

SHA1
875ed8498c21f396cc96b638911c23858ece5b88

SHA256
f0f9dd1a9f164f4d2e73b4d23cc5742da2c39549b9c4db692283839c5313e04f

SHA512
ca233a6bf55e253ebf1e8180a326667438e1124f6559054b87021095ef16ffc6b0c87361e0922087be4ca9cabd10828be3b6cc12c4032cb7f2a317fdbd76f818

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1042\LocalizedData.xml

Filesize
32KB

MD5
e87ad0b3bf73f3e76500f28e195f7dc0

SHA1
716b842f6fbf6c68dc9c4e599c8182bfbb1354dc

SHA256
43b351419b73ac266c4b056a9c3a92f6dfa654328163814d17833a837577c070

SHA512
d3ea8655d42a2b0938c2189ceeab25c29939c302c2e2205e05d6059afc2a9b2039b21c083a7c17da1ce5eebdc934ff327a452034e2e715e497bcd6239395774c

Download Submit
\??\f:\0b38a463f771c73698ef82c0\1049\LocalizedData.xml

Filesize
39KB

MD5
1290be72ed991a3a800a6b2a124073b2

SHA1
dac09f9f2ccb3b273893b653f822e3dfc556d498

SHA256
6ba9a2e4a6a58f5bb792947990e51babd9d5151a7057e1a051cb007fea2eb41c

SHA512
c0b8b4421fcb2aabe2c8c8773fd03842e3523bf2b75d6262fd8bd952adc12c06541bdae0219e89f9f9f8d79567a4fe4dff99529366c4a7c5bf66c218431f3217

Download Submit
\??\f:\0b38a463f771c73698ef82c0\2052\LocalizedData.xml

Filesize
30KB

MD5
150b5c3d1b452dccbe8f1313fda1b18c

SHA1
7128b6b9e84d69c415808f1d325dd969b17914cc

SHA256
6d4eb9dca1cbcd3c2b39a993133731750b9fdf5988411f4a6da143b9204c01f2

SHA512
a45a1f4f19a27558e08939c7f63894ff5754e6840db86b8c8c68d400a36fb23179caff164d8b839898321030469b56446b5a8efc5765096dee5e8a746351e949

Download Submit
\??\f:\0b38a463f771c73698ef82c0\3082\LocalizedData.xml

Filesize
39KB

MD5
05a95593c61c744759e52caf5e13502e

SHA1
0054833d8a7a395a832e4c188c4d012301dd4090

SHA256
1a3e5e49da88393a71ea00d73fee7570e40edb816b72622e39c7fcd09c95ead1

SHA512
00aee4c02f9d6374560f7d2b826503aab332e1c4bc3203f88fe82e905471ec43f92f4af4fc52e46f377e4d297c2be99daf94980df2ce7664c169552800264fd3

Download Submit
\??\f:\0b38a463f771c73698ef82c0\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\f:\0b38a463f771c73698ef82c0\ParameterInfo.xml

Filesize
9KB

MD5
03e01a43300d94a371458e14d5e41781

SHA1
c5ac3cd50fae588ff1c258edae864040a200653c

SHA256
19de712560e5a25c5d67348996e7d4f95e8e3db6843086f52cb7209f2098200a

SHA512
e271d52264ff979ae429a4053c945d7e7288f41e9fc6c64309f0ab805cec166c825c2273073c4ef9ca5ab33f00802457b17df103a06cbc35c54642d146571bbb

Download Submit
\??\f:\0b38a463f771c73698ef82c0\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
\??\f:\0b38a463f771c73698ef82c0\UiInfo.xml

Filesize
35KB

MD5
812f8d2e53f076366fa3a214bb4cf558

SHA1
35ae734cfb99bb139906b5f4e8efbf950762f6f0

SHA256
0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

SHA512
1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

Download Submit
\??\f:\0b38a463f771c73698ef82c0\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
memory/3832-2914-0x00007FF7AB280000-0x00007FF7ABBEA000-memory.dmp

Filesize
9.4MB

Download
memory/3832-2915-0x00007FFF97010000-0x00007FFF97567000-memory.dmp

Filesize
5.3MB

Download
memory/4328-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4328-2862-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4328-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4640-2905-0x00007FF7AB280000-0x00007FF7ABBEA000-memory.dmp

Filesize
9.4MB

Download
memory/4640-2904-0x00007FFF96360000-0x00007FFF968B7000-memory.dmp

Filesize
5.3MB

Download
memory/4640-2907-0x0000020496160000-0x0000020496161000-memory.dmp

Filesize
4KB

Download
memory/4640-2906-0x00007FF7AB280000-0x00007FF7ABBEA000-memory.dmp

Filesize
9.4MB

Download
memory/4820-2482-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-10-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-8-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-1023-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/4820-5-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/4820-1196-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-1322-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-1844-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-2104-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-2812-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4820-2861-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download