Malware Analysis Report

2025-08-11 06:03

Sample ID 240222-wa41jsdf79
Target GDLauncher-win-setup.exe
SHA256 9a4744a9ea6fa058995157b052e1d96b7063039ab3971ce5660fe9cc29bea7aa
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9a4744a9ea6fa058995157b052e1d96b7063039ab3971ce5660fe9cc29bea7aa

Threat Level: Shows suspicious behavior

The file GDLauncher-win-setup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies registry class

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Enumerates processes with tasklist

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 17:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

120s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

93s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5024 wrote to memory of 4848 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5024 wrote to memory of 4848 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5024 wrote to memory of 4848 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4848 -ip 4848

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 74.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

153s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open\command C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\GDLauncher.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\URL Protocol C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\ = "URL:gdlauncher" C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1204 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Windows\system32\cmd.exe
PID 1204 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Windows\system32\cmd.exe
PID 1280 wrote to memory of 5048 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 1280 wrote to memory of 5048 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 2796 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 2796 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2408 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 143.244.38.136:443 plausible.io tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.minecraft.net udp
US 8.8.8.8:53 launchermeta.mojang.com udp
GB 104.77.160.198:443 www.minecraft.net tcp
US 13.107.253.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 meta.fabricmc.net udp
US 8.8.8.8:53 cdn.gdlauncher.com udp
US 8.8.8.8:53 api.curseforge.com udp
US 8.8.8.8:53 files.minecraftforge.net udp
US 104.21.33.240:443 meta.fabricmc.net tcp
CA 51.79.83.165:443 files.minecraftforge.net tcp
DE 18.155.153.107:443 api.curseforge.com tcp
DE 18.155.153.107:443 api.curseforge.com tcp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
US 8.8.8.8:53 198.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.33.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 165.83.79.51.in-addr.arpa udp
US 8.8.8.8:53 107.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 29.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 69.179.17.96.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 104.116.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\0dde7ef6-2863-47a7-8426-c95fe7b30518.tmp.node

MD5 4cef69a682d9b896b4fff99fca80a08a
SHA1 85fcae77830c3e55badfac97badc97ee53d5ada8
SHA256 bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738
SHA512 cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587

C:\Users\Admin\AppData\Local\Temp\248faa4c-776e-4146-a35d-b961d6e9c601.tmp.node

MD5 be94689f0cf2f4e36ef77fff3b573460
SHA1 f7187d89237506e6f50db5418c25b79cd1b3d271
SHA256 a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f
SHA512 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5

memory/2052-10-0x00007FFF322B0000-0x00007FFF322B1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Preferences~RFe57dca4.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State

MD5 949e4128177091e594698ad2e330a5cf
SHA1 69eeb6dae0a783eff0f3a4c718a3fc5fda574505
SHA256 d823c55c284e8ba408639ffcedf166b4100c8f986132d0b160178be750280cfe
SHA512 38d5adac879c0a273877ceedd41e832ebd5e0929455d37b694f915662b889e2b5a77c471420eccc17535703df1886c595e9fb4c0bea0658f2cd5a3f3a99a0d42

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State~RFe58c196.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\TransportSecurity~RFe596874.TMP

MD5 50b59f71e324cad185104163ddde1f96
SHA1 69d0bc35d087045bac27c21a6388af4c89f3eaa9
SHA256 7a2caafe3bf0e84a8610f1bfdcd147ec6f7f01b0a4190077de13afc8c1eeb6ec
SHA512 89e43724c62a1dd7c560fb5279b96f727bcd0c1ae1d601a3a1aea41ea8b0fa18a73c617c8aafff07777a16e51395b39c0ad1d06073d5af3c3402edba883816df

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\TransportSecurity

MD5 62a4d86bd498572d9c5f9a24b1d31695
SHA1 9ec255c03e7d00e7994971ede21a604c5ac50431
SHA256 3df80fe2134cf0baba119b80dd3d8856025a5d76d6be025fa74fdc11daa6c7e0
SHA512 bb18e30145eee593d45865acf4f930727ab8db06131132676655b103a5c618578e0a693a0a876a51ee48bd5d4889005142dce3071fb5df0ecc0723ad3a30bad3

memory/3520-126-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-127-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-128-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-132-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-133-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-134-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-136-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-135-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-137-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

memory/3520-138-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

122s

Max time network

130s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1940 wrote to memory of 2496 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

122s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 224

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

122s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7za.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7za.exe

"C:\Users\Admin\AppData\Local\Temp\7za.exe"

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

122s

Max time network

135s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pak\ = "pak_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pak C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 bcd33de0eec2a81bdb2b339c072f6e51
SHA1 95a1800cbd98bbd2c459715490fef9cc99fde9f5
SHA256 0aa64a2b5674dc30f7fcb16e99a65541ebf1d9e1c067878a6e2f2ece1e23d93a
SHA512 eb74394ef6d150dc71e394206076120fdd7b64b253f9467a431321060e4c252d7731d9e95e7a5722f2cd0b44b0f36c0f08c57cf1b01ce5db529a613bf0fde93c

Analysis: behavioral24

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

147s

Max time network

156s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 68.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 56.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

140s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7za.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7za.exe

"C:\Users\Admin\AppData\Local\Temp\7za.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 52.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

147s

Max time network

160s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 944 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 944 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef4bc46f8,0x7ffef4bc4708,0x7ffef4bc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 28.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 137.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 64.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 44.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce1273b7d5888e76f37ce0c65671804c
SHA1 e11b606e9109b3ec15b42cf5ac1a6b9345973818
SHA256 eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c
SHA512 899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

\??\pipe\LOCAL\crashpad_944_AJDUQIJELCDDVMPW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 65a51c92c2d26dd2285bfd6ed6d4d196
SHA1 8b795f63db5306246cc7ae3441c7058a86e4d211
SHA256 bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01
SHA512 6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1a8e3fa1cdf060bd7b1a8aadfc33b96
SHA1 8bb63678cbddb2d1c12ab667038f54f684b6db0f
SHA256 23f67dafcc79ce959ab0574372f0924112e110cfc3c730c1fea27c531be0f3cd
SHA512 42e4a8d131b7f9cb5c9cf9e851ba38840d8ea5b4d4c1baad08f6f2b1db66964c6345c05121c31f69829bbcfd89ecf3fca703a0cdfbeff8419c136c6277875b14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af302610cfa817772c8c37196d564dd9
SHA1 5d335f6c25d6db4ee7849dda35ae2c917e5d4e24
SHA256 f83d4bdb066c79ce3e0ba8c7110c12c4eb000d438efb489f4c27bb6e4126a28d
SHA512 ef42b020ee5142ee44cf001022702b35126d1d507fee22a3c07a8647f5f6ca94eabc841c5a2152010f0a0e8a6eefa97a4dcc6740a6553e78d267358b8adc7e7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9df47862f834bb373e0cd09ff75b08e
SHA1 ce2f800a4c6ca33f2acbd895832f97554d4ac42d
SHA256 fb248421ec62cbcb73f15ca560ab8af85a3b36c8afd3d9cc1c823786d70cf21c
SHA512 74c7c7e3d6636c0efd3368f52024123806e90d989a16aa25825429adf43481b1a71c4c22c70889d380e9751923451746f983d1c6cc32ca446c3656c8c25f74f8

Analysis: behavioral20

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

148s

Max time network

155s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 80.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

145s

Max time network

157s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 186.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 74.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240220-en

Max time kernel

121s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2060 wrote to memory of 1692 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2060 wrote to memory of 1692 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2060 wrote to memory of 1692 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2060 -s 88

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

92s

Max time network

117s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2636 wrote to memory of 228 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2636 wrote to memory of 228 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2636 wrote to memory of 228 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 49.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 80.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

120s

Max time network

131s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\.dat\ = "dat_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\.dat C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\icudtl.dat

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\icudtl.dat"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 d7c211123735aa698fdb80875994bdb6
SHA1 f467ce5217959d26267389b348709333424e34e3
SHA256 a3c6231a506d0edfa42808a25c8260f8c3295fe19d585f6d441ad7047d824e08
SHA512 0f8070698ab121b707a991bc6c547ba57503c4a63643a0891f8af9135688aacb0dbacc734afb622b5878e19e032d09e70e2368ca07b9daa9848b7937cfed000a

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240220-en

Max time kernel

7s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\URL Protocol C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\ = "URL:gdlauncher" C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell\open\command C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell\open C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\gdlauncher\\GDLauncher.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2576 wrote to memory of 2652 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
PID 1984 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq GDLauncher.exe" | %SYSTEMROOT%\System32\find.exe "GDLauncher.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq GDLauncher.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "GDLauncher.exe"

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe"

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1464 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1296 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1100 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

Network

Country Destination Domain Proto
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-1gieen7e.gvt1.com udp
CH 74.125.173.168:443 r3---sn-1gieen7e.gvt1.com udp
CH 74.125.173.168:443 r3---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 www.minecraft.net udp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
GB 104.77.160.198:443 www.minecraft.net tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 meta.fabricmc.net udp
US 8.8.8.8:53 cdn.gdlauncher.com udp
US 8.8.8.8:53 api.curseforge.com udp
US 8.8.8.8:53 files.minecraftforge.net udp
US 104.21.33.240:443 meta.fabricmc.net tcp
CA 51.79.83.165:443 files.minecraftforge.net tcp
DE 18.155.153.29:443 api.curseforge.com tcp
DE 18.155.153.29:443 api.curseforge.com tcp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp

Files

\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\chrome_200_percent.pak

MD5 d88936315a5bd83c1550e5b8093eb1e6
SHA1 6445d97ceb89635f6459bc2fb237324d66e6a4ee
SHA256 f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25
SHA512 75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\chrome_100_percent.pak

MD5 0cf9de69dcfd8227665e08c644b9499c
SHA1 a27941acce0101627304e06533ba24f13e650e43
SHA256 d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88
SHA512 bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\7za.exe

MD5 e86eff95691b1c0e7e4f3e9cb1ae2e49
SHA1 d0acbf9ae29ec74acc67b53b2063bbc9739bc9e8
SHA256 8117e40ee7f824f63373a4f5625bb62749f69159d0c449b3ce2f35aad3b83549
SHA512 1c26201f214fc068d2d7f7c812be022dbc102077ef34bc1f231ac118aa04b94139cc2005628491747888faf95863241b3847524db097f4822b75f646f4345ff6

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\ffmpeg.dll

MD5 f404ea73a48368d54d95f8cc00632a0d
SHA1 fda1313e288daf16103ee32bab1ded50b3bd6d20
SHA256 62f179f9142bdf1a813b9268bd4a12eb6a2c578c46afbcff8d0af0f9da8c8b8c
SHA512 70aeb9930fdcfebf0ff85e99c5253ef5574de9b73a2e4166054003b4c48e931f1ddb6964e6e569afaf4b2a52a85e7c6c7dae218ce414c2b1abb029a31c84b339

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\d3dcompiler_47.dll

MD5 bb04077868a03c2ae55ed4bcb2388211
SHA1 23faf1d1b5d2f561d3a97e61bf662b6d6acbce41
SHA256 b93a60ca809310110893a5ce2d2f36c1bf7238dde2caa84deb0195c21ec2c580
SHA512 87c8fae1182efce7e591c8b34a27ba02168c1e16f21ac0b98a68e5cb1e97bad652afdca915ad6ca7ace004209ad28bee57ed968a7841d2fde639934076c050fd

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\concrt140.dll

MD5 1028995446d0032530461be30ca98f48
SHA1 18446678152e9997eed9c02995f957d58a8e8f32
SHA256 d404b49c25cc76dc4c86e1d82fc23799482f6509e85a73ed8177efc320ec0195
SHA512 adb9ae577f082e0246cae5c804fa4cd08bcf54ce78eaca02d49b9b1b262779667a251e98cae807aff50fdac504b8cd855ce4d786f587d02e0a18f6ac8e0d882e

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\GDLauncher.exe

MD5 1dbf4c8fd0b7da25577af29b9f38b751
SHA1 a1b705e39d07f8fd7ccab59575eac36847f400d0
SHA256 bc229386ed1c1768b4edf797216030a572e527b711242a8d94ac0bc40b93fdb5
SHA512 7921b4b042a23e86d09ccde9b456b05427b7760ba6822c5524c97130d5c78aa546b26fe78c6b0eba011cde992fb7d9336ca397837b6c92890d062ff6130247e2

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\icudtl.dat

MD5 3125a415a7834c01148e61ae1258ae50
SHA1 21635442a86a44f85beda1b60a77f7a1c817a0c4
SHA256 36e15d6ef90ae1c574b39b9f84768c52d5a7fceec6d61ed97f682a2715ad354b
SHA512 e486790abf2c4660c0728b4c617e7d651b3c3a4cbb72a48c08980244784205f1c98e255c200bfe483e34a80e329bc3ae2e9cfb9d328580a8361dcbfbce3f3e71

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\info-about-msvcredist.txt

MD5 5869d7303e54026c9adc33e5dc63d70d
SHA1 484058ada000cdaf04b337ee03445a4989629d7f
SHA256 9329f7579fd8ce5f0503c2458ec49f1f42cf587559d0902f9954e3cf170f0a34
SHA512 403e01d01f8eb63e57a1ba7310282858aba499d5243a50ea44829ef8c312dfa1600873a5240e52afac17877512ed05e4f0d89082af92309157bf02cb7fe34b6b

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\libEGL.dll

MD5 5de7e395632af0d31d8165ee5e5267dd
SHA1 740ae64850e72e5ab3d49e3bbc785399a30a933e
SHA256 44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a
SHA512 788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\libGLESv2.dll

MD5 275df4b7598091707822881b76f0ce3e
SHA1 ae14098a16987a680d07a8e00493a63ac867d530
SHA256 b6cf49e0275afbc2576ec678cfde922d25611634121ed88971d531567c2758d9
SHA512 4c258e129157ee7af83dc67c7d28a85599b7e4aa28f4fd1cc18bfc9fe73fc92a2dcfc2401af5eae4552170ac575c6946fb40c4d26d33adc1da13c11574001353

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\LICENSES.chromium.html

MD5 85a9b163ca61b03bcbb6306515b66698
SHA1 49227eb79ab26e2f152a56d0415a587230161b7f
SHA256 7e391285a367d26ccad0ebbb961f50625bba0a5078c7d606da33a46b8f648cc2
SHA512 bc2ba81a25d295222b1707050c4c9444a8871cfc84614d460f574668c7d12af9302a89fb9d6abedd7b3d1568e0ec699759839d28ac93c743592d77516ff8b43b

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\msvcp140_2.dll

MD5 210bb45a43b2f8fa7f6cfc31fa4ec6dd
SHA1 3dacfa339ac11488d52a54806fffaf437bb0caa8
SHA256 aa965bc8429994c97bc2498ed8051a4101f7987a376924b105de5f7915e42a48
SHA512 8a0e8863b06b306b11e0abad77b0285dbc17b8a778e241c2ebe0285bbf12c7b7cfdeacd6ed6d2bf71887342a94daceadf8e0aa3164d4492e1cb9d0d1feceab96

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\v8_context_snapshot.bin

MD5 1270ddd6641f34d158ea05531a319ec9
SHA1 7d688b21acadb252ad8f175f64f5a3e44b483b0b
SHA256 47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29
SHA512 710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vccorlib140.dll

MD5 9ac7ad6a47cf8bddce8daffd31cb03a5
SHA1 55ede0c378279526bf6e8b4093c382ee7ae111db
SHA256 5966e6f9de7a3aac11d22c899bd7b3a1248b3c375461c1ce10efb8eb871b394e
SHA512 d31289bc6321a77c8c43a8d49393acb6c97ea9b5ae62fdc1a6a1f17b6a53a91ec1f714d71f1e944bffa041b5f74e0266e68d80844f75fa624a4376d4a8adde3e

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vulkan-1.dll

MD5 60ea9869624b91c1d630692e11c40568
SHA1 51cdbdd9e06b2224cc7589b37b4eafd89dddcb31
SHA256 173e54b5a3b877d2e3652bf637fde2ca7b32e3224f0992985f019275d3efe9fa
SHA512 d172c4cf1d55adeb32d52b8eb070c26691afcd125caa8e1e26f242936309d17a8154ada3b9f18a1d53d3216db68d97aeded88a6f31f9e13faa4fd81e1db01307

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vk_swiftshader.dll

MD5 ebcd151759fb59504e703212bb1f609c
SHA1 f51dfc03a8729360e1088b021bf8212a10f4c482
SHA256 ccf2beba188148c623b2dd75c5d6e578c2ff66d424347356b59655fec64803a3
SHA512 ef22c76faca025d08df165fea5a8ed81b14387ff8b6a445c23ba014ada1993f076e5b58ccfe96fa88d930ddcc4fc894840336fcf0f828504bfab69fa4d1e2553

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\snapshot_blob.bin

MD5 2b09a6d421a1eb549237382c3cecd328
SHA1 98722a09a5be2512ec55ff6462a200c71b16ad2a
SHA256 f9c472794aa190e96eac204d6c2d86c9ef63bfd6fef8df69f39b85cf4ad853c0
SHA512 b3636d7d3c53326169dbd74087f1e1e9afe67ff794ed25eda0c9c86773a9068e2770857b47c1c4a49297128eaf628ea31078a852f9209d2e173fb7021146b721

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources.pak

MD5 3affa546f889f49a42b3ee1a26c1b5b6
SHA1 f2b9cabc530648fef70c94bcf3eed33e4f7a9bab
SHA256 ad72999acd201fb36535df4ccbf2550dd399d955dfb7c225b8d39ccb7f7c48c3
SHA512 4346dce437ee6ce3570a3f587f4ef27587c85427c9801bb800394d366bbf6b730c0bceca60a715fffb5780f06b8ab44832bd479539ae83e2ebca48b4daee6e97

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\msvcp140_1.dll

MD5 d281be80d404478ea08651ab0bf071b5
SHA1 e81dc979d8cf166c961c8e7b26f5667db9557c47
SHA256 5e627fac479f72363075824423d74d0a5d100bb69377f2a8c0942e12099af700
SHA512 fda7c43fb6ee71c7ccbad7ad32c1f00e454ccdee3bbc35de4045abbc8998281cdab9c506fea8417df25ff0ef09471eea49f63b2181e160c62bda804fbfd8c376

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\bg.pak

MD5 34c6f87106c3c1fc77716120de74acda
SHA1 4c14203258f8b9c32a090c7391ae755bab925459
SHA256 62fc4167efbfe4e578e2a229f4879243680b7167b3dfe8adea33ec17834825c7
SHA512 3a3e1db946c6b4f0b827ce8ba47cf036e024cc78ba501b030db1bef02dec9c293fc1a871c5195bb150f5301642cb177833eaa6b21a322fcc016e47b430a95e34

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\en-GB.pak

MD5 db946e28e8cd67fc45a317a2d22943d3
SHA1 0e096f66915f75d06f2ec20eae20f78ad6b235e7
SHA256 7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe
SHA512 b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fr.pak

MD5 5555f503c0cfa9e5a811be1768edf010
SHA1 ecc5414c71b7e82b3be6d8f1cd09460aca687488
SHA256 da60f2e95d9d10a5a08c81bd5cd1f6428f1f49fe40d2c1b9d5efe8bb6734e44b
SHA512 9b1724c01f739ad00ced10d67ee0a41cadd1d4fbd5b983f5582ccdbcf0ba83b20b3aacd1e41005583bb5da8a7182970a9b7478d9984c9dae29cf08a6b1cce0f3

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\it.pak

MD5 92e8089be54372198a09145c43ceb1f3
SHA1 7db60e207ed94a4a38c4f5e108fb2b3eeb31a379
SHA256 d819ccd6141a707fd5f54392a1702c6623e6525181d2ab457b9e964dd8071045
SHA512 5e75ea376279c3d74cdb42c2cd71b26c5ca752be434d0e1a0a6d4d6e618f8b3ad0e3262e7bfb48ca48438a61113eb57033b879cecc469eb0cb14695931519285

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ms.pak

MD5 cf6fab202202acd11fccf4a23ade429a
SHA1 3d8f69fc594f1e080e5cd47007c51c48fdcfb46c
SHA256 bc728ef332ea5b058425d39fbf0ae9b4f958133d3bb2fc3683f7563cf37eca21
SHA512 4410f89c245970076b5f88623a78f147ce2790ff19a428b43dba0ef3021565b7815a90bbda4587ee8040845f276abf31682409be876ec013b93ef1b610db54af

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ru.pak

MD5 c875665368c3c6b035d00281a6c52a6b
SHA1 51b4001603e3619082b756a56b2341a50cbd2d23
SHA256 b1ee54477a99c088f60f9f0603e362ef5a226cc8a3a511b54099cb8e077432b6
SHA512 d48a274145934bbd084e22e1bceeca24d65ee963eedb91b31828385824e2b7089d14c5ee4d0d8420d3a67f2d989b42989ffb2521e47b4af07dc2bb1cb8cfcfc8

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ro.pak

MD5 25385f2b0225fe58bb641df538cd19e2
SHA1 b466a6ac80b06af9b18a6ef554734fb98ebd1a5c
SHA256 471d46703695ab0e7a502671ffa486013b678e5756df0a798c063dcf2e4e1c5b
SHA512 cf2d590c3aea9fe92b57c6409d1d8a7402b8f7d489b4e6e8d543a7c87f1484dc0da0940e05226cf980dc108fa99e22edf7006575a397af12e0dbcb77b2cd0e97

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\te.pak

MD5 62c9bc2c99ef2249f8b0a3f201805471
SHA1 ae5556bcce128bd718d46068df6638782e8e0e63
SHA256 a324c7ecdea7a2f80566a9f384bcd3b36ef1b5a6a8c393f5405095bead8afec3
SHA512 bcb0cae5fc015c0ac102f72b9be3b2466b4ce449bfde327718c25826f7211a50fd36dce583a2c5b47f6956490a0a625278e5d9e43945640e97148bfa66b91f79

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources\app-update.yml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources\app.asar

MD5 66a38786029e7a792162feaaec941674
SHA1 91723e90e850408859d2630199b52127b045eb17
SHA256 9aad01a63b32ec99feb11be2639e1c955f9706d97dfef7fdd2dc31b653abfd36
SHA512 cdf9f0b869b8a1a951d039dc8c6bda3000c43cf1c193a3db3f419cc674c5bbdda6c9b6fd29811e7e531aef841ea12c7fd2423840d6bf997bfea18afbe38e9c7d

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\zh-TW.pak

MD5 96620581f25ac84ddd4b9d0cd29b0749
SHA1 6413faf7b2e31755674f27de8cdab0788488526c
SHA256 2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988
SHA512 7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\zh-CN.pak

MD5 7507e95fbb433aa97dd9c2e3c2e08d0b
SHA1 f61227f2173ceece432289b099285d4a9322e2ef
SHA256 bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1
SHA512 f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\vi.pak

MD5 247e8cfc494fd37d086db9a747991abc
SHA1 bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92
SHA256 4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3
SHA512 852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ur.pak

MD5 30ce113bc3c466751bdf8d50cc568ff8
SHA1 d0b434b8f196a320995f49845d64054dcaedb97f
SHA256 34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41
SHA512 a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\uk.pak

MD5 8162ec467ac9a8dac71d22c630a3e6a3
SHA1 4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a
SHA256 d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f
SHA512 e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\tr.pak

MD5 08b737a1b8ecb81c8ef4d7b8f6b5f503
SHA1 99d2cdbb720f114051627acbb79475ccc57ce6a6
SHA256 84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8
SHA512 142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\th.pak

MD5 5abd2a1b2749449a0cbba60e32393f4f
SHA1 31097bf4728f752508482c298710cffecfb78d60
SHA256 c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780
SHA512 094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ta.pak

MD5 ab1ece31afe29124d183b3826c7ef291
SHA1 e707a983f039310b867bf4b502165f1f512b9818
SHA256 5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22
SHA512 6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sw.pak

MD5 a5f4010de863114025b898d78036b336
SHA1 0fa93fee8f60d1bf2fec4e01c5306404e831e94c
SHA256 8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30
SHA512 7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sv.pak

MD5 b4d3ab3791e862711986bb585c1676fc
SHA1 2123c8879a70728657e72415d7056aac4a1527e2
SHA256 080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66
SHA512 b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sr.pak

MD5 7cfb6dd166594df07bccb7c08774a667
SHA1 1c06a8adb81c357909ade0307a67a122c94c0cb7
SHA256 c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d
SHA512 92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sl.pak

MD5 c08d0d08fd48822c603a27aaad4e9557
SHA1 8b7d616ef86bd955cbdf68197cdf748aaf99240a
SHA256 ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65
SHA512 480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sk.pak

MD5 7cedcf98e68f4001cc13f2b761571681
SHA1 fba32c46564452fee5697777b6d3c60d69589528
SHA256 e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb
SHA512 c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\pt-PT.pak

MD5 f7a822e3dedaa3df046c3172613e275d
SHA1 14c21d2cc296197a9a618f21dc103f0d6749b77f
SHA256 e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e
SHA512 0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\pt-BR.pak

MD5 54efb4172a7110a567ad87f67cfcd551
SHA1 ea8eac6f2328b8a1b27249fced7c16154060dcf3
SHA256 c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742
SHA512 ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\pl.pak

MD5 bc72c8e2426765839539a3b8340fe19e
SHA1 630bd0e844e673454477b819c808b7e18bebe0db
SHA256 6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755
SHA512 a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\nl.pak

MD5 1e5b9d923d5f8cef49c913badd2784ba
SHA1 6e42a558a7207b2cee2452263eb661843fe74d0d
SHA256 7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e
SHA512 e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\nb.pak

MD5 2f31dbf3f36906c58b68f7f88c433257
SHA1 55552671f81a9b24ef05d16249bcf5135d5a98c9
SHA256 ca435b5ca91a253129bde2155592d9c3876005c4ca4389e4ecf97adab9a6de4a
SHA512 079ea4f01582e9ab05e2c63850b654ab84ce3b8bb72390899dfe662e2c4138b82f869829fad3ee645546dd8e27c749d2ef20a0d5bc94db174a59c6e0d43ea27c

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\mr.pak

MD5 be22080b1e45301c313d92d825a7a9ed
SHA1 84c9370a4845ddfa1eab8ae334c1f4cc02ffaba6
SHA256 c09d274406a36f90c75a1daf018c5373d697c42bbc20771a827f62ebe08dab57
SHA512 9558690ae7ac41984553aea1e0133778301ee12e0dd6e16f5dc0380619b82a7a8d37cbe0ef59efcd53c05987ed6fdeb869dee8fe2224fda8880d473e932c2f87

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ml.pak

MD5 a7f6cdc17eddc1550260489d478ec093
SHA1 3308eb8f7d1958fe6b9f94602599cdc56460aa89
SHA256 01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577
SHA512 42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\lv.pak

MD5 28eeee40b2722e1cc42905c70367fbdb
SHA1 fd82465b1522d314b295207934a7641b3d257d66
SHA256 026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684
SHA512 a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\lt.pak

MD5 a3e29f4a3ca6f2058a6f464e49f914b6
SHA1 3fc632eaccf91e86b365d444e7acba6f9302aa5c
SHA256 ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47
SHA512 eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ko.pak

MD5 27705557eb4977c33bc69f27c2ee9f96
SHA1 b0297538c4e68515b8f65d44371cb8f4cdbc489f
SHA256 de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc
SHA512 53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\kn.pak

MD5 66867a2133ef0c73f385af7d5d2eed91
SHA1 8ca6e7e6d679255c2c151d38cf70a5f25cce059f
SHA256 407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35
SHA512 482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ja.pak

MD5 781fec59b38a21dc663f3a482732196b
SHA1 1b660ba0bd9aaf67c5fe49a372687facd6d264ea
SHA256 3849f8b48b034fe6319112eff77b7c9f6a8d7b20cf7bc8400528a0a8458677da
SHA512 f2c3a6d8c23f72db8e70ec8cd87793eb103b58bdd3976e99f42867c33a6688a41c79eadcdf25c6ae01fd20920affd43f228a5134af28f83ee50fe02819665e95

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\id.pak

MD5 f6d153fa3087dab3fcef255b5afe8538
SHA1 99f123a133d3ce1a70349a7d1948a8d57981e1c4
SHA256 fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7
SHA512 c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\hu.pak

MD5 7317adfcba87621963e9cb2f44600e2f
SHA1 0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4
SHA256 6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f
SHA512 e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\hr.pak

MD5 209efaa890532ddbb1673852e42ded7e
SHA1 8e9a3e643183d4cbdfad9fd2a116e749b5313a95
SHA256 3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40
SHA512 5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\hi.pak

MD5 9697c9ecfa893db09d046e4feb8f1260
SHA1 db08fecfc31d278b3f74c85f98c34dc78b75f4fd
SHA256 de4b369e012831a5ced3ae02e34fd34374348b016274c99911a294de3f9bee5b
SHA512 ec9b87003853640c5f3c477f389dbd16bf1d75269c3fbd8620db43942ba7e323a3198fbbb16d27c10bbae40fd047cfdad170659b9ef26488928a24ee535885d7

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\he.pak

MD5 b2f893d17e118cd03055b55b0923206b
SHA1 99b6358438a3eaffae38dcf6a215d8c5f9bfdc26
SHA256 f6d1e2a269783f27b85c2db2ce9286f581ec2e16586ecac476ab5735cd8ae12f
SHA512 34fa1c4bce2f9e2c5c7b494a829f5b492b40e8f4f0bc586f564755de703b5765d81795c67e19a27d2f21d297ce3b7e5058a126118afe6911cc429fc58d67f13e

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\gu.pak

MD5 af5cc703c77e1a4b27233deb73c6ace8
SHA1 ea92dce379ec9405fd84274566d363ce302d7f1d
SHA256 cd761009ecbd4736b24383f020da05d2e6b9396c67a7ec1f4ac1966943cf9eab
SHA512 dd379cbab7a6fdce05b0ff34d339c2f3320f83f76d8e1fb7ebf20edcfebe541ae454490eeb83d8edc069aaf3db52d6b7de6d701672a13e75dfe59840e8f2c5df

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fil.pak

MD5 cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856
SHA1 c3b5900a38354ea00b63622bb9044ffb4788723b
SHA256 945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e
SHA512 6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fi.pak

MD5 aceed6757e21991632b063a7fe99c63c
SHA1 491b4aa5eaeb93e662f720c721736e892b9117e5
SHA256 370164e61142d8609d176ec0cc650540c526156009070563f456bcdb104e9c0f
SHA512 664c369e74930a61a8c9ccee37321c6610ffdeba8e4e8a5d4f9444d530097b0f4556e7b369dfd55323fe7df70b517c84ae9d62a89c1984a8cf56bae92d3e0455

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fa.pak

MD5 a67bfd62dcf0ab4edd5df98a5bb26a72
SHA1 5def04429a9d7b3a2d6cac61829f803a8aa9ef3b
SHA256 890ca9da16efc1efcc97ee406f9efa6a8d288f19a2192f89204bdc467e2868d3
SHA512 3419c6bed5fc96e82f9b1f688609b2d2190003b527d95699e071576c25730934fbed3437fdde870fc836bdc5e690362cae1e612b7ff779c22b853baf3cfcaabf

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\et.pak

MD5 339133a26a28ae136171145ba38d9075
SHA1 60c40c6c52effb96a3eb85d30fadc4e0a65518a6
SHA256 f2f66a74b2606565365319511d3c40b6accdde43a0af976f8b6ac12e2d92ec9f
SHA512 d7dd2a1c51a7144f1fe25336460d62622c2503aa64658063edcb95f50d97d65d538ce4e8ae986af25f6f7882f6f6578bfb367c201e22da2abdd149c0bb4194c1

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\es.pak

MD5 b1c6b6b7a04c5fb7747c962e3886b560
SHA1 70553b72b9c382c0b25fa10fe2c967efbcfcb125
SHA256 e4db8f397cd85fc5575670b3cacfc0c69e4bf07ef54a210e7ae852d2916f1736
SHA512 7fcd9ae80791de19df8644424ffdf1feb299f18a38a5d5bc546e8fd3d20d3ced6f565981c3c03026bc5400fe0806dfa3af3064e7a70e18061f5d5fe6d6bde8d5

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\es-419.pak

MD5 d25865c02378b768ef5072eccd8b3bf0
SHA1 548dbe6e90ece914d4b79c88b26285efc97ed70c
SHA256 e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0
SHA512 817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\en-US.pak

MD5 f982582f05ea5adf95d9258aa99c2aa5
SHA1 2f3168b09d812c6b9b6defc54390b7a833009abf
SHA256 4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d
SHA512 75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\el.pak

MD5 7dca85c1719f09ec9b823d3dd33f855e
SHA1 4812cb8d5d5081fcc79dbde686964d364bc1627e
SHA256 82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c
SHA512 8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\de.pak

MD5 5e7ea3ab0717b7fc84ef76915c3bfb21
SHA1 549cb0f459f47fc93b2e8c7eb423fd318c4a9982
SHA256 6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403
SHA512 976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\da.pak

MD5 875c8eaa5f2a5da2d36783024bff40c7
SHA1 d0cba9cfbb669bbb8117eee8eccf654d37c3d099
SHA256 6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5
SHA512 6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\cs.pak

MD5 df23addc3559428776232b1769bf505e
SHA1 04c45a59b1c7dce4cfabbac1982a0c701f93eed0
SHA256 c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0
SHA512 fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ca.pak

MD5 8fc109e240399b85168725bf46d0e512
SHA1 c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5
SHA256 799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62
SHA512 84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\bn.pak

MD5 be160a93d35402ed4f4404f2b1d05d95
SHA1 52db7af673b6e5318e6663751938dbbce4f6280e
SHA256 a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287
SHA512 c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ar.pak

MD5 1b55e90455877384795185791bc692c2
SHA1 3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46
SHA256 ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df
SHA512 bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\am.pak

MD5 15b05881e1927eda0e41b86698ce12da
SHA1 d629f23b8a11700b410d25f3dc439c8c353b0953
SHA256 4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd
SHA512 6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\af.pak

MD5 46f982ccd1b8a98de5f4f9f1e8f19fe5
SHA1 13165653f2336037d4fb42a05a90251d2a4bc5cf
SHA256 9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf
SHA512 2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de

C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\msvcp140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 b7ea59522c3a4c4652b0015c095ea6bf
SHA1 087b2c00370ea538c71351c0f3444f77e5ad51d7
SHA256 ab812988a2dfe7236860dd1758f4ae48a7e0c861951cf3c44e19b6895b3cc45f
SHA512 13cc9a2576025511ccbf27d8605bfad6ba0a9208b48081d9bcfbfab68b69d47e0ae2c41b7c5ca6cd3f2c1f11a5902f5f79aef4869e8114e8d1604124effbda0b

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 d37336aee4f8b43ab28b842d7d50c9b9
SHA1 71b0f16dc4600428900169dd163ccc05f70e2849
SHA256 dfe359c56e185d8d064c06df5d481fa1246b073e0ebd511b7584ab3d5e9dcede
SHA512 8cf11945210554f3029d6c5dd2d0885c28ea3039df234480e337f7503a1bd65363ad57a4c55e306ad480a2f3b782a220ba7b7fa854659a645a4b5d4cfd2a51a7

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 6a1c7024bcc722f122d72acaf46a16a6
SHA1 5201098ed3dee26966c15e37e36774daf138abfc
SHA256 17c3992a54de497f3a54ffbb74ed04b7974818fa786c0fabb382fb97956c0925
SHA512 dd404ca641ec2b4b8181b4438003f66689566b587d67f03bd0cfc4c48339470b81fb7a3f22564e67218c527ab61cc7ef493af0e113592e32693c33c83a78e63c

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 1738d0196dc76d5f9d530367ba3a0d6c
SHA1 b6f9e31f9f4c9f8d770a098274b55980c1c59b6c
SHA256 19c20deefc25b4d5a1e0d14f390b806cd7d0d82c6076bed30aff4981c4e06df4
SHA512 36552608137c78aaf48e38e0720df1912bc81c399f5f09ae4d7c821869760268d8aacd5690669c1ca71a0128a5c935947a3bc06961b818721002589f75292ddc

memory/2820-630-0x0000000002BF0000-0x0000000002BF2000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\gdlauncher\icudtl.dat

MD5 a4fed7e2ae7686cc71d733be1a24cb5f
SHA1 192e1b72b534ab89e36cfa4bf2c7ec2462af6e6c
SHA256 d11fab106e1acb6180be6961e90db1b032e0bdd0c77e4c913b81c6b3cec8d7f9
SHA512 19cc7c9753a35a372e6186f560b7a6750bc69e606bc9b91bc3eaeaca2b47fa9e0d61525952bcd775cde72d25074400e549c2beb6e0fabba260978990b80e6893

\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 f459ce9af5091bc1e450eb753f6eb0b7
SHA1 9df32de240dfaa780640361b1d0ca978a611fa27
SHA256 e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9
SHA512 7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 b68c7252563fcb2c3e60b6910cdadbb1
SHA1 e71927ade9a450c0c628113389d35f4dabe3de42
SHA256 f9f213dcfb210069d8d875979aeccc6732f437b89c051fb91acb5e2b8ac75d66
SHA512 a1711bb558f7de1001fff68b60fa68de54bddf0e4e91c07ead56b2c4b9a036662865945ae283f850a3041ddeb38e59c94cae222b023bc51837c812b71b32ca5e

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 2eec04cb9dde2c13c43b5482907bda20
SHA1 97361c17418ff4216f854a1ac7a3a2e6175e3902
SHA256 969f31f99a16ba016994ee051ea7bf792cdce9adbfb1a6c0a53442ef27ea181b
SHA512 4cf6eefed162b27cec8db427d924ffbd392629d8daedbdbf64a7698897f52c5cdb9a89a87d17cc303af58996e4827fa785b3b8a3af81deaba1f368710e5a5ae4

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 b6557cb969093483f787b1da88223ff9
SHA1 8ebcd1d9c7946c4879d76660459e257a8a0d8572
SHA256 91ba3c4abd8a574887a112637eb329a696d6097a8e2a8bd18b059d8cf70c344e
SHA512 da60fe58427624e4ae478f8da70ef3cd08932961ed5ff77184b637d4d4043a67cd9d9e25b34202c229c38898fde313fb4328f84d95e4d495fb14fb2f768edfae

C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar

MD5 1441571e599883f7322f4b5ae9dcf538
SHA1 df9e4a3ee9441d146119719d2e51c201572060cb
SHA256 23decd02f04ec76a119e294d148327d4a1e23284dd9c663eb406925e759d4552
SHA512 520902eaf65f5acdb6cc8867fe3492d50139b1346ec0d012886f3ee04dbb30c6f843f9910be49cc0437b32990dafc2842e6c7388671caa270df559ba00e76aed

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 d901523ccb492265626516dfffc501c3
SHA1 725680146f39357d0892b92e3b016199d9440ff4
SHA256 394412b55ea0d1c5543afd68ae78edef70f4f123ce9d6ec6e11fb1e9fe327f65
SHA512 cd93c6be7bda7b9585b42f0681db2452258584a9131aec72930aa3bd246c39b83dcad7ecd3f3d912220da898169380a99d110346e08bb6d8adbae9a8ffa77dd9

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 cc023261a96dbb0bfce242e6f81de57d
SHA1 60a4ef61175994587d11f2960adb77d10ed396d9
SHA256 fa90e6ee4a8ea75ea0d06ab0aab87f60d27f18076cb35845029b0a5a6e9af0fd
SHA512 637dadfa93252b6e8af766c8900457e52e46498ac52852b85d3032200a469b21b5f0f7a894bf10def83db47fd34ac71252bd9a1f22199e3578d62149095eff8d

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 128eb73fade8563bcdb5dbf93906a58e
SHA1 06a892091feff72d8655aef76f81c44788af58e6
SHA256 147b333c086b7208a9b062785270cb59b9e3ceb9c6108070d2c7a33eba61700a
SHA512 9eb8883b9cf2f0b5097cbbb03f7ab2aead2a8a82d2a67925835566bef63ec3d6ca05e5165ff94651d494eac0c236181353b545031499d8f78291f3b1e6362a5c

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 bbcff6d903216874198e66435e3c8a40
SHA1 f6891ae78a8a62784dafd3bc353e4bb3e751d015
SHA256 1dc92df66d4f8e384b1117d9ac6a6d3c2c036c0379f2e11e44eef793512b9da8
SHA512 b2f54d94b2a29122c50b6a9ae9dbb53eda6f24161b721b4a702dd94670b4a394052bb441a223f7df50d0a9afb778c792a3ea8508b4fc0d1e275616390cf01bb4

\Users\Admin\AppData\Local\Temp\f42a9d2d-42ec-40b2-a0c1-0a5cfbd864b2.tmp.node

MD5 4cef69a682d9b896b4fff99fca80a08a
SHA1 85fcae77830c3e55badfac97badc97ee53d5ada8
SHA256 bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738
SHA512 cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587

\Users\Admin\AppData\Local\Temp\a8ba83e6-2c80-4882-8d0b-5c2c2975fe24.tmp.node

MD5 be94689f0cf2f4e36ef77fff3b573460
SHA1 f7187d89237506e6f50db5418c25b79cd1b3d271
SHA256 a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f
SHA512 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5

C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources.pak

MD5 3b8d9457a189aff420bd8c78c3c2fe0f
SHA1 f13fd72c440a5ef01145ce726d6fabaa0899846f
SHA256 4717c381d114bd21d4fbf68a57d02b36082e388e19f012185d414fe50c1113b9
SHA512 b60956fa55c28bc2ff8f0e5da72307a1a720d4b92609fa146e47d5e99fed5304c903b54f07d46eee944ba915147170ecbb73921b275d60ac506e7582e456bc17

memory/2576-656-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Local Storage\leveldb\CURRENT~RFf764634.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/1984-683-0x0000000002380000-0x0000000002381000-memory.dmp

\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 4801ff51aeeece67bfa965086fbd4fa1
SHA1 b6b8257b1d9decbc6a7622a674a7958b96d03947
SHA256 31f4cc4c598533d37b01b7d06c66c3587ced638609003dafaa580952aca0811c
SHA512 745bd2569ec4d108058a06694d1f7844d80553cf5efba4fe19d95cb7a770e5bb25ad248efdb38aa3e39cbfeea819c82a17f32a579a15470c395a8522dda75d5c

\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 589320f5b0ec96a97e6aa333f2941f05
SHA1 3fc6c99fa8c7cfe92bb3009351edc22dd3c0783a
SHA256 cd14894a709368c170448f5a458e0d9be2c9d95c280f4ae5daae742ec9aae8f7
SHA512 52b481a926a525ca5d4e5ff0559d7492ce317ed3633a8fc804ef52a422a0444105edc6b4459c5e4eca0ff87e18b9d96ca7cc82b6849624f70d5f3eceb0391bd0

\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

MD5 bdb6616579a29dffb789f2d37d38d906
SHA1 b4d7051be90fa7f05adc720a8217431da725c486
SHA256 b28fd290717d626e61cb223181ffc842a835561c0ad1407373bd1e03ed5cfb1d
SHA512 4b39d76c0982aecbe657538a701a100a6cc243c2b9aa1e402b2d8b3a5ccf03d831aa80d6d370c509b9a84e01a0de0b7cae36fd475e7a4cd55faf64a765ef7e08

C:\Users\Admin\AppData\Local\Programs\gdlauncher\libglesv2.dll

MD5 d3e1e0dca5c44f630ed55ed4b1e4ff0a
SHA1 de1c18e7b1cbd366f3d4616d008dfde16a1941bb
SHA256 3d25f225a8ec8512d63b35b9153422ec1a649081ffc9a4bec1d8ac35a5a808f1
SHA512 b3333afec1a0a91e3a1be39c1e0a82002d52ac2abca529b8851243d7f833a0b3be8dc49b39272098da528a764c19e2adf378aff3cf53e33e4b9b17fac580ced1

\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

MD5 bb3e13c4c1de3134a228c92977f76523
SHA1 b80f1c28baefdac001ffa5760d6523a9cbc2a27f
SHA256 c4b3ed6993cba97ae224708c39b9285a7d8687fafc37b35b74fd7ef2df8ae38f
SHA512 171880f385e61564bfa3651ccfe65c3c0893bd92c572ee9eb9617a134b98c4740aecc59cb2e18aeff58b7a348774e99d6c05f7d2e66de56c14aa781c9661bb54

C:\Users\Admin\AppData\Local\Programs\gdlauncher\D3DCompiler_47.dll

MD5 25dd1f41da9b4803861ea050fb97e47e
SHA1 0f94f2b16ffa9ad7073af973f45460a869479928
SHA256 ed6570b2c4107ae7b8a1e0cc80ff13711bd2520204285bdced2c4ff2b0af8020
SHA512 24da48b5e8006466208a0caa46917ac723228822e37fee7a3b9e01c95bffdda27cc02b3132fc5a497914cd8e9cde97e30f2b6dc8fc241ac1acad90d5b0780070

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 e96159b6bf6f100cc9a7d27bfc2f9000
SHA1 f14371fbdd0e59f9bd716fb8b7030fd003ee7cfb
SHA256 0dda69ec7ab6717ceed7679e703441f5af0a9721618fc9e2fa2f45657d5cbd9b
SHA512 3d14ca947a4a1f506e38555be39e40261a7f0cec742ff8016ddcef4999151aa24a5f23d5679ac1a48440e4902ff72afd4a168e844ebee1f08d2b6d9c1f598b39

\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 ec6b3d1d3f299f8e545b599766b35406
SHA1 f662cb3c2776e75ec8d63a34b156370a16c25920
SHA256 41b6c520aca1693ff7c825eaab11551da2be9427758ae110fb0389b878e3b25a
SHA512 7b88858361604af31d593a5efce9f33c225124e0dce0d511ce50c6a862733e6293b14c0adcc6e10094dfb45d2e8fcfca3961720223ef0a19b3e0c65b850e8151

\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 6c9a92e28cb6ddceaf0d6d87c179dcad
SHA1 85f3829f20a787673e503880c81e0bc4745e9e61
SHA256 f79a61331b5dcc461f9d9347aff1ef19f73e2d783a77fe48f7243aafa7cb3b30
SHA512 fa731c40f75df404382d40e579003405c7a3ae57a31165502b34438251931e66f2556d7219f4d884f76a828c6514af1dd51b23527a2a0c580e293512671b3329

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 5c5981181fab40c8bb3d006c6d663633
SHA1 57868902a4dfbd5a1a26c9688c1297f7e5252f60
SHA256 01109195bc23e2f338d94af09ef66c672a41cd205aa43750273d5999aba4917c
SHA512 3a549e1912b08b462043bdc37e63d06f9a4fd1888550d13538db94dbd4929408fa64f7da8dd0ebd2e3490e9100c0864cda518405db236eee46b2072e90d8b417

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 6530332a9e545b71eb721b80fd2d7142
SHA1 3f480fa0ac899141bb966249c7159ed077761bac
SHA256 c5f83459c1e78570427bf6e8b2e923f5b330000a7586d60ba3a32c8bc77b4da2
SHA512 173f1e624c0c422a46e6996e5355d4110f2e0d560b7d66a8cee62ef3919d3a3c2de978702cea34b37943ae83689cda11df03a25ef074eceddbc8e58c6b8ccca5

memory/2576-893-0x0000000077850000-0x0000000077851000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 50ae954380820e3f3e141efa2ad67488
SHA1 626c272b306398e2a61ea226934b1e6fd7ea16e2
SHA256 f6121faa49b069f4613e2466b800dd51a01e1deb593e8e91d401914772d598e1
SHA512 13e7d4452d8544016a7421c5f3dd84c0c6054dbf1f5f69b2b8107df815594617ed4ab60b35e5f5cab721db56d3c150701ffd8c20bc4f9a9d62fa69ecd5b6447f

\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 832ce86f5aac1fd23043557e1bf49538
SHA1 187c13fd2a478d424eceb4a15c2b68e5d775d50b
SHA256 c885fc97d1ba31b7d1729ca01165280f308b4c0105e106feb6a38bba1d479521
SHA512 f9d41c41527fc3c963ddc8e0beda9da700d7757908c2674daadbc53f7a48340973ecac3a79b6adeef246a1c8e0e5e71268c51ab2c5b627952b10a50461658848

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 22c2a137e0779bc2470bb350f4f8254d
SHA1 dc4a322861ed67af9ab2f0bd9bcd852e16c1c416
SHA256 50310a3f7764402373aed0cd14251df413ba9000e43ae86af805c57593d666fe
SHA512 e8f1abb57e84b8c6644bb7d8b67cbad3b830a66fb962abc0e9256be09515156a36c00497dd69f5ec8691bbd5a625d82c2c5234502ce7ec53e5b736080fe751ed

C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 3b49e6f3482a0121ce9fa24d9deb7f79
SHA1 bbbbf74cf8a9bb6ee238dc7634adcbb9994002be
SHA256 9eaedc084259e37ce65195c937d64b91b12e12cbc84f356de66715b903556db3
SHA512 ca96cc0202b771c9389c09c4a6784735fbf3c547ffb057e7eda15ffc6a054c69e9aa0cd5a1e6fd59e0ffb47055eeab73b49d5f5fe453af85c8999fe4bd00f8a9

\Users\Admin\AppData\Local\Programs\gdlauncher\vulkan-1.dll

MD5 6a8a6f7f7035464798ad18ec19e7a0ed
SHA1 91f4bd691143b7da29314ad621145c3c54847d7e
SHA256 1a96373ef0d96d7d786d8012470c1cf069a64a4245ba72da9d06fb03e7783dac
SHA512 8a7d356f1f21045d5880df65f312f4423736425dc35d18d8e29818d679bfeec9a517de4bd6d21ce55f6fe7d06fff2f2368971f9343934d868f85fb01869a4723

C:\Users\Admin\AppData\Local\Programs\gdlauncher\vulkan-1.dll

MD5 db3c4e8cf91325e6a73e03b755455b3b
SHA1 68525df980be47eb3a83cdd9084a72295eabc69f
SHA256 0b98f4e064e3707bd3b12f6bbd882482ff5cb94cdf883ed7c4270e451af1e32b
SHA512 721d1ab8f07ce47b4ace508b861a067913688c76a327221777bf143c225b4d118e256dde6e533e4f5d8f8239f12230fdc1be792e8e5404e4885611749328c1f7

\Users\Admin\AppData\Local\Programs\gdlauncher\libEGL.dll

MD5 4eeebf1194179a22dd9d29cde01b8be3
SHA1 5db11da41151f989c90cbcc2a2ebcaab80451941
SHA256 8a5cabc38dfcc950a5a9fc1f13c6579705cccfffc500378892ea491ad44f82a0
SHA512 9d5eeb1946d6d283ba6e5b97372e0f8a86b88754762d79539a1b9bbf05bd50374d4d9660deed9224523c7844ce01e1e6a31ec0424669335d0f38cbcf4b5037db

\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 5bc1c59a9bb7d595b79881b0f797a6ff
SHA1 64c336b77dba246889f7e275369a0e18f72a3585
SHA256 9b6013f0df436013022fde1a4acba956a75cc02e2f915a00e1da6e564532d6ed
SHA512 3487161ed7757eaeaaea764ca5a09938fd09ec6ee3ed0c2782852f13005eafc728300791ac1aa04c49dd12c2a87cd5d5b139f61dc996275d05c7d88fddc2b774

\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 d9f28821ff3a180172780b17769ecdf8
SHA1 e7fff24b8939dd1fbba3cfdf84b224191befda3e
SHA256 40f77d4b10fc3ebe2350dd90f1fa41bd7f8e4c545091c3aa0a14015a4b136579
SHA512 c06f23ed4ecf012e38e6d35c5829bbd795fee308c6db1e953af986b259953aec27e2635cc16a9349fac16abf40d5a5134195105518504465ee16841eab48ebeb

\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 7f6108a83ed314184c1713e469931a2c
SHA1 5ba7f9ea50918c173edbe1ac4f2c98aec3a2a8e7
SHA256 62ade9940f824120fec52fdbf37c5724f89138d2f4f1c0ee0ae84dce7aff876c
SHA512 e840920b84c29829afec39c7dbef511b9527e4c4c0695d842ff7716ef133d277c70ff7609043ef9be121e03a0832d8a02b10663b0ce75982a70296914f97f58c

\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 eabb5ffef5843a1adbf9c14772beaf14
SHA1 bd8c14f17d324724e257b0cb0384d0a9668110c4
SHA256 54c9bee2360dd6345599e5515b500c9ebacc90cf862a1b3bef4d731e0ebc6d28
SHA512 46485d3cdd7110fb8e78eb74ee327d95bee96927a151486965eed5e2268e39c0e8551425a7db5886b5f5095fd4ed6f2d0b55d0412b6c5d889484d01f1487cbf3

\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

MD5 f7d90a63a695e6257dd2140e127b732a
SHA1 ddd52a2de2e92870fa1f3eff10d4176fa452f3fc
SHA256 369e070780543e458bd2eb83e9a0341c31a416d81d79154469418b1a3a5bb33f
SHA512 5b3d2b70b29ec0ba824feb66f16cbe5e2c9c31208d363884059c11ed30a3e86e8ad408af49d995e6741e320d0e3130f3a979b9bf534d7eb7bfba7383b886702f

\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

MD5 592b0a55d7f60e1599159f56dcef13c5
SHA1 587fc0952e86d214080bfcc3ae05128546957664
SHA256 cfedfcdfbe120cb893f90ea085a912716d16a553bca9afaa81b15949e487b3bf
SHA512 30f718624e35405f3a7237be8321c69d642358985bdfdfe9d2f1200320465829ab3db24955252599dd7f3a0f6d4db836e6d4c26ca712d71c303f10c344899a1f

C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\Tar5028.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab4FF6.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 413b056b6e502abded33e6449d89dc56
SHA1 1805d14f25e800bad3ccce9595fe63a72375780c
SHA256 621b0e4b6a2f76ee25bd4c56045642312698ec6620a3bd47727607d29fa9a7e7
SHA512 09b016b166289a6cd248a65569dcf56c420c1b4f782eb6670cd95baccfcbe4d537cbf9dc2c1c6f763e7c24629477b8a4d544f40d86f6746d032ba495599db86f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14d747f3e1949bf2813400c951b8962a
SHA1 52d2af313dda77d7e3974f4a1e81a20a6efce598
SHA256 8aa1e52304001a9caa02b58e0e907703d8487a019ce17fd412a595201f147e1d
SHA512 449ce31ceedab66f157f64f7863e1de7127461137b55213325bbdf34a94024b4179c10e471cda92b7fbc829b6e2fac1ac133188b7249ea4567e408242fbf9386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3beea90a2afae7d6f9828d1a9c0a4dbf
SHA1 93d320eba061715ebc8404f2d9a43fc829f6a276
SHA256 5b49c0df36a526e0de63fc55c83e04f434d6300570951fb9eab7aaeb34fba3ce
SHA512 8f5c0f4f9dc2a0d30e6b685112bed928132974bc9bed9c41ab480bed958ee9f2e9bfbb8d96889303b036615101a16caeb642fe75335778b5509bbbea8775936a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5151d16b48686b56046ea97b9a4c989e
SHA1 ccae4e3dfe4f07c87218247f987914922ba881d6
SHA256 d6a5098d38d0c47b78c3656b39487de3978e63dfe8b0486ac4c314be25f51a18
SHA512 a6e21d816c3c6a806054578b5fc7b19e93cbf35efa58de6358b790b77c661dddc345661bda78c0beaa5e534ce0f7adff2f7bd8d48df4af4df0fb8c77816bff8f

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Dictionaries\en-US-10-1.bdic

MD5 63a300862dfdb53a6cdfa6937f5daeee
SHA1 04942bd35adfc9c660f9b5dcb66234ec665806d9
SHA256 e091224573b927f6b4ea26635926498c2c52f47109d2f39ab80f1bd69632f249
SHA512 0aafb893b27c8f81700a7d93ce31100b16f0a4bd2335a2ae412b3b98386fc31a979a032d5e321a14f8f3049ec6a7cc36b70b8693097dd566336edb7ab01d9945

C:\Users\Admin\AppData\Roaming\gdlauncher_next\8d969ec7-400c-4426-863f-58792bd267cb.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Analysis: behavioral11

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

120s

Max time network

122s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

Signatures

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2920 wrote to memory of 2168 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2920 wrote to memory of 2168 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2920 wrote to memory of 2168 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

144s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000603b3218a1782e43681e43b397423a2fdd0df260495e11505330580949321135000000000e80000000020000200000005f1ec91d7d6be76cad3e96113cdad4ca9da98bece418a908fef1e3cd7ee015bc9000000081585d210c6e204069a7e14454441a34133da7c162bfcd5759e15ba2cebc4088c1893ca8447f384452ab97917f2a998fad30ca174819e33d5d7d91f30bdc3d063dd88b771fb81965f6db18c52cf55feff36e76c0556a5e487c1211d7119a76fcde188f0c6e52a229f977475d00078730c97c460a58de8312c0d65b5348a8e0cfbf4ba91d900d43fe74b9d758c18fe365400000003f545032b1fdc6410beb0f847458c4f0a425695e631479cc49992676b691b00196364cc1040fc2fd396bac32e3832f127c905cdaadc6c75fa7c3b8595749cc14 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414785901" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f70000000002000000000010660000000100002000000089d26b9ae1dd8cfca6d44331376ac526442bfa48c3b2a3e73cf1f74aa1e2c2ce000000000e80000000020000200000000e2e61984abe3668890bf8c2f922362ada9a25b33d923dd118964bcf84a8d3ac200000005f58d32f7440142caef9526c93466b4196a4dfecb01ea2ea061a4024717e496340000000cf43fcec0428e35afa0eccea958edb4c742e0110704b08233be30dcbb5736f5ab2d32ed13c5f011a1f8f1bf9a1a29521cd7379f50943c69a386c2a7680edc981 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 102aee3db765da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{680B0C01-D1AA-11EE-8C39-CAFA5A0A62FD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD4DD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarD5CC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d63783384ca96e6d6319dffa9894364
SHA1 94adf5d3f293a89e93d07e4a207f499e40a03db2
SHA256 eee571b4decdc0550673b7af51f9d477d50f5afd68b86fb39484b98456257559
SHA512 d4165f9d5fb10800f98642fb51db82a14ffec2c186ba01a203b04cc968664be81477e56522391c5339798977e2e327054e25383e7caba73f1010a071e5995235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9514079bf3da4e1d18f4ea9738b8e4f4
SHA1 0ecf0b687a155300e32ce5721d7b790581699be6
SHA256 eb862762f08b378d8d84fe689fb4a22390f28f7b7e8299c1d37271377a7ef9da
SHA512 6579eb028e938d4b519a15acf6007b95bad7b54656121c4023d7821ce646cac49881ef72d8b26d3b9c90b9ec3e0f2b03bc91395d7cecc840395899ada2a85762

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aa59f265c0d68d47ace01a00ef3ccec
SHA1 8192ca5c6a0f981613a1f554eddde41f5ec735a8
SHA256 c616423adca4bd4d83da679d236306b7e23f3cea0c780f86f18b2ea93857c20b
SHA512 b933927b60641971f5f59e5005dcaf98a5c2943ca642feac2bba632cf478340dcad1c71f4b1fd3f1b35e6134b9d0e48632964f64835a6bb10cef82de99201501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 926b83869f26bdd27dc9e6de85dd52a1
SHA1 deb324f565a0d58b08ec722f30bcc9fda0c5fce7
SHA256 f25b7ac34ddadf3e4b7e7f09cf4e84d659c99157707b30d4f5c9113ba09e5f51
SHA512 49a5e5999c027ec4f9f63649798565885e18f74af886fdfaa8100a6e60b1d7c9c5a2aa4303705926758b71e6fcc328295142204d66a3a89421c247f1a1298183

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f45ef6fd9d1016cffaf1c3e53cf564e
SHA1 ffd2c4e57204e6875c8e9d96c949267c37de56b4
SHA256 f6e09d31cb3318c799e94c50789c2563167bd9cf1f290e489831acb08d5875e0
SHA512 7865dbb2e59334dab6c23abd731dc20505d57f83171f64eb87928cfc6dca279dcb058002751ffa73bb1cbbf09010b921659ed1ffc70a8e42ea163ccda4c6ee46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b31f584a46373f5d275b9c0137af6f6e
SHA1 896364e7159417ad7e4c9227201cb84cca414141
SHA256 089fbcaaa5bcb7d33922d5fdeabd8c3ff2c2aa88de154d4e4590c061c69e8e0b
SHA512 2606e34ad229ee62063da39f66d42f7568ad9a17869ac297e74e031c07b212da19b9c0a31556ea30666045c0a92858b08bb0abc173bea30d69b0de87f12195ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d3c2bbaf92ddda1995dbcd3ea813431
SHA1 165c98cb0bb94cd375ce31a8f8ec644b274ddeb4
SHA256 98fa3def49269dfc08ca4740f3000c1d0c9e0b2240638544f559c55399db6eae
SHA512 c2fdf796ba084b52de04c77ff7f67831cdc3e4b398cebddcf96172508ade810927fa6da89f66db23661acd8dc57925cccf3222d43fac65074186a174175e3cb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 214975342c0c23d3c5f5c4c9d5d9d1f1
SHA1 6099ef5851aef9d1a99c6f5134fe3f01ad7cbcfc
SHA256 87667256091b3e8f3f9b619c143a5f9552a8a0063e89a6b0786b01260cb075d9
SHA512 a19315cae10bd0ccc329b8e63fcb4b0c2c09f3a782e7b18e18cde2b7418924efda112df001a401ac86f15ecb6faf27ac02ec8eaa6f09ead2a005454f16438797

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc15fab636a76faf2e3b7e663c5c9c7a
SHA1 4d82ba681bafdf621579ef59e4654a6db965114e
SHA256 4468ac059e02f7085cb999d503cb566cdf4614499f3c3ae8f01d6c682d32a038
SHA512 b21522db31034b2b98a007aab962c73e72eb1196d8ad0d5af4f8118b1e57b600780f0830912faebec043f8dbe30d80a1f08583daf45d3ca312136a925180133f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbfe4566022c59007cdc0a3376b47e1b
SHA1 08dd5fa51ac4072a90549b377cbb4e6094414ff2
SHA256 d266214cb8a7418ed336f8ba5dec70ca4505d1d864e35c08942b92ff7f927363
SHA512 89e4a53e4fddf1c0c556c65c985564d02ced7d26d2136457c30ecc89ba897c56a334d6ca89f9045e9e62f630294ee1f46adffae247f4e9175235247b0a3e5673

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1445468236c6aba81f928ec209c6e10a
SHA1 2c48b4a666b48f4b4264ad1e7b65700ee5c90266
SHA256 2d95f768c809e450cff01591e52949233b9409536d02666b2aece555e1a0ef14
SHA512 343aba277b7deebcf766582a89ed2cb825952daf33b548ea1ee3ba95225883a6d8fc49f4dba217b216d4c1481f5097f7d10e9773e3d5512f5dfa17fca2cd3cfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68633a6c7099db136ec4ff8444ff952
SHA1 28cf47d713e37b7434c82f4f76de1b79d45b5a4c
SHA256 d0fd21985e7d03458cc4b479262f27b72bbb2147f38e802c5b8ed0d1ff2bec52
SHA512 ae6bb8c2f71914fc2e623b0d051812350ce38326a4b7e7d9b34d59394efc692b77b88af403e74a8f342f0fc73e97bf68400a8cb40a8bc06a231b2856b624f823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edd377f14fbbd13f20f787efd1e98e48
SHA1 8434ed3bd156a93ddc9a437b96778a0ba9d8d28b
SHA256 d2003f0e5e39e3b1eb8b55cb4565c3717ac29169af4c3eb91b50447f115a4f8b
SHA512 8dad5c7016098bae0b0bd09d11974f54f7d15ec326bd8f7be4c43b83bb29d7b66d2ae5125e30bf8a7a85f8237dfbc1ab764634b9b3e445bea3c18e9c9d05f21d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8825b0f75696b2ba832c4b769221357
SHA1 ab77ee642bc8aeb9144c581cd6a4f47d54c3696e
SHA256 e72257390486101c0550a430fd17d2eabb90e598aeedc976c823e3aa7e5931f9
SHA512 4d61472ff397be34ffe175b9b054625e0977433d90b5f326a55e9b42b458c49040fcec3d00e15887b12bb73f80c3084b29727726c8c8279ee7b4bf05632304d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 addf94f9dd1676b9a5fd7da3ef450597
SHA1 00f77147aa8d7b22d3444eb23b9f469b4b2f6ecc
SHA256 ad120b2da25053c745d2e0c6d08784296a25f415dac3b010e44ba123e24a4d8b
SHA512 9180c063bffd7a665ea9a825f7ff631afd628cd464c4e669f7138377f59cbd3b961dbede403f9514fddb40ce893854a64ee8f47ef893592ce35952fdf7db4836

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c59623632ef4aba8d7f46db0827078c
SHA1 24ca7ec9478e63d5ae5e8bb454bd1eb8cff1b93b
SHA256 b3e796ea314fdac7fe085474cb6eee0f8ad579a02b36563f98a55ed11fad9ecd
SHA512 c687e7ac68c2ccb06a552ccf0eb65bd5af8b5f5e035f35cc7a90c2cc6f64ceb693e0048c739e03198187b1adf60f845f9548fce441e5e2f6d99ef25c1c39c022

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12d825d8a694b7e73f1f4b0d4be69e97
SHA1 6e4c892186c1d657f4aaf92f6dea837527d1af56
SHA256 88a5258d04755f8a183f2738d83e1c67ba153039d4b7e546ed3c7a7dfcbe4a4f
SHA512 77b7d01ae6cc32495d9dd351e237bf03e15175c941661f9e88cc4b6f35fcb1e1bc4059fc229099a08169ffa52c8c427dfb446b043f1df01e9de74b8b46781a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73dce9667be98983ea41e6b8deead8ab
SHA1 db58255d82144e9bb6b98ebc801ea4c29df0215e
SHA256 cc51f4b234fc712ea5d45746a4383ebfb2bbc0adc3d4b19f38e7c171e96f839c
SHA512 6d65e1cc1f17c76cddedf36a080e0f4ecdc0146f4d6e91baf549c6f313d317896b388f82b6b0be84ba43c71d5146fd399de43610c63b4bbf727d455216217910

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16624e0b559fa0155f3a4be16929718d
SHA1 28ced8d55d322e820a12bcdb1302d5d45c0943af
SHA256 2b277fbc6d32dad48d93308b550fbfcfec3e2ddbaf42703bfd43b3e23ef68f0c
SHA512 8f7ae5d272d7c26af22a1eb216f260965c351ba353b33370054fe107eafff9737231ab7374bb1dbb3d915daeebfc7ee950f9b303e59f141316631e2c97e75837

Analysis: behavioral21

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

118s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.pak C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\ C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.pak\ = "pak_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 05726d2973827b80e1d39a1e34d6565b
SHA1 22d7894a8000a8e33e4b63d8b5b09714667314d1
SHA256 93585d49ccf2d44f7c76437cfd7337656ff56cd9d9c552545943a4bbbd0ef4cb
SHA512 a7d752b857a604102b525c1895f43190b4454b4d631a92a81d3d5fbaa0c3881f23a9579f465944b830e7efc5bb66ca9d9c6b3cd020340f13859763c0eb87f456

Analysis: behavioral25

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

136s

Max time network

164s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
GB 92.123.128.148:443 www.bing.com tcp
US 8.8.8.8:53 148.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.78.177.227:80 www.microsoft.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 227.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 137.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 56.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

154s

Max time network

165s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 28.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 137.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 50.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.81.204.23.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

118s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

92s

Max time network

115s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 776 wrote to memory of 976 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 776 wrote to memory of 976 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 186.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 83.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 56.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

140s

Max time network

165s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\GDLauncher.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\URL Protocol C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\ = "URL:gdlauncher" C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open\command C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
PID 1676 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1368 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1580 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2288 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

Network

Country Destination Domain Proto
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-1gieen7e.gvt1.com udp
CH 74.125.173.168:443 r3---sn-1gieen7e.gvt1.com udp
CH 74.125.173.168:443 r3---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 143.244.38.136:443 plausible.io tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 www.minecraft.net udp
GB 104.77.160.198:443 www.minecraft.net tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 meta.fabricmc.net udp
US 8.8.8.8:53 cdn.gdlauncher.com udp
US 8.8.8.8:53 files.minecraftforge.net udp
US 8.8.8.8:53 api.curseforge.com udp
US 188.114.97.0:443 meta.fabricmc.net tcp
US 172.67.75.189:443 cdn.gdlauncher.com tcp
US 172.67.75.189:443 cdn.gdlauncher.com tcp
CA 51.79.83.165:443 files.minecraftforge.net tcp
DE 18.155.153.107:443 api.curseforge.com tcp
DE 18.155.153.107:443 api.curseforge.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.4.4:443 dns.google udp
US 185.199.109.133:443 tcp

Files

\Users\Admin\AppData\Local\Temp\c63d67f0-62b7-4aa2-98fc-e13f3ef0ebdb.tmp.node

MD5 4cef69a682d9b896b4fff99fca80a08a
SHA1 85fcae77830c3e55badfac97badc97ee53d5ada8
SHA256 bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738
SHA512 cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587

\Users\Admin\AppData\Local\Temp\e6af3fd2-67cc-4287-a9a0-97eec1d5f540.tmp.node

MD5 be94689f0cf2f4e36ef77fff3b573460
SHA1 f7187d89237506e6f50db5418c25b79cd1b3d271
SHA256 a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f
SHA512 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5

memory/2492-9-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2492-40-0x0000000076D90000-0x0000000076D91000-memory.dmp

memory/1676-43-0x0000000002990000-0x0000000002991000-memory.dmp

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Local Storage\leveldb\CURRENT~RFf76c9d4.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\CabD6D1.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarD712.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fafb496a92a4d39680e0f23c9fb30c79
SHA1 296c289236b16d6be3569ec2fb3c2a663dbb7bf1
SHA256 5d13e7866f13ede1ad66f77844387b0f4b981a7d9c048c4944dfde9f920cd75f
SHA512 2321335f937f399b8c285470cacae62cf6048eec926c0010b6e81ba2fe0f2c35bc5909834b3c2339f4e430a5dfb0546df8998b71b20aca83e8e1e8b313ec0b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8820527c750a89234a78f7e24e22adff
SHA1 d82881fa3418c373061ef57cb6cbc333367c49af
SHA256 4716eda216ef8e8bbf9de8c008ce08cca38f38e701f8107b37682e6f43ff011f
SHA512 0c444aa817254a4f1202f1c5cc97c9ad7b0b9885998a05a82a20d058c410cd99126e2f86a2cc6c92aa2814a07be0c9b94e59bcbcd4086af3052499a8d995673e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4b549cc69c12a6c3a7a4646fcc33873
SHA1 81cb9a62a21bc975e3cb890411102edde1056da3
SHA256 e49a62bb42a8fc00e7f5d8808e8e9e41092c0fb393fbbfb294e686f037b1def7
SHA512 b8f5a008b970ca50d9cf8f4f35878d321057dba561c6e696f053bd29c05f0745fc4e0bd1e70a333e537c0b3523aa2b2e683157221060b2212942e952ecd42385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a695cb857d4ad0679bbd7f790dfb528c
SHA1 f77ae279bd4835429d41c52d8d57ea1a0e3d50de
SHA256 839bc3db290024cb119bf96e7403936eaa139c246df9c511fa9b863fa316a2f2
SHA512 e4cef7305ba1128d3f3aa3e472d2f4414e5da61697ea8abac82c30e75f4da80ce86dfa87a4077b3c81eb25fc7fd22998c1b9571004af098f8020e893f7359883

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 732ed1744e4c924a6c8394e4fcab1a37
SHA1 c0d9f34c14f89247c3efe6a5c3a3b527bdc8f5e6
SHA256 7af8400d46b4cd21c5c7e7ca6f5255e3b22ec8ea56286afae02d560331e77809
SHA512 e7a3ae3865f73258f08e3a9887b347d70501abd6986d54eb6e47b1b03a10a4211a11817c3d34abee7a325adf0bc35440954ab3c173321495e4ac8d1650659369

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b88c2a18494781f867b93b8eaddd696
SHA1 512518301716fa9efdfa91e21e24de6f3e2c9bdf
SHA256 87b6b28145c35e77456f9d7f7cd2cfcc34bd187706eee3e35a1681b9aa0d801e
SHA512 ebe80ba9d77aa8e490729ef73b2dbf8c6b38537650edde75551a7fcdbca60b2349f1494932b2dee55646072b75cf07a2eaa57b2c9e4ca287d7c81272eab1628e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f963a40bed8a8f8ff151a70d3aebb198
SHA1 239a03f4fe1156ce4ab8dc5cb2047ea51cdfbcf3
SHA256 d2e69bb34974f207dcc13914a6f36ec45b4cc42fe59ce85ededeed4b5cbb2047
SHA512 6f00e57b73cc3449d54ddc2cf76147a160e6aca55befeb4577bdaebad9c9fef39e42ade634acf9e9c877d175fd664ef9b4fb4250f8ff708c0137ec3c45feff62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a8626c609a34af034cdbe7a16f86d8b
SHA1 77ec00b381f30c8c1b4fe7af5cfe12621b284e2d
SHA256 929d1ce62d7d8b3c35d6590d94c1f92dd75e927756739db1b00431f5a9c0a016
SHA512 0f46c80ff730f9255e36a4a8d8e995fe131a644d7186b65ae65302b6a14792107f2edaf1f86e2beedbcac25cc97eacf5ff78be31789aa61164790261c22e132e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 839d4437de9ec674838a04e61a9b59e0
SHA1 261ea9306c57e9fd0fc16ee6e2373f15caa4a7f5
SHA256 a64c7bd674b78bbd6e51999397f21825eb9bffe81f7297995b9b8c198fa7a8e6
SHA512 c69e55a410548d8a4e6fecde3c4b9c5e4133970c73041bbc0077f6a4ffbf5d94a61902930ca0551236d5ee8436c83cabc27fedb61860384668ab6ef3c7b5ea04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 500cac0b32b7e58131edbe0d5f780186
SHA1 aa61d1680f36dd7bbd33cec6b5b4e0717dc63d63
SHA256 5ccd0cc19926e2414cb90ead1967bc046f835c9da0479bd2772d3bf5b1db7f7c
SHA512 8cd2dea1302b2bbc7018655976564e069b43827cd2d10c7628cbc85f929ed968c9b0afec95d974f67e7bf49c4b69068a3b993b98818ce763ac94b7e06bbb113e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d47ae6f668c020565ac24a11c751f710
SHA1 2855e045ac0a59b3c2dab12d4646e95d368a5ddf
SHA256 ea119497c35cea84d4efd6097926235edab52eefce8a5c30482076e1e716d122
SHA512 55da8a08cc84c1a00845ed0342e378b46711590fc8a9d8bbb7182e89df2b2d3a3db77ab6681d5fbe9bdf456e8ad8c5f837b711979d5feb76b43b6525337a6320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 27fcd4a9815d29710da0858d61d3716d
SHA1 78a12995e6da52af70ff96b475b39d771ec05195
SHA256 3b80ac7181ab41c1288e6f3c86afbba691066e9a53f5b67d62c33d8c66e00065
SHA512 cb1aa26c4bd17ffd46c1b951c6a7aebe40b328304a8cd2c723022ff2e0be78ec864e2735beb9e72afb1fc7752252c34940b7554e1032325d0c26a7381e78097a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf4b496f78ac5df5066e12585fe64a27
SHA1 1724ec43429ff5ea2d24af38b5f2acd75355b697
SHA256 de14ad37ac82b22b5abfba531873af23503948ba40c340db2d7c552abaf54f9f
SHA512 51488fe5a9a291e2fd7e9a7a6595420ee7297186a4747bfc1c52c0c7d4708796c0101f2d6da86d0fbf0fc23fe5595dd3b881be9d27976de5fc72902cc3610e24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e24f6229c803774344ee4fcae5ca2963
SHA1 d79a17fcf8c57b2647ad222f846afe62dcff128b
SHA256 85209279a8c447ea1bfdbc9198015c742e95ab0fa75ca0229616a1c7183dffc6
SHA512 f8a9cbb65b1a7a9bbd66aae2a1c19f44ad27d2671a0e25323acc19418b6e63e2694063b5cba72932844c5c252abc967cf6cc2e225caa172d39e8637eea253e73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcae8f6e80d4ec221f71e67f01ddd6ef
SHA1 5d97599b92b621d59b2d85e1351095448082588b
SHA256 7a0c3278fd18fe21d6e709abb31fea542d51d5d480581897e0fdbe87ce10ff04
SHA512 cd8219254e16d004a93689863169123eee77fbe5d797ddf307c889a1c033154392e98a22b7d1c8e60d907d06f7ff9d7f38465f51689d4c18e7025c8d48500288

C:\Users\Admin\AppData\Roaming\gdlauncher_next\196080d5-cdf1-4b31-b158-b77dd77387a9.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Analysis: behavioral31

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

142s

Max time network

162s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 219.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 44.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 49.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

7s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"

Signatures

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe

"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq GDLauncher.exe" | %SYSTEMROOT%\System32\find.exe "GDLauncher.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq GDLauncher.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "GDLauncher.exe"

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe"

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=2068 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2452 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=844 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.minecraft.net udp
US 8.8.8.8:53 launchermeta.mojang.com udp
GB 104.77.160.198:443 www.minecraft.net tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 meta.fabricmc.net udp
US 8.8.8.8:53 cdn.gdlauncher.com udp
US 8.8.8.8:53 files.minecraftforge.net udp
US 8.8.8.8:53 api.curseforge.com udp
CA 51.79.83.165:443 files.minecraftforge.net tcp
US 104.21.33.240:443 meta.fabricmc.net tcp
DE 18.155.153.129:443 api.curseforge.com tcp
DE 18.155.153.129:443 api.curseforge.com tcp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 198.160.77.104.in-addr.arpa udp
US 104.26.3.110:443 cdn.gdlauncher.com tcp
DE 18.155.153.129:443 api.curseforge.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 240.33.21.104.in-addr.arpa udp
US 8.8.8.8:53 165.83.79.51.in-addr.arpa udp
US 8.8.8.8:53 110.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 129.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 44.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 48.179.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\gdlauncher\7za.exe

MD5 e86eff95691b1c0e7e4f3e9cb1ae2e49
SHA1 d0acbf9ae29ec74acc67b53b2063bbc9739bc9e8
SHA256 8117e40ee7f824f63373a4f5625bb62749f69159d0c449b3ce2f35aad3b83549
SHA512 1c26201f214fc068d2d7f7c812be022dbc102077ef34bc1f231ac118aa04b94139cc2005628491747888faf95863241b3847524db097f4822b75f646f4345ff6

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\chrome_100_percent.pak

MD5 0cf9de69dcfd8227665e08c644b9499c
SHA1 a27941acce0101627304e06533ba24f13e650e43
SHA256 d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88
SHA512 bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\chrome_200_percent.pak

MD5 d88936315a5bd83c1550e5b8093eb1e6
SHA1 6445d97ceb89635f6459bc2fb237324d66e6a4ee
SHA256 f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25
SHA512 75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\concrt140.dll

MD5 1028995446d0032530461be30ca98f48
SHA1 18446678152e9997eed9c02995f957d58a8e8f32
SHA256 d404b49c25cc76dc4c86e1d82fc23799482f6509e85a73ed8177efc320ec0195
SHA512 adb9ae577f082e0246cae5c804fa4cd08bcf54ce78eaca02d49b9b1b262779667a251e98cae807aff50fdac504b8cd855ce4d786f587d02e0a18f6ac8e0d882e

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\d3dcompiler_47.dll

MD5 f14a24e7ceb2b4b68e8e2aae77d5a938
SHA1 711935bdf6ed7f18a89029b77d25ebe89296cafd
SHA256 b747d77120f112602cc7bbf899197bc21ab6f7d2280fb2e6cfa0c558001bc30c
SHA512 3828e71f2d9da0033bb71d504e5f3b0d6c73c9ceac2029e03427354826bb0bbcd4e9ceda4766f7efce82a74c3b65b916dad70bcb14215356f3ac0537e1407d49

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\ffmpeg.dll

MD5 ca983a184e3eb10c77487004babad08f
SHA1 ff7c66ff7f401fc85624e8f538799f272f216c55
SHA256 2c2058dd0025458d81ae543b73c331b0b0192cdf7feadb6af6492e1ee9c8d267
SHA512 d1144526ae4e97ae44b38883d551da4f2cbd8e373a86137f0609631f7402d9893e36c81ca1f3c3dbc8bfaa952c4f051b5f0e5bfe2d0c9633bbbb0251aa858206

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\GDLauncher.exe

MD5 321813030faee0c08f0770eee5d5a5f7
SHA1 db8721580f06a388d19ccb5eb2bb4305349ccb91
SHA256 6899a4603230cad53faec822b471e449fec6551d3d9b2859af1c89734d62d5b2
SHA512 bf8f2cd9c431a69c39db22ab179947db7c129711bb53f20c4296e3008af7caf249d9f4666e5490d1a94b70137c48fb32bd4e3bcda61d622f95d0c45db9301e0c

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\icudtl.dat

MD5 961d5addc8883da455b18f733a517c51
SHA1 4c7c251133dda763215a2ba9b24b16b2d4442d82
SHA256 065881dd33f75898e718d481597f2536a9074b546d14a57e2ef82cafaa6579fe
SHA512 c6910d07408bfdde08b8385c692047ba9f53e2c99881f99d763373780eeddb250f3003ee9aa868c98980a1ba9957400c7a7c4c7446fa80c76db6f7ab2efe1986

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\info-about-msvcredist.txt

MD5 5869d7303e54026c9adc33e5dc63d70d
SHA1 484058ada000cdaf04b337ee03445a4989629d7f
SHA256 9329f7579fd8ce5f0503c2458ec49f1f42cf587559d0902f9954e3cf170f0a34
SHA512 403e01d01f8eb63e57a1ba7310282858aba499d5243a50ea44829ef8c312dfa1600873a5240e52afac17877512ed05e4f0d89082af92309157bf02cb7fe34b6b

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\libEGL.dll

MD5 5de7e395632af0d31d8165ee5e5267dd
SHA1 740ae64850e72e5ab3d49e3bbc785399a30a933e
SHA256 44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a
SHA512 788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\libGLESv2.dll

MD5 13f5b11e5af6a7886568b92cb391517d
SHA1 7130f2cea805324e5962c3a727c102a445fa1cd7
SHA256 e43fc8d684550eb13d3278e52531fa962e870fae65e68ca4d6a883f52866376a
SHA512 c4891bd5b293ac8bd890afaf1fa3b8260ffd8c4141d2911d24ef520ab52cae2adb2b472bc21e1b528a41b39dd13f733f92c5fd93ed525b75d04b2c9cebed9196

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\msvcp140.dll

MD5 25d41e8774dd8bcb0bde6635dbf693cf
SHA1 dfc66f96e4169c1b79e9e10565267bcbe3044bfd
SHA256 f2ad53034e473e7473f31c9e54b4f54d1ad3b3ae02d8afc32eef39f03b03b9cb
SHA512 836d9ad631fbca1a2d33999aa765f9dfe6e8f79eec0712c7711669574276cb6b302a306dc6b7f02b0b4126a0983d68f9a1cc5dba0e4f2985c933da6731f78ee6

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\LICENSES.chromium.html

MD5 a8f806c122539887f8f1123e1201e5e1
SHA1 510f232598a7696bb68a57b7123aedd2389a9997
SHA256 0f3e1e080c3040a1f3aa977e2ed71e5837382b401a21978fae3c7c35f2a84f63
SHA512 b09a6f9ee939c21db45fa99a0176ddb9428b2b98adc2316360fce0ab98a62764912f6d9cafd48f5becdb9431830a8fdeb57a3c18fafb54e5290ef91c92def517

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\msvcp140_2.dll

MD5 210bb45a43b2f8fa7f6cfc31fa4ec6dd
SHA1 3dacfa339ac11488d52a54806fffaf437bb0caa8
SHA256 aa965bc8429994c97bc2498ed8051a4101f7987a376924b105de5f7915e42a48
SHA512 8a0e8863b06b306b11e0abad77b0285dbc17b8a778e241c2ebe0285bbf12c7b7cfdeacd6ed6d2bf71887342a94daceadf8e0aa3164d4492e1cb9d0d1feceab96

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources.pak

MD5 591074428c91f2e650c1942451122656
SHA1 433ae7cdb858ba376e5d2326e30ac13fbb060880
SHA256 6ad9ebae9b81a882bd84a47ded58e2d29ddbbfeb1ef848d2412e52ac24030c9b
SHA512 e78afed3ac5e5a88e2ed78cb6ab4bcd7e9afd186ad1651a4431aa71bea21154d3ea1a0e38b55292d9c2d9fd33bfb661f0742a89c32d13710459bc1a67e223391

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\msvcp140_1.dll

MD5 d281be80d404478ea08651ab0bf071b5
SHA1 e81dc979d8cf166c961c8e7b26f5667db9557c47
SHA256 5e627fac479f72363075824423d74d0a5d100bb69377f2a8c0942e12099af700
SHA512 fda7c43fb6ee71c7ccbad7ad32c1f00e454ccdee3bbc35de4045abbc8998281cdab9c506fea8417df25ff0ef09471eea49f63b2181e160c62bda804fbfd8c376

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\snapshot_blob.bin

MD5 b3e2e780fc630c4e53e3536ae784439e
SHA1 63418a5fcc710b77075885e27ecdd008fb4aabb3
SHA256 9eadd4d59c2b135e32f3e8766d4feda642c903e51aa1ace5e0e5786f2579aa78
SHA512 4cfb9cceaafd04a63ca814e9eee947d1fb9a37dc6d4bb4ca0348da78eb30e22ee8aa337fc2cfa79d6de226f34e70da4a1c8c7b1be637ea1ff82a3ba27f6333e4

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vccorlib140.dll

MD5 621011d8f38e0eb988dca3a94dc6db9a
SHA1 1f91b9818a4fb8892ee50c1d334294361934e1eb
SHA256 e1c210936bb4e8328879b7701374e51a05bf76e5dea8f2ddddafa25f03a820f1
SHA512 4358a6c379d59f9ea1e509922bb58ac76a10f9245e83f824e37fe128b82cf21f8308bdffd9ac93cdf6ab8cce2d1852b7c5181256e0c09da27f0357d0dc89eb77

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\v8_context_snapshot.bin

MD5 aab34077883477f901c09e7a43ae7ed2
SHA1 2fd533026e3a68c32fbcb87fd7d879aa4257c69d
SHA256 f55787d23172bbdd24ffbefb4f70df9105579ff3d84392aeb2dba6feab578fe9
SHA512 3f5b677e1fbdf02398bba73eb9008a13647a35bfa6a0b6580aa5d9845ecd932670b16886c9179b1a25bf902201144513e939cb6ea96617fb2a06910cdb80ceee

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vk_swiftshader.dll

MD5 c030ff9bb955c6fac28b61eb8cc63907
SHA1 51bc1d0cc14a971f11b1f0bb1b29fea76fbde4ee
SHA256 d43d7e1b3272b5f8389f0640fd82b246af7c2c4b6ec4853862c812309d73e30b
SHA512 579d42370d5ec8607a1e20d682c0567f8a9b3a0d376f79eb4e543eb8dfa21875d1c1bc89d006d85eb4cbbdfc2e5b18e2d7beb5b8fb8feb39a5553eeec0845d20

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vulkan-1.dll

MD5 5cb7232be5f4cfa8f41e630fe71c7105
SHA1 cf10b59fa19b4a496bd5e0a8d4cb985c133bb89e
SHA256 85f0a8327bfa1b8ee64fb4b7179c0e49dc8885673619c29fbd8b08f7ccf45e24
SHA512 e76fd34bbf9d5ad2a190e255a81279a468a7948df43019fa79fee82a6acf2fa0735046dafa1f8b253a8a551ce3cd95e5527e9f0ac12f10a3adeac170f38a647f

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\af.pak

MD5 46f982ccd1b8a98de5f4f9f1e8f19fe5
SHA1 13165653f2336037d4fb42a05a90251d2a4bc5cf
SHA256 9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf
SHA512 2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\da.pak

MD5 875c8eaa5f2a5da2d36783024bff40c7
SHA1 d0cba9cfbb669bbb8117eee8eccf654d37c3d099
SHA256 6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5
SHA512 6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\cs.pak

MD5 df23addc3559428776232b1769bf505e
SHA1 04c45a59b1c7dce4cfabbac1982a0c701f93eed0
SHA256 c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0
SHA512 fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ca.pak

MD5 8fc109e240399b85168725bf46d0e512
SHA1 c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5
SHA256 799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62
SHA512 84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\bn.pak

MD5 3d98c59e26b33ee1b5126a6e88344810
SHA1 a91c8580a06aa757eba0e6227f07f4c8775daf8e
SHA256 a27c0a03329e33c4307598d9fd7013300bbc2c787180f30e2923888e8cf16496
SHA512 73f5513e7fe9960d61b3a32c5dd10c71264a66fd28ffd0cf30e7c42e5c3e6ac224e18101332086ef7653b05088453350e668df8ee1d10632510c1c36d25eb758

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\bg.pak

MD5 b363f27a8336e80c99236b77df9daeb6
SHA1 09183388ec4b55b69da2794896e60fe887601349
SHA256 247001d5fa1d561a904d2861d1fbf8af9ee3eef1270337f6af8a80536a1b67ea
SHA512 27eb34fd787ac8fc6a92acf38bc1cb2418606befdee7ecba6b1cbb4edabf670e7f5b685dc6a941fa0a4e762720f176aba743aea3b3956e2f131f95e2151ea95a

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ar.pak

MD5 1b55e90455877384795185791bc692c2
SHA1 3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46
SHA256 ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df
SHA512 bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\am.pak

MD5 89cfd3ec98d027c17029aee51a5bb171
SHA1 1ba9daf5b66a86d856371b630d1ccc63b92d68af
SHA256 6076dedfcae1f731f53c1a8982f3f1fdd1a99d2c4fcd22d0b070a64b49ef6304
SHA512 fb61124fdd0869642a036d0ee52bc60af237bca8ed102cb87f35e24b2a146d36abd041d2da5740f3eb62930127e6688a36458986f0ffe139580c836754a5b76f

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\el.pak

MD5 ec615a6a6397543a90d9c62000aec247
SHA1 6b89783ac526a3672ec3c599382eb0ef4a35afe9
SHA256 db62855fa33f216a3f323ef91b2983732c318ebf5b1a63d3c814c6e8efb5fe51
SHA512 884827ff7ff6b5a137c298db41cf0447d14b68fc2ddc735142aa1121117195be1a0f0684cefd2c1d877a812638fa707ded7adf68e556729d95317c51ef74af40

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fi.pak

MD5 668405e3ae8ec1e5e030ba897f355bf6
SHA1 888e11b4ea3a30d99463ab21e8143ea31b01ba01
SHA256 95b2630a5d399437455b3d48a5f909c90be7f486edd2e9280f04fe46b7113e0d
SHA512 e961e4c4d46e18fc4a8fa997cea6f3680d31f968589aa0fb8d07cc54bbf6db9689a196e909c7e2336ed29bcd4f0c91f56ed1c81bc6c7b1daf5308b563e6bc6ac

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fa.pak

MD5 bdaaf47ca351ae90e85cd1a198188340
SHA1 c2f0543842c94bb740cc6d9bd19c02d3fd92a539
SHA256 708f6d8de065c2bef8952ea7a350724017391b0a399328f5d965828f4c8cb440
SHA512 2b2d2c7a0612be1e4642393829193c63c65f9050e12c435597d6cd5f451a4b847d6f62a3087b22d5922a11f70f9e21c1e5bc562c509e823bad3c129d0affb088

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fil.pak

MD5 cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856
SHA1 c3b5900a38354ea00b63622bb9044ffb4788723b
SHA256 945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e
SHA512 6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\et.pak

MD5 b3edbbe30b8cbf83589e5333e9502733
SHA1 286a0f22aad6c59525d1f805993b4c4cf3bd455a
SHA256 68d6446e5a3840af0da180a4616ae22e1eed8865c470386669d8add2fc63b8c7
SHA512 a16e7e1e8134fe561dfe72ee9693b527baa11baa6961fb05ee388b1e0753ab3480ccaf9939f34ff7976fb9b8d8174fb99466e6142793cd981827d536ff5aa231

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\es.pak

MD5 8c3407e674be41266ff5a805c911b5d8
SHA1 c9e0fa7c51d6d946272c3ddb8574b7a5ffc700b8
SHA256 79b4e8a7dad61be451d79179bd2dbd06a1ef8b1503bbf1251a401a8ae43e1b6a
SHA512 9681852b2d4042b3a673c53a7e0839d1e77eeaa630009c5f76bd7c2e0e7fb016d193b845fb24f0d3449930947493c39394b91e493f363a092f98149909e81c53

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\es-419.pak

MD5 d25865c02378b768ef5072eccd8b3bf0
SHA1 548dbe6e90ece914d4b79c88b26285efc97ed70c
SHA256 e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0
SHA512 817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\en-US.pak

MD5 5ddd57c073c4f4f903ed10ebadb219f0
SHA1 ae8add5f84181038aab80f1e623d11f4ad850923
SHA256 6dba7babe2ecb0172e484121097308ad74600f6761ccd9768d88fae8d63c6755
SHA512 95582ee3fdce7e3c209de3cb4577f095549bbe2da17b7f21b69e1a8978e0c4a0e207852ab53ebf9ba9e5ddcd6a888ee62e4733eb3bbadeb62cc9ea2f4d20e631

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\en-GB.pak

MD5 80227f98af91d6d807e7e4ef3a10385f
SHA1 3c0702172adf883aa9a8d2160abf714793283a98
SHA256 aeb7a61a51c30343ab2ddcb59a99029c48749ecc6fb3fbbcfed61f442eeb8c23
SHA512 81744a8787e9c22d82e2d479b1b743bc7982b34821844f806f996a56406c3cb061a16dadb476ced8845a4ab2bfbc5925c4822d2bc1b65acbe3d34906965ab001

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\de.pak

MD5 11f2e1cf6c1e87e34ea0804284680ec7
SHA1 d8015bd71b45af07c1980afc464fbbd07d611a8b
SHA256 b2b42d623db5125ebf94f4a865bbfa236fcde06728bb26f128959b4ac0de528d
SHA512 e515ef3a8b49e8555de62a9a859d1384af714596a32cd8bfa457f121997c7099e0b1a87e59d0bfb3de7d6d538c9384a88771988aae12be130f0cfbf84a7a7f85

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\hi.pak

MD5 1d54e584312dd357cf3c50afb78b3bc9
SHA1 bee5c4c2550593e57f0a32b10e5177c7caac0d72
SHA256 314fb82a2bbb0c3130f64b9e2b34c48f54e4b0140c182dbb7f8978d83c91a8f5
SHA512 d3d7680b7436dd6cd9c917408570ac9780f4a3ea3d188788ce00289b534893bffbf3c695ebde7852f844f56cba13ecadb91672553ce1e5e336d3202a442dffb3

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\he.pak

MD5 9261d169134adb88f53e876fd9a9852b
SHA1 af08914985ba12848c2bba95deed26b791defc85
SHA256 dc810a7101f15e968fcbbba1e2e98f2af2b723fb58ff77641fadaa1caa79349b
SHA512 c466409c8df73355fa9c0d7eb96f0ae9abe14ba5baa75942dbb96d4292e3dcf7c71f6851b26d32e9bb09487a45cc20f4fcf800f3d13ee0eaead053822ef4c5e3

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\gu.pak

MD5 c2ab06430fa9caa2e5662507b6135c44
SHA1 1c7b0ae57db6a7df4971d27c945a54f03dfd7ba6
SHA256 31c3fc79d4f563ac2d91324f185c23325051a4746b99252231656aedb617b2c6
SHA512 a1dd8cd905930a0317753f654b591f475af2cef606d6efa188e828cad8c0da47fdf185f5089aaffbb3c8ff965d6057b8b1ccf5abc1cd67f733a86a2d61c17daa

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ja.pak

MD5 095a8604627613de6c7c35716fa9cd0a
SHA1 2869d6f012fe482f96023ddbcf1f17b3aa5bf002
SHA256 34573289e4027e63bc4091f6c69a2bc8d59922d5991050803779f0b01bc270a5
SHA512 29fc503341373b966a98e1771dfdbbacdd98a05072f33f9dca6667f3ab8dfd994a99d0c486cd569348d48a4d9ef81c7492c002423ab72e56a00a328a5ce8b97e

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ms.pak

MD5 de81e3f94b307a3d1dbf579670a9e398
SHA1 cf7569bfd32001ca98dfa02301a51384f7bc6a41
SHA256 f6e70fa445f5ba1b967c84f670941620c8919891b6983f6d088b7fd723161d92
SHA512 93eac6bbde1ff77fe1e1d3b8c06d5c3b9a188179571fbe53d97fa294be9d3506e30fd775adc4233a7fd5c4159aaf13538ccbd56dabccc35fcb43f8c621d145b4

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\nb.pak

MD5 ea1240ed6550cce7ce336cc6d79253b6
SHA1 f545057973c06bc80f6a5c4b0f0983de4aae84f9
SHA256 27c63c1b34d9333cb700f490a38e1b5bf9ec8b73725b226b6fbed61b1985d410
SHA512 528fb6de05ded39d05ae77992a9b687b62a2d40fe1aee67dbbd82e798e2583c71d694be0ef376ee93ea3890e02dcd5f99f7f7a85a20beaa81f2e95391175c4b8

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\mr.pak

MD5 eac9f1ea9743f92a64e3287e524b77a7
SHA1 1d193ce01791969d795fc1d810ab055aec4ae2fd
SHA256 ded40d713fe05aaceec7a880f882de1046ff9708940cff05e1de91be0d6e856e
SHA512 d70cd5dcc76062802bfd0493d2f308dca7cc6c04ff3c05a6791981d41ba345cdae997b5964d6281118dd8ba79eb3b5cc64edfc67cae0828514bb2b00d00f6675

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ml.pak

MD5 a7f6cdc17eddc1550260489d478ec093
SHA1 3308eb8f7d1958fe6b9f94602599cdc56460aa89
SHA256 01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577
SHA512 42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\lv.pak

MD5 28eeee40b2722e1cc42905c70367fbdb
SHA1 fd82465b1522d314b295207934a7641b3d257d66
SHA256 026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684
SHA512 a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\lt.pak

MD5 a3e29f4a3ca6f2058a6f464e49f914b6
SHA1 3fc632eaccf91e86b365d444e7acba6f9302aa5c
SHA256 ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47
SHA512 eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ko.pak

MD5 27705557eb4977c33bc69f27c2ee9f96
SHA1 b0297538c4e68515b8f65d44371cb8f4cdbc489f
SHA256 de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc
SHA512 53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\kn.pak

MD5 66867a2133ef0c73f385af7d5d2eed91
SHA1 8ca6e7e6d679255c2c151d38cf70a5f25cce059f
SHA256 407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35
SHA512 482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\it.pak

MD5 23d70fc1cc74275719c4f882400150e1
SHA1 e8235d0bd4dbfbd708deb80139f0acb1cc0fbdef
SHA256 75b37965b88933ba32119ebdd13cb98c54300b1e1e312080947eed6a94fc70b0
SHA512 ca9a6fc273d5b0b656e902fb87f8792de604a3b6ce598dc577d08541ce9f35256849b1503f15edbe5d1e1d5785cffc38ed12650d1d026aa23b5ce6f9c3ac4cb4

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\id.pak

MD5 f6d153fa3087dab3fcef255b5afe8538
SHA1 99f123a133d3ce1a70349a7d1948a8d57981e1c4
SHA256 fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7
SHA512 c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\hu.pak

MD5 7317adfcba87621963e9cb2f44600e2f
SHA1 0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4
SHA256 6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f
SHA512 e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\hr.pak

MD5 209efaa890532ddbb1673852e42ded7e
SHA1 8e9a3e643183d4cbdfad9fd2a116e749b5313a95
SHA256 3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40
SHA512 5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\nl.pak

MD5 1e5b9d923d5f8cef49c913badd2784ba
SHA1 6e42a558a7207b2cee2452263eb661843fe74d0d
SHA256 7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e
SHA512 e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fr.pak

MD5 bc286000070c9a918a8e674f19a74e12
SHA1 41221bb668e41c13fbf5f110e7f2c6d900cdffd1
SHA256 d641d9d73262ca65a613ee0395204435d6830316dd551f8992407ae77ead4b64
SHA512 553dc84ffd09dd969802fc339ab20f6af3c36442c1ea23e4199519f2c5fb50be79874ae455ce5ff44511a3adcedae7f3030d13e0ecf2b456233d5f4ff186a5dd

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ro.pak

MD5 5f6af740e111066ba5245a7fb58c3d38
SHA1 bb09d9f89ec6e1db0a45cd15f84930dc34011b16
SHA256 b9fee8754a5307751f197d1968dd02e163dba30f09a36c72f88b63b4ee5bcd26
SHA512 d2c74477bfa01e8b5b51fbb4393368dc967be362833cc2ac61fc989f41896f17b957d10c0e03b442fba1f3d6059637f355dd6e537e6e00c382eaacfc1b5d64e2

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\pt-PT.pak

MD5 f7a822e3dedaa3df046c3172613e275d
SHA1 14c21d2cc296197a9a618f21dc103f0d6749b77f
SHA256 e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e
SHA512 0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\pt-BR.pak

MD5 54efb4172a7110a567ad87f67cfcd551
SHA1 ea8eac6f2328b8a1b27249fced7c16154060dcf3
SHA256 c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742
SHA512 ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938

C:\Users\Admin\AppData\Local\Programs\gdlauncher\locales\pl.pak

MD5 bc72c8e2426765839539a3b8340fe19e
SHA1 630bd0e844e673454477b819c808b7e18bebe0db
SHA256 6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755
SHA512 a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sw.pak

MD5 a5f4010de863114025b898d78036b336
SHA1 0fa93fee8f60d1bf2fec4e01c5306404e831e94c
SHA256 8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30
SHA512 7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sv.pak

MD5 b4d3ab3791e862711986bb585c1676fc
SHA1 2123c8879a70728657e72415d7056aac4a1527e2
SHA256 080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66
SHA512 b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sr.pak

MD5 7cfb6dd166594df07bccb7c08774a667
SHA1 1c06a8adb81c357909ade0307a67a122c94c0cb7
SHA256 c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d
SHA512 92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sl.pak

MD5 c08d0d08fd48822c603a27aaad4e9557
SHA1 8b7d616ef86bd955cbdf68197cdf748aaf99240a
SHA256 ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65
SHA512 480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sk.pak

MD5 7cedcf98e68f4001cc13f2b761571681
SHA1 fba32c46564452fee5697777b6d3c60d69589528
SHA256 e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb
SHA512 c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ru.pak

MD5 822750ab24d9ef1a54f3d987eee1acb5
SHA1 dc99948cfd029cc9d98c10e487625832db8f1855
SHA256 3906f069e6e2a3a0235826e9382624e7a4cfba309f00bbd0963ff0c9f2c179fa
SHA512 b0d9521e088c80470e5d15e310bf7e3e27b16464c5349f2bd6f29a78e7fdc7da36b3b1bee68e4496585b0e2f20098fa6b0b3360c4b43f2ed9718d292755f5be4

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\uk.pak

MD5 8162ec467ac9a8dac71d22c630a3e6a3
SHA1 4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a
SHA256 d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f
SHA512 e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\tr.pak

MD5 08b737a1b8ecb81c8ef4d7b8f6b5f503
SHA1 99d2cdbb720f114051627acbb79475ccc57ce6a6
SHA256 84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8
SHA512 142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\vi.pak

MD5 247e8cfc494fd37d086db9a747991abc
SHA1 bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92
SHA256 4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3
SHA512 852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ur.pak

MD5 30ce113bc3c466751bdf8d50cc568ff8
SHA1 d0b434b8f196a320995f49845d64054dcaedb97f
SHA256 34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41
SHA512 a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\th.pak

MD5 5abd2a1b2749449a0cbba60e32393f4f
SHA1 31097bf4728f752508482c298710cffecfb78d60
SHA256 c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780
SHA512 094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\te.pak

MD5 11c4c1ef8708db1f742333e71e312831
SHA1 ef432cf1d5df168039cb3d1b5f4d34bab76cd475
SHA256 9889b8d2e5f5fc5ed199831954af7b05028ec7a68f448b19ba74d91b97c223d6
SHA512 27c73d81271612bb2e4925d2091db9119859080484f5fa17536291c06bacdffadb1962ce56d0979d4f1f49add14990d73c5bafea45ce48141a36a2e55ade756c

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ta.pak

MD5 ab1ece31afe29124d183b3826c7ef291
SHA1 e707a983f039310b867bf4b502165f1f512b9818
SHA256 5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22
SHA512 6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\zh-TW.pak

MD5 96620581f25ac84ddd4b9d0cd29b0749
SHA1 6413faf7b2e31755674f27de8cdab0788488526c
SHA256 2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988
SHA512 7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\zh-CN.pak

MD5 7507e95fbb433aa97dd9c2e3c2e08d0b
SHA1 f61227f2173ceece432289b099285d4a9322e2ef
SHA256 bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1
SHA512 f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources\app-update.yml

MD5 3197f1e2ac3bb916d888b1c517788ae1
SHA1 d1621ef5a59f3cb3af0948c32c6b86a3bc5895b8
SHA256 54f8faa0210764d255e9e3e812c7eba670e3b4b88892f44719ce76d19c96d728
SHA512 e7bd76fba533a680008fb9bc1a73b22b4b441d0a1e1d639ae9da0cd75463581b11e6b2741405c88b1b1f702a25107b5b254889395cf1d17ae938612fbaec5cf9

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources\app.asar

MD5 471cdc896824fd3a5d3e96fddf1d20f8
SHA1 81b175a13dcf0db5b2fff78e6e67eb17ddbd446a
SHA256 b00f8077ec00065aa084b06d274583b86c1f0a7a2a046457846fdd890c970b01
SHA512 f4ae2379baa5d458e21ad799121aa7233533e67864998123a8ab017b9aed42510d66fa0b682d0e9417a853133de6ef95b89b59bce7064182c223e25571ea05e8

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 d9ac034d1594747bad97b2a0e4c9a3ca
SHA1 dd97a98e73d1115982490123a0428a64f82090fb
SHA256 02a03e51c92c6bdfa573e90483ef5956f7e7983a9e6cf3c62ae0e31c096307d1
SHA512 92d097ea96ed8a482dcb02bab2891957ae0b23621697d2015cb25d1d10f0bdd2a745db78800d731734323c5df71c3aed4c96c504b8f6d198b719a4517b76da78

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 f43305559db938e41d7734ff25e503ca
SHA1 7ca11607eae4b95fb0e04f333b2252bef0573709
SHA256 eaa90c7f4e372e8d1f06f9ea596d65e476f984c8fae4617fc6ac58e5ef76993a
SHA512 edc24e4b4234d89a0927b5cdab65847dc06703fa371ab7cfdeb1dba52e37fe5370488fc11888b25c1f81c782951d951d28cebfc70f6794b10814c248e01d9b9b

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 9d3b16e2a2a75d6849ba492903b93a95
SHA1 9ed1a828ad701e18f06b47517de5f76b3e4956ce
SHA256 0f5d4ae11a85970eea61ff3aef67412d76efe245d39145898369a4f03507bd54
SHA512 de17f87b220a88b04081f9b14efcc57b760a8653d2404f64bce8349f6b0aa0ba899e9bee1e80dfd2bd4e036d831ca2f259b625379562225ba2f1e44bd5a3686e

C:\Users\Admin\AppData\Local\Programs\gdlauncher\v8_context_snapshot.bin

MD5 1270ddd6641f34d158ea05531a319ec9
SHA1 7d688b21acadb252ad8f175f64f5a3e44b483b0b
SHA256 47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29
SHA512 710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

C:\Users\Admin\AppData\Local\Programs\gdlauncher\icudtl.dat

MD5 4a6fa70842db25df259404f68f5c142a
SHA1 a28afe056ebd2a8a2d963371f904f617bbb00fcf
SHA256 c6bcd91547f28675e22ee7db26bfddaed1f4cfc6744f2da89dc8f6e5c50d1c28
SHA512 1ebdf8ded31a39df08f19f8d82741ee42c78de21190cdf23e6f07d2dfcb52a1b76d35eeee0b6eba975113e54bd777d3f1635d5e011202f3c6e2dca41765ec0e0

C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar

MD5 0947e7a01966466bf6a1141abd7c6b9c
SHA1 1fdb1487a9e6ec04ae93fc1bcc1144c20d965e5b
SHA256 1fc8648c8c848f98964f06576e4269c937120ea27a908d29454bee6ebbf688b9
SHA512 e523003b98dedc0ecae8a210434ce3c368b4fb5622e51c0ace7de12e9c122f30006954a2ef72ac864c4c59ddbcf86b2c93d01b9c9969b2f173e1bbfaf714cc3f

C:\Users\Admin\AppData\Local\Temp\f9ba0571-a595-4909-8af0-dddbed0f0b65.tmp.node

MD5 be94689f0cf2f4e36ef77fff3b573460
SHA1 f7187d89237506e6f50db5418c25b79cd1b3d271
SHA256 a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f
SHA512 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5

C:\Users\Admin\AppData\Local\Temp\fc13310b-e4c1-4c66-ac9c-6e5c2337332e.tmp.node

MD5 4cef69a682d9b896b4fff99fca80a08a
SHA1 85fcae77830c3e55badfac97badc97ee53d5ada8
SHA256 bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738
SHA512 cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587

C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources.pak

MD5 b7dbe646f39ee9bc4c186e2e34f023d4
SHA1 e19b20ef868650085e3ebf4201e6af6dc082b816
SHA256 06ab121e9802a5d90e49c01d3899ab1d6269c82bd5679b89efbdc0097ff9dd95
SHA512 60cc5ddc1978438f8a4c6542245f86affa0dfa26480cbf4b8c5f44112b5f0b192153f0e61d1940216025463ccbde343366293d7b9d0a14561b90106bd875392b

C:\Users\Admin\AppData\Local\Programs\gdlauncher\locales\en-US.pak

MD5 f982582f05ea5adf95d9258aa99c2aa5
SHA1 2f3168b09d812c6b9b6defc54390b7a833009abf
SHA256 4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d
SHA512 75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 3262e9899967984512cf273a5951271b
SHA1 6472f47dd10eb7a6a1d5dde90463ea90b468d13b
SHA256 06f4dc13b6a9498bd1c16f7e4398c67ce8edad6f9e27e0ff84e164829bef8141
SHA512 74a1be35cfb50d363f0782c159ff0130178907a02c21327ec305a8cddc321f63cce5f5774e6ffaf154847cb75255ffeee273381a52d04488b68f72771ee8b5d0

memory/3544-649-0x00007FFD26BC0000-0x00007FFD26BC1000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 4c1909ffc09f3f8659d8578d09b41ac6
SHA1 6ba6ce33c5a1fb92271ed751b71a092f24318cb9
SHA256 6b8b761a45425318ecfed2757d72fc408f8bdbb6a6254c7bf717b61c44f735e6
SHA512 9a3adfa0c46b998085ef0850cb1bddb674206395ee39d3fa671a770cc46ee997f0f126b159135b20b00552c1652262adcefe2c45b7c0932a9c694a4b64056976

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 044759fca9f2f8734c9caeafd03fadfa
SHA1 bea1d8d4d13e3cde94b695628a0c876fb7aa9f5d
SHA256 43eac3a975fcaf25eeafb64cc6b27b8394a447fa5b5ba9d5feace42284dd2564
SHA512 4d6a5bac542e9e1abd94523b1916d9d5edbd3b88d0dcb75ff27e10aca4130959c96ca49ac2d4c534047d928ded88b964f15ccbe1be9b5fd85654e576666b7299

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 54edc3e04881aeefe3e6d435c70d2e2a
SHA1 66852299b03e4a06e0f1e41edf905cceee62ca72
SHA256 f34c223e50317fd1543bf48f69a46de4d83567a661bac56e8a99ca8316fbc53f
SHA512 3d09c6a81f7d965200eda0449d87936bbc85a449dcec10c4943b111326b51390d192696a69df6b0a858f1ecba1e02d3b7e7e0de4566b5a790b179cbfe555affd

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 d7d8462a76f63f746f98d1d2fdc81f0d
SHA1 316f0f2f3a0e4fc0d01c8e2f7e0ee1ac6321baf8
SHA256 6339b4036d58f4184db48c684772c2a18f5ff9767c3b97437826b0e82218775e
SHA512 7062009c90cfec7e26464f87cfbdef61948622f82f4895a217cf310f02f51576703a7af0f4daf956d72dbae6bfd0e9d815559a046f64f7d983580343edaeca20

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 086d392f175085fc79905b8517627ee7
SHA1 87fbad8ce17559bbb0067be8623b66402f6c2010
SHA256 4bba3833eed5ca95c93a37c77b7eca3c2ce1c7139435e1a6928b432cc3fc6f8b
SHA512 804e591ed49df2a7dd2498575a84bad297c5cf312b76d5567f2829788a877f1aeca8ed8f29e7e69af94bff26b210b4c16b5742c2e9c51205af4907c6bf1974c9

C:\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll

MD5 ef5e388c75a264dab1679fce49d73d31
SHA1 a6a3044b6d637fa9f267b2ff0f07b5d29cf3aa2c
SHA256 7316b2d5fb2de34b0a24de1f112030e1ecd6c3ba686f5cce3d40e6380abb63e3
SHA512 7ba46050cc1eab0aafb1b4645f9da09391be20df0d85c91f34a1c9adf13942eccb2601134c26f481db5a7e3732c3c008b64d4048f5f273a53a913aabb91ce3ba

C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 a875c99bb5fc22e476c31da7d84be6ce
SHA1 34660ca769ee9cfbe9e73ed1a7ccab2a141e1ad5
SHA256 7e7e215e13dd1c717dbf131da3ba426086a03d8c1d5ed884d0f6c63bef0c7676
SHA512 f3d11adb8fc028c3065bbaf9695b733ebd6d9177a7015d296148a8f13375aa956f438eeef48c4b05b51138a8f6de4edf37e5dad505cad92cf192e9554ef4a1c5

C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 aaac00dccf30926e83c9d0de631f399b
SHA1 75418dd068ebc128937594640bcf971b16fa02cc
SHA256 f7ad496182568a6025d5290eedc6bcb7833f78c212f8eea0503ddbc594ca8c0d
SHA512 9433a8db4f918cd0d7d357ae515c61f0daf47aa3b41cb064cb10e1200771226a697c9c3ef94e74195fe69031345c72c7c9652bb7d411792a6e5b1e9d20218abd

C:\Users\Admin\AppData\Local\Programs\gdlauncher\libegl.dll

MD5 a0df7801247a270d6a5dac203d71e6ef
SHA1 b18fb7824e7565d2bee7a8db4d9804fcf383a5c1
SHA256 814269b0038341865287c8c6def33857f8ef18b5e72f41f54f09b3b558241bda
SHA512 ca0dbd203d7fddf825182843569f8bb8bbba9ceed7a94cba2c56ec38ca261ee3558ceaf86dc5fb718c8174e5e12c50ff6e7c3343b111d16dfb0395df8cf67aa5

C:\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll

MD5 9b1196474814fcfaf3b290370fa4f9d1
SHA1 4ab3b49735c9bbbd53925f7d919fd9020bca6203
SHA256 d55dab6c8e75e4dd2608fee5111b8b7ee2d3618f44570d38555a62befa014bfd
SHA512 4014c7e2a074ee9c4147224211d81c594fce347337d0a20d0f0e9119d2ccbabc6ccf82cc9c89bd776850d4fcdfbaa01cd1ea48117b091f3dfffa611da98a06b9

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\nsis7z.dll

MD5 f9f065c6eac2266084c7ab1314ca8883
SHA1 a13f59c93fc6f02752efc50c8bd3169e5c9a156e
SHA256 4d3445162352bd926d731051d3244e350ea3b30c4bd79e10e37a8174b6e1e026
SHA512 088239dfff46667904a6b3d7e7e9494c008735867e3b1604c9596716c2f57ac2f1c715114fd558a692e4ecf2e79a5610d834c04cac526bc10e9e03b002572ec8

C:\Users\Admin\AppData\Local\Programs\gdlauncher\libglesv2.dll

MD5 9dd424283d305bf6ada0a6d5f36b18a2
SHA1 8d4a3cd2527d774a8d9fbb6aeeb14631cfd6169e
SHA256 e3a022e1da0595dad85d0d562aa5199d21b26b84e9e2d57811cb97412cc28e73
SHA512 8e106ff6f80b2a3fb81e07bcfe6a6bb37659b9f5c40e8d27adea2868e2ff307fa84dc022e321d8c90f1223aa3785422df7ba16a6c46efff2d53e98189c0f54b8

C:\Users\Admin\AppData\Local\Programs\gdlauncher\D3DCompiler_47.dll

MD5 3fc998c5534af9073bdcc64f2785a2a0
SHA1 4ddcd9eebf8b62749c578af0701f9102f085bafc
SHA256 2f2e7f37a95248e694262233df5fd150417bf62634368c9b04afe5b8baaa2967
SHA512 1043d34f5ab9acdf3d99a62eea9838c36a2105203b14e496535b4541c02d1a7012f4576e94406600eafa0b0545b7eb616792eb919f3774c94613873259ebed7f

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 b1d7c4c1a1fa22d9312b567f60cd441b
SHA1 20ccf0da5cd82c491c121920849fa948d524ccb6
SHA256 b5db421bdb6b9818e3720e63c1c8b20feba28654e5a28b47a0f10cd5ecc68f17
SHA512 ec262a4c51cfcb9cf6d4a14baa8e41f324e476df1d693aba3c892a34ca2a2d003cf88f86e79c2b915f843299a0cb5ff7d6bfd0a36fe1c3574e78e35b0fff7daf

C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\gdlauncher_next\2223800b-a61b-434a-a673-60b54acbfbbf.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

memory/3544-937-0x00000198CC230000-0x00000198CC2DC000-memory.dmp

memory/3544-938-0x00000198CC230000-0x00000198CC2DC000-memory.dmp

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State

MD5 65481b3fc4a5cd409fdeda24861d7c5a
SHA1 982b44c02722f07f2fe8ceedecfae55be2556f0d
SHA256 1f534933c0dd6c5499fec3c12efa1799a7ef1c571fcfc6015e4063d1ba792e4e
SHA512 002bbf4fa2fe72a58d32738453c92d3fafaef6607fc92f3365fb2426d9db955802b3bbe238655f74f85856a878e3487c12546425a26ac997ec6f0d09f616bc98

C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State~RFe58a5c1.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe

MD5 8713873e45f96547f9d6775f3efa3687
SHA1 b91903231562864a8b955b728e755233e811a1d2
SHA256 2cf876c23bff586953e40eaa7c2357e9712821110b5663e963e4bb0915fdae7d
SHA512 d93ecf06a28dfce27e855f7c101cf3d7df49bb7ab757c9321b60c7cf1594c705adaf87b423306bd8ac97953fc3004c4e9558f003d387a0ced71b043ec77031bb

C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll

MD5 4b986e689f81a022337bab1cb40236d0
SHA1 70361ee1109cd5d2c69d6aae3f8d76ad7dbd13b6
SHA256 5791762084aab6f6517aa2cbaa95686ef339c31e3671eea0a16b979a9adb4774
SHA512 de429358a6acd7243e6c5d50f2184f8c7c3860417cfef0f68331f7e823d90b0da43fd5e4776fdb03563c3d481108324ce068036380de8ea66b9eee1ac202b250

memory/2636-952-0x0000019315410000-0x0000019315411000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll

MD5 a1878f4db51b4037aa2afea973055e16
SHA1 4b1130f0b972dd0bed983bc872c848804e048cf3
SHA256 21f440aebfeab21f9b33bd1a7fb185201a9999a71f1c427db1dd5c36e1f527a5
SHA512 b38367f0fbaf7fc480ff25295aceb434807ff4be9ecd79af4aedfd7f69bd28c712809484381711f0b8062f7e2f3f7bec8817659898281b09c338b1745c0eea5b

memory/2636-953-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-954-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-964-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-963-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-962-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-961-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-960-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-959-0x0000019315410000-0x0000019315411000-memory.dmp

memory/2636-958-0x0000019315410000-0x0000019315411000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240221-en

Max time kernel

122s

Max time network

133s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240220-en

Max time kernel

122s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win7-20240215-en

Max time kernel

119s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 2780 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2940 wrote to memory of 2780 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2940 wrote to memory of 2780 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2940 -s 80

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

140s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 80.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 52.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

92s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 548 wrote to memory of 5000 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 548 wrote to memory of 5000 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 548 wrote to memory of 5000 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5000 -ip 5000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 59.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 50.179.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-02-22 17:44

Reported

2024-02-22 17:49

Platform

win10v2004-20240221-en

Max time kernel

137s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3280 wrote to memory of 3792 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3280 wrote to memory of 3792 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3280 wrote to memory of 3792 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3792 -ip 3792

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 80.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 74.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp

Files

N/A