Analysis Overview
SHA256
9a4744a9ea6fa058995157b052e1d96b7063039ab3971ce5660fe9cc29bea7aa
Threat Level: Shows suspicious behavior
The file GDLauncher-win-setup.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Enumerates processes with tasklist
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 17:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral9
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
93s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5024 wrote to memory of 4848 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5024 wrote to memory of 4848 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5024 wrote to memory of 4848 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4848 -ip 4848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
153s
Max time network
166s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open\command | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\GDLauncher.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\URL Protocol | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\ = "URL:gdlauncher" | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2408 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| GB | 104.77.160.198:443 | www.minecraft.net | tcp |
| US | 13.107.253.64:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | meta.fabricmc.net | udp |
| US | 8.8.8.8:53 | cdn.gdlauncher.com | udp |
| US | 8.8.8.8:53 | api.curseforge.com | udp |
| US | 8.8.8.8:53 | files.minecraftforge.net | udp |
| US | 104.21.33.240:443 | meta.fabricmc.net | tcp |
| CA | 51.79.83.165:443 | files.minecraftforge.net | tcp |
| DE | 18.155.153.107:443 | api.curseforge.com | tcp |
| DE | 18.155.153.107:443 | api.curseforge.com | tcp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| US | 8.8.8.8:53 | 198.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.83.79.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\0dde7ef6-2863-47a7-8426-c95fe7b30518.tmp.node
| MD5 | 4cef69a682d9b896b4fff99fca80a08a |
| SHA1 | 85fcae77830c3e55badfac97badc97ee53d5ada8 |
| SHA256 | bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738 |
| SHA512 | cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587 |
C:\Users\Admin\AppData\Local\Temp\248faa4c-776e-4146-a35d-b961d6e9c601.tmp.node
| MD5 | be94689f0cf2f4e36ef77fff3b573460 |
| SHA1 | f7187d89237506e6f50db5418c25b79cd1b3d271 |
| SHA256 | a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f |
| SHA512 | 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5 |
memory/2052-10-0x00007FFF322B0000-0x00007FFF322B1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Preferences
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Preferences~RFe57dca4.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State
| MD5 | 949e4128177091e594698ad2e330a5cf |
| SHA1 | 69eeb6dae0a783eff0f3a4c718a3fc5fda574505 |
| SHA256 | d823c55c284e8ba408639ffcedf166b4100c8f986132d0b160178be750280cfe |
| SHA512 | 38d5adac879c0a273877ceedd41e832ebd5e0929455d37b694f915662b889e2b5a77c471420eccc17535703df1886c595e9fb4c0bea0658f2cd5a3f3a99a0d42 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State~RFe58c196.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\TransportSecurity~RFe596874.TMP
| MD5 | 50b59f71e324cad185104163ddde1f96 |
| SHA1 | 69d0bc35d087045bac27c21a6388af4c89f3eaa9 |
| SHA256 | 7a2caafe3bf0e84a8610f1bfdcd147ec6f7f01b0a4190077de13afc8c1eeb6ec |
| SHA512 | 89e43724c62a1dd7c560fb5279b96f727bcd0c1ae1d601a3a1aea41ea8b0fa18a73c617c8aafff07777a16e51395b39c0ad1d06073d5af3c3402edba883816df |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\TransportSecurity
| MD5 | 62a4d86bd498572d9c5f9a24b1d31695 |
| SHA1 | 9ec255c03e7d00e7994971ede21a604c5ac50431 |
| SHA256 | 3df80fe2134cf0baba119b80dd3d8856025a5d76d6be025fa74fdc11daa6c7e0 |
| SHA512 | bb18e30145eee593d45865acf4f930727ab8db06131132676655b103a5c618578e0a693a0a876a51ee48bd5d4889005142dce3071fb5df0ecc0723ad3a30bad3 |
memory/3520-126-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-127-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-128-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-132-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-133-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-134-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-136-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-135-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-137-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
memory/3520-138-0x00000280CDDB0000-0x00000280CDDB1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
130s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1940 wrote to memory of 2496 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
129s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 224
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7za.exe
"C:\Users\Admin\AppData\Local\Temp\7za.exe"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
135s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pak\ = "pak_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pak | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pak_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1736 wrote to memory of 2616 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1736 wrote to memory of 2616 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1736 wrote to memory of 2616 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2616 wrote to memory of 2596 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2616 wrote to memory of 2596 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2616 wrote to memory of 2596 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2616 wrote to memory of 2596 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | bcd33de0eec2a81bdb2b339c072f6e51 |
| SHA1 | 95a1800cbd98bbd2c459715490fef9cc99fde9f5 |
| SHA256 | 0aa64a2b5674dc30f7fcb16e99a65541ebf1d9e1c067878a6e2f2ece1e23d93a |
| SHA512 | eb74394ef6d150dc71e394206076120fdd7b64b253f9467a431321060e4c252d7731d9e95e7a5722f2cd0b44b0f36c0f08c57cf1b01ce5db529a613bf0fde93c |
Analysis: behavioral24
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
140s
Max time network
162s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7za.exe
"C:\Users\Admin\AppData\Local\Temp\7za.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
147s
Max time network
160s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef4bc46f8,0x7ffef4bc4708,0x7ffef4bc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce1273b7d5888e76f37ce0c65671804c |
| SHA1 | e11b606e9109b3ec15b42cf5ac1a6b9345973818 |
| SHA256 | eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c |
| SHA512 | 899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086 |
\??\pipe\LOCAL\crashpad_944_AJDUQIJELCDDVMPW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 65a51c92c2d26dd2285bfd6ed6d4d196 |
| SHA1 | 8b795f63db5306246cc7ae3441c7058a86e4d211 |
| SHA256 | bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01 |
| SHA512 | 6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1a8e3fa1cdf060bd7b1a8aadfc33b96 |
| SHA1 | 8bb63678cbddb2d1c12ab667038f54f684b6db0f |
| SHA256 | 23f67dafcc79ce959ab0574372f0924112e110cfc3c730c1fea27c531be0f3cd |
| SHA512 | 42e4a8d131b7f9cb5c9cf9e851ba38840d8ea5b4d4c1baad08f6f2b1db66964c6345c05121c31f69829bbcfd89ecf3fca703a0cdfbeff8419c136c6277875b14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af302610cfa817772c8c37196d564dd9 |
| SHA1 | 5d335f6c25d6db4ee7849dda35ae2c917e5d4e24 |
| SHA256 | f83d4bdb066c79ce3e0ba8c7110c12c4eb000d438efb489f4c27bb6e4126a28d |
| SHA512 | ef42b020ee5142ee44cf001022702b35126d1d507fee22a3c07a8647f5f6ca94eabc841c5a2152010f0a0e8a6eefa97a4dcc6740a6553e78d267358b8adc7e7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9df47862f834bb373e0cd09ff75b08e |
| SHA1 | ce2f800a4c6ca33f2acbd895832f97554d4ac42d |
| SHA256 | fb248421ec62cbcb73f15ca560ab8af85a3b36c8afd3d9cc1c823786d70cf21c |
| SHA512 | 74c7c7e3d6636c0efd3368f52024123806e90d989a16aa25825429adf43481b1a71c4c22c70889d380e9751923451746f983d1c6cc32ca446c3656c8c25f74f8 |
Analysis: behavioral20
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
145s
Max time network
157s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240220-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2060 wrote to memory of 1692 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2060 wrote to memory of 1692 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2060 wrote to memory of 1692 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2060 -s 88
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
92s
Max time network
117s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2636 wrote to memory of 228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2636 wrote to memory of 228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2636 wrote to memory of 228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
120s
Max time network
131s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\.dat\ = "dat_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\.dat | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\dat_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 2532 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 3016 wrote to memory of 2532 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 3016 wrote to memory of 2532 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2532 wrote to memory of 2728 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2532 wrote to memory of 2728 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2532 wrote to memory of 2728 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2532 wrote to memory of 2728 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\icudtl.dat
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\icudtl.dat"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | d7c211123735aa698fdb80875994bdb6 |
| SHA1 | f467ce5217959d26267389b348709333424e34e3 |
| SHA256 | a3c6231a506d0edfa42808a25c8260f8c3295fe19d585f6d441ad7047d824e08 |
| SHA512 | 0f8070698ab121b707a991bc6c547ba57503c4a63643a0891f8af9135688aacb0dbacc734afb622b5878e19e032d09e70e2368ca07b9daa9848b7937cfed000a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240220-en
Max time kernel
7s
Max time network
149s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\URL Protocol | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\ = "URL:gdlauncher" | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell\open\command | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell\open | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\gdlauncher\\GDLauncher.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\gdlauncher | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq GDLauncher.exe" | %SYSTEMROOT%\System32\find.exe "GDLauncher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq GDLauncher.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "GDLauncher.exe"
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe"
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1464 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1296 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1100 --field-trial-handle=1148,i,6644541285476879952,500373378706083674,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-1gieen7e.gvt1.com | udp |
| CH | 74.125.173.168:443 | r3---sn-1gieen7e.gvt1.com | udp |
| CH | 74.125.173.168:443 | r3---sn-1gieen7e.gvt1.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| US | 13.107.246.64:443 | launchermeta.mojang.com | tcp |
| GB | 104.77.160.198:443 | www.minecraft.net | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | meta.fabricmc.net | udp |
| US | 8.8.8.8:53 | cdn.gdlauncher.com | udp |
| US | 8.8.8.8:53 | api.curseforge.com | udp |
| US | 8.8.8.8:53 | files.minecraftforge.net | udp |
| US | 104.21.33.240:443 | meta.fabricmc.net | tcp |
| CA | 51.79.83.165:443 | files.minecraftforge.net | tcp |
| DE | 18.155.153.29:443 | api.curseforge.com | tcp |
| DE | 18.155.153.29:443 | api.curseforge.com | tcp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\chrome_200_percent.pak
| MD5 | d88936315a5bd83c1550e5b8093eb1e6 |
| SHA1 | 6445d97ceb89635f6459bc2fb237324d66e6a4ee |
| SHA256 | f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25 |
| SHA512 | 75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0cf9de69dcfd8227665e08c644b9499c |
| SHA1 | a27941acce0101627304e06533ba24f13e650e43 |
| SHA256 | d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88 |
| SHA512 | bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\7za.exe
| MD5 | e86eff95691b1c0e7e4f3e9cb1ae2e49 |
| SHA1 | d0acbf9ae29ec74acc67b53b2063bbc9739bc9e8 |
| SHA256 | 8117e40ee7f824f63373a4f5625bb62749f69159d0c449b3ce2f35aad3b83549 |
| SHA512 | 1c26201f214fc068d2d7f7c812be022dbc102077ef34bc1f231ac118aa04b94139cc2005628491747888faf95863241b3847524db097f4822b75f646f4345ff6 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\ffmpeg.dll
| MD5 | f404ea73a48368d54d95f8cc00632a0d |
| SHA1 | fda1313e288daf16103ee32bab1ded50b3bd6d20 |
| SHA256 | 62f179f9142bdf1a813b9268bd4a12eb6a2c578c46afbcff8d0af0f9da8c8b8c |
| SHA512 | 70aeb9930fdcfebf0ff85e99c5253ef5574de9b73a2e4166054003b4c48e931f1ddb6964e6e569afaf4b2a52a85e7c6c7dae218ce414c2b1abb029a31c84b339 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\d3dcompiler_47.dll
| MD5 | bb04077868a03c2ae55ed4bcb2388211 |
| SHA1 | 23faf1d1b5d2f561d3a97e61bf662b6d6acbce41 |
| SHA256 | b93a60ca809310110893a5ce2d2f36c1bf7238dde2caa84deb0195c21ec2c580 |
| SHA512 | 87c8fae1182efce7e591c8b34a27ba02168c1e16f21ac0b98a68e5cb1e97bad652afdca915ad6ca7ace004209ad28bee57ed968a7841d2fde639934076c050fd |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\concrt140.dll
| MD5 | 1028995446d0032530461be30ca98f48 |
| SHA1 | 18446678152e9997eed9c02995f957d58a8e8f32 |
| SHA256 | d404b49c25cc76dc4c86e1d82fc23799482f6509e85a73ed8177efc320ec0195 |
| SHA512 | adb9ae577f082e0246cae5c804fa4cd08bcf54ce78eaca02d49b9b1b262779667a251e98cae807aff50fdac504b8cd855ce4d786f587d02e0a18f6ac8e0d882e |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\GDLauncher.exe
| MD5 | 1dbf4c8fd0b7da25577af29b9f38b751 |
| SHA1 | a1b705e39d07f8fd7ccab59575eac36847f400d0 |
| SHA256 | bc229386ed1c1768b4edf797216030a572e527b711242a8d94ac0bc40b93fdb5 |
| SHA512 | 7921b4b042a23e86d09ccde9b456b05427b7760ba6822c5524c97130d5c78aa546b26fe78c6b0eba011cde992fb7d9336ca397837b6c92890d062ff6130247e2 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\icudtl.dat
| MD5 | 3125a415a7834c01148e61ae1258ae50 |
| SHA1 | 21635442a86a44f85beda1b60a77f7a1c817a0c4 |
| SHA256 | 36e15d6ef90ae1c574b39b9f84768c52d5a7fceec6d61ed97f682a2715ad354b |
| SHA512 | e486790abf2c4660c0728b4c617e7d651b3c3a4cbb72a48c08980244784205f1c98e255c200bfe483e34a80e329bc3ae2e9cfb9d328580a8361dcbfbce3f3e71 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\info-about-msvcredist.txt
| MD5 | 5869d7303e54026c9adc33e5dc63d70d |
| SHA1 | 484058ada000cdaf04b337ee03445a4989629d7f |
| SHA256 | 9329f7579fd8ce5f0503c2458ec49f1f42cf587559d0902f9954e3cf170f0a34 |
| SHA512 | 403e01d01f8eb63e57a1ba7310282858aba499d5243a50ea44829ef8c312dfa1600873a5240e52afac17877512ed05e4f0d89082af92309157bf02cb7fe34b6b |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\libEGL.dll
| MD5 | 5de7e395632af0d31d8165ee5e5267dd |
| SHA1 | 740ae64850e72e5ab3d49e3bbc785399a30a933e |
| SHA256 | 44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a |
| SHA512 | 788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\libGLESv2.dll
| MD5 | 275df4b7598091707822881b76f0ce3e |
| SHA1 | ae14098a16987a680d07a8e00493a63ac867d530 |
| SHA256 | b6cf49e0275afbc2576ec678cfde922d25611634121ed88971d531567c2758d9 |
| SHA512 | 4c258e129157ee7af83dc67c7d28a85599b7e4aa28f4fd1cc18bfc9fe73fc92a2dcfc2401af5eae4552170ac575c6946fb40c4d26d33adc1da13c11574001353 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\LICENSES.chromium.html
| MD5 | 85a9b163ca61b03bcbb6306515b66698 |
| SHA1 | 49227eb79ab26e2f152a56d0415a587230161b7f |
| SHA256 | 7e391285a367d26ccad0ebbb961f50625bba0a5078c7d606da33a46b8f648cc2 |
| SHA512 | bc2ba81a25d295222b1707050c4c9444a8871cfc84614d460f574668c7d12af9302a89fb9d6abedd7b3d1568e0ec699759839d28ac93c743592d77516ff8b43b |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\msvcp140_2.dll
| MD5 | 210bb45a43b2f8fa7f6cfc31fa4ec6dd |
| SHA1 | 3dacfa339ac11488d52a54806fffaf437bb0caa8 |
| SHA256 | aa965bc8429994c97bc2498ed8051a4101f7987a376924b105de5f7915e42a48 |
| SHA512 | 8a0e8863b06b306b11e0abad77b0285dbc17b8a778e241c2ebe0285bbf12c7b7cfdeacd6ed6d2bf71887342a94daceadf8e0aa3164d4492e1cb9d0d1feceab96 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 1270ddd6641f34d158ea05531a319ec9 |
| SHA1 | 7d688b21acadb252ad8f175f64f5a3e44b483b0b |
| SHA256 | 47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29 |
| SHA512 | 710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vccorlib140.dll
| MD5 | 9ac7ad6a47cf8bddce8daffd31cb03a5 |
| SHA1 | 55ede0c378279526bf6e8b4093c382ee7ae111db |
| SHA256 | 5966e6f9de7a3aac11d22c899bd7b3a1248b3c375461c1ce10efb8eb871b394e |
| SHA512 | d31289bc6321a77c8c43a8d49393acb6c97ea9b5ae62fdc1a6a1f17b6a53a91ec1f714d71f1e944bffa041b5f74e0266e68d80844f75fa624a4376d4a8adde3e |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vcruntime140.dll
| MD5 | 1453290db80241683288f33e6dd5e80e |
| SHA1 | 29fb9af50458df43ef40bfc8f0f516d0c0a106fd |
| SHA256 | 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c |
| SHA512 | 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vulkan-1.dll
| MD5 | 60ea9869624b91c1d630692e11c40568 |
| SHA1 | 51cdbdd9e06b2224cc7589b37b4eafd89dddcb31 |
| SHA256 | 173e54b5a3b877d2e3652bf637fde2ca7b32e3224f0992985f019275d3efe9fa |
| SHA512 | d172c4cf1d55adeb32d52b8eb070c26691afcd125caa8e1e26f242936309d17a8154ada3b9f18a1d53d3216db68d97aeded88a6f31f9e13faa4fd81e1db01307 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\vk_swiftshader.dll
| MD5 | ebcd151759fb59504e703212bb1f609c |
| SHA1 | f51dfc03a8729360e1088b021bf8212a10f4c482 |
| SHA256 | ccf2beba188148c623b2dd75c5d6e578c2ff66d424347356b59655fec64803a3 |
| SHA512 | ef22c76faca025d08df165fea5a8ed81b14387ff8b6a445c23ba014ada1993f076e5b58ccfe96fa88d930ddcc4fc894840336fcf0f828504bfab69fa4d1e2553 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\snapshot_blob.bin
| MD5 | 2b09a6d421a1eb549237382c3cecd328 |
| SHA1 | 98722a09a5be2512ec55ff6462a200c71b16ad2a |
| SHA256 | f9c472794aa190e96eac204d6c2d86c9ef63bfd6fef8df69f39b85cf4ad853c0 |
| SHA512 | b3636d7d3c53326169dbd74087f1e1e9afe67ff794ed25eda0c9c86773a9068e2770857b47c1c4a49297128eaf628ea31078a852f9209d2e173fb7021146b721 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources.pak
| MD5 | 3affa546f889f49a42b3ee1a26c1b5b6 |
| SHA1 | f2b9cabc530648fef70c94bcf3eed33e4f7a9bab |
| SHA256 | ad72999acd201fb36535df4ccbf2550dd399d955dfb7c225b8d39ccb7f7c48c3 |
| SHA512 | 4346dce437ee6ce3570a3f587f4ef27587c85427c9801bb800394d366bbf6b730c0bceca60a715fffb5780f06b8ab44832bd479539ae83e2ebca48b4daee6e97 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\msvcp140_1.dll
| MD5 | d281be80d404478ea08651ab0bf071b5 |
| SHA1 | e81dc979d8cf166c961c8e7b26f5667db9557c47 |
| SHA256 | 5e627fac479f72363075824423d74d0a5d100bb69377f2a8c0942e12099af700 |
| SHA512 | fda7c43fb6ee71c7ccbad7ad32c1f00e454ccdee3bbc35de4045abbc8998281cdab9c506fea8417df25ff0ef09471eea49f63b2181e160c62bda804fbfd8c376 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\bg.pak
| MD5 | 34c6f87106c3c1fc77716120de74acda |
| SHA1 | 4c14203258f8b9c32a090c7391ae755bab925459 |
| SHA256 | 62fc4167efbfe4e578e2a229f4879243680b7167b3dfe8adea33ec17834825c7 |
| SHA512 | 3a3e1db946c6b4f0b827ce8ba47cf036e024cc78ba501b030db1bef02dec9c293fc1a871c5195bb150f5301642cb177833eaa6b21a322fcc016e47b430a95e34 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\en-GB.pak
| MD5 | db946e28e8cd67fc45a317a2d22943d3 |
| SHA1 | 0e096f66915f75d06f2ec20eae20f78ad6b235e7 |
| SHA256 | 7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe |
| SHA512 | b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fr.pak
| MD5 | 5555f503c0cfa9e5a811be1768edf010 |
| SHA1 | ecc5414c71b7e82b3be6d8f1cd09460aca687488 |
| SHA256 | da60f2e95d9d10a5a08c81bd5cd1f6428f1f49fe40d2c1b9d5efe8bb6734e44b |
| SHA512 | 9b1724c01f739ad00ced10d67ee0a41cadd1d4fbd5b983f5582ccdbcf0ba83b20b3aacd1e41005583bb5da8a7182970a9b7478d9984c9dae29cf08a6b1cce0f3 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\it.pak
| MD5 | 92e8089be54372198a09145c43ceb1f3 |
| SHA1 | 7db60e207ed94a4a38c4f5e108fb2b3eeb31a379 |
| SHA256 | d819ccd6141a707fd5f54392a1702c6623e6525181d2ab457b9e964dd8071045 |
| SHA512 | 5e75ea376279c3d74cdb42c2cd71b26c5ca752be434d0e1a0a6d4d6e618f8b3ad0e3262e7bfb48ca48438a61113eb57033b879cecc469eb0cb14695931519285 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ms.pak
| MD5 | cf6fab202202acd11fccf4a23ade429a |
| SHA1 | 3d8f69fc594f1e080e5cd47007c51c48fdcfb46c |
| SHA256 | bc728ef332ea5b058425d39fbf0ae9b4f958133d3bb2fc3683f7563cf37eca21 |
| SHA512 | 4410f89c245970076b5f88623a78f147ce2790ff19a428b43dba0ef3021565b7815a90bbda4587ee8040845f276abf31682409be876ec013b93ef1b610db54af |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ru.pak
| MD5 | c875665368c3c6b035d00281a6c52a6b |
| SHA1 | 51b4001603e3619082b756a56b2341a50cbd2d23 |
| SHA256 | b1ee54477a99c088f60f9f0603e362ef5a226cc8a3a511b54099cb8e077432b6 |
| SHA512 | d48a274145934bbd084e22e1bceeca24d65ee963eedb91b31828385824e2b7089d14c5ee4d0d8420d3a67f2d989b42989ffb2521e47b4af07dc2bb1cb8cfcfc8 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ro.pak
| MD5 | 25385f2b0225fe58bb641df538cd19e2 |
| SHA1 | b466a6ac80b06af9b18a6ef554734fb98ebd1a5c |
| SHA256 | 471d46703695ab0e7a502671ffa486013b678e5756df0a798c063dcf2e4e1c5b |
| SHA512 | cf2d590c3aea9fe92b57c6409d1d8a7402b8f7d489b4e6e8d543a7c87f1484dc0da0940e05226cf980dc108fa99e22edf7006575a397af12e0dbcb77b2cd0e97 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\te.pak
| MD5 | 62c9bc2c99ef2249f8b0a3f201805471 |
| SHA1 | ae5556bcce128bd718d46068df6638782e8e0e63 |
| SHA256 | a324c7ecdea7a2f80566a9f384bcd3b36ef1b5a6a8c393f5405095bead8afec3 |
| SHA512 | bcb0cae5fc015c0ac102f72b9be3b2466b4ce449bfde327718c25826f7211a50fd36dce583a2c5b47f6956490a0a625278e5d9e43945640e97148bfa66b91f79 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources\app-update.yml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\resources\app.asar
| MD5 | 66a38786029e7a792162feaaec941674 |
| SHA1 | 91723e90e850408859d2630199b52127b045eb17 |
| SHA256 | 9aad01a63b32ec99feb11be2639e1c955f9706d97dfef7fdd2dc31b653abfd36 |
| SHA512 | cdf9f0b869b8a1a951d039dc8c6bda3000c43cf1c193a3db3f419cc674c5bbdda6c9b6fd29811e7e531aef841ea12c7fd2423840d6bf997bfea18afbe38e9c7d |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\zh-TW.pak
| MD5 | 96620581f25ac84ddd4b9d0cd29b0749 |
| SHA1 | 6413faf7b2e31755674f27de8cdab0788488526c |
| SHA256 | 2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988 |
| SHA512 | 7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\zh-CN.pak
| MD5 | 7507e95fbb433aa97dd9c2e3c2e08d0b |
| SHA1 | f61227f2173ceece432289b099285d4a9322e2ef |
| SHA256 | bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1 |
| SHA512 | f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\vi.pak
| MD5 | 247e8cfc494fd37d086db9a747991abc |
| SHA1 | bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92 |
| SHA256 | 4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3 |
| SHA512 | 852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ur.pak
| MD5 | 30ce113bc3c466751bdf8d50cc568ff8 |
| SHA1 | d0b434b8f196a320995f49845d64054dcaedb97f |
| SHA256 | 34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41 |
| SHA512 | a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\uk.pak
| MD5 | 8162ec467ac9a8dac71d22c630a3e6a3 |
| SHA1 | 4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a |
| SHA256 | d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f |
| SHA512 | e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\tr.pak
| MD5 | 08b737a1b8ecb81c8ef4d7b8f6b5f503 |
| SHA1 | 99d2cdbb720f114051627acbb79475ccc57ce6a6 |
| SHA256 | 84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8 |
| SHA512 | 142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\th.pak
| MD5 | 5abd2a1b2749449a0cbba60e32393f4f |
| SHA1 | 31097bf4728f752508482c298710cffecfb78d60 |
| SHA256 | c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780 |
| SHA512 | 094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ta.pak
| MD5 | ab1ece31afe29124d183b3826c7ef291 |
| SHA1 | e707a983f039310b867bf4b502165f1f512b9818 |
| SHA256 | 5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22 |
| SHA512 | 6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sw.pak
| MD5 | a5f4010de863114025b898d78036b336 |
| SHA1 | 0fa93fee8f60d1bf2fec4e01c5306404e831e94c |
| SHA256 | 8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30 |
| SHA512 | 7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sv.pak
| MD5 | b4d3ab3791e862711986bb585c1676fc |
| SHA1 | 2123c8879a70728657e72415d7056aac4a1527e2 |
| SHA256 | 080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66 |
| SHA512 | b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sr.pak
| MD5 | 7cfb6dd166594df07bccb7c08774a667 |
| SHA1 | 1c06a8adb81c357909ade0307a67a122c94c0cb7 |
| SHA256 | c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d |
| SHA512 | 92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sl.pak
| MD5 | c08d0d08fd48822c603a27aaad4e9557 |
| SHA1 | 8b7d616ef86bd955cbdf68197cdf748aaf99240a |
| SHA256 | ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65 |
| SHA512 | 480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\sk.pak
| MD5 | 7cedcf98e68f4001cc13f2b761571681 |
| SHA1 | fba32c46564452fee5697777b6d3c60d69589528 |
| SHA256 | e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb |
| SHA512 | c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\pt-PT.pak
| MD5 | f7a822e3dedaa3df046c3172613e275d |
| SHA1 | 14c21d2cc296197a9a618f21dc103f0d6749b77f |
| SHA256 | e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e |
| SHA512 | 0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\pt-BR.pak
| MD5 | 54efb4172a7110a567ad87f67cfcd551 |
| SHA1 | ea8eac6f2328b8a1b27249fced7c16154060dcf3 |
| SHA256 | c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742 |
| SHA512 | ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\pl.pak
| MD5 | bc72c8e2426765839539a3b8340fe19e |
| SHA1 | 630bd0e844e673454477b819c808b7e18bebe0db |
| SHA256 | 6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755 |
| SHA512 | a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\nl.pak
| MD5 | 1e5b9d923d5f8cef49c913badd2784ba |
| SHA1 | 6e42a558a7207b2cee2452263eb661843fe74d0d |
| SHA256 | 7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e |
| SHA512 | e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\nb.pak
| MD5 | 2f31dbf3f36906c58b68f7f88c433257 |
| SHA1 | 55552671f81a9b24ef05d16249bcf5135d5a98c9 |
| SHA256 | ca435b5ca91a253129bde2155592d9c3876005c4ca4389e4ecf97adab9a6de4a |
| SHA512 | 079ea4f01582e9ab05e2c63850b654ab84ce3b8bb72390899dfe662e2c4138b82f869829fad3ee645546dd8e27c749d2ef20a0d5bc94db174a59c6e0d43ea27c |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\mr.pak
| MD5 | be22080b1e45301c313d92d825a7a9ed |
| SHA1 | 84c9370a4845ddfa1eab8ae334c1f4cc02ffaba6 |
| SHA256 | c09d274406a36f90c75a1daf018c5373d697c42bbc20771a827f62ebe08dab57 |
| SHA512 | 9558690ae7ac41984553aea1e0133778301ee12e0dd6e16f5dc0380619b82a7a8d37cbe0ef59efcd53c05987ed6fdeb869dee8fe2224fda8880d473e932c2f87 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ml.pak
| MD5 | a7f6cdc17eddc1550260489d478ec093 |
| SHA1 | 3308eb8f7d1958fe6b9f94602599cdc56460aa89 |
| SHA256 | 01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577 |
| SHA512 | 42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\lv.pak
| MD5 | 28eeee40b2722e1cc42905c70367fbdb |
| SHA1 | fd82465b1522d314b295207934a7641b3d257d66 |
| SHA256 | 026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684 |
| SHA512 | a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\lt.pak
| MD5 | a3e29f4a3ca6f2058a6f464e49f914b6 |
| SHA1 | 3fc632eaccf91e86b365d444e7acba6f9302aa5c |
| SHA256 | ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47 |
| SHA512 | eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ko.pak
| MD5 | 27705557eb4977c33bc69f27c2ee9f96 |
| SHA1 | b0297538c4e68515b8f65d44371cb8f4cdbc489f |
| SHA256 | de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc |
| SHA512 | 53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\kn.pak
| MD5 | 66867a2133ef0c73f385af7d5d2eed91 |
| SHA1 | 8ca6e7e6d679255c2c151d38cf70a5f25cce059f |
| SHA256 | 407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35 |
| SHA512 | 482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ja.pak
| MD5 | 781fec59b38a21dc663f3a482732196b |
| SHA1 | 1b660ba0bd9aaf67c5fe49a372687facd6d264ea |
| SHA256 | 3849f8b48b034fe6319112eff77b7c9f6a8d7b20cf7bc8400528a0a8458677da |
| SHA512 | f2c3a6d8c23f72db8e70ec8cd87793eb103b58bdd3976e99f42867c33a6688a41c79eadcdf25c6ae01fd20920affd43f228a5134af28f83ee50fe02819665e95 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\id.pak
| MD5 | f6d153fa3087dab3fcef255b5afe8538 |
| SHA1 | 99f123a133d3ce1a70349a7d1948a8d57981e1c4 |
| SHA256 | fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7 |
| SHA512 | c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\hu.pak
| MD5 | 7317adfcba87621963e9cb2f44600e2f |
| SHA1 | 0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4 |
| SHA256 | 6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f |
| SHA512 | e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\hr.pak
| MD5 | 209efaa890532ddbb1673852e42ded7e |
| SHA1 | 8e9a3e643183d4cbdfad9fd2a116e749b5313a95 |
| SHA256 | 3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40 |
| SHA512 | 5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\hi.pak
| MD5 | 9697c9ecfa893db09d046e4feb8f1260 |
| SHA1 | db08fecfc31d278b3f74c85f98c34dc78b75f4fd |
| SHA256 | de4b369e012831a5ced3ae02e34fd34374348b016274c99911a294de3f9bee5b |
| SHA512 | ec9b87003853640c5f3c477f389dbd16bf1d75269c3fbd8620db43942ba7e323a3198fbbb16d27c10bbae40fd047cfdad170659b9ef26488928a24ee535885d7 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\he.pak
| MD5 | b2f893d17e118cd03055b55b0923206b |
| SHA1 | 99b6358438a3eaffae38dcf6a215d8c5f9bfdc26 |
| SHA256 | f6d1e2a269783f27b85c2db2ce9286f581ec2e16586ecac476ab5735cd8ae12f |
| SHA512 | 34fa1c4bce2f9e2c5c7b494a829f5b492b40e8f4f0bc586f564755de703b5765d81795c67e19a27d2f21d297ce3b7e5058a126118afe6911cc429fc58d67f13e |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\gu.pak
| MD5 | af5cc703c77e1a4b27233deb73c6ace8 |
| SHA1 | ea92dce379ec9405fd84274566d363ce302d7f1d |
| SHA256 | cd761009ecbd4736b24383f020da05d2e6b9396c67a7ec1f4ac1966943cf9eab |
| SHA512 | dd379cbab7a6fdce05b0ff34d339c2f3320f83f76d8e1fb7ebf20edcfebe541ae454490eeb83d8edc069aaf3db52d6b7de6d701672a13e75dfe59840e8f2c5df |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fil.pak
| MD5 | cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856 |
| SHA1 | c3b5900a38354ea00b63622bb9044ffb4788723b |
| SHA256 | 945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e |
| SHA512 | 6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fi.pak
| MD5 | aceed6757e21991632b063a7fe99c63c |
| SHA1 | 491b4aa5eaeb93e662f720c721736e892b9117e5 |
| SHA256 | 370164e61142d8609d176ec0cc650540c526156009070563f456bcdb104e9c0f |
| SHA512 | 664c369e74930a61a8c9ccee37321c6610ffdeba8e4e8a5d4f9444d530097b0f4556e7b369dfd55323fe7df70b517c84ae9d62a89c1984a8cf56bae92d3e0455 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\fa.pak
| MD5 | a67bfd62dcf0ab4edd5df98a5bb26a72 |
| SHA1 | 5def04429a9d7b3a2d6cac61829f803a8aa9ef3b |
| SHA256 | 890ca9da16efc1efcc97ee406f9efa6a8d288f19a2192f89204bdc467e2868d3 |
| SHA512 | 3419c6bed5fc96e82f9b1f688609b2d2190003b527d95699e071576c25730934fbed3437fdde870fc836bdc5e690362cae1e612b7ff779c22b853baf3cfcaabf |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\et.pak
| MD5 | 339133a26a28ae136171145ba38d9075 |
| SHA1 | 60c40c6c52effb96a3eb85d30fadc4e0a65518a6 |
| SHA256 | f2f66a74b2606565365319511d3c40b6accdde43a0af976f8b6ac12e2d92ec9f |
| SHA512 | d7dd2a1c51a7144f1fe25336460d62622c2503aa64658063edcb95f50d97d65d538ce4e8ae986af25f6f7882f6f6578bfb367c201e22da2abdd149c0bb4194c1 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\es.pak
| MD5 | b1c6b6b7a04c5fb7747c962e3886b560 |
| SHA1 | 70553b72b9c382c0b25fa10fe2c967efbcfcb125 |
| SHA256 | e4db8f397cd85fc5575670b3cacfc0c69e4bf07ef54a210e7ae852d2916f1736 |
| SHA512 | 7fcd9ae80791de19df8644424ffdf1feb299f18a38a5d5bc546e8fd3d20d3ced6f565981c3c03026bc5400fe0806dfa3af3064e7a70e18061f5d5fe6d6bde8d5 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\es-419.pak
| MD5 | d25865c02378b768ef5072eccd8b3bf0 |
| SHA1 | 548dbe6e90ece914d4b79c88b26285efc97ed70c |
| SHA256 | e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0 |
| SHA512 | 817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\en-US.pak
| MD5 | f982582f05ea5adf95d9258aa99c2aa5 |
| SHA1 | 2f3168b09d812c6b9b6defc54390b7a833009abf |
| SHA256 | 4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d |
| SHA512 | 75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\el.pak
| MD5 | 7dca85c1719f09ec9b823d3dd33f855e |
| SHA1 | 4812cb8d5d5081fcc79dbde686964d364bc1627e |
| SHA256 | 82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c |
| SHA512 | 8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\de.pak
| MD5 | 5e7ea3ab0717b7fc84ef76915c3bfb21 |
| SHA1 | 549cb0f459f47fc93b2e8c7eb423fd318c4a9982 |
| SHA256 | 6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403 |
| SHA512 | 976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\da.pak
| MD5 | 875c8eaa5f2a5da2d36783024bff40c7 |
| SHA1 | d0cba9cfbb669bbb8117eee8eccf654d37c3d099 |
| SHA256 | 6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5 |
| SHA512 | 6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\cs.pak
| MD5 | df23addc3559428776232b1769bf505e |
| SHA1 | 04c45a59b1c7dce4cfabbac1982a0c701f93eed0 |
| SHA256 | c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0 |
| SHA512 | fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ca.pak
| MD5 | 8fc109e240399b85168725bf46d0e512 |
| SHA1 | c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5 |
| SHA256 | 799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62 |
| SHA512 | 84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\bn.pak
| MD5 | be160a93d35402ed4f4404f2b1d05d95 |
| SHA1 | 52db7af673b6e5318e6663751938dbbce4f6280e |
| SHA256 | a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287 |
| SHA512 | c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\ar.pak
| MD5 | 1b55e90455877384795185791bc692c2 |
| SHA1 | 3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46 |
| SHA256 | ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df |
| SHA512 | bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0 |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\am.pak
| MD5 | 15b05881e1927eda0e41b86698ce12da |
| SHA1 | d629f23b8a11700b410d25f3dc439c8c353b0953 |
| SHA256 | 4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd |
| SHA512 | 6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\locales\af.pak
| MD5 | 46f982ccd1b8a98de5f4f9f1e8f19fe5 |
| SHA1 | 13165653f2336037d4fb42a05a90251d2a4bc5cf |
| SHA256 | 9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf |
| SHA512 | 2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de |
C:\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\7z-out\msvcp140.dll
| MD5 | c1b066f9e3e2f3a6785161a8c7e0346a |
| SHA1 | 8b3b943e79c40bc81fdac1e038a276d034bbe812 |
| SHA256 | 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd |
| SHA512 | 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728 |
\Users\Admin\AppData\Local\Temp\nsy2EBF.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | b7ea59522c3a4c4652b0015c095ea6bf |
| SHA1 | 087b2c00370ea538c71351c0f3444f77e5ad51d7 |
| SHA256 | ab812988a2dfe7236860dd1758f4ae48a7e0c861951cf3c44e19b6895b3cc45f |
| SHA512 | 13cc9a2576025511ccbf27d8605bfad6ba0a9208b48081d9bcfbfab68b69d47e0ae2c41b7c5ca6cd3f2c1f11a5902f5f79aef4869e8114e8d1604124effbda0b |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | d37336aee4f8b43ab28b842d7d50c9b9 |
| SHA1 | 71b0f16dc4600428900169dd163ccc05f70e2849 |
| SHA256 | dfe359c56e185d8d064c06df5d481fa1246b073e0ebd511b7584ab3d5e9dcede |
| SHA512 | 8cf11945210554f3029d6c5dd2d0885c28ea3039df234480e337f7503a1bd65363ad57a4c55e306ad480a2f3b782a220ba7b7fa854659a645a4b5d4cfd2a51a7 |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 6a1c7024bcc722f122d72acaf46a16a6 |
| SHA1 | 5201098ed3dee26966c15e37e36774daf138abfc |
| SHA256 | 17c3992a54de497f3a54ffbb74ed04b7974818fa786c0fabb382fb97956c0925 |
| SHA512 | dd404ca641ec2b4b8181b4438003f66689566b587d67f03bd0cfc4c48339470b81fb7a3f22564e67218c527ab61cc7ef493af0e113592e32693c33c83a78e63c |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 1738d0196dc76d5f9d530367ba3a0d6c |
| SHA1 | b6f9e31f9f4c9f8d770a098274b55980c1c59b6c |
| SHA256 | 19c20deefc25b4d5a1e0d14f390b806cd7d0d82c6076bed30aff4981c4e06df4 |
| SHA512 | 36552608137c78aaf48e38e0720df1912bc81c399f5f09ae4d7c821869760268d8aacd5690669c1ca71a0128a5c935947a3bc06961b818721002589f75292ddc |
memory/2820-630-0x0000000002BF0000-0x0000000002BF2000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\gdlauncher\icudtl.dat
| MD5 | a4fed7e2ae7686cc71d733be1a24cb5f |
| SHA1 | 192e1b72b534ab89e36cfa4bf2c7ec2462af6e6c |
| SHA256 | d11fab106e1acb6180be6961e90db1b032e0bdd0c77e4c913b81c6b3cec8d7f9 |
| SHA512 | 19cc7c9753a35a372e6186f560b7a6750bc69e606bc9b91bc3eaeaca2b47fa9e0d61525952bcd775cde72d25074400e549c2beb6e0fabba260978990b80e6893 |
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | f459ce9af5091bc1e450eb753f6eb0b7 |
| SHA1 | 9df32de240dfaa780640361b1d0ca978a611fa27 |
| SHA256 | e7714a1d6ac3f4c4ae22564b9ca301e486f5f42691859c0a687246c47b5cf5c9 |
| SHA512 | 7d626e5a94af43c8c0cca4bf0dc2e4fa61e147f1360f19ed8922a1dac4c5df642bca435f84baf05b38255edd2b72de79c07f97f1f7ec79b7c04e336c454ba63b |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | b68c7252563fcb2c3e60b6910cdadbb1 |
| SHA1 | e71927ade9a450c0c628113389d35f4dabe3de42 |
| SHA256 | f9f213dcfb210069d8d875979aeccc6732f437b89c051fb91acb5e2b8ac75d66 |
| SHA512 | a1711bb558f7de1001fff68b60fa68de54bddf0e4e91c07ead56b2c4b9a036662865945ae283f850a3041ddeb38e59c94cae222b023bc51837c812b71b32ca5e |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 2eec04cb9dde2c13c43b5482907bda20 |
| SHA1 | 97361c17418ff4216f854a1ac7a3a2e6175e3902 |
| SHA256 | 969f31f99a16ba016994ee051ea7bf792cdce9adbfb1a6c0a53442ef27ea181b |
| SHA512 | 4cf6eefed162b27cec8db427d924ffbd392629d8daedbdbf64a7698897f52c5cdb9a89a87d17cc303af58996e4827fa785b3b8a3af81deaba1f368710e5a5ae4 |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | b6557cb969093483f787b1da88223ff9 |
| SHA1 | 8ebcd1d9c7946c4879d76660459e257a8a0d8572 |
| SHA256 | 91ba3c4abd8a574887a112637eb329a696d6097a8e2a8bd18b059d8cf70c344e |
| SHA512 | da60fe58427624e4ae478f8da70ef3cd08932961ed5ff77184b637d4d4043a67cd9d9e25b34202c229c38898fde313fb4328f84d95e4d495fb14fb2f768edfae |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar
| MD5 | 1441571e599883f7322f4b5ae9dcf538 |
| SHA1 | df9e4a3ee9441d146119719d2e51c201572060cb |
| SHA256 | 23decd02f04ec76a119e294d148327d4a1e23284dd9c663eb406925e759d4552 |
| SHA512 | 520902eaf65f5acdb6cc8867fe3492d50139b1346ec0d012886f3ee04dbb30c6f843f9910be49cc0437b32990dafc2842e6c7388671caa270df559ba00e76aed |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | d901523ccb492265626516dfffc501c3 |
| SHA1 | 725680146f39357d0892b92e3b016199d9440ff4 |
| SHA256 | 394412b55ea0d1c5543afd68ae78edef70f4f123ce9d6ec6e11fb1e9fe327f65 |
| SHA512 | cd93c6be7bda7b9585b42f0681db2452258584a9131aec72930aa3bd246c39b83dcad7ecd3f3d912220da898169380a99d110346e08bb6d8adbae9a8ffa77dd9 |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | cc023261a96dbb0bfce242e6f81de57d |
| SHA1 | 60a4ef61175994587d11f2960adb77d10ed396d9 |
| SHA256 | fa90e6ee4a8ea75ea0d06ab0aab87f60d27f18076cb35845029b0a5a6e9af0fd |
| SHA512 | 637dadfa93252b6e8af766c8900457e52e46498ac52852b85d3032200a469b21b5f0f7a894bf10def83db47fd34ac71252bd9a1f22199e3578d62149095eff8d |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 128eb73fade8563bcdb5dbf93906a58e |
| SHA1 | 06a892091feff72d8655aef76f81c44788af58e6 |
| SHA256 | 147b333c086b7208a9b062785270cb59b9e3ceb9c6108070d2c7a33eba61700a |
| SHA512 | 9eb8883b9cf2f0b5097cbbb03f7ab2aead2a8a82d2a67925835566bef63ec3d6ca05e5165ff94651d494eac0c236181353b545031499d8f78291f3b1e6362a5c |
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | bbcff6d903216874198e66435e3c8a40 |
| SHA1 | f6891ae78a8a62784dafd3bc353e4bb3e751d015 |
| SHA256 | 1dc92df66d4f8e384b1117d9ac6a6d3c2c036c0379f2e11e44eef793512b9da8 |
| SHA512 | b2f54d94b2a29122c50b6a9ae9dbb53eda6f24161b721b4a702dd94670b4a394052bb441a223f7df50d0a9afb778c792a3ea8508b4fc0d1e275616390cf01bb4 |
\Users\Admin\AppData\Local\Temp\f42a9d2d-42ec-40b2-a0c1-0a5cfbd864b2.tmp.node
| MD5 | 4cef69a682d9b896b4fff99fca80a08a |
| SHA1 | 85fcae77830c3e55badfac97badc97ee53d5ada8 |
| SHA256 | bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738 |
| SHA512 | cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587 |
\Users\Admin\AppData\Local\Temp\a8ba83e6-2c80-4882-8d0b-5c2c2975fe24.tmp.node
| MD5 | be94689f0cf2f4e36ef77fff3b573460 |
| SHA1 | f7187d89237506e6f50db5418c25b79cd1b3d271 |
| SHA256 | a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f |
| SHA512 | 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources.pak
| MD5 | 3b8d9457a189aff420bd8c78c3c2fe0f |
| SHA1 | f13fd72c440a5ef01145ce726d6fabaa0899846f |
| SHA256 | 4717c381d114bd21d4fbf68a57d02b36082e388e19f012185d414fe50c1113b9 |
| SHA512 | b60956fa55c28bc2ff8f0e5da72307a1a720d4b92609fa146e47d5e99fed5304c903b54f07d46eee944ba915147170ecbb73921b275d60ac506e7582e456bc17 |
memory/2576-656-0x0000000000060000-0x0000000000061000-memory.dmp
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Local Storage\leveldb\CURRENT~RFf764634.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/1984-683-0x0000000002380000-0x0000000002381000-memory.dmp
\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 4801ff51aeeece67bfa965086fbd4fa1 |
| SHA1 | b6b8257b1d9decbc6a7622a674a7958b96d03947 |
| SHA256 | 31f4cc4c598533d37b01b7d06c66c3587ced638609003dafaa580952aca0811c |
| SHA512 | 745bd2569ec4d108058a06694d1f7844d80553cf5efba4fe19d95cb7a770e5bb25ad248efdb38aa3e39cbfeea819c82a17f32a579a15470c395a8522dda75d5c |
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 589320f5b0ec96a97e6aa333f2941f05 |
| SHA1 | 3fc6c99fa8c7cfe92bb3009351edc22dd3c0783a |
| SHA256 | cd14894a709368c170448f5a458e0d9be2c9d95c280f4ae5daae742ec9aae8f7 |
| SHA512 | 52b481a926a525ca5d4e5ff0559d7492ce317ed3633a8fc804ef52a422a0444105edc6b4459c5e4eca0ff87e18b9d96ca7cc82b6849624f70d5f3eceb0391bd0 |
\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll
| MD5 | bdb6616579a29dffb789f2d37d38d906 |
| SHA1 | b4d7051be90fa7f05adc720a8217431da725c486 |
| SHA256 | b28fd290717d626e61cb223181ffc842a835561c0ad1407373bd1e03ed5cfb1d |
| SHA512 | 4b39d76c0982aecbe657538a701a100a6cc243c2b9aa1e402b2d8b3a5ccf03d831aa80d6d370c509b9a84e01a0de0b7cae36fd475e7a4cd55faf64a765ef7e08 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libglesv2.dll
| MD5 | d3e1e0dca5c44f630ed55ed4b1e4ff0a |
| SHA1 | de1c18e7b1cbd366f3d4616d008dfde16a1941bb |
| SHA256 | 3d25f225a8ec8512d63b35b9153422ec1a649081ffc9a4bec1d8ac35a5a808f1 |
| SHA512 | b3333afec1a0a91e3a1be39c1e0a82002d52ac2abca529b8851243d7f833a0b3be8dc49b39272098da528a764c19e2adf378aff3cf53e33e4b9b17fac580ced1 |
\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll
| MD5 | bb3e13c4c1de3134a228c92977f76523 |
| SHA1 | b80f1c28baefdac001ffa5760d6523a9cbc2a27f |
| SHA256 | c4b3ed6993cba97ae224708c39b9285a7d8687fafc37b35b74fd7ef2df8ae38f |
| SHA512 | 171880f385e61564bfa3651ccfe65c3c0893bd92c572ee9eb9617a134b98c4740aecc59cb2e18aeff58b7a348774e99d6c05f7d2e66de56c14aa781c9661bb54 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\D3DCompiler_47.dll
| MD5 | 25dd1f41da9b4803861ea050fb97e47e |
| SHA1 | 0f94f2b16ffa9ad7073af973f45460a869479928 |
| SHA256 | ed6570b2c4107ae7b8a1e0cc80ff13711bd2520204285bdced2c4ff2b0af8020 |
| SHA512 | 24da48b5e8006466208a0caa46917ac723228822e37fee7a3b9e01c95bffdda27cc02b3132fc5a497914cd8e9cde97e30f2b6dc8fc241ac1acad90d5b0780070 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | e96159b6bf6f100cc9a7d27bfc2f9000 |
| SHA1 | f14371fbdd0e59f9bd716fb8b7030fd003ee7cfb |
| SHA256 | 0dda69ec7ab6717ceed7679e703441f5af0a9721618fc9e2fa2f45657d5cbd9b |
| SHA512 | 3d14ca947a4a1f506e38555be39e40261a7f0cec742ff8016ddcef4999151aa24a5f23d5679ac1a48440e4902ff72afd4a168e844ebee1f08d2b6d9c1f598b39 |
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | ec6b3d1d3f299f8e545b599766b35406 |
| SHA1 | f662cb3c2776e75ec8d63a34b156370a16c25920 |
| SHA256 | 41b6c520aca1693ff7c825eaab11551da2be9427758ae110fb0389b878e3b25a |
| SHA512 | 7b88858361604af31d593a5efce9f33c225124e0dce0d511ce50c6a862733e6293b14c0adcc6e10094dfb45d2e8fcfca3961720223ef0a19b3e0c65b850e8151 |
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 6c9a92e28cb6ddceaf0d6d87c179dcad |
| SHA1 | 85f3829f20a787673e503880c81e0bc4745e9e61 |
| SHA256 | f79a61331b5dcc461f9d9347aff1ef19f73e2d783a77fe48f7243aafa7cb3b30 |
| SHA512 | fa731c40f75df404382d40e579003405c7a3ae57a31165502b34438251931e66f2556d7219f4d884f76a828c6514af1dd51b23527a2a0c580e293512671b3329 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 5c5981181fab40c8bb3d006c6d663633 |
| SHA1 | 57868902a4dfbd5a1a26c9688c1297f7e5252f60 |
| SHA256 | 01109195bc23e2f338d94af09ef66c672a41cd205aa43750273d5999aba4917c |
| SHA512 | 3a549e1912b08b462043bdc37e63d06f9a4fd1888550d13538db94dbd4929408fa64f7da8dd0ebd2e3490e9100c0864cda518405db236eee46b2072e90d8b417 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 6530332a9e545b71eb721b80fd2d7142 |
| SHA1 | 3f480fa0ac899141bb966249c7159ed077761bac |
| SHA256 | c5f83459c1e78570427bf6e8b2e923f5b330000a7586d60ba3a32c8bc77b4da2 |
| SHA512 | 173f1e624c0c422a46e6996e5355d4110f2e0d560b7d66a8cee62ef3919d3a3c2de978702cea34b37943ae83689cda11df03a25ef074eceddbc8e58c6b8ccca5 |
memory/2576-893-0x0000000077850000-0x0000000077851000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 50ae954380820e3f3e141efa2ad67488 |
| SHA1 | 626c272b306398e2a61ea226934b1e6fd7ea16e2 |
| SHA256 | f6121faa49b069f4613e2466b800dd51a01e1deb593e8e91d401914772d598e1 |
| SHA512 | 13e7d4452d8544016a7421c5f3dd84c0c6054dbf1f5f69b2b8107df815594617ed4ab60b35e5f5cab721db56d3c150701ffd8c20bc4f9a9d62fa69ecd5b6447f |
\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 832ce86f5aac1fd23043557e1bf49538 |
| SHA1 | 187c13fd2a478d424eceb4a15c2b68e5d775d50b |
| SHA256 | c885fc97d1ba31b7d1729ca01165280f308b4c0105e106feb6a38bba1d479521 |
| SHA512 | f9d41c41527fc3c963ddc8e0beda9da700d7757908c2674daadbc53f7a48340973ecac3a79b6adeef246a1c8e0e5e71268c51ab2c5b627952b10a50461658848 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 22c2a137e0779bc2470bb350f4f8254d |
| SHA1 | dc4a322861ed67af9ab2f0bd9bcd852e16c1c416 |
| SHA256 | 50310a3f7764402373aed0cd14251df413ba9000e43ae86af805c57593d666fe |
| SHA512 | e8f1abb57e84b8c6644bb7d8b67cbad3b830a66fb962abc0e9256be09515156a36c00497dd69f5ec8691bbd5a625d82c2c5234502ce7ec53e5b736080fe751ed |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | 3b49e6f3482a0121ce9fa24d9deb7f79 |
| SHA1 | bbbbf74cf8a9bb6ee238dc7634adcbb9994002be |
| SHA256 | 9eaedc084259e37ce65195c937d64b91b12e12cbc84f356de66715b903556db3 |
| SHA512 | ca96cc0202b771c9389c09c4a6784735fbf3c547ffb057e7eda15ffc6a054c69e9aa0cd5a1e6fd59e0ffb47055eeab73b49d5f5fe453af85c8999fe4bd00f8a9 |
\Users\Admin\AppData\Local\Programs\gdlauncher\vulkan-1.dll
| MD5 | 6a8a6f7f7035464798ad18ec19e7a0ed |
| SHA1 | 91f4bd691143b7da29314ad621145c3c54847d7e |
| SHA256 | 1a96373ef0d96d7d786d8012470c1cf069a64a4245ba72da9d06fb03e7783dac |
| SHA512 | 8a7d356f1f21045d5880df65f312f4423736425dc35d18d8e29818d679bfeec9a517de4bd6d21ce55f6fe7d06fff2f2368971f9343934d868f85fb01869a4723 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vulkan-1.dll
| MD5 | db3c4e8cf91325e6a73e03b755455b3b |
| SHA1 | 68525df980be47eb3a83cdd9084a72295eabc69f |
| SHA256 | 0b98f4e064e3707bd3b12f6bbd882482ff5cb94cdf883ed7c4270e451af1e32b |
| SHA512 | 721d1ab8f07ce47b4ace508b861a067913688c76a327221777bf143c225b4d118e256dde6e533e4f5d8f8239f12230fdc1be792e8e5404e4885611749328c1f7 |
\Users\Admin\AppData\Local\Programs\gdlauncher\libEGL.dll
| MD5 | 4eeebf1194179a22dd9d29cde01b8be3 |
| SHA1 | 5db11da41151f989c90cbcc2a2ebcaab80451941 |
| SHA256 | 8a5cabc38dfcc950a5a9fc1f13c6579705cccfffc500378892ea491ad44f82a0 |
| SHA512 | 9d5eeb1946d6d283ba6e5b97372e0f8a86b88754762d79539a1b9bbf05bd50374d4d9660deed9224523c7844ce01e1e6a31ec0424669335d0f38cbcf4b5037db |
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | 5bc1c59a9bb7d595b79881b0f797a6ff |
| SHA1 | 64c336b77dba246889f7e275369a0e18f72a3585 |
| SHA256 | 9b6013f0df436013022fde1a4acba956a75cc02e2f915a00e1da6e564532d6ed |
| SHA512 | 3487161ed7757eaeaaea764ca5a09938fd09ec6ee3ed0c2782852f13005eafc728300791ac1aa04c49dd12c2a87cd5d5b139f61dc996275d05c7d88fddc2b774 |
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | d9f28821ff3a180172780b17769ecdf8 |
| SHA1 | e7fff24b8939dd1fbba3cfdf84b224191befda3e |
| SHA256 | 40f77d4b10fc3ebe2350dd90f1fa41bd7f8e4c545091c3aa0a14015a4b136579 |
| SHA512 | c06f23ed4ecf012e38e6d35c5829bbd795fee308c6db1e953af986b259953aec27e2635cc16a9349fac16abf40d5a5134195105518504465ee16841eab48ebeb |
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | 7f6108a83ed314184c1713e469931a2c |
| SHA1 | 5ba7f9ea50918c173edbe1ac4f2c98aec3a2a8e7 |
| SHA256 | 62ade9940f824120fec52fdbf37c5724f89138d2f4f1c0ee0ae84dce7aff876c |
| SHA512 | e840920b84c29829afec39c7dbef511b9527e4c4c0695d842ff7716ef133d277c70ff7609043ef9be121e03a0832d8a02b10663b0ce75982a70296914f97f58c |
\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | eabb5ffef5843a1adbf9c14772beaf14 |
| SHA1 | bd8c14f17d324724e257b0cb0384d0a9668110c4 |
| SHA256 | 54c9bee2360dd6345599e5515b500c9ebacc90cf862a1b3bef4d731e0ebc6d28 |
| SHA512 | 46485d3cdd7110fb8e78eb74ee327d95bee96927a151486965eed5e2268e39c0e8551425a7db5886b5f5095fd4ed6f2d0b55d0412b6c5d889484d01f1487cbf3 |
\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll
| MD5 | f7d90a63a695e6257dd2140e127b732a |
| SHA1 | ddd52a2de2e92870fa1f3eff10d4176fa452f3fc |
| SHA256 | 369e070780543e458bd2eb83e9a0341c31a416d81d79154469418b1a3a5bb33f |
| SHA512 | 5b3d2b70b29ec0ba824feb66f16cbe5e2c9c31208d363884059c11ed30a3e86e8ad408af49d995e6741e320d0e3130f3a979b9bf534d7eb7bfba7383b886702f |
\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll
| MD5 | 592b0a55d7f60e1599159f56dcef13c5 |
| SHA1 | 587fc0952e86d214080bfcc3ae05128546957664 |
| SHA256 | cfedfcdfbe120cb893f90ea085a912716d16a553bca9afaa81b15949e487b3bf |
| SHA512 | 30f718624e35405f3a7237be8321c69d642358985bdfdfe9d2f1200320465829ab3db24955252599dd7f3a0f6d4db836e6d4c26ca712d71c303f10c344899a1f |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Temp\Tar5028.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab4FF6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 413b056b6e502abded33e6449d89dc56 |
| SHA1 | 1805d14f25e800bad3ccce9595fe63a72375780c |
| SHA256 | 621b0e4b6a2f76ee25bd4c56045642312698ec6620a3bd47727607d29fa9a7e7 |
| SHA512 | 09b016b166289a6cd248a65569dcf56c420c1b4f782eb6670cd95baccfcbe4d537cbf9dc2c1c6f763e7c24629477b8a4d544f40d86f6746d032ba495599db86f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d747f3e1949bf2813400c951b8962a |
| SHA1 | 52d2af313dda77d7e3974f4a1e81a20a6efce598 |
| SHA256 | 8aa1e52304001a9caa02b58e0e907703d8487a019ce17fd412a595201f147e1d |
| SHA512 | 449ce31ceedab66f157f64f7863e1de7127461137b55213325bbdf34a94024b4179c10e471cda92b7fbc829b6e2fac1ac133188b7249ea4567e408242fbf9386 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3beea90a2afae7d6f9828d1a9c0a4dbf |
| SHA1 | 93d320eba061715ebc8404f2d9a43fc829f6a276 |
| SHA256 | 5b49c0df36a526e0de63fc55c83e04f434d6300570951fb9eab7aaeb34fba3ce |
| SHA512 | 8f5c0f4f9dc2a0d30e6b685112bed928132974bc9bed9c41ab480bed958ee9f2e9bfbb8d96889303b036615101a16caeb642fe75335778b5509bbbea8775936a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5151d16b48686b56046ea97b9a4c989e |
| SHA1 | ccae4e3dfe4f07c87218247f987914922ba881d6 |
| SHA256 | d6a5098d38d0c47b78c3656b39487de3978e63dfe8b0486ac4c314be25f51a18 |
| SHA512 | a6e21d816c3c6a806054578b5fc7b19e93cbf35efa58de6358b790b77c661dddc345661bda78c0beaa5e534ce0f7adff2f7bd8d48df4af4df0fb8c77816bff8f |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Dictionaries\en-US-10-1.bdic
| MD5 | 63a300862dfdb53a6cdfa6937f5daeee |
| SHA1 | 04942bd35adfc9c660f9b5dcb66234ec665806d9 |
| SHA256 | e091224573b927f6b4ea26635926498c2c52f47109d2f39ab80f1bd69632f249 |
| SHA512 | 0aafb893b27c8f81700a7d93ce31100b16f0a4bd2335a2ae412b3b98386fc31a979a032d5e321a14f8f3049ec6a7cc36b70b8693097dd566336edb7ab01d9945 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\8d969ec7-400c-4426-863f-58792bd267cb.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
Analysis: behavioral11
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2920 wrote to memory of 2168 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 2920 wrote to memory of 2168 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 2920 wrote to memory of 2168 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
144s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000603b3218a1782e43681e43b397423a2fdd0df260495e11505330580949321135000000000e80000000020000200000005f1ec91d7d6be76cad3e96113cdad4ca9da98bece418a908fef1e3cd7ee015bc9000000081585d210c6e204069a7e14454441a34133da7c162bfcd5759e15ba2cebc4088c1893ca8447f384452ab97917f2a998fad30ca174819e33d5d7d91f30bdc3d063dd88b771fb81965f6db18c52cf55feff36e76c0556a5e487c1211d7119a76fcde188f0c6e52a229f977475d00078730c97c460a58de8312c0d65b5348a8e0cfbf4ba91d900d43fe74b9d758c18fe365400000003f545032b1fdc6410beb0f847458c4f0a425695e631479cc49992676b691b00196364cc1040fc2fd396bac32e3832f127c905cdaadc6c75fa7c3b8595749cc14 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414785901" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f70000000002000000000010660000000100002000000089d26b9ae1dd8cfca6d44331376ac526442bfa48c3b2a3e73cf1f74aa1e2c2ce000000000e80000000020000200000000e2e61984abe3668890bf8c2f922362ada9a25b33d923dd118964bcf84a8d3ac200000005f58d32f7440142caef9526c93466b4196a4dfecb01ea2ea061a4024717e496340000000cf43fcec0428e35afa0eccea958edb4c742e0110704b08233be30dcbb5736f5ab2d32ed13c5f011a1f8f1bf9a1a29521cd7379f50943c69a386c2a7680edc981 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 102aee3db765da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{680B0C01-D1AA-11EE-8C39-CAFA5A0A62FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2168 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD4DD.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarD5CC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d63783384ca96e6d6319dffa9894364 |
| SHA1 | 94adf5d3f293a89e93d07e4a207f499e40a03db2 |
| SHA256 | eee571b4decdc0550673b7af51f9d477d50f5afd68b86fb39484b98456257559 |
| SHA512 | d4165f9d5fb10800f98642fb51db82a14ffec2c186ba01a203b04cc968664be81477e56522391c5339798977e2e327054e25383e7caba73f1010a071e5995235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9514079bf3da4e1d18f4ea9738b8e4f4 |
| SHA1 | 0ecf0b687a155300e32ce5721d7b790581699be6 |
| SHA256 | eb862762f08b378d8d84fe689fb4a22390f28f7b7e8299c1d37271377a7ef9da |
| SHA512 | 6579eb028e938d4b519a15acf6007b95bad7b54656121c4023d7821ce646cac49881ef72d8b26d3b9c90b9ec3e0f2b03bc91395d7cecc840395899ada2a85762 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aa59f265c0d68d47ace01a00ef3ccec |
| SHA1 | 8192ca5c6a0f981613a1f554eddde41f5ec735a8 |
| SHA256 | c616423adca4bd4d83da679d236306b7e23f3cea0c780f86f18b2ea93857c20b |
| SHA512 | b933927b60641971f5f59e5005dcaf98a5c2943ca642feac2bba632cf478340dcad1c71f4b1fd3f1b35e6134b9d0e48632964f64835a6bb10cef82de99201501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 926b83869f26bdd27dc9e6de85dd52a1 |
| SHA1 | deb324f565a0d58b08ec722f30bcc9fda0c5fce7 |
| SHA256 | f25b7ac34ddadf3e4b7e7f09cf4e84d659c99157707b30d4f5c9113ba09e5f51 |
| SHA512 | 49a5e5999c027ec4f9f63649798565885e18f74af886fdfaa8100a6e60b1d7c9c5a2aa4303705926758b71e6fcc328295142204d66a3a89421c247f1a1298183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f45ef6fd9d1016cffaf1c3e53cf564e |
| SHA1 | ffd2c4e57204e6875c8e9d96c949267c37de56b4 |
| SHA256 | f6e09d31cb3318c799e94c50789c2563167bd9cf1f290e489831acb08d5875e0 |
| SHA512 | 7865dbb2e59334dab6c23abd731dc20505d57f83171f64eb87928cfc6dca279dcb058002751ffa73bb1cbbf09010b921659ed1ffc70a8e42ea163ccda4c6ee46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b31f584a46373f5d275b9c0137af6f6e |
| SHA1 | 896364e7159417ad7e4c9227201cb84cca414141 |
| SHA256 | 089fbcaaa5bcb7d33922d5fdeabd8c3ff2c2aa88de154d4e4590c061c69e8e0b |
| SHA512 | 2606e34ad229ee62063da39f66d42f7568ad9a17869ac297e74e031c07b212da19b9c0a31556ea30666045c0a92858b08bb0abc173bea30d69b0de87f12195ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d3c2bbaf92ddda1995dbcd3ea813431 |
| SHA1 | 165c98cb0bb94cd375ce31a8f8ec644b274ddeb4 |
| SHA256 | 98fa3def49269dfc08ca4740f3000c1d0c9e0b2240638544f559c55399db6eae |
| SHA512 | c2fdf796ba084b52de04c77ff7f67831cdc3e4b398cebddcf96172508ade810927fa6da89f66db23661acd8dc57925cccf3222d43fac65074186a174175e3cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 214975342c0c23d3c5f5c4c9d5d9d1f1 |
| SHA1 | 6099ef5851aef9d1a99c6f5134fe3f01ad7cbcfc |
| SHA256 | 87667256091b3e8f3f9b619c143a5f9552a8a0063e89a6b0786b01260cb075d9 |
| SHA512 | a19315cae10bd0ccc329b8e63fcb4b0c2c09f3a782e7b18e18cde2b7418924efda112df001a401ac86f15ecb6faf27ac02ec8eaa6f09ead2a005454f16438797 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc15fab636a76faf2e3b7e663c5c9c7a |
| SHA1 | 4d82ba681bafdf621579ef59e4654a6db965114e |
| SHA256 | 4468ac059e02f7085cb999d503cb566cdf4614499f3c3ae8f01d6c682d32a038 |
| SHA512 | b21522db31034b2b98a007aab962c73e72eb1196d8ad0d5af4f8118b1e57b600780f0830912faebec043f8dbe30d80a1f08583daf45d3ca312136a925180133f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbfe4566022c59007cdc0a3376b47e1b |
| SHA1 | 08dd5fa51ac4072a90549b377cbb4e6094414ff2 |
| SHA256 | d266214cb8a7418ed336f8ba5dec70ca4505d1d864e35c08942b92ff7f927363 |
| SHA512 | 89e4a53e4fddf1c0c556c65c985564d02ced7d26d2136457c30ecc89ba897c56a334d6ca89f9045e9e62f630294ee1f46adffae247f4e9175235247b0a3e5673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1445468236c6aba81f928ec209c6e10a |
| SHA1 | 2c48b4a666b48f4b4264ad1e7b65700ee5c90266 |
| SHA256 | 2d95f768c809e450cff01591e52949233b9409536d02666b2aece555e1a0ef14 |
| SHA512 | 343aba277b7deebcf766582a89ed2cb825952daf33b548ea1ee3ba95225883a6d8fc49f4dba217b216d4c1481f5097f7d10e9773e3d5512f5dfa17fca2cd3cfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f68633a6c7099db136ec4ff8444ff952 |
| SHA1 | 28cf47d713e37b7434c82f4f76de1b79d45b5a4c |
| SHA256 | d0fd21985e7d03458cc4b479262f27b72bbb2147f38e802c5b8ed0d1ff2bec52 |
| SHA512 | ae6bb8c2f71914fc2e623b0d051812350ce38326a4b7e7d9b34d59394efc692b77b88af403e74a8f342f0fc73e97bf68400a8cb40a8bc06a231b2856b624f823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edd377f14fbbd13f20f787efd1e98e48 |
| SHA1 | 8434ed3bd156a93ddc9a437b96778a0ba9d8d28b |
| SHA256 | d2003f0e5e39e3b1eb8b55cb4565c3717ac29169af4c3eb91b50447f115a4f8b |
| SHA512 | 8dad5c7016098bae0b0bd09d11974f54f7d15ec326bd8f7be4c43b83bb29d7b66d2ae5125e30bf8a7a85f8237dfbc1ab764634b9b3e445bea3c18e9c9d05f21d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8825b0f75696b2ba832c4b769221357 |
| SHA1 | ab77ee642bc8aeb9144c581cd6a4f47d54c3696e |
| SHA256 | e72257390486101c0550a430fd17d2eabb90e598aeedc976c823e3aa7e5931f9 |
| SHA512 | 4d61472ff397be34ffe175b9b054625e0977433d90b5f326a55e9b42b458c49040fcec3d00e15887b12bb73f80c3084b29727726c8c8279ee7b4bf05632304d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | addf94f9dd1676b9a5fd7da3ef450597 |
| SHA1 | 00f77147aa8d7b22d3444eb23b9f469b4b2f6ecc |
| SHA256 | ad120b2da25053c745d2e0c6d08784296a25f415dac3b010e44ba123e24a4d8b |
| SHA512 | 9180c063bffd7a665ea9a825f7ff631afd628cd464c4e669f7138377f59cbd3b961dbede403f9514fddb40ce893854a64ee8f47ef893592ce35952fdf7db4836 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c59623632ef4aba8d7f46db0827078c |
| SHA1 | 24ca7ec9478e63d5ae5e8bb454bd1eb8cff1b93b |
| SHA256 | b3e796ea314fdac7fe085474cb6eee0f8ad579a02b36563f98a55ed11fad9ecd |
| SHA512 | c687e7ac68c2ccb06a552ccf0eb65bd5af8b5f5e035f35cc7a90c2cc6f64ceb693e0048c739e03198187b1adf60f845f9548fce441e5e2f6d99ef25c1c39c022 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12d825d8a694b7e73f1f4b0d4be69e97 |
| SHA1 | 6e4c892186c1d657f4aaf92f6dea837527d1af56 |
| SHA256 | 88a5258d04755f8a183f2738d83e1c67ba153039d4b7e546ed3c7a7dfcbe4a4f |
| SHA512 | 77b7d01ae6cc32495d9dd351e237bf03e15175c941661f9e88cc4b6f35fcb1e1bc4059fc229099a08169ffa52c8c427dfb446b043f1df01e9de74b8b46781a67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73dce9667be98983ea41e6b8deead8ab |
| SHA1 | db58255d82144e9bb6b98ebc801ea4c29df0215e |
| SHA256 | cc51f4b234fc712ea5d45746a4383ebfb2bbc0adc3d4b19f38e7c171e96f839c |
| SHA512 | 6d65e1cc1f17c76cddedf36a080e0f4ecdc0146f4d6e91baf549c6f313d317896b388f82b6b0be84ba43c71d5146fd399de43610c63b4bbf727d455216217910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16624e0b559fa0155f3a4be16929718d |
| SHA1 | 28ced8d55d322e820a12bcdb1302d5d45c0943af |
| SHA256 | 2b277fbc6d32dad48d93308b550fbfcfec3e2ddbaf42703bfd43b3e23ef68f0c |
| SHA512 | 8f7ae5d272d7c26af22a1eb216f260965c351ba353b33370054fe107eafff9737231ab7374bb1dbb3d915daeebfc7ee950f9b303e59f141316631e2c97e75837 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.pak | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.pak\ = "pak_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\pak_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2948 wrote to memory of 2652 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2948 wrote to memory of 2652 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2948 wrote to memory of 2652 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2652 wrote to memory of 2656 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2652 wrote to memory of 2656 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2652 wrote to memory of 2656 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2652 wrote to memory of 2656 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 05726d2973827b80e1d39a1e34d6565b |
| SHA1 | 22d7894a8000a8e33e4b63d8b5b09714667314d1 |
| SHA256 | 93585d49ccf2d44f7c76437cfd7337656ff56cd9d9c552545943a4bbbd0ef4cb |
| SHA512 | a7d752b857a604102b525c1895f43190b4454b4d631a92a81d3d5fbaa0c3881f23a9579f465944b830e7efc5bb66ca9d9c6b3cd020340f13859763c0eb87f456 |
Analysis: behavioral25
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
136s
Max time network
164s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 92.123.128.148:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 148.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.78.177.227:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.177.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
154s
Max time network
165s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.204.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
118s
Max time network
129s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
92s
Max time network
115s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 776 wrote to memory of 976 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 776 wrote to memory of 976 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
140s
Max time network
165s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\GDLauncher.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\URL Protocol | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\ = "URL:gdlauncher" | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open\command | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1368 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1580 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2288 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-1gieen7e.gvt1.com | udp |
| CH | 74.125.173.168:443 | r3---sn-1gieen7e.gvt1.com | udp |
| CH | 74.125.173.168:443 | r3---sn-1gieen7e.gvt1.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| GB | 104.77.160.198:443 | www.minecraft.net | tcp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| US | 13.107.246.64:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | meta.fabricmc.net | udp |
| US | 8.8.8.8:53 | cdn.gdlauncher.com | udp |
| US | 8.8.8.8:53 | files.minecraftforge.net | udp |
| US | 8.8.8.8:53 | api.curseforge.com | udp |
| US | 188.114.97.0:443 | meta.fabricmc.net | tcp |
| US | 172.67.75.189:443 | cdn.gdlauncher.com | tcp |
| US | 172.67.75.189:443 | cdn.gdlauncher.com | tcp |
| CA | 51.79.83.165:443 | files.minecraftforge.net | tcp |
| DE | 18.155.153.107:443 | api.curseforge.com | tcp |
| DE | 18.155.153.107:443 | api.curseforge.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 185.199.109.133:443 | tcp |
Files
\Users\Admin\AppData\Local\Temp\c63d67f0-62b7-4aa2-98fc-e13f3ef0ebdb.tmp.node
| MD5 | 4cef69a682d9b896b4fff99fca80a08a |
| SHA1 | 85fcae77830c3e55badfac97badc97ee53d5ada8 |
| SHA256 | bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738 |
| SHA512 | cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587 |
\Users\Admin\AppData\Local\Temp\e6af3fd2-67cc-4287-a9a0-97eec1d5f540.tmp.node
| MD5 | be94689f0cf2f4e36ef77fff3b573460 |
| SHA1 | f7187d89237506e6f50db5418c25b79cd1b3d271 |
| SHA256 | a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f |
| SHA512 | 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5 |
memory/2492-9-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2492-40-0x0000000076D90000-0x0000000076D91000-memory.dmp
memory/1676-43-0x0000000002990000-0x0000000002991000-memory.dmp
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Local Storage\leveldb\CURRENT~RFf76c9d4.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Temp\CabD6D1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarD712.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fafb496a92a4d39680e0f23c9fb30c79 |
| SHA1 | 296c289236b16d6be3569ec2fb3c2a663dbb7bf1 |
| SHA256 | 5d13e7866f13ede1ad66f77844387b0f4b981a7d9c048c4944dfde9f920cd75f |
| SHA512 | 2321335f937f399b8c285470cacae62cf6048eec926c0010b6e81ba2fe0f2c35bc5909834b3c2339f4e430a5dfb0546df8998b71b20aca83e8e1e8b313ec0b1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8820527c750a89234a78f7e24e22adff |
| SHA1 | d82881fa3418c373061ef57cb6cbc333367c49af |
| SHA256 | 4716eda216ef8e8bbf9de8c008ce08cca38f38e701f8107b37682e6f43ff011f |
| SHA512 | 0c444aa817254a4f1202f1c5cc97c9ad7b0b9885998a05a82a20d058c410cd99126e2f86a2cc6c92aa2814a07be0c9b94e59bcbcd4086af3052499a8d995673e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4b549cc69c12a6c3a7a4646fcc33873 |
| SHA1 | 81cb9a62a21bc975e3cb890411102edde1056da3 |
| SHA256 | e49a62bb42a8fc00e7f5d8808e8e9e41092c0fb393fbbfb294e686f037b1def7 |
| SHA512 | b8f5a008b970ca50d9cf8f4f35878d321057dba561c6e696f053bd29c05f0745fc4e0bd1e70a333e537c0b3523aa2b2e683157221060b2212942e952ecd42385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a695cb857d4ad0679bbd7f790dfb528c |
| SHA1 | f77ae279bd4835429d41c52d8d57ea1a0e3d50de |
| SHA256 | 839bc3db290024cb119bf96e7403936eaa139c246df9c511fa9b863fa316a2f2 |
| SHA512 | e4cef7305ba1128d3f3aa3e472d2f4414e5da61697ea8abac82c30e75f4da80ce86dfa87a4077b3c81eb25fc7fd22998c1b9571004af098f8020e893f7359883 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 732ed1744e4c924a6c8394e4fcab1a37 |
| SHA1 | c0d9f34c14f89247c3efe6a5c3a3b527bdc8f5e6 |
| SHA256 | 7af8400d46b4cd21c5c7e7ca6f5255e3b22ec8ea56286afae02d560331e77809 |
| SHA512 | e7a3ae3865f73258f08e3a9887b347d70501abd6986d54eb6e47b1b03a10a4211a11817c3d34abee7a325adf0bc35440954ab3c173321495e4ac8d1650659369 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Dictionaries\en-US-10-1.bdic
| MD5 | 4604e676a0a7d18770853919e24ec465 |
| SHA1 | 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f |
| SHA256 | a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100 |
| SHA512 | 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b88c2a18494781f867b93b8eaddd696 |
| SHA1 | 512518301716fa9efdfa91e21e24de6f3e2c9bdf |
| SHA256 | 87b6b28145c35e77456f9d7f7cd2cfcc34bd187706eee3e35a1681b9aa0d801e |
| SHA512 | ebe80ba9d77aa8e490729ef73b2dbf8c6b38537650edde75551a7fcdbca60b2349f1494932b2dee55646072b75cf07a2eaa57b2c9e4ca287d7c81272eab1628e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f963a40bed8a8f8ff151a70d3aebb198 |
| SHA1 | 239a03f4fe1156ce4ab8dc5cb2047ea51cdfbcf3 |
| SHA256 | d2e69bb34974f207dcc13914a6f36ec45b4cc42fe59ce85ededeed4b5cbb2047 |
| SHA512 | 6f00e57b73cc3449d54ddc2cf76147a160e6aca55befeb4577bdaebad9c9fef39e42ade634acf9e9c877d175fd664ef9b4fb4250f8ff708c0137ec3c45feff62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a8626c609a34af034cdbe7a16f86d8b |
| SHA1 | 77ec00b381f30c8c1b4fe7af5cfe12621b284e2d |
| SHA256 | 929d1ce62d7d8b3c35d6590d94c1f92dd75e927756739db1b00431f5a9c0a016 |
| SHA512 | 0f46c80ff730f9255e36a4a8d8e995fe131a644d7186b65ae65302b6a14792107f2edaf1f86e2beedbcac25cc97eacf5ff78be31789aa61164790261c22e132e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 839d4437de9ec674838a04e61a9b59e0 |
| SHA1 | 261ea9306c57e9fd0fc16ee6e2373f15caa4a7f5 |
| SHA256 | a64c7bd674b78bbd6e51999397f21825eb9bffe81f7297995b9b8c198fa7a8e6 |
| SHA512 | c69e55a410548d8a4e6fecde3c4b9c5e4133970c73041bbc0077f6a4ffbf5d94a61902930ca0551236d5ee8436c83cabc27fedb61860384668ab6ef3c7b5ea04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 500cac0b32b7e58131edbe0d5f780186 |
| SHA1 | aa61d1680f36dd7bbd33cec6b5b4e0717dc63d63 |
| SHA256 | 5ccd0cc19926e2414cb90ead1967bc046f835c9da0479bd2772d3bf5b1db7f7c |
| SHA512 | 8cd2dea1302b2bbc7018655976564e069b43827cd2d10c7628cbc85f929ed968c9b0afec95d974f67e7bf49c4b69068a3b993b98818ce763ac94b7e06bbb113e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d47ae6f668c020565ac24a11c751f710 |
| SHA1 | 2855e045ac0a59b3c2dab12d4646e95d368a5ddf |
| SHA256 | ea119497c35cea84d4efd6097926235edab52eefce8a5c30482076e1e716d122 |
| SHA512 | 55da8a08cc84c1a00845ed0342e378b46711590fc8a9d8bbb7182e89df2b2d3a3db77ab6681d5fbe9bdf456e8ad8c5f837b711979d5feb76b43b6525337a6320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 27fcd4a9815d29710da0858d61d3716d |
| SHA1 | 78a12995e6da52af70ff96b475b39d771ec05195 |
| SHA256 | 3b80ac7181ab41c1288e6f3c86afbba691066e9a53f5b67d62c33d8c66e00065 |
| SHA512 | cb1aa26c4bd17ffd46c1b951c6a7aebe40b328304a8cd2c723022ff2e0be78ec864e2735beb9e72afb1fc7752252c34940b7554e1032325d0c26a7381e78097a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf4b496f78ac5df5066e12585fe64a27 |
| SHA1 | 1724ec43429ff5ea2d24af38b5f2acd75355b697 |
| SHA256 | de14ad37ac82b22b5abfba531873af23503948ba40c340db2d7c552abaf54f9f |
| SHA512 | 51488fe5a9a291e2fd7e9a7a6595420ee7297186a4747bfc1c52c0c7d4708796c0101f2d6da86d0fbf0fc23fe5595dd3b881be9d27976de5fc72902cc3610e24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e24f6229c803774344ee4fcae5ca2963 |
| SHA1 | d79a17fcf8c57b2647ad222f846afe62dcff128b |
| SHA256 | 85209279a8c447ea1bfdbc9198015c742e95ab0fa75ca0229616a1c7183dffc6 |
| SHA512 | f8a9cbb65b1a7a9bbd66aae2a1c19f44ad27d2671a0e25323acc19418b6e63e2694063b5cba72932844c5c252abc967cf6cc2e225caa172d39e8637eea253e73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcae8f6e80d4ec221f71e67f01ddd6ef |
| SHA1 | 5d97599b92b621d59b2d85e1351095448082588b |
| SHA256 | 7a0c3278fd18fe21d6e709abb31fea542d51d5d480581897e0fdbe87ce10ff04 |
| SHA512 | cd8219254e16d004a93689863169123eee77fbe5d797ddf307c889a1c033154392e98a22b7d1c8e60d907d06f7ff9d7f38465f51689d4c18e7025c8d48500288 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\196080d5-cdf1-4b31-b158-b77dd77387a9.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
Analysis: behavioral31
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
142s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
7s
Max time network
154s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1044 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 1044 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 1044 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 2992 wrote to memory of 4944 | N/A | C:\Windows\SysWOW64\cmd.exe | C:\Windows\SysWOW64\tasklist.exe |
| PID 2992 wrote to memory of 4944 | N/A | C:\Windows\SysWOW64\cmd.exe | C:\Windows\SysWOW64\tasklist.exe |
| PID 2992 wrote to memory of 4944 | N/A | C:\Windows\SysWOW64\cmd.exe | C:\Windows\SysWOW64\tasklist.exe |
| PID 2992 wrote to memory of 5116 | N/A | C:\Windows\SysWOW64\cmd.exe | C:\Windows\SysWOW64\find.exe |
| PID 2992 wrote to memory of 5116 | N/A | C:\Windows\SysWOW64\cmd.exe | C:\Windows\SysWOW64\find.exe |
| PID 2992 wrote to memory of 5116 | N/A | C:\Windows\SysWOW64\cmd.exe | C:\Windows\SysWOW64\find.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher-win-setup.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq GDLauncher.exe" | %SYSTEMROOT%\System32\find.exe "GDLauncher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq GDLauncher.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "GDLauncher.exe"
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe"
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=2068 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2452 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=844 --field-trial-handle=1780,i,18296855108028806682,12994967130990787039,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| GB | 104.77.160.198:443 | www.minecraft.net | tcp |
| US | 13.107.246.64:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | meta.fabricmc.net | udp |
| US | 8.8.8.8:53 | cdn.gdlauncher.com | udp |
| US | 8.8.8.8:53 | files.minecraftforge.net | udp |
| US | 8.8.8.8:53 | api.curseforge.com | udp |
| CA | 51.79.83.165:443 | files.minecraftforge.net | tcp |
| US | 104.21.33.240:443 | meta.fabricmc.net | tcp |
| DE | 18.155.153.129:443 | api.curseforge.com | tcp |
| DE | 18.155.153.129:443 | api.curseforge.com | tcp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.160.77.104.in-addr.arpa | udp |
| US | 104.26.3.110:443 | cdn.gdlauncher.com | tcp |
| DE | 18.155.153.129:443 | api.curseforge.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 240.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.83.79.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 64.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.179.17.96.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\7za.exe
| MD5 | e86eff95691b1c0e7e4f3e9cb1ae2e49 |
| SHA1 | d0acbf9ae29ec74acc67b53b2063bbc9739bc9e8 |
| SHA256 | 8117e40ee7f824f63373a4f5625bb62749f69159d0c449b3ce2f35aad3b83549 |
| SHA512 | 1c26201f214fc068d2d7f7c812be022dbc102077ef34bc1f231ac118aa04b94139cc2005628491747888faf95863241b3847524db097f4822b75f646f4345ff6 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0cf9de69dcfd8227665e08c644b9499c |
| SHA1 | a27941acce0101627304e06533ba24f13e650e43 |
| SHA256 | d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88 |
| SHA512 | bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\chrome_200_percent.pak
| MD5 | d88936315a5bd83c1550e5b8093eb1e6 |
| SHA1 | 6445d97ceb89635f6459bc2fb237324d66e6a4ee |
| SHA256 | f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25 |
| SHA512 | 75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\concrt140.dll
| MD5 | 1028995446d0032530461be30ca98f48 |
| SHA1 | 18446678152e9997eed9c02995f957d58a8e8f32 |
| SHA256 | d404b49c25cc76dc4c86e1d82fc23799482f6509e85a73ed8177efc320ec0195 |
| SHA512 | adb9ae577f082e0246cae5c804fa4cd08bcf54ce78eaca02d49b9b1b262779667a251e98cae807aff50fdac504b8cd855ce4d786f587d02e0a18f6ac8e0d882e |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\d3dcompiler_47.dll
| MD5 | f14a24e7ceb2b4b68e8e2aae77d5a938 |
| SHA1 | 711935bdf6ed7f18a89029b77d25ebe89296cafd |
| SHA256 | b747d77120f112602cc7bbf899197bc21ab6f7d2280fb2e6cfa0c558001bc30c |
| SHA512 | 3828e71f2d9da0033bb71d504e5f3b0d6c73c9ceac2029e03427354826bb0bbcd4e9ceda4766f7efce82a74c3b65b916dad70bcb14215356f3ac0537e1407d49 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\ffmpeg.dll
| MD5 | ca983a184e3eb10c77487004babad08f |
| SHA1 | ff7c66ff7f401fc85624e8f538799f272f216c55 |
| SHA256 | 2c2058dd0025458d81ae543b73c331b0b0192cdf7feadb6af6492e1ee9c8d267 |
| SHA512 | d1144526ae4e97ae44b38883d551da4f2cbd8e373a86137f0609631f7402d9893e36c81ca1f3c3dbc8bfaa952c4f051b5f0e5bfe2d0c9633bbbb0251aa858206 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\GDLauncher.exe
| MD5 | 321813030faee0c08f0770eee5d5a5f7 |
| SHA1 | db8721580f06a388d19ccb5eb2bb4305349ccb91 |
| SHA256 | 6899a4603230cad53faec822b471e449fec6551d3d9b2859af1c89734d62d5b2 |
| SHA512 | bf8f2cd9c431a69c39db22ab179947db7c129711bb53f20c4296e3008af7caf249d9f4666e5490d1a94b70137c48fb32bd4e3bcda61d622f95d0c45db9301e0c |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\icudtl.dat
| MD5 | 961d5addc8883da455b18f733a517c51 |
| SHA1 | 4c7c251133dda763215a2ba9b24b16b2d4442d82 |
| SHA256 | 065881dd33f75898e718d481597f2536a9074b546d14a57e2ef82cafaa6579fe |
| SHA512 | c6910d07408bfdde08b8385c692047ba9f53e2c99881f99d763373780eeddb250f3003ee9aa868c98980a1ba9957400c7a7c4c7446fa80c76db6f7ab2efe1986 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\info-about-msvcredist.txt
| MD5 | 5869d7303e54026c9adc33e5dc63d70d |
| SHA1 | 484058ada000cdaf04b337ee03445a4989629d7f |
| SHA256 | 9329f7579fd8ce5f0503c2458ec49f1f42cf587559d0902f9954e3cf170f0a34 |
| SHA512 | 403e01d01f8eb63e57a1ba7310282858aba499d5243a50ea44829ef8c312dfa1600873a5240e52afac17877512ed05e4f0d89082af92309157bf02cb7fe34b6b |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\libEGL.dll
| MD5 | 5de7e395632af0d31d8165ee5e5267dd |
| SHA1 | 740ae64850e72e5ab3d49e3bbc785399a30a933e |
| SHA256 | 44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a |
| SHA512 | 788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\libGLESv2.dll
| MD5 | 13f5b11e5af6a7886568b92cb391517d |
| SHA1 | 7130f2cea805324e5962c3a727c102a445fa1cd7 |
| SHA256 | e43fc8d684550eb13d3278e52531fa962e870fae65e68ca4d6a883f52866376a |
| SHA512 | c4891bd5b293ac8bd890afaf1fa3b8260ffd8c4141d2911d24ef520ab52cae2adb2b472bc21e1b528a41b39dd13f733f92c5fd93ed525b75d04b2c9cebed9196 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\msvcp140.dll
| MD5 | 25d41e8774dd8bcb0bde6635dbf693cf |
| SHA1 | dfc66f96e4169c1b79e9e10565267bcbe3044bfd |
| SHA256 | f2ad53034e473e7473f31c9e54b4f54d1ad3b3ae02d8afc32eef39f03b03b9cb |
| SHA512 | 836d9ad631fbca1a2d33999aa765f9dfe6e8f79eec0712c7711669574276cb6b302a306dc6b7f02b0b4126a0983d68f9a1cc5dba0e4f2985c933da6731f78ee6 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\LICENSES.chromium.html
| MD5 | a8f806c122539887f8f1123e1201e5e1 |
| SHA1 | 510f232598a7696bb68a57b7123aedd2389a9997 |
| SHA256 | 0f3e1e080c3040a1f3aa977e2ed71e5837382b401a21978fae3c7c35f2a84f63 |
| SHA512 | b09a6f9ee939c21db45fa99a0176ddb9428b2b98adc2316360fce0ab98a62764912f6d9cafd48f5becdb9431830a8fdeb57a3c18fafb54e5290ef91c92def517 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\msvcp140_2.dll
| MD5 | 210bb45a43b2f8fa7f6cfc31fa4ec6dd |
| SHA1 | 3dacfa339ac11488d52a54806fffaf437bb0caa8 |
| SHA256 | aa965bc8429994c97bc2498ed8051a4101f7987a376924b105de5f7915e42a48 |
| SHA512 | 8a0e8863b06b306b11e0abad77b0285dbc17b8a778e241c2ebe0285bbf12c7b7cfdeacd6ed6d2bf71887342a94daceadf8e0aa3164d4492e1cb9d0d1feceab96 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources.pak
| MD5 | 591074428c91f2e650c1942451122656 |
| SHA1 | 433ae7cdb858ba376e5d2326e30ac13fbb060880 |
| SHA256 | 6ad9ebae9b81a882bd84a47ded58e2d29ddbbfeb1ef848d2412e52ac24030c9b |
| SHA512 | e78afed3ac5e5a88e2ed78cb6ab4bcd7e9afd186ad1651a4431aa71bea21154d3ea1a0e38b55292d9c2d9fd33bfb661f0742a89c32d13710459bc1a67e223391 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\msvcp140_1.dll
| MD5 | d281be80d404478ea08651ab0bf071b5 |
| SHA1 | e81dc979d8cf166c961c8e7b26f5667db9557c47 |
| SHA256 | 5e627fac479f72363075824423d74d0a5d100bb69377f2a8c0942e12099af700 |
| SHA512 | fda7c43fb6ee71c7ccbad7ad32c1f00e454ccdee3bbc35de4045abbc8998281cdab9c506fea8417df25ff0ef09471eea49f63b2181e160c62bda804fbfd8c376 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\snapshot_blob.bin
| MD5 | b3e2e780fc630c4e53e3536ae784439e |
| SHA1 | 63418a5fcc710b77075885e27ecdd008fb4aabb3 |
| SHA256 | 9eadd4d59c2b135e32f3e8766d4feda642c903e51aa1ace5e0e5786f2579aa78 |
| SHA512 | 4cfb9cceaafd04a63ca814e9eee947d1fb9a37dc6d4bb4ca0348da78eb30e22ee8aa337fc2cfa79d6de226f34e70da4a1c8c7b1be637ea1ff82a3ba27f6333e4 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vccorlib140.dll
| MD5 | 621011d8f38e0eb988dca3a94dc6db9a |
| SHA1 | 1f91b9818a4fb8892ee50c1d334294361934e1eb |
| SHA256 | e1c210936bb4e8328879b7701374e51a05bf76e5dea8f2ddddafa25f03a820f1 |
| SHA512 | 4358a6c379d59f9ea1e509922bb58ac76a10f9245e83f824e37fe128b82cf21f8308bdffd9ac93cdf6ab8cce2d1852b7c5181256e0c09da27f0357d0dc89eb77 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\v8_context_snapshot.bin
| MD5 | aab34077883477f901c09e7a43ae7ed2 |
| SHA1 | 2fd533026e3a68c32fbcb87fd7d879aa4257c69d |
| SHA256 | f55787d23172bbdd24ffbefb4f70df9105579ff3d84392aeb2dba6feab578fe9 |
| SHA512 | 3f5b677e1fbdf02398bba73eb9008a13647a35bfa6a0b6580aa5d9845ecd932670b16886c9179b1a25bf902201144513e939cb6ea96617fb2a06910cdb80ceee |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vcruntime140.dll
| MD5 | 1453290db80241683288f33e6dd5e80e |
| SHA1 | 29fb9af50458df43ef40bfc8f0f516d0c0a106fd |
| SHA256 | 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c |
| SHA512 | 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vk_swiftshader.dll
| MD5 | c030ff9bb955c6fac28b61eb8cc63907 |
| SHA1 | 51bc1d0cc14a971f11b1f0bb1b29fea76fbde4ee |
| SHA256 | d43d7e1b3272b5f8389f0640fd82b246af7c2c4b6ec4853862c812309d73e30b |
| SHA512 | 579d42370d5ec8607a1e20d682c0567f8a9b3a0d376f79eb4e543eb8dfa21875d1c1bc89d006d85eb4cbbdfc2e5b18e2d7beb5b8fb8feb39a5553eeec0845d20 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\vulkan-1.dll
| MD5 | 5cb7232be5f4cfa8f41e630fe71c7105 |
| SHA1 | cf10b59fa19b4a496bd5e0a8d4cb985c133bb89e |
| SHA256 | 85f0a8327bfa1b8ee64fb4b7179c0e49dc8885673619c29fbd8b08f7ccf45e24 |
| SHA512 | e76fd34bbf9d5ad2a190e255a81279a468a7948df43019fa79fee82a6acf2fa0735046dafa1f8b253a8a551ce3cd95e5527e9f0ac12f10a3adeac170f38a647f |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\af.pak
| MD5 | 46f982ccd1b8a98de5f4f9f1e8f19fe5 |
| SHA1 | 13165653f2336037d4fb42a05a90251d2a4bc5cf |
| SHA256 | 9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf |
| SHA512 | 2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\da.pak
| MD5 | 875c8eaa5f2a5da2d36783024bff40c7 |
| SHA1 | d0cba9cfbb669bbb8117eee8eccf654d37c3d099 |
| SHA256 | 6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5 |
| SHA512 | 6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\cs.pak
| MD5 | df23addc3559428776232b1769bf505e |
| SHA1 | 04c45a59b1c7dce4cfabbac1982a0c701f93eed0 |
| SHA256 | c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0 |
| SHA512 | fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ca.pak
| MD5 | 8fc109e240399b85168725bf46d0e512 |
| SHA1 | c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5 |
| SHA256 | 799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62 |
| SHA512 | 84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\bn.pak
| MD5 | 3d98c59e26b33ee1b5126a6e88344810 |
| SHA1 | a91c8580a06aa757eba0e6227f07f4c8775daf8e |
| SHA256 | a27c0a03329e33c4307598d9fd7013300bbc2c787180f30e2923888e8cf16496 |
| SHA512 | 73f5513e7fe9960d61b3a32c5dd10c71264a66fd28ffd0cf30e7c42e5c3e6ac224e18101332086ef7653b05088453350e668df8ee1d10632510c1c36d25eb758 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\bg.pak
| MD5 | b363f27a8336e80c99236b77df9daeb6 |
| SHA1 | 09183388ec4b55b69da2794896e60fe887601349 |
| SHA256 | 247001d5fa1d561a904d2861d1fbf8af9ee3eef1270337f6af8a80536a1b67ea |
| SHA512 | 27eb34fd787ac8fc6a92acf38bc1cb2418606befdee7ecba6b1cbb4edabf670e7f5b685dc6a941fa0a4e762720f176aba743aea3b3956e2f131f95e2151ea95a |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ar.pak
| MD5 | 1b55e90455877384795185791bc692c2 |
| SHA1 | 3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46 |
| SHA256 | ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df |
| SHA512 | bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\am.pak
| MD5 | 89cfd3ec98d027c17029aee51a5bb171 |
| SHA1 | 1ba9daf5b66a86d856371b630d1ccc63b92d68af |
| SHA256 | 6076dedfcae1f731f53c1a8982f3f1fdd1a99d2c4fcd22d0b070a64b49ef6304 |
| SHA512 | fb61124fdd0869642a036d0ee52bc60af237bca8ed102cb87f35e24b2a146d36abd041d2da5740f3eb62930127e6688a36458986f0ffe139580c836754a5b76f |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\el.pak
| MD5 | ec615a6a6397543a90d9c62000aec247 |
| SHA1 | 6b89783ac526a3672ec3c599382eb0ef4a35afe9 |
| SHA256 | db62855fa33f216a3f323ef91b2983732c318ebf5b1a63d3c814c6e8efb5fe51 |
| SHA512 | 884827ff7ff6b5a137c298db41cf0447d14b68fc2ddc735142aa1121117195be1a0f0684cefd2c1d877a812638fa707ded7adf68e556729d95317c51ef74af40 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fi.pak
| MD5 | 668405e3ae8ec1e5e030ba897f355bf6 |
| SHA1 | 888e11b4ea3a30d99463ab21e8143ea31b01ba01 |
| SHA256 | 95b2630a5d399437455b3d48a5f909c90be7f486edd2e9280f04fe46b7113e0d |
| SHA512 | e961e4c4d46e18fc4a8fa997cea6f3680d31f968589aa0fb8d07cc54bbf6db9689a196e909c7e2336ed29bcd4f0c91f56ed1c81bc6c7b1daf5308b563e6bc6ac |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fa.pak
| MD5 | bdaaf47ca351ae90e85cd1a198188340 |
| SHA1 | c2f0543842c94bb740cc6d9bd19c02d3fd92a539 |
| SHA256 | 708f6d8de065c2bef8952ea7a350724017391b0a399328f5d965828f4c8cb440 |
| SHA512 | 2b2d2c7a0612be1e4642393829193c63c65f9050e12c435597d6cd5f451a4b847d6f62a3087b22d5922a11f70f9e21c1e5bc562c509e823bad3c129d0affb088 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fil.pak
| MD5 | cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856 |
| SHA1 | c3b5900a38354ea00b63622bb9044ffb4788723b |
| SHA256 | 945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e |
| SHA512 | 6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\et.pak
| MD5 | b3edbbe30b8cbf83589e5333e9502733 |
| SHA1 | 286a0f22aad6c59525d1f805993b4c4cf3bd455a |
| SHA256 | 68d6446e5a3840af0da180a4616ae22e1eed8865c470386669d8add2fc63b8c7 |
| SHA512 | a16e7e1e8134fe561dfe72ee9693b527baa11baa6961fb05ee388b1e0753ab3480ccaf9939f34ff7976fb9b8d8174fb99466e6142793cd981827d536ff5aa231 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\es.pak
| MD5 | 8c3407e674be41266ff5a805c911b5d8 |
| SHA1 | c9e0fa7c51d6d946272c3ddb8574b7a5ffc700b8 |
| SHA256 | 79b4e8a7dad61be451d79179bd2dbd06a1ef8b1503bbf1251a401a8ae43e1b6a |
| SHA512 | 9681852b2d4042b3a673c53a7e0839d1e77eeaa630009c5f76bd7c2e0e7fb016d193b845fb24f0d3449930947493c39394b91e493f363a092f98149909e81c53 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\es-419.pak
| MD5 | d25865c02378b768ef5072eccd8b3bf0 |
| SHA1 | 548dbe6e90ece914d4b79c88b26285efc97ed70c |
| SHA256 | e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0 |
| SHA512 | 817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\en-US.pak
| MD5 | 5ddd57c073c4f4f903ed10ebadb219f0 |
| SHA1 | ae8add5f84181038aab80f1e623d11f4ad850923 |
| SHA256 | 6dba7babe2ecb0172e484121097308ad74600f6761ccd9768d88fae8d63c6755 |
| SHA512 | 95582ee3fdce7e3c209de3cb4577f095549bbe2da17b7f21b69e1a8978e0c4a0e207852ab53ebf9ba9e5ddcd6a888ee62e4733eb3bbadeb62cc9ea2f4d20e631 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\en-GB.pak
| MD5 | 80227f98af91d6d807e7e4ef3a10385f |
| SHA1 | 3c0702172adf883aa9a8d2160abf714793283a98 |
| SHA256 | aeb7a61a51c30343ab2ddcb59a99029c48749ecc6fb3fbbcfed61f442eeb8c23 |
| SHA512 | 81744a8787e9c22d82e2d479b1b743bc7982b34821844f806f996a56406c3cb061a16dadb476ced8845a4ab2bfbc5925c4822d2bc1b65acbe3d34906965ab001 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\de.pak
| MD5 | 11f2e1cf6c1e87e34ea0804284680ec7 |
| SHA1 | d8015bd71b45af07c1980afc464fbbd07d611a8b |
| SHA256 | b2b42d623db5125ebf94f4a865bbfa236fcde06728bb26f128959b4ac0de528d |
| SHA512 | e515ef3a8b49e8555de62a9a859d1384af714596a32cd8bfa457f121997c7099e0b1a87e59d0bfb3de7d6d538c9384a88771988aae12be130f0cfbf84a7a7f85 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\hi.pak
| MD5 | 1d54e584312dd357cf3c50afb78b3bc9 |
| SHA1 | bee5c4c2550593e57f0a32b10e5177c7caac0d72 |
| SHA256 | 314fb82a2bbb0c3130f64b9e2b34c48f54e4b0140c182dbb7f8978d83c91a8f5 |
| SHA512 | d3d7680b7436dd6cd9c917408570ac9780f4a3ea3d188788ce00289b534893bffbf3c695ebde7852f844f56cba13ecadb91672553ce1e5e336d3202a442dffb3 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\he.pak
| MD5 | 9261d169134adb88f53e876fd9a9852b |
| SHA1 | af08914985ba12848c2bba95deed26b791defc85 |
| SHA256 | dc810a7101f15e968fcbbba1e2e98f2af2b723fb58ff77641fadaa1caa79349b |
| SHA512 | c466409c8df73355fa9c0d7eb96f0ae9abe14ba5baa75942dbb96d4292e3dcf7c71f6851b26d32e9bb09487a45cc20f4fcf800f3d13ee0eaead053822ef4c5e3 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\gu.pak
| MD5 | c2ab06430fa9caa2e5662507b6135c44 |
| SHA1 | 1c7b0ae57db6a7df4971d27c945a54f03dfd7ba6 |
| SHA256 | 31c3fc79d4f563ac2d91324f185c23325051a4746b99252231656aedb617b2c6 |
| SHA512 | a1dd8cd905930a0317753f654b591f475af2cef606d6efa188e828cad8c0da47fdf185f5089aaffbb3c8ff965d6057b8b1ccf5abc1cd67f733a86a2d61c17daa |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ja.pak
| MD5 | 095a8604627613de6c7c35716fa9cd0a |
| SHA1 | 2869d6f012fe482f96023ddbcf1f17b3aa5bf002 |
| SHA256 | 34573289e4027e63bc4091f6c69a2bc8d59922d5991050803779f0b01bc270a5 |
| SHA512 | 29fc503341373b966a98e1771dfdbbacdd98a05072f33f9dca6667f3ab8dfd994a99d0c486cd569348d48a4d9ef81c7492c002423ab72e56a00a328a5ce8b97e |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ms.pak
| MD5 | de81e3f94b307a3d1dbf579670a9e398 |
| SHA1 | cf7569bfd32001ca98dfa02301a51384f7bc6a41 |
| SHA256 | f6e70fa445f5ba1b967c84f670941620c8919891b6983f6d088b7fd723161d92 |
| SHA512 | 93eac6bbde1ff77fe1e1d3b8c06d5c3b9a188179571fbe53d97fa294be9d3506e30fd775adc4233a7fd5c4159aaf13538ccbd56dabccc35fcb43f8c621d145b4 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\nb.pak
| MD5 | ea1240ed6550cce7ce336cc6d79253b6 |
| SHA1 | f545057973c06bc80f6a5c4b0f0983de4aae84f9 |
| SHA256 | 27c63c1b34d9333cb700f490a38e1b5bf9ec8b73725b226b6fbed61b1985d410 |
| SHA512 | 528fb6de05ded39d05ae77992a9b687b62a2d40fe1aee67dbbd82e798e2583c71d694be0ef376ee93ea3890e02dcd5f99f7f7a85a20beaa81f2e95391175c4b8 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\mr.pak
| MD5 | eac9f1ea9743f92a64e3287e524b77a7 |
| SHA1 | 1d193ce01791969d795fc1d810ab055aec4ae2fd |
| SHA256 | ded40d713fe05aaceec7a880f882de1046ff9708940cff05e1de91be0d6e856e |
| SHA512 | d70cd5dcc76062802bfd0493d2f308dca7cc6c04ff3c05a6791981d41ba345cdae997b5964d6281118dd8ba79eb3b5cc64edfc67cae0828514bb2b00d00f6675 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ml.pak
| MD5 | a7f6cdc17eddc1550260489d478ec093 |
| SHA1 | 3308eb8f7d1958fe6b9f94602599cdc56460aa89 |
| SHA256 | 01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577 |
| SHA512 | 42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\lv.pak
| MD5 | 28eeee40b2722e1cc42905c70367fbdb |
| SHA1 | fd82465b1522d314b295207934a7641b3d257d66 |
| SHA256 | 026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684 |
| SHA512 | a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\lt.pak
| MD5 | a3e29f4a3ca6f2058a6f464e49f914b6 |
| SHA1 | 3fc632eaccf91e86b365d444e7acba6f9302aa5c |
| SHA256 | ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47 |
| SHA512 | eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ko.pak
| MD5 | 27705557eb4977c33bc69f27c2ee9f96 |
| SHA1 | b0297538c4e68515b8f65d44371cb8f4cdbc489f |
| SHA256 | de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc |
| SHA512 | 53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\kn.pak
| MD5 | 66867a2133ef0c73f385af7d5d2eed91 |
| SHA1 | 8ca6e7e6d679255c2c151d38cf70a5f25cce059f |
| SHA256 | 407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35 |
| SHA512 | 482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\it.pak
| MD5 | 23d70fc1cc74275719c4f882400150e1 |
| SHA1 | e8235d0bd4dbfbd708deb80139f0acb1cc0fbdef |
| SHA256 | 75b37965b88933ba32119ebdd13cb98c54300b1e1e312080947eed6a94fc70b0 |
| SHA512 | ca9a6fc273d5b0b656e902fb87f8792de604a3b6ce598dc577d08541ce9f35256849b1503f15edbe5d1e1d5785cffc38ed12650d1d026aa23b5ce6f9c3ac4cb4 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\id.pak
| MD5 | f6d153fa3087dab3fcef255b5afe8538 |
| SHA1 | 99f123a133d3ce1a70349a7d1948a8d57981e1c4 |
| SHA256 | fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7 |
| SHA512 | c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\hu.pak
| MD5 | 7317adfcba87621963e9cb2f44600e2f |
| SHA1 | 0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4 |
| SHA256 | 6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f |
| SHA512 | e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\hr.pak
| MD5 | 209efaa890532ddbb1673852e42ded7e |
| SHA1 | 8e9a3e643183d4cbdfad9fd2a116e749b5313a95 |
| SHA256 | 3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40 |
| SHA512 | 5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\nl.pak
| MD5 | 1e5b9d923d5f8cef49c913badd2784ba |
| SHA1 | 6e42a558a7207b2cee2452263eb661843fe74d0d |
| SHA256 | 7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e |
| SHA512 | e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\fr.pak
| MD5 | bc286000070c9a918a8e674f19a74e12 |
| SHA1 | 41221bb668e41c13fbf5f110e7f2c6d900cdffd1 |
| SHA256 | d641d9d73262ca65a613ee0395204435d6830316dd551f8992407ae77ead4b64 |
| SHA512 | 553dc84ffd09dd969802fc339ab20f6af3c36442c1ea23e4199519f2c5fb50be79874ae455ce5ff44511a3adcedae7f3030d13e0ecf2b456233d5f4ff186a5dd |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ro.pak
| MD5 | 5f6af740e111066ba5245a7fb58c3d38 |
| SHA1 | bb09d9f89ec6e1db0a45cd15f84930dc34011b16 |
| SHA256 | b9fee8754a5307751f197d1968dd02e163dba30f09a36c72f88b63b4ee5bcd26 |
| SHA512 | d2c74477bfa01e8b5b51fbb4393368dc967be362833cc2ac61fc989f41896f17b957d10c0e03b442fba1f3d6059637f355dd6e537e6e00c382eaacfc1b5d64e2 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\pt-PT.pak
| MD5 | f7a822e3dedaa3df046c3172613e275d |
| SHA1 | 14c21d2cc296197a9a618f21dc103f0d6749b77f |
| SHA256 | e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e |
| SHA512 | 0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\pt-BR.pak
| MD5 | 54efb4172a7110a567ad87f67cfcd551 |
| SHA1 | ea8eac6f2328b8a1b27249fced7c16154060dcf3 |
| SHA256 | c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742 |
| SHA512 | ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\locales\pl.pak
| MD5 | bc72c8e2426765839539a3b8340fe19e |
| SHA1 | 630bd0e844e673454477b819c808b7e18bebe0db |
| SHA256 | 6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755 |
| SHA512 | a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sw.pak
| MD5 | a5f4010de863114025b898d78036b336 |
| SHA1 | 0fa93fee8f60d1bf2fec4e01c5306404e831e94c |
| SHA256 | 8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30 |
| SHA512 | 7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sv.pak
| MD5 | b4d3ab3791e862711986bb585c1676fc |
| SHA1 | 2123c8879a70728657e72415d7056aac4a1527e2 |
| SHA256 | 080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66 |
| SHA512 | b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sr.pak
| MD5 | 7cfb6dd166594df07bccb7c08774a667 |
| SHA1 | 1c06a8adb81c357909ade0307a67a122c94c0cb7 |
| SHA256 | c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d |
| SHA512 | 92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sl.pak
| MD5 | c08d0d08fd48822c603a27aaad4e9557 |
| SHA1 | 8b7d616ef86bd955cbdf68197cdf748aaf99240a |
| SHA256 | ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65 |
| SHA512 | 480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\sk.pak
| MD5 | 7cedcf98e68f4001cc13f2b761571681 |
| SHA1 | fba32c46564452fee5697777b6d3c60d69589528 |
| SHA256 | e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb |
| SHA512 | c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ru.pak
| MD5 | 822750ab24d9ef1a54f3d987eee1acb5 |
| SHA1 | dc99948cfd029cc9d98c10e487625832db8f1855 |
| SHA256 | 3906f069e6e2a3a0235826e9382624e7a4cfba309f00bbd0963ff0c9f2c179fa |
| SHA512 | b0d9521e088c80470e5d15e310bf7e3e27b16464c5349f2bd6f29a78e7fdc7da36b3b1bee68e4496585b0e2f20098fa6b0b3360c4b43f2ed9718d292755f5be4 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\uk.pak
| MD5 | 8162ec467ac9a8dac71d22c630a3e6a3 |
| SHA1 | 4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a |
| SHA256 | d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f |
| SHA512 | e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\tr.pak
| MD5 | 08b737a1b8ecb81c8ef4d7b8f6b5f503 |
| SHA1 | 99d2cdbb720f114051627acbb79475ccc57ce6a6 |
| SHA256 | 84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8 |
| SHA512 | 142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\vi.pak
| MD5 | 247e8cfc494fd37d086db9a747991abc |
| SHA1 | bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92 |
| SHA256 | 4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3 |
| SHA512 | 852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ur.pak
| MD5 | 30ce113bc3c466751bdf8d50cc568ff8 |
| SHA1 | d0b434b8f196a320995f49845d64054dcaedb97f |
| SHA256 | 34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41 |
| SHA512 | a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\th.pak
| MD5 | 5abd2a1b2749449a0cbba60e32393f4f |
| SHA1 | 31097bf4728f752508482c298710cffecfb78d60 |
| SHA256 | c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780 |
| SHA512 | 094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\te.pak
| MD5 | 11c4c1ef8708db1f742333e71e312831 |
| SHA1 | ef432cf1d5df168039cb3d1b5f4d34bab76cd475 |
| SHA256 | 9889b8d2e5f5fc5ed199831954af7b05028ec7a68f448b19ba74d91b97c223d6 |
| SHA512 | 27c73d81271612bb2e4925d2091db9119859080484f5fa17536291c06bacdffadb1962ce56d0979d4f1f49add14990d73c5bafea45ce48141a36a2e55ade756c |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\ta.pak
| MD5 | ab1ece31afe29124d183b3826c7ef291 |
| SHA1 | e707a983f039310b867bf4b502165f1f512b9818 |
| SHA256 | 5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22 |
| SHA512 | 6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\zh-TW.pak
| MD5 | 96620581f25ac84ddd4b9d0cd29b0749 |
| SHA1 | 6413faf7b2e31755674f27de8cdab0788488526c |
| SHA256 | 2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988 |
| SHA512 | 7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\locales\zh-CN.pak
| MD5 | 7507e95fbb433aa97dd9c2e3c2e08d0b |
| SHA1 | f61227f2173ceece432289b099285d4a9322e2ef |
| SHA256 | bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1 |
| SHA512 | f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources\app-update.yml
| MD5 | 3197f1e2ac3bb916d888b1c517788ae1 |
| SHA1 | d1621ef5a59f3cb3af0948c32c6b86a3bc5895b8 |
| SHA256 | 54f8faa0210764d255e9e3e812c7eba670e3b4b88892f44719ce76d19c96d728 |
| SHA512 | e7bd76fba533a680008fb9bc1a73b22b4b441d0a1e1d639ae9da0cd75463581b11e6b2741405c88b1b1f702a25107b5b254889395cf1d17ae938612fbaec5cf9 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\7z-out\resources\app.asar
| MD5 | 471cdc896824fd3a5d3e96fddf1d20f8 |
| SHA1 | 81b175a13dcf0db5b2fff78e6e67eb17ddbd446a |
| SHA256 | b00f8077ec00065aa084b06d274583b86c1f0a7a2a046457846fdd890c970b01 |
| SHA512 | f4ae2379baa5d458e21ad799121aa7233533e67864998123a8ab017b9aed42510d66fa0b682d0e9417a853133de6ef95b89b59bce7064182c223e25571ea05e8 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | d9ac034d1594747bad97b2a0e4c9a3ca |
| SHA1 | dd97a98e73d1115982490123a0428a64f82090fb |
| SHA256 | 02a03e51c92c6bdfa573e90483ef5956f7e7983a9e6cf3c62ae0e31c096307d1 |
| SHA512 | 92d097ea96ed8a482dcb02bab2891957ae0b23621697d2015cb25d1d10f0bdd2a745db78800d731734323c5df71c3aed4c96c504b8f6d198b719a4517b76da78 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | f43305559db938e41d7734ff25e503ca |
| SHA1 | 7ca11607eae4b95fb0e04f333b2252bef0573709 |
| SHA256 | eaa90c7f4e372e8d1f06f9ea596d65e476f984c8fae4617fc6ac58e5ef76993a |
| SHA512 | edc24e4b4234d89a0927b5cdab65847dc06703fa371ab7cfdeb1dba52e37fe5370488fc11888b25c1f81c782951d951d28cebfc70f6794b10814c248e01d9b9b |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 9d3b16e2a2a75d6849ba492903b93a95 |
| SHA1 | 9ed1a828ad701e18f06b47517de5f76b3e4956ce |
| SHA256 | 0f5d4ae11a85970eea61ff3aef67412d76efe245d39145898369a4f03507bd54 |
| SHA512 | de17f87b220a88b04081f9b14efcc57b760a8653d2404f64bce8349f6b0aa0ba899e9bee1e80dfd2bd4e036d831ca2f259b625379562225ba2f1e44bd5a3686e |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\v8_context_snapshot.bin
| MD5 | 1270ddd6641f34d158ea05531a319ec9 |
| SHA1 | 7d688b21acadb252ad8f175f64f5a3e44b483b0b |
| SHA256 | 47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29 |
| SHA512 | 710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\icudtl.dat
| MD5 | 4a6fa70842db25df259404f68f5c142a |
| SHA1 | a28afe056ebd2a8a2d963371f904f617bbb00fcf |
| SHA256 | c6bcd91547f28675e22ee7db26bfddaed1f4cfc6744f2da89dc8f6e5c50d1c28 |
| SHA512 | 1ebdf8ded31a39df08f19f8d82741ee42c78de21190cdf23e6f07d2dfcb52a1b76d35eeee0b6eba975113e54bd777d3f1635d5e011202f3c6e2dca41765ec0e0 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources\app.asar
| MD5 | 0947e7a01966466bf6a1141abd7c6b9c |
| SHA1 | 1fdb1487a9e6ec04ae93fc1bcc1144c20d965e5b |
| SHA256 | 1fc8648c8c848f98964f06576e4269c937120ea27a908d29454bee6ebbf688b9 |
| SHA512 | e523003b98dedc0ecae8a210434ce3c368b4fb5622e51c0ace7de12e9c122f30006954a2ef72ac864c4c59ddbcf86b2c93d01b9c9969b2f173e1bbfaf714cc3f |
C:\Users\Admin\AppData\Local\Temp\f9ba0571-a595-4909-8af0-dddbed0f0b65.tmp.node
| MD5 | be94689f0cf2f4e36ef77fff3b573460 |
| SHA1 | f7187d89237506e6f50db5418c25b79cd1b3d271 |
| SHA256 | a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f |
| SHA512 | 83078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5 |
C:\Users\Admin\AppData\Local\Temp\fc13310b-e4c1-4c66-ac9c-6e5c2337332e.tmp.node
| MD5 | 4cef69a682d9b896b4fff99fca80a08a |
| SHA1 | 85fcae77830c3e55badfac97badc97ee53d5ada8 |
| SHA256 | bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738 |
| SHA512 | cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\resources.pak
| MD5 | b7dbe646f39ee9bc4c186e2e34f023d4 |
| SHA1 | e19b20ef868650085e3ebf4201e6af6dc082b816 |
| SHA256 | 06ab121e9802a5d90e49c01d3899ab1d6269c82bd5679b89efbdc0097ff9dd95 |
| SHA512 | 60cc5ddc1978438f8a4c6542245f86affa0dfa26480cbf4b8c5f44112b5f0b192153f0e61d1940216025463ccbde343366293d7b9d0a14561b90106bd875392b |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\locales\en-US.pak
| MD5 | f982582f05ea5adf95d9258aa99c2aa5 |
| SHA1 | 2f3168b09d812c6b9b6defc54390b7a833009abf |
| SHA256 | 4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d |
| SHA512 | 75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 3262e9899967984512cf273a5951271b |
| SHA1 | 6472f47dd10eb7a6a1d5dde90463ea90b468d13b |
| SHA256 | 06f4dc13b6a9498bd1c16f7e4398c67ce8edad6f9e27e0ff84e164829bef8141 |
| SHA512 | 74a1be35cfb50d363f0782c159ff0130178907a02c21327ec305a8cddc321f63cce5f5774e6ffaf154847cb75255ffeee273381a52d04488b68f72771ee8b5d0 |
memory/3544-649-0x00007FFD26BC0000-0x00007FFD26BC1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 4c1909ffc09f3f8659d8578d09b41ac6 |
| SHA1 | 6ba6ce33c5a1fb92271ed751b71a092f24318cb9 |
| SHA256 | 6b8b761a45425318ecfed2757d72fc408f8bdbb6a6254c7bf717b61c44f735e6 |
| SHA512 | 9a3adfa0c46b998085ef0850cb1bddb674206395ee39d3fa671a770cc46ee997f0f126b159135b20b00552c1652262adcefe2c45b7c0932a9c694a4b64056976 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 044759fca9f2f8734c9caeafd03fadfa |
| SHA1 | bea1d8d4d13e3cde94b695628a0c876fb7aa9f5d |
| SHA256 | 43eac3a975fcaf25eeafb64cc6b27b8394a447fa5b5ba9d5feace42284dd2564 |
| SHA512 | 4d6a5bac542e9e1abd94523b1916d9d5edbd3b88d0dcb75ff27e10aca4130959c96ca49ac2d4c534047d928ded88b964f15ccbe1be9b5fd85654e576666b7299 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 54edc3e04881aeefe3e6d435c70d2e2a |
| SHA1 | 66852299b03e4a06e0f1e41edf905cceee62ca72 |
| SHA256 | f34c223e50317fd1543bf48f69a46de4d83567a661bac56e8a99ca8316fbc53f |
| SHA512 | 3d09c6a81f7d965200eda0449d87936bbc85a449dcec10c4943b111326b51390d192696a69df6b0a858f1ecba1e02d3b7e7e0de4566b5a790b179cbfe555affd |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | d7d8462a76f63f746f98d1d2fdc81f0d |
| SHA1 | 316f0f2f3a0e4fc0d01c8e2f7e0ee1ac6321baf8 |
| SHA256 | 6339b4036d58f4184db48c684772c2a18f5ff9767c3b97437826b0e82218775e |
| SHA512 | 7062009c90cfec7e26464f87cfbdef61948622f82f4895a217cf310f02f51576703a7af0f4daf956d72dbae6bfd0e9d815559a046f64f7d983580343edaeca20 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 086d392f175085fc79905b8517627ee7 |
| SHA1 | 87fbad8ce17559bbb0067be8623b66402f6c2010 |
| SHA256 | 4bba3833eed5ca95c93a37c77b7eca3c2ce1c7139435e1a6928b432cc3fc6f8b |
| SHA512 | 804e591ed49df2a7dd2498575a84bad297c5cf312b76d5567f2829788a877f1aeca8ed8f29e7e69af94bff26b210b4c16b5742c2e9c51205af4907c6bf1974c9 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\d3dcompiler_47.dll
| MD5 | ef5e388c75a264dab1679fce49d73d31 |
| SHA1 | a6a3044b6d637fa9f267b2ff0f07b5d29cf3aa2c |
| SHA256 | 7316b2d5fb2de34b0a24de1f112030e1ecd6c3ba686f5cce3d40e6380abb63e3 |
| SHA512 | 7ba46050cc1eab0aafb1b4645f9da09391be20df0d85c91f34a1c9adf13942eccb2601134c26f481db5a7e3732c3c008b64d4048f5f273a53a913aabb91ce3ba |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | a875c99bb5fc22e476c31da7d84be6ce |
| SHA1 | 34660ca769ee9cfbe9e73ed1a7ccab2a141e1ad5 |
| SHA256 | 7e7e215e13dd1c717dbf131da3ba426086a03d8c1d5ed884d0f6c63bef0c7676 |
| SHA512 | f3d11adb8fc028c3065bbaf9695b733ebd6d9177a7015d296148a8f13375aa956f438eeef48c4b05b51138a8f6de4edf37e5dad505cad92cf192e9554ef4a1c5 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | aaac00dccf30926e83c9d0de631f399b |
| SHA1 | 75418dd068ebc128937594640bcf971b16fa02cc |
| SHA256 | f7ad496182568a6025d5290eedc6bcb7833f78c212f8eea0503ddbc594ca8c0d |
| SHA512 | 9433a8db4f918cd0d7d357ae515c61f0daf47aa3b41cb064cb10e1200771226a697c9c3ef94e74195fe69031345c72c7c9652bb7d411792a6e5b1e9d20218abd |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libegl.dll
| MD5 | a0df7801247a270d6a5dac203d71e6ef |
| SHA1 | b18fb7824e7565d2bee7a8db4d9804fcf383a5c1 |
| SHA256 | 814269b0038341865287c8c6def33857f8ef18b5e72f41f54f09b3b558241bda |
| SHA512 | ca0dbd203d7fddf825182843569f8bb8bbba9ceed7a94cba2c56ec38ca261ee3558ceaf86dc5fb718c8174e5e12c50ff6e7c3343b111d16dfb0395df8cf67aa5 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libGLESv2.dll
| MD5 | 9b1196474814fcfaf3b290370fa4f9d1 |
| SHA1 | 4ab3b49735c9bbbd53925f7d919fd9020bca6203 |
| SHA256 | d55dab6c8e75e4dd2608fee5111b8b7ee2d3618f44570d38555a62befa014bfd |
| SHA512 | 4014c7e2a074ee9c4147224211d81c594fce347337d0a20d0f0e9119d2ccbabc6ccf82cc9c89bd776850d4fcdfbaa01cd1ea48117b091f3dfffa611da98a06b9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\nsd6802.tmp\nsis7z.dll
| MD5 | f9f065c6eac2266084c7ab1314ca8883 |
| SHA1 | a13f59c93fc6f02752efc50c8bd3169e5c9a156e |
| SHA256 | 4d3445162352bd926d731051d3244e350ea3b30c4bd79e10e37a8174b6e1e026 |
| SHA512 | 088239dfff46667904a6b3d7e7e9494c008735867e3b1604c9596716c2f57ac2f1c715114fd558a692e4ecf2e79a5610d834c04cac526bc10e9e03b002572ec8 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\libglesv2.dll
| MD5 | 9dd424283d305bf6ada0a6d5f36b18a2 |
| SHA1 | 8d4a3cd2527d774a8d9fbb6aeeb14631cfd6169e |
| SHA256 | e3a022e1da0595dad85d0d562aa5199d21b26b84e9e2d57811cb97412cc28e73 |
| SHA512 | 8e106ff6f80b2a3fb81e07bcfe6a6bb37659b9f5c40e8d27adea2868e2ff307fa84dc022e321d8c90f1223aa3785422df7ba16a6c46efff2d53e98189c0f54b8 |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\D3DCompiler_47.dll
| MD5 | 3fc998c5534af9073bdcc64f2785a2a0 |
| SHA1 | 4ddcd9eebf8b62749c578af0701f9102f085bafc |
| SHA256 | 2f2e7f37a95248e694262233df5fd150417bf62634368c9b04afe5b8baaa2967 |
| SHA512 | 1043d34f5ab9acdf3d99a62eea9838c36a2105203b14e496535b4541c02d1a7012f4576e94406600eafa0b0545b7eb616792eb919f3774c94613873259ebed7f |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | b1d7c4c1a1fa22d9312b567f60cd441b |
| SHA1 | 20ccf0da5cd82c491c121920849fa948d524ccb6 |
| SHA256 | b5db421bdb6b9818e3720e63c1c8b20feba28654e5a28b47a0f10cd5ecc68f17 |
| SHA512 | ec262a4c51cfcb9cf6d4a14baa8e41f324e476df1d693aba3c892a34ca2a2d003cf88f86e79c2b915f843299a0cb5ff7d6bfd0a36fe1c3574e78e35b0fff7daf |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\IndexedDB\file__0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\2223800b-a61b-434a-a673-60b54acbfbbf.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
memory/3544-937-0x00000198CC230000-0x00000198CC2DC000-memory.dmp
memory/3544-938-0x00000198CC230000-0x00000198CC2DC000-memory.dmp
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State
| MD5 | 65481b3fc4a5cd409fdeda24861d7c5a |
| SHA1 | 982b44c02722f07f2fe8ceedecfae55be2556f0d |
| SHA256 | 1f534933c0dd6c5499fec3c12efa1799a7ef1c571fcfc6015e4063d1ba792e4e |
| SHA512 | 002bbf4fa2fe72a58d32738453c92d3fafaef6607fc92f3365fb2426d9db955802b3bbe238655f74f85856a878e3487c12546425a26ac997ec6f0d09f616bc98 |
C:\Users\Admin\AppData\Roaming\gdlauncher_next\Network\Network Persistent State~RFe58a5c1.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\GDLauncher.exe
| MD5 | 8713873e45f96547f9d6775f3efa3687 |
| SHA1 | b91903231562864a8b955b728e755233e811a1d2 |
| SHA256 | 2cf876c23bff586953e40eaa7c2357e9712821110b5663e963e4bb0915fdae7d |
| SHA512 | d93ecf06a28dfce27e855f7c101cf3d7df49bb7ab757c9321b60c7cf1594c705adaf87b423306bd8ac97953fc3004c4e9558f003d387a0ced71b043ec77031bb |
C:\Users\Admin\AppData\Local\Programs\gdlauncher\ffmpeg.dll
| MD5 | 4b986e689f81a022337bab1cb40236d0 |
| SHA1 | 70361ee1109cd5d2c69d6aae3f8d76ad7dbd13b6 |
| SHA256 | 5791762084aab6f6517aa2cbaa95686ef339c31e3671eea0a16b979a9adb4774 |
| SHA512 | de429358a6acd7243e6c5d50f2184f8c7c3860417cfef0f68331f7e823d90b0da43fd5e4776fdb03563c3d481108324ce068036380de8ea66b9eee1ac202b250 |
memory/2636-952-0x0000019315410000-0x0000019315411000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\gdlauncher\vk_swiftshader.dll
| MD5 | a1878f4db51b4037aa2afea973055e16 |
| SHA1 | 4b1130f0b972dd0bed983bc872c848804e048cf3 |
| SHA256 | 21f440aebfeab21f9b33bd1a7fb185201a9999a71f1c427db1dd5c36e1f527a5 |
| SHA512 | b38367f0fbaf7fc480ff25295aceb434807ff4be9ecd79af4aedfd7f69bd28c712809484381711f0b8062f7e2f3f7bec8817659898281b09c338b1745c0eea5b |
memory/2636-953-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-954-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-964-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-963-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-962-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-961-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-960-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-959-0x0000019315410000-0x0000019315411000-memory.dmp
memory/2636-958-0x0000019315410000-0x0000019315411000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
133s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240220-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win7-20240215-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2940 wrote to memory of 2780 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2940 wrote to memory of 2780 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2940 wrote to memory of 2780 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2940 -s 80
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
140s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
92s
Max time network
151s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 548 wrote to memory of 5000 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 548 wrote to memory of 5000 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 548 wrote to memory of 5000 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5000 -ip 5000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.179.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-02-22 17:44
Reported
2024-02-22 17:49
Platform
win10v2004-20240221-en
Max time kernel
137s
Max time network
161s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3280 wrote to memory of 3792 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3280 wrote to memory of 3792 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3280 wrote to memory of 3792 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3792 -ip 3792
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.69.13.in-addr.arpa | udp |