c60c7061f20c6cf9645da0ebf22b143913038a93d9358c2693430e1925d6114b

Resubmissions

17/04/2024, 09:27

240417-levmkaah66 8

16/04/2024, 15:27

240416-svq3msde45 8

Analysis

max time kernel
26s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 15:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e00b253eda798487f5fef2ef25164fd8.exe
Size

126KB
MD5

e00b253eda798487f5fef2ef25164fd8
SHA1

cf2c21c845f16ed144487e9f86d8b5ba8376008b
SHA256

c60c7061f20c6cf9645da0ebf22b143913038a93d9358c2693430e1925d6114b
SHA512

bd3dd458dfe3cc38c3ac24a53bf96f7362052fedda39df8aa13ce41a250ce27ecd55068898d4c21e1622f7542891b82adc1b2d884684bf080080bfded7f17d13
SSDEEP

1536:duokBZMKvOsg8ISIv47rz0D+/R/Av3coL6+9D8rbBuS7BeAXJ6xkRQsN5xgSF:RkBGWOsTIJgIDU5A/coLx9DoBRe/xK1F

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1860	setup.exe
2996	Pinball.exe
4988	Pinball.exe

Loads dropped DLL 12 IoCs

pid	Process
1944	e00b253eda798487f5fef2ef25164fd8.exe
1944	e00b253eda798487f5fef2ef25164fd8.exe
1944	e00b253eda798487f5fef2ef25164fd8.exe
1860	setup.exe
2996	Pinball.exe
2996	Pinball.exe
2996	Pinball.exe
2996	Pinball.exe
2996	Pinball.exe
2996	Pinball.exe
2996	Pinball.exe
2996	Pinball.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pinball = "C:\\Users\\Admin\\AppData\\Roaming\\Pinball\\Pinball.exe"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x00070000000233eb-14.dat	nsis_installer_1
behavioral2/files/0x00070000000233eb-14.dat	nsis_installer_2

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1944	e00b253eda798487f5fef2ef25164fd8.exe
1944	e00b253eda798487f5fef2ef25164fd8.exe
1944	e00b253eda798487f5fef2ef25164fd8.exe
1944	e00b253eda798487f5fef2ef25164fd8.exe
2996	Pinball.exe
2996	Pinball.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2996	Pinball.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1860	1944	e00b253eda798487f5fef2ef25164fd8.exe	90
PID 1944 wrote to memory of 1860	1944	e00b253eda798487f5fef2ef25164fd8.exe	90
PID 1944 wrote to memory of 1860	1944	e00b253eda798487f5fef2ef25164fd8.exe	90
PID 1860 wrote to memory of 2996	1860	setup.exe	93
PID 1860 wrote to memory of 2996	1860	setup.exe	93
PID 1860 wrote to memory of 2996	1860	setup.exe	93
PID 2996 wrote to memory of 4988	2996	Pinball.exe	95
PID 2996 wrote to memory of 4988	2996	Pinball.exe	95
PID 2996 wrote to memory of 4988	2996	Pinball.exe	95

C:\Users\Admin\AppData\Local\Temp\e00b253eda798487f5fef2ef25164fd8.exe
"C:\Users\Admin\AppData\Local\Temp\e00b253eda798487f5fef2ef25164fd8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
    C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Control Panel
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2928 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
      4⤵
      Executes dropped EXE
      PID:4988
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3000 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3480 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      PID:640
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3556 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3596 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=1588 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=4576 --field-trial-handle=2932,i,9225389947546731128,15094362520157686317,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
      4⤵
      PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2996_2144234928\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2996_2144234928\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
8b3fc98fab120ab9a9fdc3c586973a8d

SHA1
8c3472ddcb4e3004fe02d25ff9f8be92da2b16c6

SHA256
28efe58ee371035e705d82688afc8d0c47067ded749df272e008fbe4912f608a

SHA512
d076e22fa2a1384efd344cab0ae91aedb92dbf4e6049206c3fcb7e4e619f306e0fa4859dd871968df5d67655cae2e5056ee481106bc607963cb6c5a1608f3432

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
831B

MD5
5d177936d2ca3f25d99cbf792aa622a2

SHA1
d967f5dab285bc773ade5a8331f8a01212ebbb22

SHA256
9eeb9c6da50c65a4c0034a601a1984a0abfad02d4651ad6f28ce395cd85744bb

SHA512
bc1b029101ce1b62ad4533e0c4e65ca349e061130ee4485cb3f577c8ac2e2e6ca80ad08480e1f466f786493c7ee1bd2daebd93801e88220a6bf8574e2f00a7a8

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe58a4a7.TMP

Filesize
529B

MD5
68dbe617baaa11efe5c9247af727a941

SHA1
77c05740c68f1ae2ac1fafb39819742ef715bb68

SHA256
5c8e9dd07660a6654c92862b60a34cc90e226739b55ec4466a9de7300b5be64a

SHA512
0c3614e8388d924b6904f0dfb9914c5f271b879500862aa77a7965a1e33dbd3bb318c62bc460b9d917aa846b3032bb25bd07fc9c22b72f3c397495a78bdcc5b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa2D4B.tmp\INetC.dll

Filesize
21KB

MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0

SHA1
d850013d582a62e502942f0dd282cc0c29c4310e

SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa2D4B.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu8484.tmp\liteFirewall.dll

Filesize
81KB

MD5
165e1ef5c79475e8c33d19a870e672d4

SHA1
965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5

SHA256
9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd

SHA512
cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
102.2MB

MD5
f6c955039d8d0158871eaa4742cf9b42

SHA1
8c8af212b3e15eb8642ace3f93ed549547ec925b

SHA256
082acf311a0c64d1d96cfaeae5f2b43409eb4463e21700748965e21b718f2353

SHA512
4dc41a01fc59467de515aeb5dcdf0856db7c2258b400039643711d658184b97bfbcbc4814d1ce65ace022c3a1381ddfb3b0273f423bfc141d7342235159a21e3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\Newtonsoft.Json.dll

Filesize
560KB

MD5
8f81c9520104b730c25d90a9dd511148

SHA1
7cf46cb81c3b51965c1f78762840eb5797594778

SHA256
f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886

SHA512
b4a66389bf06a6611df47e81b818cc2fcd0a854324a2564a4438866953f148950f59cd4c07c9d40cc3a9043b5ce12b150c8a56cccdf98d5e3f0225edf8c516f3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe

Filesize
183KB

MD5
7c29fb72d1b284f81245d2d09f7b5d7e

SHA1
5a944edbd670dd8daa5a94de8be82fd7b5122b7f

SHA256
6baca4ab95c86bbc783842cb57e80c71be5c3ca379d54b4f279d939af3b416b4

SHA512
fb0ca73a86f852ee9b2557c62fef2f7b8ca905a0cb085cfab279d9cf8fd0cb6dee8f19d66d3a218a6f61a8ff6cad06636e6641340895648ac46969beacb5e144

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\Xilium.CefGlue.dll

Filesize
855KB

MD5
b03c7f6072a0cb1a1d6a92ee7b82705a

SHA1
6675839c5e266075e7e1812ad8e856a2468274dd

SHA256
f561713347544e9d06d30f02a3dfcec5fe593b38894593aeedf5700666b35027

SHA512
19d6792eb9ba8584b94d0d59e07ce9d1c9c4da5516490f4abce5ae0d7d55b357bda45b2093b3e9eb9d6858061e9d3f530a6655c4779a50c911501ae23925c566

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\chrome_100_percent.pak

Filesize
641KB

MD5
3404dd2b0e63d9418f755430336c7164

SHA1
0d7d8540fdc056bb741d9baf2dc7a931c517c471

SHA256
0d3fca7584613eb1a38baf971a7dd94f70803fc130135885ec675e83d16a4889

SHA512
685d63633db8a57d84225c2b92c92016e1ce98ba2bf8d3ddace2eb120b3bcf84c718787d59db6ec61f34cf91cb651500b4e4ff0ac37aeb89561cdcc586946c80

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\chrome_200_percent.pak

Filesize
993KB

MD5
3fbf52922588a52245dc927bcc36dbb3

SHA1
ef3c463c707a919876bf17c3e1cd05c0d2c28ca9

SHA256
c6fe346106c5e4950161ed72eb0a81fe3537a94e4a59461aaf54e750d1904f76

SHA512
682eb6d61b564c878fdb971a6439fcda9f1e108bd021a32e8990b68b1338986a4866a0965dea62567501c8826d43cebf2b7c8be8323de415a75e8d89a9d592e7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\chrome_elf.dll

Filesize
1.1MB

MD5
207ac4be98a6a5a72be027e0a9904462

SHA1
d58d2c70ea0656d81c627d424f8f4efccef57c86

SHA256
2ba904da93acc4766639e7018ac93cc32aa685db475f3a59b464c6bc8b981457

SHA512
bfb6c58774829db3d5fadc92cb51477ff4eac8fb934db6583a312bb1157468f6dd3a4a3afaf25a687b74890dc8a69857a12d0b38b18d83e82836e92e02046ff3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libEGL.dll

Filesize
369KB

MD5
8bc03b20348d4febe6aedaa32afbbf47

SHA1
b1843c83808d9c8fba32181cd3a033c66648c685

SHA256
cbee7ac19c7dccca15581bd5c6ad037a35820ddfe7c64e50792292f3f2e391e6

SHA512
3f9eec2c75d2a2684c5b278a47fb0e78b57f4f11591fac4f61de929f716bbaa8f7df05e10390408ad6628538611541548c26869822372e9c38d2c9c43881651e

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libcef.DLL

Filesize
103.5MB

MD5
0244f1c432ead74fe3a6ff137209c7bd

SHA1
6e3981f4edb2273c4704d64c1b90875b0b85fa0a

SHA256
14deb0264e17f53cb3a3d8116def8eb970e0698b734a28f72673dafd00913ad0

SHA512
5be5c75ce73ad221b4b0e9ab5cd6f942da279e5cf23ecbec0702d128aec87147b6d18ecc6822162fac85f0d63448c5e10b64c15b73f3c7ef15722c398f623e01

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libcef.dll

Filesize
105.9MB

MD5
b7c72191fbf30336845c851ecf428307

SHA1
f39cc6f45b3852d67529b3d3355515f563eecdbe

SHA256
57a1d6197417e88a07bbc983788b41ee60004793a4a479469634934671422e39

SHA512
f236bd20058fb77aeedc71186622d44376aba2e2b8c7bab85a97e0612fcee19c052aa1ad0bb6db77f86f2ca4315ab705c35c31e81135430587c4df7bedd60753

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libcef.dll

Filesize
102.0MB

MD5
44762a20d23dbb493c8cc18a50ea2fa6

SHA1
195ffa6dcc4d7d12cb0280a2c04ed7832d2e2742

SHA256
226cb2f6a4645aa00abc71bd996fafc91fc8630a79357c1a276bcf1994599d72

SHA512
fa5e5391d4445c2de43ad81312a9912d6e4aa9d7e55cd7409f56762cd5e14e7b162df98d2311ef9aeb44837d73771f13c99dd79892249e5e94cff181933435de

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libcef.dll

Filesize
102.2MB

MD5
2ac6fc9b27e1b3d4e87f38067dccd7c1

SHA1
818f9b930a63c56eecbf86e732b42c938ab5d40b

SHA256
8987481fe72376c28f93f1309df5d0b2b48788857c2045bd67adc1ceb5204009

SHA512
b2657c7c4b152d84b427f7c2ff3e3ee656b13cc6a6187f0728a33782617a48d16f9844be71c1bc0fe11df077cf700c3d3c482cb396d56f6731662d4dd198ade3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libcef.dll

Filesize
102.1MB

MD5
6e6e4d15db7a923a52fda412bb0c2e93

SHA1
5ef80e142d6443c3822b7ad3ddeb1e9da4eec3a1

SHA256
ef514fa7787c1220b335087970b4fb6f0bd604484e09e86d1775c26ea6ac9a65

SHA512
396f92aaadc0b9d20a96d81d801c16f7ea7d99fe4838827f23b80300405e05e7a05dd8642fd158115e33334d57b8a0fe9c54aef4111d404b51e71cb41453537d

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libglesv2.dll

Filesize
6.3MB

MD5
63988d35d7ab96823b5403be3c110f7f

SHA1
8cc4d3f4d2f1a2285535706961a26d02595af55c

SHA256
e03606b05eeaed4d567ea0412350721c0d566b3096b18c23bd0b3fcde239e45a

SHA512
d5f5aca00be9e875fcd61531cc7f04f520fb12999e36e4fe06beaae491b47d2e9fe182015db1cbfbb8e78cf679f2eb49e20ecdf1b16d1d42058d6f2d91bc3359

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\locales\en-US.pak

Filesize
424KB

MD5
feab603b4c7520ccfa84d48b243b1ec0

SHA1
e04138f1c2928d8eece6037025b4da2995f13cb4

SHA256
c5b8fbdbb26f390a921dcacc546715f5cc5021cd7c132fd77d8a1562758f21f4

SHA512
e6b3970a46d87bfd59e23743b624da8116d0e1a9912d014557c38fd2664f513e56317afa536df52e7e703863fbd92136be57ee759a2ffc2958ab028f6287e8b7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\log4net.dll

Filesize
269KB

MD5
7ea1429e71d83a1ccaa0942c4d7f1c41

SHA1
4ce6acf4d735354b98f416b3d94d89af0611e563

SHA256
edec54da1901e649588e8cb52b001ab2aec76ed0430824457a904fcc0abd4299

SHA512
91c90845a12a377b617140b67639cfa71a0648300336d5edd422afc362e65c6ccd3a4ff4936d4262b0eaf7bae2b9624bcd3c7eec79f7e7ca18abe1ec62c4c869

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\resources.pak

Filesize
7.8MB

MD5
f7ec58aea756f3fd8a055ac582103a78

SHA1
086b63691f5e5375a537e99e062345f56512a22c

SHA256
517418184ea974c33ffe67b03732d19b1234dcb9e5c1c2e9e94ed41b3bc1d064

SHA512
c620c6e16bbcee9bc607e6ca75d602c756276ac69e5f3761d82de7728164133656a71a69043eb1a86ce3051fde4327a47efd41d1ff47c8385699ca67c423ad7b

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\vk_swiftshader.dll

Filesize
4.2MB

MD5
7f913e31d00082338f073ef60d67b335

SHA1
ac831b45f2a32e23ba9046044508e47e04cda3a4

SHA256
b60e9818c4ea9396d0d2d2a4ac79c7dc40d0dff6bb8bc734d0ab14adc30fbf30

SHA512
e1ac79c775cf9137283cd2c1ae1a45ec597e0351cdb9c11d483e2e1f8b00cc2bbc5807a50ded13a3a5e76f06c1a565eff1233f4ec727b0c5f7aa3beaea906750

Download Submit
memory/640-216-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/640-228-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/640-232-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/640-223-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/640-191-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/640-182-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/1160-323-0x0000000009EC0000-0x0000000009EC1000-memory.dmp

Filesize
4KB

Download
memory/1160-326-0x0000000009EC0000-0x0000000009EC1000-memory.dmp

Filesize
4KB

Download
memory/1160-327-0x0000000009EC0000-0x0000000009EC1000-memory.dmp

Filesize
4KB

Download
memory/1160-328-0x0000000009EC0000-0x0000000009EC1000-memory.dmp

Filesize
4KB

Download
memory/1160-318-0x0000000004D90000-0x0000000004DA0000-memory.dmp

Filesize
64KB

Download
memory/1160-325-0x0000000009EC0000-0x0000000009EC1000-memory.dmp

Filesize
4KB

Download
memory/1160-324-0x0000000009EC0000-0x0000000009EC1000-memory.dmp

Filesize
4KB

Download
memory/1160-352-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/1160-294-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/1160-299-0x0000000004D90000-0x0000000004DA0000-memory.dmp

Filesize
64KB

Download
memory/2996-139-0x0000000006250000-0x00000000062EC000-memory.dmp

Filesize
624KB

Download
memory/2996-137-0x0000000005FF0000-0x00000000060CC000-memory.dmp

Filesize
880KB

Download
memory/2996-215-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/2996-144-0x0000000006630000-0x0000000006652000-memory.dmp

Filesize
136KB

Download
memory/2996-145-0x0000000006810000-0x0000000006B64000-memory.dmp

Filesize
3.3MB

Download
memory/2996-150-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/2996-218-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/2996-219-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/2996-138-0x0000000006140000-0x00000000061A6000-memory.dmp

Filesize
408KB

Download
memory/2996-143-0x0000000006680000-0x0000000006710000-memory.dmp

Filesize
576KB

Download
memory/2996-133-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/2996-132-0x00000000054E0000-0x000000000552A000-memory.dmp

Filesize
296KB

Download
memory/2996-128-0x0000000005A40000-0x0000000005FE4000-memory.dmp

Filesize
5.6MB

Download
memory/2996-127-0x00000000053C0000-0x0000000005452000-memory.dmp

Filesize
584KB

Download
memory/2996-126-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/2996-235-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/2996-125-0x0000000000A20000-0x0000000000A54000-memory.dmp

Filesize
208KB

Download
memory/3412-222-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/3412-225-0x0000000005B20000-0x0000000005B30000-memory.dmp

Filesize
64KB

Download
memory/3412-233-0x0000000005B20000-0x0000000005B30000-memory.dmp

Filesize
64KB

Download
memory/3412-177-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/3412-217-0x0000000005B20000-0x0000000005B30000-memory.dmp

Filesize
64KB

Download
memory/3412-190-0x0000000005B20000-0x0000000005B30000-memory.dmp

Filesize
64KB

Download
memory/3536-192-0x0000000005580000-0x0000000005590000-memory.dmp

Filesize
64KB

Download
memory/3536-224-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/3536-229-0x0000000005580000-0x0000000005590000-memory.dmp

Filesize
64KB

Download
memory/3536-189-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/4436-230-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/4436-234-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/4436-202-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/4436-199-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/4436-231-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/4792-246-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/4792-247-0x0000000004F30000-0x0000000004F40000-memory.dmp

Filesize
64KB

Download
memory/4792-248-0x0000000004F30000-0x0000000004F40000-memory.dmp

Filesize
64KB

Download
memory/4792-282-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/4988-317-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-306-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-297-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-316-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-315-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-314-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-313-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-312-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-311-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-310-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-309-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-308-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-307-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-298-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-305-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-304-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-300-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/4988-295-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/4988-203-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/4988-296-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/4988-293-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/4988-220-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download
memory/4988-221-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/4988-162-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/4988-159-0x0000000072B30000-0x00000000732E0000-memory.dmp

Filesize
7.7MB

Download