7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 23:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe
Size

1.7MB
MD5

917fad12adf8d4c4d193107f20563ee2
SHA1

5a9a032b451cb8611788f5a3113ed635f0e5b3df
SHA256

7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508
SHA512

da7b4091caf1c5d143bf80d270cf689d73db873a4ab685a0e82d3600fa791b58c18adf1afa70c10c81887ae719d4ddd523b6033a54d7eb95fcb68056993f9f78
SSDEEP

24576:U2O/GlCp0Wz/c0k1F4D6IQeC08YdkKRlHloadSwGuERduCLRd/ljsveJ7uOoyBPg:c8FK3C5YvQaV2j/CveJt9to5eYQlC9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2856	bstrapInstall.exe
812	gameinstaller.exe
1580	bstrapInstall.exe
2984	gameinstaller.exe

Loads dropped DLL 37 IoCs

pid	Process
2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe
2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe
2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe
2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe
2856	bstrapInstall.exe
2856	bstrapInstall.exe
2856	bstrapInstall.exe
1952	regsvr32.exe
1952	regsvr32.exe
1952	regsvr32.exe
2856	bstrapInstall.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe
1580	bstrapInstall.exe
1580	bstrapInstall.exe
1980	regsvr32.exe
1980	regsvr32.exe
1980	regsvr32.exe
1580	bstrapInstall.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
2984	gameinstaller.exe
1976	regsvr32.exe
2984	gameinstaller.exe
2984	gameinstaller.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\socket\socket	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\blob	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\socket\mime\core.dll	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\bin\RASymCCISGlue.dll	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\waiting_bar.gif	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Extensions\CheckInstallChrome.clf	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_gen.jpg	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\unrar.exe	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\loading_z_syn_gh.gif	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\waitProc.html	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_atr.jpg	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_gen.jpg	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\waitProc.html	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\bin	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Extensions\CheckInstallChrome.clf	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\spinner.gif	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\waiting_process.png	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_gh.jpg	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\socket\mime	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\socket\mime\core.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\gtapi_signed.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_rac.jpg	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\waiting_bar.gif	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\bin\SymCCIS.dll	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\waiting_to_install.png	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_atr.jpg	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\mrClean.clf	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\wait.html	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\socket\url.lua	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\socket\mime.lua	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\waiting_to_install.gif	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\luacom.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\RASymCCISGlue.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Extensions\CheckInstallGoogleToolbar.clf	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_gh.jpg	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\socket\socket\core.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\lua50.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\SymCCIS.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\socket\url.lua	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_zlm_d2c.jpg	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\bin\gamewrapper.exe	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\GCHROME.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\blank.html	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\wait.html	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\config.lua	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Extensions	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\bstrapInstall.exe	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\waiting_bar.gif	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\blank.html	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\blob	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\loading_z_syn_rac.gif	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\config.lua	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\socket\socket\core.dll	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\waitProc.html	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\RAInstallerPaths.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\loading_z_syn_rac.gif	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\waiting_to_install.png	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\wait.html	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\back_z_syn_rac.jpg	gameinstaller.exe
File opened for modification	C:\Program Files (x86)\RealArcade\Installer\Resources\zylom\loading_z_zlm_d2c.gif	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\tmp.xml	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\gtbCom.dll	gameinstaller.exe
File created	C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll	gameinstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D62088BE-DBCC-11DB-8D0A-D0DD55D89595}\AppName = "gameinstaller.exe"	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D62088BE-DBCC-11DB-8D0A-D0DD55D89595}\AppPath = "C:\\Program Files (x86)\\RealArcade\\Installer\\bin"	gameinstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	gameinstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	gameinstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	gameinstaller.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D62088BE-DBCC-11DB-8D0A-D0DD55D89595}	gameinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D62088BE-DBCC-11DB-8D0A-D0DD55D89595}\Policy = "3"	gameinstaller.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\0\win32\ = "C:\\Program Files (x86)\\RealArcade\\Installer\\bin\\GCHROME.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rgi\shell\Open\command	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker\CLSID\ = "{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker.2\CLSID\ = "{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker\ = "CChromeCompatibilityChecker Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\InprocServer32\ThreadingModel = "both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rguninst\shell\Open	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rguninst\shell\Open\command\ = "\"C:\\Program Files (x86)\\RealArcade\\Installer\\bin\\gameinstaller.exe\" \"C:\\Program Files (x86)\\RealArcade\\Installer\\bin\\..\\installerMain.clf\" \"%1\""	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\AppID = "{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\ = "IChromeCompatibilityChecker"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgi\Content Type = "application/vnd.rn-realarcade-rgi"	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GCHROME.DLL	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\TypeLib\ = "{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\ = "IChromeCompatibilityChecker"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rgi	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.rn-realarcade-rgi\Extension = ".rgi"	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\TypeLib\ = "{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rguninst	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker.2	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker\CurVer\ = "GCHROME.ChromeCompatibilityChecker.2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rguninst\shell\Open\command	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\InprocServer32\ = "C:\\Program Files (x86)\\RealArcade\\Installer\\bin\\GCHROME.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgi	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.rn-realarcade-rgi	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker.2\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\ = "GCHROME 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rgi\shell	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rgi\shell\Open	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rgi\EditFlags = 00000100	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GCHROME.DLL\AppID = "{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\ProgID\ = "GCHROME.ChromeCompatibilityChecker.2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rgi\shell\Open\command\ = "\"C:\\Program Files (x86)\\RealArcade\\Installer\\bin\\gameinstaller.exe\" \"C:\\Program Files (x86)\\RealArcade\\Installer\\bin\\..\\installerMain.clf\" \"%1\""	gameinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rguninst	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\VersionIndependentProgID\ = "GCHROME.ChromeCompatibilityChecker"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\RealArcade\\Installer\\bin"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgi\ = "RealArcade.rgi"	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rguninst\ = "RealArcade.rguninst"	gameinstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GCHROME.ChromeCompatibilityChecker.2\ = "CChromeCompatibilityChecker Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RealArcade.rguninst\shell	gameinstaller.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
812	gameinstaller.exe
812	gameinstaller.exe
812	gameinstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
812	gameinstaller.exe
812	gameinstaller.exe

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2812 wrote to memory of 2856	2812	7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe	28
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 1952	2856	bstrapInstall.exe	29
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 2856 wrote to memory of 812	2856	bstrapInstall.exe	30
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 812 wrote to memory of 1580	812	gameinstaller.exe	31
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 1980	1580	bstrapInstall.exe	32
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 1580 wrote to memory of 2984	1580	bstrapInstall.exe	33
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34
PID 2984 wrote to memory of 1976	2984	gameinstaller.exe	34

C:\Users\Admin\AppData\Local\Temp\7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe
"C:\Users\Admin\AppData\Local\Temp\7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32 /s /u .\bin\InstallerDlg.dll
    3⤵
    - Loads dropped DLL
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gameinstaller.exe
    .\bin\gameinstaller.exe installerMain.clf
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:812
  - - C:\Program Files (x86)\RealArcade\Installer\bin\bstrapInstall.exe
      "C:\Program Files (x86)\RealArcade\Installer\bin\bstrapInstall.exe" sfx:"C:\Users\Admin\AppData\Local\Temp\7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1580
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        C:\Windows\system32\regsvr32 /s /u .\bin\InstallerDlg.dll
        5⤵
        Loads dropped DLL
        
        PID:1980
    - - C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe
        
        .\bin\gameinstaller.exe installerMain.clf "sfx:C:\Users\Admin\AppData\Local\Temp\7753436cce9e7c99bde81c86182470f10642e280ee690ca40e7cb2e9f8fb2508.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2984
      - C:\Windows\SysWOW64\regsvr32.exe
        
        C:\Windows\system32\regsvr32 /s "bin\GCHROME.dll"
        6⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Extensions\CheckInstallChrome.clf

Filesize
1KB

MD5
c43e66ea9e524ac1e1da05fca4e12e19

SHA1
5c1517bbcd6be00d298d2a48e95561e42cc02680

SHA256
e9f786291f240a7e6e60d298eacc6185888f80ba8f48effbaa3b9b1267da941f

SHA512
bb243555543aaec74875f57c8d08042e30266177bee3bfa5225c0002180d616bd55558abdc36fccf5cd020c068af6b1bbd3e8ac35943c9c5bbea153107d18870

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Extensions\CheckInstallGoogleToolbar.clf

Filesize
1KB

MD5
d80e8b398cb15fcdb1bd6698016cec33

SHA1
2329e189d77c98b49b64d36b26644cb892069d06

SHA256
8a581bfe7ede2a247b1407b14394fb48e76592026b283e8abce4f3daf1eb519c

SHA512
4fd27dfb5b270f13faefeb85d5e24a42fba004e96c2e61ff5c4f258aed172692def58be262239e5f6f63b0af4a5e1bee0112fc4742f6a4438c8bf04762a18a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\back_z_syn_atr.jpg

Filesize
71KB

MD5
d6c82123bcc561f69b3ffae942dfc1a7

SHA1
941137bcd9e84d7910e97e55affb59d7a2da7397

SHA256
b5aabe270e4755caae73f4c2d1a346cd83d42e2f937f91bdc6c7780a5f0949cd

SHA512
a950f104406a4447a24b3c744ee6070876f6152d37af9988ebe34088af7b7bd462c74fdc375afc1a20a8587b6b619ddcbdf809d2a21c69cb0660ea1e3e77f277

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\back_z_syn_gen.jpg

Filesize
29KB

MD5
af3baa6fa1eba79f31c0fc95d66567cb

SHA1
3f86af46712167edae1027e7e125c0d8c04889cd

SHA256
8820d694c6773ae7ea0b16869864db93205e63ed0b17e1c60542e0acb49214b9

SHA512
bf7281c61f98c0dff5e3cff3f24825f8937be68ddd69895cf77f0c10d213429926a1d17a16c42d07a562f6534ede853aa02f42c90ec84d02aa1dbb65a58049e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\back_z_syn_gh.jpg

Filesize
50KB

MD5
2a05af809cf5cbc6db8b969a4876e572

SHA1
28c6f9615d39220e3062073f8dc4c2ed65e25c7b

SHA256
7de499b13332114ffbba65773acc442afbe1add60c3e42704a6badfa3a21c5e8

SHA512
29474e044c9545f5200b0060d4e5609a66afe5b5a50d1374b9b5ba03c5f097553977848a958b7705d34750082ffa30685ce0d6897c289b0cba0b4fc7ce2997d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\back_z_syn_rac.jpg

Filesize
38KB

MD5
713e34302075303fc8383f01fdc2b193

SHA1
f330ee95ee47f6374ece48516413e5196b25a857

SHA256
57c8175542f39a68860e474f8a3e4b9ff77d5cfb64a23fb5100d9932665b36cf

SHA512
b5fb20298130b8fc4307d2a67b3169186220f661f51555f3b74a8f9899de0f46f89823185fd9928d36744d38354a098aaea33fb6299dd08bdadc41a5c1f10b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\back_z_zlm_d2c.jpg

Filesize
45KB

MD5
e20d2d9d693e0474cbfb51fe5b689eef

SHA1
d48a312dd577072a1485c34c89238078d35e5090

SHA256
b4e3a5dfd809f4908a6abca36a6ed91a52f4ede90c4ae3c92c98416ba14892e7

SHA512
933bf139bd9f9f5dc662939632432e53b33950e290876c5d8dca87d44a983be3f16fd85a187a5261e7e1695b7450ce3ba45a9f0e5cb81cbdda0091b3549e81ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\loading_z_syn_atr.gif

Filesize
9KB

MD5
0d48a46e4c3d2bb554f3a389584b0f5d

SHA1
6fcc79e48e4975864b6eaf7d1021a39a94ba1727

SHA256
73d629fc242528a98a836261c4c85087a01ee7679fa68f8e07177bc23a699f4a

SHA512
ae899db869b9de6301cfd6d4b7f3536aa73e5225b955cf4e3bf47525ce967a1a50bb62be267cb5667deb81476a7d814ad6868ccbc27f15ed45597ac22bcf209b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\loading_z_syn_gen.gif

Filesize
6KB

MD5
3463716ff16c7a08334e1edb0cc6c535

SHA1
9e4c7d025edf414fd42167bc7bf68c528e9be309

SHA256
32b5842db81155c8dbfaf95659c2ecd05865e127b2ccabe297c17de1a8f40a16

SHA512
7c5cfad6d744619f83574eb43472283a15f47e9c6878145da6e786d8418a8455a1e8042ecf716cd805ed1b78dc21fa52f80f318126e569d9b9a1cc947700a957

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\loading_z_syn_gh.gif

Filesize
3KB

MD5
63b0965f3ec6192de5c939edb64673ea

SHA1
32352b64b32e1d209f8c94e969ca68206071d0ef

SHA256
fb3645d09f14b258d585cc56144b20efc363c797e0a29a6f21266b22486090de

SHA512
c62cf28e0faa28659f108dde852e30ae8d04ad4b242c73a4340fbc5349b48ca0ff984d1ea81201e60c75631e5e12c87589c6150d7576c35564253bef4e9b6c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\loading_z_syn_rac.gif

Filesize
24KB

MD5
5b2d4e64360fbccdac9f3654899dadb4

SHA1
b3908ae207a9489622a65d5c1c0c781c9e8735a6

SHA256
101f97313f95005090ac9d9aef14f7340ac938ece7c25df5f951d4473b0410e3

SHA512
5eb4ce3635f42881b1b561b551bf25270e41601344d638a3defc90b62e02055fb6733d295a53b9ca1dd3ba2a041d2024da606acd838e55ae5ba0f04b9e4796c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\loading_z_zlm_d2c.gif

Filesize
40KB

MD5
cc1be80293483908a2d623ae9854b8da

SHA1
e8b7c7dfb2663c85480f6d2f9ae43c0cc94f257b

SHA256
830b51e9c7c6ba7ad5bdc4d26e8c8405f63da8d01bf9ed85d32d893cb5cd0ae0

SHA512
afe86af1cc52ed4de98e4482897f9c0f3474bb936710be645e202f6d3f052db4457ba4aba8a322b8f8182f89450ece3ec0672cbd5b12c98c7e29f6cd7513394f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\spinner.gif

Filesize
23KB

MD5
1753b06c89c1017ba98183a0a1059f15

SHA1
1c0f68a64b07bcf50a236f3d47fd4f095f8b3230

SHA256
a648c33311c4788ef2f45d967bab7da798a4b39fc6500ec0b15856f43c7e7940

SHA512
e71a675c6444a83f2169bb04b65affb9c7d5d741b26d601a6cc8364b2f05637365700e362225890ef4004669edf7ebf0361eb706b3dcba68c4fe72c252efcc69

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\wait.html

Filesize
7KB

MD5
efae2c36ef67d624775126e1602de9fb

SHA1
c0e43ec91b9140bcbf6d6115a1915e3fc734d1e6

SHA256
1f154cab907c4e33429d0b7723162e05a8eb3b464ee9055f7f8736925e44d33c

SHA512
b29996e2b18231b0b42fb153ac89dc90e5c451ab362bcb8f386c20c6b29065c767add67244c052ef9aca7a0d66c016c1921f11d08470a4cf7c4bf57c2e4e515f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Resources\zylom\waiting_to_install2.gif

Filesize
4KB

MD5
41ac94bebb4b7e418d9bb2609393d83a

SHA1
118182c3d7eb070e2c064083b706371bea7f912a

SHA256
6de28addd1b88ba2b740ea21865d6d0655711fb8d2435f24327d7dc3e19f62e0

SHA512
b526c67b00f8c8e69698a432560aeaa5e22fee96e58b27ee4888909f35fef2567aff9e0d69287ffa7a0bb3eb2fedcdd3e59ff4acd53fa78bc4fb1f687813e56d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\GCHROME.dll

Filesize
95KB

MD5
e4c4b8a3a1fef4b89590db322045d5d9

SHA1
e4762a098a87a557737fc3e001609b9633f94704

SHA256
3fb59df978ca08030e94bd729acca14ac3e449abbc6380f0c60ef5d74a542a5a

SHA512
4710c8cb9e897678829bf1a6d7e3d00e89e79b71d5e844747a55cf33fad0d8ece4775d74b686395d4ab68b80ff492732dbe959596146c3d8837456fac705096c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll

Filesize
542KB

MD5
194b4d54841eb821901c63f79143a20e

SHA1
d354c60898b2a6e36f5c7c7bd729b65f6689b4f8

SHA256
da38fa5779c5a518d0c104be4f2d455a3ccc8c89db29d794d9bdadcf6c29ce3f

SHA512
6393e277fdc2fe9e9046fb6b76eec9a8971acd03ad084b74075ef02826b569090f14e4ac638ed106e45ec19fa33d7017f387881a223a4ecb97ac829d36e152e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\RASymCCISGlue.dll

Filesize
74KB

MD5
8f3955bc7d0d3a9ee1fbcf9e4a391090

SHA1
db96b8d4c7362efe8b0e4efa40f9613140c06278

SHA256
cb4a393523d6accfbdc65e2233b929055a61a2177f3bc14533515a52c97e479c

SHA512
4c6554167540aef978cb4c7543b06c1220897aa6f37eaf2d568df0ef8b3e399359ef1164ccffc0bf06bcd2b8361ce1cfdea2b3f7a9e5ebbc28364ea0dad913cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\ServerTransaction.dll

Filesize
59KB

MD5
f0e0a020eb4a921c3c897fc638405265

SHA1
429f8be42a784ae36f6517eeb0b207b9b8696e42

SHA256
137d934695506aedd804e97d1af2b6c671d988ccd9c710f3cd11ceb8351215fc

SHA512
01e9fb4fdb59ddd19b36a769717d9db883fd952b62e7b8e55c9b8a48ff1a184a7c1e6c8b483e54b5774f9e81944dd91ec7c951f0fb8fc2068a13227910565c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\SymCCIS.dll

Filesize
274KB

MD5
0e255017b8ba6b1f75d2ac271adcbb15

SHA1
50760a2d76889e510b418fd8dec28a29d7b8acd7

SHA256
f69def6530c055c2c495204e3a537c35fe825063925070f13ebe0d9537959d7e

SHA512
51d323cd6b3f2153e0d3ac70bf64c1a7ca3d3de55467001f648e203b5a57b6038376a6bd402cbb266ebbe6325f6ddbb4b794819f5ccb99d3717449e91d981ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gcapi_dll.dll

Filesize
62KB

MD5
a689eb4192ac28683b18c4e81b32559a

SHA1
aa436608c0e1a1a21153346a046ff00ee60aff1d

SHA256
cb81506dcb4de19a8c300ee010061845a7f20448c2387ae845f2d2099b54c981

SHA512
992c8f6e441e096c5def826c5665469b89642b0fc9a381f2cf63a98eb08bd58e4186a3a615078cd2775b78240f519c27501f46dea40e9b8b82b6d91b95d5ed17

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gtapi_signed.dll

Filesize
71KB

MD5
7950e8dcc2cc61cd975c4c7e0c518b02

SHA1
19be847844e2402988272f004b5bb5365aeec1c3

SHA256
be251267d1070de814f09e8ed9ad6e57ed2cee0f9c4ad0203cfae21bbe3f6390

SHA512
f3d38d10ed9a8365d4632bff63115b0b7134a77e0150b745e5e6b93cb03c8a74978a3188ec1346aba43815afeec6f9202492731f9df2bb28a7ae053ab2d8c13d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gtbCom.dll

Filesize
93KB

MD5
d7377bfbb8f73e357a449aea82bc9fe0

SHA1
889e9fa67fc1c521d21631c00894efa08b19e243

SHA256
d928b8a4ffdfe7de22ed2a455743a4615ae6db9521f4973bba44bd4193f9d53e

SHA512
4a9fd5d618ff54787ac1171f68771c8567746f8ed957333a0fd77d218b044ec45b496503f60a98af5aee55eee0e6f950534ca791dc35de9d2438566e17b17ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\lua50.dll

Filesize
301KB

MD5
a5037017365cb261852c5897fc62cdc4

SHA1
2de63bba818fccf9496fa3f54ff80b84581caa3d

SHA256
a12bb3b5f506b760773b2c189661e9c28c4cd9b1656bd0e21f8490b029abec79

SHA512
6d36ec43a62600e0064888200c899024bdc2fe687b0819fb127f2db1e05cdfe9c619df19c54fbd38cd8eebe85f5521c2c758e9a5d7186bf9a49384b69e2676a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\unrar.dll

Filesize
168KB

MD5
a8c0ab2352b77e9ee4e903ea93025637

SHA1
d4913a6d6c008c74da223a0bd593ae62134ec8a1

SHA256
ed54c750b0a69b1a21858bd88e38b08f33da3a860cc5131e86ac3a6e62c799db

SHA512
b8cc60773b2ee849bbbb3b28ef8f0b6ec614f694db07e62f4aa169cbdeb744b289ac0a2a16b4a4812b50c1edec0c691c96ba89025690788ac8904f9d129dfb5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bin\unrar.exe

Filesize
240KB

MD5
49710e363e4c247716508672f909d5ba

SHA1
74538e7a6515166fd6e83b9c72ee28e529e462e8

SHA256
cffd9238edb8484c2831508505e81a733f5074ba002f98e573dbdb7118c687ad

SHA512
e863b4bcb332a552d73a9dc2e41a4e86a4b528cd46991d3489c129ff46973778f65fac73051bd4a6d33e5c15b1154bc761bda376a767f48a3cc1d9391ada700f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\blank.html

Filesize
732B

MD5
0d7b8e5d8cc5c218db6b9b275c840878

SHA1
0b75c7b62a3e1fb9fae83a441dca8f5763411c5c

SHA256
b209966eb86b9a3b8394564ea64c96a6f99ea6224b322746d2b9139202ca956f

SHA512
dd2e6caf2bf172a18ca26b07bc2e0373bd8387c375da4188e8577964cd4edc13cfa38e090134288ced9a45bf6efbe0635b1eab8697e6bab9ef3c02bd65e493cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\blob

Filesize
259KB

MD5
a8ea204f62c4e113eb604e827df72de3

SHA1
72ba868798f002c0dfe1245783cbed0da2ab7dc4

SHA256
910463c321ac85265e0640302e6c037502be76af3c4d34a88fd037389853f555

SHA512
b2446472eab632702b6953d454bcc258dded30376c6e3c7014c59ca8c1c42e804329760ccafbdb352fd8140c37275e359ed3c1958a54dc2b78f0e10212830a46

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\compat-5.1.lua

Filesize
5KB

MD5
bf01d86a2fa40d1e017518b38bf317d4

SHA1
687f0247363529d10837357a4ca8c68c6822d99f

SHA256
c680313d7fb2f43cc01008e05b3a8a42614c1b6bc540bb521d8c8ac3f8d2e749

SHA512
097cf227d0a84da3a4388720df897a209584de7c6920869ecbdde4868968a10748b94ad26b7db37f7b7eeef1021956a92daec34b88e9adce2d7e1daa8a9f3d9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\config.lua

Filesize
891B

MD5
54d073a8679f800dbe20798d91733e80

SHA1
f9c691c843f1e206323bc3dc2202f162ee2df142

SHA256
3302b7b962a8009cd9a7567e745711f09cc06d0c72d60a0c60a6db850a2cccc8

SHA512
72853504959bcda46c20cec9a00b599c63efae20859cc734661754d1fd316a18141a98c6476ac5a7521452d9bc5a2645114277ff699b9aedc59e237ea0b41819

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installerMain.clf

Filesize
68KB

MD5
4d818af09340737bb985298261ddc4f0

SHA1
3776400963e0a8db5937a656e413fe740b9238ad

SHA256
bcd2bef408cc1c8c0ab7fa2a0eccddf981857d58464a4464b94a7b07ed8b8ee3

SHA512
e34b4a7ea6ed6a2eb0b00ee9d93437af234c1ae6cd234df26035eab60df664704339c40e6fa1c8b57d855db7c62bd181b2231a9d58d84339b93a9b6bd62628b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\mrClean.clf

Filesize
9KB

MD5
1609ec3511f1708319221649c7a01268

SHA1
69608c7079ac9dbebba34b92eeb439000be88a8a

SHA256
569c1c4ec6d69db46c88313da753c86cd18f994dd0baa8b19bd017bb1d20e2d8

SHA512
66638539e6e1e48fbb998906c755369015f86270de702182c6ba068bef6bcaa7cdfd6d27bc4853555e9080085cf80b23391144ec4ff6e01c578b65e2a0df593e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\http.lua

Filesize
11KB

MD5
70bea91d8a8cfc02b1ac52c073ca9339

SHA1
fb23117434be1ac2a2d07b2f1212e27656639d7d

SHA256
e07264f52ea292115df36100877e5e63a7e9573c71607e53c3cd02f874f39da3

SHA512
dc406207b085f14239cf80871d10cd30de17f4beda6f9fbac363060c908c8e91fb180ee480a5c2d8bf1528d9ecae1c84491653aaf56cfb958f9a2b6fcc5a6191

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\ltn12.lua

Filesize
8KB

MD5
c626e458513badb51f89f479110a8cb2

SHA1
6d9e1a991a5d5ee3bc4c0390878a54637927483d

SHA256
9884f439fc49cdc984d7fbca33b8537f714f2dab2a29c0e324d3fe819a3aacf2

SHA512
4aa91940dcb889751d0de368429c63cba59e9715a43df9cfcbc11cb19348f4f6eb61e516cdb2ffe4d2ffdd9ea9f600097f972dcb89692944e3d3ce4bf94c6051

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\mime.lua

Filesize
2KB

MD5
1ad72f8bfd68decc6978bf9623f63ae6

SHA1
f8e37d31ee47fa50724faf0f63ddb3dc74de3dd6

SHA256
093fc21ff5e77734fc1a6f4fe66cc1c177d12b8a832eaf9c26350e84330e3b58

SHA512
21fc6e2d639bb5465540ee3cb778074d461e5d22f741f7e261bd63a1c525f5c4d06b3d1417a43e6887c532a1fe9d6b17f1f7602690b3e8a45ab7fc2291186c8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\mime\core.dll

Filesize
24KB

MD5
8eb923b32f76b4aa1c324c0764a6bd95

SHA1
e15d2d5c065c689d2f107e0381645339a2baefbc

SHA256
87cb3cdad3b854598386350d1c169f93996c74ba45f1394d843e07780b5d79e8

SHA512
494861bb8a55af17396bc5b62b62a2cd94658702a04544b8ed31f2d608ca6fa23fc7ed449c2eff136c9a4a86d69d3af4bfab8ba2db35664616813ff082fad4db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\socket.lua

Filesize
3KB

MD5
0f260950753b2742235cd5c7cd570748

SHA1
84ca168531478e318c25ab6f8cdc8692ccfa375a

SHA256
128202b8dbb83470a196f9e6e125d0cacdc0d81ffcf5b2c8a48037b165754f17

SHA512
b2673ab19bf645998957712df259bba33c300bed20e697ee1d01ef87fe4196f6b377701c3f6ebb8eac9504e32809c46727f24cab0641a0f2d70987f6a830b016

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\socket\core.dll

Filesize
36KB

MD5
fc3c96670e67eff3a9064fcbf9398b6e

SHA1
a3c89ecd29745fa34cac76bc3773cd3c5018c2ef

SHA256
e4ede13a74a2eb38397dcf8bd1794f2231ee6fb4abf5e9df76af65f945700978

SHA512
12113c136c9316fc7d68ce90c02a52540e208af6e8ede2c46da301dc55e17c3b933c959541c0e3068ed3c00d08bee183a56b524dedb395137d48dc144331225b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\socket\url.lua

Filesize
10KB

MD5
2433a5e47fc49d0d65536836d423b10d

SHA1
4fa4d38858daf827fe6ca9493dab5b21ab57285f

SHA256
cdf125d8ebbf7e422a3b666b9ae1138a50c80396befa4b3455e50c966cb8e94d

SHA512
df0002933242b23e02124469ad67e84f6bcd51a8175098e1ff6b7c5f88f8a9fdbdf8f55f051d71746968ae825bbbd1ece8f8ed85131f6dddbe57e4b74dae983b

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\bin\RAInstallerPaths.dll

Filesize
61KB

MD5
825db916e1855f13f04872fdfb820c4f

SHA1
87a0c5da5ba368a11d33c89d1febf6f65a13321c

SHA256
16d3b121f1494fd8f5a6d940082d0354580f02bc445c9e4f8c41c53f6a147a40

SHA512
db46a19fa3eea38d491681f2aa1294675ebd39cbf9bfc59d7c05ca7627e03647a64414857c557c6d826b060a6a2521ec26530a323a72c288575942200d90ecbe

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe

Filesize
61KB

MD5
cbee9468f531cef3d8cc8111262a7b02

SHA1
cbb33dc010bdd0c5d3a6ea0cedf891955c16efae

SHA256
897314faec830e5cb3edbeff2626adb1a4654e9be335041d25154defebfbc4e5

SHA512
190df3b1404a7653f85fa825d2529679896731e34102545410cf5aad785540791664cb2fe946384134b9125ccbbabd0acb2c2a90efc447e30ae9c6426c3c92c4

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\bin\gameinstaller.exe

Filesize
93KB

MD5
97cf775d7c8b4cb1ff4b15be53f60ec4

SHA1
f12b7decd6e2c44b6dedc092cae942dfca08bd7f

SHA256
dc35dc06ba03e563aae786853b90726ad65b022fd407d659ec96c72172a8643d

SHA512
69f85f9de47c952a01c71f8135f47ddfb1fa436224e3b2dfd65defa909cf29379ef437dc1673347691a7ab29c602fd7ceb66b7c914df53c0748cac7b0b856823

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\bin\luacom.dll

Filesize
239KB

MD5
8646c96a7ffe130667a43ac09e1e8567

SHA1
f626208884651a80149f7b240b6974b8b889b022

SHA256
52752e5f97e78a4f2420bcf44a6d55e6bc296f61a44721bfacee95dbf1ae84ed

SHA512
3c0918343d96c58409c7270ab4ca84ea1cdfc67d834412ea3af85143d7d57487d06d19dbb1721c4600d31f0591549a76f64c1ca967da36a96d5c6344fc71187f

Download Submit