20805f98dbf288c05821edf3373639b5d51e67a51c683f4f31cce77be3f6c2da

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

4.3MB
MD5

1b1a928db317af1bed4be0fd0adba475
SHA1

3c27700a34d80bc830ecc65c47b037e7f8c71cfd
SHA256

20805f98dbf288c05821edf3373639b5d51e67a51c683f4f31cce77be3f6c2da
SHA512

4acc1d7b4e8fa93da7bb2b99d7d931e789d316df741c59cd8f55c2b76be44ec2e80a90afcd81c170457fa88bfc877407514c83b84d7aeec5c0468941b7ce428a
SSDEEP

98304:Tf7wCQInrje/CAVMJy1W4DQ2y6FgeIoyN:Tfn6/VSlMNy6Q

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.backup	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File created	\??\c:\windows\system32\drivers\etc\hosts.check	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts.rollback	hosts.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	_iu14D2N.tmp

Executes dropped EXE 40 IoCs

pid	Process
4272	setup.tmp
5080	FlushFileCache.exe
3044	unins000.exe
1936	_iu14D2N.tmp
460	hosts.exe
3168	hosts.exe
3132	hosts.exe
3140	hosts.exe
3160	hosts.exe
320	hosts.exe
4004	hosts.exe
3584	hosts.exe
4788	hosts.exe
2428	hosts.exe
4812	hosts.exe
1492	hosts.exe
2728	hosts.exe
3816	hosts.exe
2896	hosts.exe
648	hosts.exe
1936	hosts.exe
4772	hosts.exe
2384	hosts.exe
2636	hosts.exe
2704	hosts.exe
3532	hosts.exe
800	hosts.exe
2016	hosts.exe
3964	hosts.exe
1936	hosts.exe
3676	hosts.exe
3320	hosts.exe
668	hosts.exe
4084	hosts.exe
2392	hosts.exe
1560	hosts.exe
2704	hosts.exe
4012	hosts.exe
4960	hosts.exe
4004	hosts.exe

Loads dropped DLL 11 IoCs

pid	Process
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp
4272	setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	_iu14D2N.tmp

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4272	setup.tmp
4272	setup.tmp
3936	msedge.exe
3936	msedge.exe
3896	msedge.exe
3896	msedge.exe
3440	identity_helper.exe
3440	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4272	setup.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5048	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5048	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	5080	FlushFileCache.exe
Token: SeProfSingleProcessPrivilege	5080	FlushFileCache.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4272	setup.tmp
4272	setup.tmp
1936	_iu14D2N.tmp
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 4272	1276	setup.exe	84
PID 1276 wrote to memory of 4272	1276	setup.exe	84
PID 1276 wrote to memory of 4272	1276	setup.exe	84
PID 4272 wrote to memory of 5080	4272	setup.tmp	90
PID 4272 wrote to memory of 5080	4272	setup.tmp	90
PID 4272 wrote to memory of 5080	4272	setup.tmp	90
PID 4272 wrote to memory of 3044	4272	setup.tmp	94
PID 4272 wrote to memory of 3044	4272	setup.tmp	94
PID 4272 wrote to memory of 3044	4272	setup.tmp	94
PID 3044 wrote to memory of 1936	3044	unins000.exe	95
PID 3044 wrote to memory of 1936	3044	unins000.exe	95
PID 3044 wrote to memory of 1936	3044	unins000.exe	95
PID 4272 wrote to memory of 3896	4272	setup.tmp	96
PID 4272 wrote to memory of 3896	4272	setup.tmp	96
PID 4272 wrote to memory of 2100	4272	setup.tmp	97
PID 4272 wrote to memory of 2100	4272	setup.tmp	97
PID 4272 wrote to memory of 2100	4272	setup.tmp	97
PID 3896 wrote to memory of 1488	3896	msedge.exe	99
PID 3896 wrote to memory of 1488	3896	msedge.exe	99
PID 2100 wrote to memory of 460	2100	cmd.exe	100
PID 2100 wrote to memory of 460	2100	cmd.exe	100
PID 2100 wrote to memory of 460	2100	cmd.exe	100
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3332	3896	msedge.exe	101
PID 3896 wrote to memory of 3936	3896	msedge.exe	102
PID 3896 wrote to memory of 3936	3896	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Users\Admin\AppData\Local\Temp\is-E5BSE.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-E5BSE.tmp\setup.tmp" /SL5="$7011E,3903100,140800,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4272
- - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\FlushFileCache.exe
    "C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\FlushFileCache.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5080
- - F:\Games\Red Dead Redemption 2\unins000.exe
    "F:\Games\Red Dead Redemption 2\unins000.exe" /VERYSILENT
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
      "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="F:\Games\Red Dead Redemption 2\unins000.exe" /FIRSTPHASEWND=$20258 /VERYSILENT
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Modifies registry class
      Suspicious use of FindShellTrayWindow
      PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/fitgirl-repacks-site
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd42d46f8,0x7fffd42d4708,0x7fffd42d4718
      4⤵
      PID:1488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:3332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
      4⤵
      PID:1320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
      4⤵
      PID:3192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
      4⤵
      PID:2688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
      4⤵
      PID:1020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
      4⤵
      PID:1044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:1128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
      4⤵
      PID:980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
      4⤵
      PID:4232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
      4⤵
      PID:1912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16184775520485890914,16609907820587159932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
      4⤵
      PID:4872
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\host.cmd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepacks.in 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:460
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepacks.in 109.94.209.70 # Fake FitGirl site
      4⤵
      Executes dropped EXE
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepacks.co 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repacks.to 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repack.com 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:320
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repacks.website 109.94.209.70 # Fake FitGirl site
      4⤵
      Executes dropped EXE
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepacks.co 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repacks.to 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repack.com 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repacks.website 109.94.209.70 # Fake FitGirl site
      4⤵
      Executes dropped EXE
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add ww9.fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add *.fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:648
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repack.net 109.94.209.70 # Fake FitGirl site
      4⤵
      Executes dropped EXE
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repack.net 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlpack.site 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlpack.site 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repack.org 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repack.org 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:800
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepacks.pro 109.94.209.70 # Fake FitGirl site
      4⤵
      Executes dropped EXE
      PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepacks.pro 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site
      4⤵
      Executes dropped EXE
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:668
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirls-repacks.com 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepack.cc 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add fitgirlrepacks.org 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirls-repacks.com 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepack.cc 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe add www.fitgirlrepacks.org 109.94.209.70 # Fake FitGirl site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe
      hosts.exe rem fitgirl-repacks.site
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      PID:4004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420 0x30c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
320062b129dd412415542e79ebd1ee6f

SHA1
32eeb7e12e6cb946f51e8999b5ac7804bd53c1e1

SHA256
0ce982223d275ff9e00709e755c88bdbc27a130edf3b0875d14015f68e1a953f

SHA512
011051cef8aae80fbe9374fc1bb71ddac80ba484222e12f34dd995062cd9738441a5dd4dc832fd208ed172bac92db4acffb682b667ab39a6e782be101e313174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fdcc395dc98410afba59bb4327d02b9

SHA1
5b37e162596d5eb02f5a416abfd8f26baa6d46f0

SHA256
4f1ba32a34ec230820ea1ac0fad325298e15fb64c65862b7c05d476f203ecc77

SHA512
8cb17138c230fe1f011b0e4ddc764080f8a5c855d6e79c6a204a3a9f03ec709c2d1d0dda4fc25cf11d20af494300be6e3b1138bebf150de734e3f30854e5669b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98a9b2b739193015a28eb64236bf1503

SHA1
8532dcf2663e7289cb433cd94f8dd02937006b08

SHA256
cfb28e15d08c2521945ed82d57fab0d0076cab97ec1e22c492bd3a36acf4c65a

SHA512
f5e91ab1439f76d7f3c92bf61bb968806e90cfdfbd14d7250e027ddd72921e8669a06f6bdc5ff4c5e7e7723bb1be66118bd37b25b41c4718fd0d72a14ffffe00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b994cec9d50817e1aef8ab84430916e7

SHA1
609fe5991730a30be9fa439c65801867e59ebd91

SHA256
ad949aec752cd17401a69ed801527d024f7c5ff823b72a24614991421634c663

SHA512
016dbf5b8fcf348fca5ddd3373a35a0947462263efabc81b1d9c6771006b0fc9d662b9cd624e59ab340a67effa464a0b72a597ae8356ca827020d6a4cdd5d827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92144628834458f700ca2967b136558b

SHA1
cb777c712fc661cd7b090b4ca7f0f516c7aedb95

SHA256
4f7f459f53c92282a15e1d5ce878e1c309884c4a0ac54531b74e4cf1cc529496

SHA512
b00cb1683f9f915d30d3641ae34028a4bbde540368f7a984c739bdbf62c275a84ea0424bdeef7bf9fdf770d7e04815344db063ae598d4c9fc7bc1d509b62eb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b66e1413cf2af1b563a80adb4db3f57c

SHA1
b8845ad36d10ea4be1b6ef7a3851da2c3b6f2378

SHA256
a03d56410160bb3adf69111fac63c26da06aec99a9f965478af18f28affab15a

SHA512
b80cf614fa99dfa3d58e1ecfb395c4622fedbd853baf9d9b267295594c9f44f86b64f7476dfbee160c8bd540d73475c9bef46daee1f1891435e5312978eef42f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4N3VM.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E5BSE.tmp\setup.tmp

Filesize
1.4MB

MD5
ae9890548f2fcab56a4e9ae446f55b3f

SHA1
e17c970eebbe6d7d693c8ac5a7733218800a5a96

SHA256
09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449

SHA512
154b6f66ff47db48ec0788b8e67e71f005b51434920d5d921ac2a5c75745576b9b960e2e53c6a711f90f110ad2372ef63045d2a838bc302367369ef1731c80eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\BASS.dll

Filesize
103KB

MD5
8005750ec63eb5292884ad6183ae2e77

SHA1
c83e31655e271cd9ef5bff62b10f8d51eb3ebf29

SHA256
df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15

SHA512
febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\CLS.ini

Filesize
975B

MD5
9ebb73d0af5b55144e73cfe0ed22af4b

SHA1
d64fba0eb724809a37be04146d839c14acf56a15

SHA256
3ee01eff756d625e835d048cf8248c5f98ce4d6018f77dd98d0b8305df0af62f

SHA512
fd870853f2f43114d32e8213ff58a79fad3a05402b0589a33a2180d3795fe740b3594bf7814621e1a0acdc8cf64d8df69a313376b99393cd73e6387c440bd5bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\FlushFileCache.exe

Filesize
29KB

MD5
df77f2b6126f4f258f2e952b53b22879

SHA1
fedda8401ebfe872dd081538deec58965e82f675

SHA256
a4cc6683393795f7b84d0b49eea2d7d7fbe1392bb7612cf39896af6832ffe0b8

SHA512
623c5a2b3382b610bf2a2812db94ea77e52051f307fd1ba7767927719277a7d99e844f9286a52549f888ad818c4d4d09759c031a8ab6dbc58911257987028a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\ISDone.dll

Filesize
380KB

MD5
63dc27b7bc65243efaa59a9797a140ba

SHA1
22f893aefcebecc9376e2122a3321befa22cdd73

SHA256
c652b4b564b3c85c399155cbb45c6fb5a9f56f074e566bfd20f01da6e0412c74

SHA512
3df72dc171baa4698dfd0c324a96dde79eb1c8909f2ff7d8da40e5ca1de08f1fc26298139ab618e0bb3fa168efe5d6059398b90d8ff5f88e54c7988c21fb679e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\MusicButton.png

Filesize
1KB

MD5
473a683962d3375a00f93dd8ce302158

SHA1
1c0709631834fd3715995514eef875b2b968a6be

SHA256
7f4ad4d912cdabdfbb227387759db81434e20583687737f263d4f247326f0c1a

SHA512
24ffe03b5de8aec324c363b4be1d0ae4c8981176a9f78a359f140de792251e4f2e3e82e2a6f3c19ff686de5588e8665409ddc56fc9532418f6d476869f3f1f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\host.cmd

Filesize
2KB

MD5
a34e77b7914399b5aad7813cc16ce77c

SHA1
6136c68a59cdaf998a910e79f25000ede4b531ac

SHA256
b5918c0eac32ea3fcb3aca586b46311c390a22d055b10b90ca7f6bca4f3b1c7a

SHA512
642e1a21d1eb7baab88fc93170b384b3860d6f95930a2ca809605f753a305d4b3a6f9a1412e597b9e61789737444b2f089eb39beb86c13524808ee2c47bd648f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\hosts.exe

Filesize
32KB

MD5
a7f30bb876775a914422675a13dd56b3

SHA1
3ea28fe66a04ebbad2507a7dfdebf1622c701d43

SHA256
49bdf4c437cf51ed0b369db9935d2f09883859d96a64593247c89c70e6840119

SHA512
6decbf54a3b62cfe549f1e45d1e5e99b2c33c792a67e9f29b9be3cb51d7e89ff0238cc4479f4a004d2b70989517531ccbbd6e420675fd3d37949cc20c90a6656

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\idp.dll

Filesize
220KB

MD5
af555ac9c073f88fe5bf0d677f085025

SHA1
5fff803cf273057c889538886f6992ea05dd146e

SHA256
f4fc0187491a9cb89e233197ff72c2405b5ec02e8b8ea640ee68d034ddbc44bb

SHA512
c61bf21a5b81806e61aae1968d39833791fd534fc7bd2c85887a5c0b2caedab023d94efdbbfed2190b087086d3fd7b98f2737a65f4536ab603dec67c9a8989f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3346.tmp\wintb.dll

Filesize
16KB

MD5
9436df49e08c83bad8ddc906478c2041

SHA1
a4fa6bdd2fe146fda2e78fdbab355797f53b7dce

SHA256
1910537aa95684142250ca0c7426a0b5f082e39f6fbdbdba649aecb179541435

SHA512
f9dc6602ab46d709efdaf937dcb8ae517caeb2bb1f06488c937be794fd9ea87f907101ae5c7f394c7656a6059dc18472f4a6747dcc8cc6a1e4f0518f920cc9bf

Download Submit
C:\Users\Public\Desktop\Red Dead Redemption 2.lnk

Filesize
583B

MD5
0396fed8e5a69b1f973a2c153908db55

SHA1
75b81a2ac041aea286b5e5b733e2a0d648e1b94f

SHA256
f3cf824e9374b6dc0f6352d66c6205d137e0f2d52f2ea551836ab64d31e5475e

SHA512
49e8dd52909114b384b2992ec85923cd32c984b5966114fb28235b50f354fb6903a602bbec8885e2415661846f007be612ebbe6f7c10a12e1abfe13b75ce0c52

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
008fba141529811128b8cd5f52300f6e

SHA1
1a350b35d82cb4bd7a924b6840c36a678105f793

SHA256
ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84

SHA512
80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
b05b62045ed529ecb9b6ebda9c7a03ca

SHA1
863d797d748b9e21ca61f29104353f5030070adf

SHA256
3be6bd7ba208511027f993fa34267df2381e66ac0cc0588081a52336ba975406

SHA512
e087677905998ee05faa64bcc4b1f1f35db6e18303353c3b4d9f85b8d5dfb3824f70bac91f1448a87790d6c0036bc091f32c2a392de20216612bfcb9ed2f60e0

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
90098a89e470bd12f2ab7e3e46190346

SHA1
5ea45e12a80ab1cbb560be1823dc68260cacd84d

SHA256
f5a2d2df78c0920e4a3917939f169f39aa31be1df429404336341d3fa0efe6dc

SHA512
7e75c1775c840b0f7c4cc29ec69c5b72be84d008979cedcab243f32fde18286479ef7ca2efe607edbc73a7d328166d99b1948738261cb5c0139a20e135ff1970

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
29476e3e293379d1bf00cb5cca2867cb

SHA1
0df705b8f203736cba3d2fbb7938e87867f9eeb0

SHA256
7a06a579c327934bec75b39bca99d09969f210e323946817ac257ad80c24959d

SHA512
5986b1b5086158917308d88aae7695f84d363fa93711b959d69be5d91447b7cd3faa1f09bfa6ed217d9b52c235f7a4d3eb9d95d231d68dc682a6d4962c3edf77

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
4dfdcceb3a21e723d5eff18a6d1504f2

SHA1
6860f1e5d159ce202dd104db7d288b23f3580222

SHA256
5ed94bc1c5b7cd111711306682ee9ddfaaa71967e2626d936d87755be7cbb96b

SHA512
934b303382ae250deb838de9c13852555e6862ca9ef4d9c18ac7d2d53e520111d928fa5c7e7026864490028f2d8b38bad00a809557fd19bf6147261ed6f59731

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
9fb2798481ae865b8b50c179bdbca26e

SHA1
f8f17fc83ab37645eeeb698c3cf81b46a245b656

SHA256
2468e5f2ffde0f1c564257a2cdcfe9f3a02dc61566879c16c1cde32826f3ea16

SHA512
175e60002fa666c9e0404fe8413ca9b8699c32ff15c573c5954ef466ebfc128b74c2ac401ecc62303d61dc84b826bb725dfbc5676513f4f7e6ed9dcc577c75bd

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
d4311f9afc2b6a3abdac082a777b863e

SHA1
ad58b01cabc00391fadd177fbd2619b44ea510c5

SHA256
52abe4e9a74d2129d860536fac246f8b3746b0d3636348bcb1bf4b8ced0858b5

SHA512
3c482ec2e2760f16409dca398b1a1a6d9959716805bb0df5969858697ac581231d57701997ac70f28b9344ea93eb0c45fa94be52a68d09cf78402c471bb0f9a1

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
e503bbdc60f908008d2b48c11f8fa4b7

SHA1
52d54408cf1bd659f18f03583ec006b034e030c6

SHA256
420f4ab3460810eb2297082d96e197b57fbcb916de7b207e7617e4c53d3303a5

SHA512
593843f1dc1fbeb2ba82afebf4c7b7603155b24c2aafd98347dcbbb1b646bfaf941d0c392bedd765db76cbe50392f793b23be481e1cea984ada02206e9c9eb0e

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
ccd5727329626b06ec141a1bc31aaff0

SHA1
5b2b26a9f8ac7f157c2b8023b14f5bc10f7c7422

SHA256
4e492b443673a224cd26615c61bd5898a807a3df2922ac6068c18a88e31c724d

SHA512
040ee693a767c80b133571f080d357d2c996b7b83503a9feabfd4e66118e2fb8defcbd10829932fbe4473f8adffd9276e06fad8797c1f169ad406957faeb5914

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
a191caf190dade435e0855c3abd9eef4

SHA1
5923f980f3a0f21d02f9a94b85bdfd6001d67d32

SHA256
45b2d1d6aa2aa63746d5fd7caf5faa05602c4e2339fb366ddd29cc1404a45189

SHA512
cabfbfed58b2866ced3d9f002cf1be253a259bdf0535ef4eb56abb25f6c270897cd003fb872a0f4721320d4decdfda8217e2e332f2d36c9c2cd08177f431ad6b

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
76df54f2193b02a222ad9c85f8d7fb55

SHA1
fd053ecf306d42937fd89b141c1f01bbb858ff17

SHA256
20eedea1fb760160310acfa78346d539fa75339788ae09a5d9718fb5a5031af2

SHA512
12e1ddfa8d3fe3d406eaa95e2038a6c79e01c6ebb1369f0dc39886c5644769c96ea66d6fdd771278dc7870297fdb2288ee83d13f3fc90a60977da69228261cd0

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
ee5fa31908c65132abeecf0ecaa722e6

SHA1
2abeaa7758e4d3b5b8e4f858045d2f2ea7b829ea

SHA256
f26284764b781d9acee11569257cc2316928e3a86a316e30d4c30fd30be2b7da

SHA512
7b91c0094a970c14de43a24ac70d49236088572eeed7d316e337f0363e91ca1a7870a68795e71ebea0ee4067820014a4347fe67566f3a27f2b8d88bad5b86441

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
b1472a2418ef16f2b5a082c36d0e4539

SHA1
ea1cd76485753e4ad9a4ba42beed90a9c50701b5

SHA256
8ca1133d16ea6da99d4dc459989548000f71a577a331e0003acfc693f834b676

SHA512
3d673f2627e5c14047d78e987f5ff86666eaeef8c53eff0d5138a66968186f2a250fbf96df9988f9672386b89e31c3aa04e139e22a0a964b19f3b46ab48fd235

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
e0d5ba1421bdbf0e8ed19776dab4906f

SHA1
d7677d5210503b57b03f6eea3cff77346664d7bc

SHA256
00a54adedbd15a9eb9853471cf73ada6c78cd9e0cb4d98ef9d43ae6b2dea0929

SHA512
bb2bad26f9e426f62f1c7427367e8b07b2255b81fd230830a073447536d191ba317f2fa2ec79e38e63e1e3c3f040bb3f8e5e066ff4d84b18362e1d0a8be64b0b

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
40ebd45eb7d4a0c9603aa570ff23699c

SHA1
1c20ff81dfc6d415a40347464693f66d7a311be5

SHA256
53cf5077e2cb700bd51f38f72686bf757bf161f0999436dd32f66c4be11213cd

SHA512
44254fa44271e09f6561d76ae2fd4a74d9f80a7fdbc0656717d8c885fe3ceeacf7d54e903c41b20bd0556802fd005b24289d59f8525a3fafdab67ce2a56e0d42

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
3ff884fca2d368e5cfbb52e30234fd11

SHA1
35b68450f1fae9bd36e468a2e21034a8d3c84689

SHA256
4245b99a986a640597f72f1b27f47733b5e4cbd4a15f08332082267a314d48ed

SHA512
31f8fceb6a03aa1965f8d3b97e4cdc54c80d23e2af5bd960458237e0ee840960fc3c34374c2d5d921e2d4af37e7f5d676a9788775bb53289c9b74fbd00b153ec

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
9fe103c8d91f6c65c4ce548c693fe8d7

SHA1
b659ee8b4bd2b905e7e243bab666e3556ce967d0

SHA256
c0d3da88706fa36012a9a96229a7441abffc22ffd5d0c286cd1eb48061f4a30a

SHA512
ae8e8fb6a3693681c81b1d46c42c063d51672b60f06b94413b4ec35c7779acd0f2a65aab1a46142c7343354018fe8152889de6a4d1af2882f320605f6bfbd4d4

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
c36742ef5dd70ea36cda6ecd81a4d678

SHA1
041cd3d88289e0861fb9b8f04690493d8c291687

SHA256
bc3b6ae133168da1f690d81f19e97f077276951338a7af60c2912d54a311f03a

SHA512
1429e7bb515e02574c4ac135be6285540a5506d33a06dea1c94f17f8e43d0c828351b57ab62331d0020ba83ddb28f10a2cc62550047a1fc364936047152e07d3

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
66676c55687af0f9f1eecdda45985cc8

SHA1
ef4a6e8824dd54423262444cdaf5bc667f1266c8

SHA256
7bb67cedc7f8a04090147cf368b64243308a3bd6da1799a046027cfd435b714f

SHA512
a98785d04ac8d7dbd7c337ccaaf65baeb1cb005631df5593c0d783b81e6d5c65668a3e2da5231f51715ca9a25f2b23b7ff5043fba16b6b25f80919d123d1f6b5

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
3c781d3b80218762351bb9a42d0782ce

SHA1
6e63bff29632824dff4d89e0aab745782ddbbdec

SHA256
0fe32c6fe4eae1a50afdd77a6e3e5d96dbf017759220c37127b1090c32ba3fe8

SHA512
91546cf62b3b99f8d44ea40dc3f7eff9b6aaed6071ecef8d75fece17a7ea3555a42cc3e0011c990995b5e1c0142b6dde12f9223571f9979ef4f0ee0fcf36b223

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
b705643cb2d0b85a62ae1e969f03d4af

SHA1
9ecce839b40d8652e4e2a247928e944e75d022ba

SHA256
5ecfb130b3f71d25e2786be35154ce930dadcd9dddf4f59c326a4bf12b4b54e8

SHA512
e8709629811f1c9a643e5a98c86cf782ac7d525cfe96865336d86705fe4f852badebf71a97de3a5091569b0844e2b25be430b3d11f6c19982f0ea6437a57fd54

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
24429e530db973ac391584f32d251117

SHA1
978e31ede27cef77146dc238852ceac088126097

SHA256
6b2d23196fa840bb86693326707540bd5cb1f7718cc6b6a509afcfd82343ea8f

SHA512
d0afb69ca561c666015cfc9f9252e6419a84f84173538131883f84570e164cf37cf36a314068c86ec1572fd63a2d1a67f9285d5dd066707664414aa9ea6ac3a4

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
36676d685d616dcfe799bb1e8b293416

SHA1
af848a44b89cb4ac61a08620ef9cb24a05793034

SHA256
6bc420b61acd03d7eb928c6555f4ba47809b5148146219448857771963d68dff

SHA512
520743b5a929df639bc19a5e4ebc1143af5b6acebd85ff75a3ef122b1c1372025d329ffa9e6d6f7a897e586addbcb59283a0c342eb5903db88183d583d90bb92

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
097dd503c6d9267ff3306caed5743e94

SHA1
3ed9bab5ee45b07c0d7fe0db4a9908811345aafd

SHA256
9a61237fb8426a395166cbe7cf5702bb2299b88f05661a5c329f677bd2f021e8

SHA512
50605e6e2ed8167ed17edef7a407d9c770900476f74f3366b13c5adbffa54f55a87e354e1f11b11c3e49885625d90f23f1ea3e515a1677cc52a3cf2bec80688a

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
84b9d630222ead75430a862dcefee055

SHA1
6cdc8aee22eff83d48d1879c44452df3931ba6b7

SHA256
c4dd120b15404d66afbcac20d8493dae34bf9222ea404fa9f2c2d81e757e6a5d

SHA512
c4fcdf8a6a7784ee07cbeca0ba641efafd0252b846a778f03154788be02130e852965d65a3a6718813d1fa1949fdeee4f19704da34a7f04e98412dcc1c6e3918

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
26236999c3c6dcfd87a6b04ca9af72a3

SHA1
ece1251ba6f64a9db2e0ad168dfb270c4f0997c6

SHA256
9aa35c39198902e080b6f861c0717e6279a7f83c2cc1813275b24a099723746c

SHA512
35cdfbc0598c78c4dd79ef5b3e6b5e5864b4bd1fd54c4eee9e07778cf26b3019312e51cd2f1e55b10cd61fdb2fd806f783093c256fe7068fd4ac8efb379cf92e

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
959fdb365b7d1b64645413d950fff4e7

SHA1
9e61bf4612e23da89abbe6ae1bc16c5e73f2d0aa

SHA256
86dd104082f76b2664ab471b7cc450cbc151a4f17fc4ab6d729ad6a622b125bb

SHA512
666a251a21e2d5a233ff9999245f3bfc040b3a92db3ed5fb1799c22faacfd7e1b8a938115a23e5d9a010056870e62f56996bedecc6d2427debec74c1d6cb6beb

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
5187a3f340b117e9b3ad4780a2bd06b7

SHA1
abfe1dcc97d413d1bc7cbaed246a1ce5ea1cdc21

SHA256
b10ae0b1c945d26e1c96030ee0a0fe74153ff4e3ff6e363319733997037aeca4

SHA512
e80843c9abcf61142345d2dc9e31d8cc0ebf8e02781e54682dd3031f4bcda06bbcc96934624be33ddd12255665dc54a05ac285cf6b42269a25971308b49491c6

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
9bae2070267583bd0d3f6a5ca8ea1375

SHA1
78c0232e8924bd7f71820f2598a591b6c192ac05

SHA256
f593417272bbb8901fdd4aec3c558d0175710cd59c5a91d80977e4beeaf6e578

SHA512
1e7bc6c1b06c2bf1b2298041c6416b3589d14064cd3fec6b2eae354f4dbfea857cee4df1cedfb5957e2aa01636df8746f58996fd5d1d954ccd12194207ed4676

Download Submit
C:\Windows\System32\drivers\etc\hosts.check

Filesize
2KB

MD5
955e4fd52c5b602983814fb8c2d127a7

SHA1
bccbbac46be1201fea8ea8c1a17268c943308178

SHA256
3217c186a99f21287a7c0e510be7efb23649d0d55e1502a40284c9e2ce0ecad2

SHA512
87e1f12c9c1f3a2363a2c1566bc77ff0c5653d640802024bac62b2be27ea3d8d939a023bf01df58347badb3cb61ac700458cd6208b3f09524a6dadaac25f5aa4

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
58c038bdfa1029309ac8934d58dabc67

SHA1
a5c07b734be2e1f22a88d88c303146eb419f96a7

SHA256
09a37ae03d23e382c5c07d8bf8bad4eb426ca9abc37a2e74d1547c425a7a5171

SHA512
efc8a28931256ccdd8adc1f6b7105059d015aab030ad2de43a319d46c6fe3a7118f0747767769c73259bc03d695389ac7f1340cbdb1852d00d063d25953ed370

Download Submit
F:\Games\Red Dead Redemption 2\Force Chinese Simplified.bat

Filesize
55B

MD5
657c228e1829f95a62b7bd2a268e71d1

SHA1
dbcc6a8b40b41b58a6ff99bd4369e16a6d3f48ed

SHA256
5a80825eece05ba9347a8d2806dcb109a8b3f0816547d6a53ffe15446f3ca4cf

SHA512
9aa9826e66aba3518bec16f727ca6ddcf2feb3be5e0bbb2522f1196c5dca33374baca389ce3b3dc3f953202c4cb718b5f9263b08d63f08ead986c89cd6934ec8

Download Submit
F:\Games\Red Dead Redemption 2\Force Chinese Traditional.bat

Filesize
55B

MD5
a67cdbfd854ec26a64a0a99415869941

SHA1
c3b6de1e0455bb9a6b17d8fe38eade2def8a328f

SHA256
936b5c8df7a2f8f8db493d808e4b8367ce1699ccc5d4c4b8abff90dd0d145523

SHA512
df8b86f3f81917557fb8112aa596c49f951ae3007020725a8f761826dfa0bd915bed8d02643dadae0d79a54f9deca0d43b1f5eb40eab7686916bc25d3003c0c4

Download Submit
F:\Games\Red Dead Redemption 2\Force English.bat

Filesize
55B

MD5
6afb6dcb9155182e9f35643b8059a242

SHA1
6c6731de7874f04145283fa0ac7766e5d09c6b05

SHA256
b84b61971c55339818000091796a7467eba49c3d0e55b1f87f6d2c9255814aca

SHA512
546c319656fb1df2bbcc160020295649f36fa9f4a8703bfd6795909152a357081045d2a4b129a6017bfa41c867bf5898cb61bd36186afcbbc303bce560bdbcbd

Download Submit
F:\Games\Red Dead Redemption 2\Force French.bat

Filesize
55B

MD5
4b458cae41085cf6fa94fea996d83396

SHA1
65f5f69dd143a639b9e194d64689c16735c13b1e

SHA256
4bd57f28ccbafd8a68dc6d9971cb701e06496108dd1940098d8fc2cf1e889a33

SHA512
150b551fc4fed4f2805324df4c2b515ce0b6d8611fdbdb13599224e21b61d1dbddda74128b667db3e9738b22fcb2b1062c1b12d3c7d107bc94c74c45e7f039f8

Download Submit
F:\Games\Red Dead Redemption 2\Force German.bat

Filesize
55B

MD5
49e74a0d30ab25d5acc1d46c87100acd

SHA1
9290e5f6c16e49c1c3fb4f4e8259d1519f7e169d

SHA256
59d40cd6db3044ec66981338c65edf0a443aa0d1ccd710e797eff2de26b4c79b

SHA512
c9a0e47f878cd50a5e6d1e2a76162ea20c282dfb6e83e6d363ebc272beff34fc0aa27667f01e3f1686d745b3f873995f22caa6d47f3102466e448c77fd846ec5

Download Submit
F:\Games\Red Dead Redemption 2\Force Italian.bat

Filesize
55B

MD5
85b306d7aca313c147084fbbb67f94f1

SHA1
36d70de4979d00ea040192d34c1e2ecc8513d1bc

SHA256
d4ecd975643f6959e5ef75efb50f3a7f78f3a2b334122d15212c87d8be1aefba

SHA512
7740cc9f80e4daa955719a8a75f55caac12f92e3a37e661011d604ffba021b5e320290328b9e80afd2cb5840c0f7ff59e59c4a04fc31764e86f310f4667d4381

Download Submit
F:\Games\Red Dead Redemption 2\Force Japanese.bat

Filesize
55B

MD5
bb3d5466b4b43e5e2576312cba640ac8

SHA1
8e1ff8a9d16bc65130502f5ada89087b2577840b

SHA256
6282a84aa423415e58f041405191583cb0fcbbaf297db76a668f73b034bff64e

SHA512
71ca4e527995d154c5314ba0e3b646134eb29cc8c924a3e439700633fa3101e6a07ac6f574a4f02475ea06f30dd38a6c23e3dd3dacc4df3af751dbe88e8c847b

Download Submit
F:\Games\Red Dead Redemption 2\Force Korean.bat

Filesize
55B

MD5
06c4dfa9bd3b9c7e3a0aebe6a23dd960

SHA1
1cb0839c73e86967ddf6677de042a464a56b490a

SHA256
bc91138b942ce157450a1a9fec841fb7346af8526dc94518c2dc35df5c491afe

SHA512
e436654a318c07f2caeea8e6bdd68399e07eeb3d62b5efbf46a6bf7ebfbb9bfaf44e65c6da9147b612ea0bceda6b938cf4ef1bf25a57720a614cd1650b785b9f

Download Submit
F:\Games\Red Dead Redemption 2\Force Polish.bat

Filesize
55B

MD5
c9c1776f86ef2171fced69d5abd4197a

SHA1
a60105b52fbe851daf7e743e98857aae8376b91a

SHA256
9b156bee9eeee68a5ad3c7cbe22bb3c28f1e13da14263f2d52ee9d23626e4246

SHA512
4fb38e85ef9057ca8a4a39836639104981df44d73f94f29ab2e0c4b1fe6448da6d011cd164ddeabc0e6ed5bb2f005e171936b9974e69d6cbfbc0296940ae675d

Download Submit
F:\Games\Red Dead Redemption 2\Force Portuguese-Brazil.bat

Filesize
55B

MD5
1b12cf391ee9ddf5f59820834eea56c8

SHA1
0bc2c153eca4cbe83b14712d3d0ab89e845850c9

SHA256
631e299b588da4dba569bce253ce6f5223a44a52455b49125443e69a437523e9

SHA512
5d643e636dbcae3f84bc93abc3357fa5f729ea16eaae99b486b2b429a43d4e663a3d6ab8e70a27e70f27eae78b3fbdb791b2ed5900362646631961d3cca82bab

Download Submit
F:\Games\Red Dead Redemption 2\Force Russian.bat

Filesize
55B

MD5
27ce5a9f56a3c0a9bd858999cc11561d

SHA1
b64db8dd1c612f10a976b275fb18771d6614bf78

SHA256
55cacac7eaec5b5e01e5097f2ca42bb96200eb5fd7ff7762bbdf08ddfb16d332

SHA512
f83a3a3169907c2052e1267df8c5921dd32206e704bab3505cf2cb17fe2212a3d5b21045447557e2fcaf5bab7bbeca7122a0fa9e887e6908ceca60ba034cb5ef

Download Submit
F:\Games\Red Dead Redemption 2\Force Spanish Latin America.bat

Filesize
55B

MD5
8affc2cc8e984f6d672bde5f3a326eb0

SHA1
179ce6b70681c23ec393584f6c8f54258ab326d6

SHA256
fd97231e94a5de4ad0d54633906cea90b67375224a9856432d957c47e2806f2d

SHA512
cca4b1d06db768aec194e58afa7b27df0a4fef54fd4b9e3b24ef74a05c11f5f8eafceb141a0d98f98d305f540ddc71cd002d945dd3acded2d5850371107f419f

Download Submit
F:\Games\Red Dead Redemption 2\Force Spanish.bat

Filesize
55B

MD5
c2175078d1970019422493ec819a509f

SHA1
4d535165a6789f5fcf61536370c8e58e441f0ce8

SHA256
f21d14f146540451d29a797e4525d80775521fc34d2dd4262ead9bd48adab7f9

SHA512
bdafb8e2b794d7f2759bc8328460c6e1142f6a210a6d429583d07e5916eed82af7fd37414ef51a36ff54e1ecbd50e4538bc33b77079ae7501812f56b34f5d927

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.bra

Filesize
18B

MD5
1259bfd646e73982dedb8884e6ffabab

SHA1
609b4c844d51b77eb88d8b838884fb0901da505b

SHA256
8a3f1932f7ef49d342b3753971d6c5b53d031d40070ffb3934c5e115f81af3ec

SHA512
a15fb1ebbe3a267e3c8afd2c7adb03ca227b7592d64117804f0e1166ef214529b14a6601ea3995f5e51055909fdb2388b9814b1acb23c70ecb55a37597b113a3

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.chs

Filesize
18B

MD5
3a6641303789c1926d07c5524a886ff0

SHA1
7c0dc16d537dbe77b7a0f46dde8415096664081d

SHA256
25f06b32d36c0c3149d7dedfc01f1c2ace6e4c438c9fa2d07b9f8d34753e27fb

SHA512
b2ba72d6a147f1f96868ca63818a4665ae622ea3c4ea3fdc7349d5370b6c82a865bea8eb32616fa98922a86e4846d7a99311b84e6e319267412d62330b0ce035

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.cht

Filesize
18B

MD5
39c536713d4f5eaf296dfc09b4c103ce

SHA1
1403a9d2755a433b10e202c85167cac02ce0ba22

SHA256
6f040427282054c8b4b8d3aa78a2524dec8a2e1dad0b74255cf4f3dc60573277

SHA512
9bd29747acb75969491b904fd39966ad4a3c86dc2926e8514af0e6296b17bb40dc09edfe7c52ae66de1a05804d1288772b07bfc82ef7c48a2b8220788f2a2e9a

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.eng

Filesize
18B

MD5
2df7ade89c73d8a28df546738c4138ae

SHA1
0e66b329e96cdd2bfe87bd18ecca051e34442b0d

SHA256
64549f9043c8eda33714ad49db5bc94cb2c13cb99f76bf3ac1470abf1b656d1d

SHA512
69622e8d0b6c6e38d9a29429123a94a62e47bb82f61a95d638278c14cbd0e54a67f22132d3f810d76f3da13326169c489441516f43bb0a43b1fe469b1792caf6

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.esp

Filesize
18B

MD5
b08792ccf0f0e886df8db8f393525f64

SHA1
bc0dbe273c8277b7176f97783c05d0cc6e3f0edd

SHA256
32d22271c180e687beddbfe2c8adfcf8709309676f9cb57b259402c26a5df0e8

SHA512
ec612f3f295d3c7d5a5c687c12ea6324316f83e72f264c6005c3a441d312455aa10aaf73db2ca1460a2b28430ce1ff4ab3ac4addd25e90214bc593d8f7b92eb9

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.fra

Filesize
18B

MD5
ca01c94521ef7d4da144cfaae4f34cf7

SHA1
d197d7c29ed5fe5c2d3da60c0cf2ae15774d41ea

SHA256
967ed3219687ea980e30d40668451f580e06adaa70078fafeeebae04b1734a1c

SHA512
45c34c317f72075c391468e617548ef91b303a38e89694b93937adcb41d66b1ba1bc473170cf940c22cd77792ea75643d53c11106ca1f6176689915f96bf94f0

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.ger

Filesize
18B

MD5
bec9fc5a691c9b50cab1bcc145363115

SHA1
9956b10245173d2b0f924d546b2c6cd18d2fc0ed

SHA256
a1623130dc75eed8c1a731e89b470da2ff630f604e9a95f41407684a12d93cdf

SHA512
63209c888ceb4b1b59057ff222905b34e916635602a7f4bd8f7c2c8ef1424fa3d5ec46febc3ef70362d2daf903b9f86c9a615c665b404bdd393c338e5a8d6d5d

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.ita

Filesize
18B

MD5
07412ec68f5d1380982392b675b799fe

SHA1
15ca0d5292718f8b5ce6343c2f4ac86b8e4f61b3

SHA256
4aec0bbd6f40246abf870c404f0e5b78eac583a06a40df03e4f8ebd7ef2c0903

SHA512
35be3622ca27e61bed19fe3c8ad991e0071e82e77996c21665708affa9556109ef4893e5d881b8843e4739a942261ab9ae52a1db5c26efa6977deb8d8d27509f

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.jap

Filesize
18B

MD5
8c7d35ada384aaa4d4b812b16cc3af6c

SHA1
0a733293ba457f44a4ca98f176081e95335bf1db

SHA256
c140298c4d5782caf4779339a497a06c8ba620e7a5bd97a2aa2b462226b36e03

SHA512
b5397998f523c1879cb17ec6cc50443a86a84eec8c04069d12045baa41643b6752114b1880586821300d170e77ea8629497ae37bd4a3e5feb22ecf7f755d7ca3

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.kor

Filesize
18B

MD5
c782569f696f3958f032f89cb6b05bb2

SHA1
126ea510da572944e8c232d35e43716c0605e8ff

SHA256
bbf346684f0fb00c5f455b2a583f7eb3f518bf3ec2e7ee1fb0d980e22e0ee9f1

SHA512
d337ab8f8f45b51a1cf0d6fe0120050af7c6abc23dd30e61659793352accb5125020169dd818368fa1660d368e11d7c3a783e00fb7ae8cdf6bb34ba2653f84f5

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.mex

Filesize
18B

MD5
9e8246ecfc2dcdf1cb9627d0def74513

SHA1
b070603228307d37ca24690d0c1f6b949f40b71d

SHA256
bffe1ee3ba8754c46152e0b98db65cc6e692dc8edc4e31d5ec8b3e87e56d54c3

SHA512
759d7a6e2fbf54dfbcb6253843d2b582484a6ab56fba7e763a63b7cc062231532f59444703755844223e9b6d33b3a31a5d2daf89e286097a5f8fb075fef8c2bf

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.pol

Filesize
18B

MD5
b317bbdabf5753443cf3ab4888cd0ce3

SHA1
8da373a0f0f5406e6cc63109a3bf5026b14ce4f8

SHA256
22b8c0d36bd4cdc1bac18a5762a08d8c261092a0eb0db2bc790545776d5d9430

SHA512
537881939549c707ea06cd2abe311ab284e19bab6a631235e68d740a1eff7152e1f93cb1a693f9d178cd92043e5d75a8b466aaf1ca300d28f35bf756c3287b02

Download Submit
F:\Games\Red Dead Redemption 2\Language Changer\commandline.rus

Filesize
18B

MD5
d65c7060f9fbd15bb4d194fbb36986da

SHA1
136a816850475a91229a50b84eb57c3e0647b5fa

SHA256
0d9b32f811aecc6314c5323fc6bb10de74af597501cc8cdb6b4aa7a404c327a3

SHA512
837c9471f1101136010a10ccbc0c6c3436276d9b6bdafcaa98e862d6ee75bdb6f0aab61f104d41cf89a90472dfc815e45daa4c0288cc0d470b04c7c89b3c5b94

Download Submit
F:\Games\Red Dead Redemption 2\_Redist\QuickSFV.EXE

Filesize
101KB

MD5
4b1d5ec11b2b5db046233a28dba73b83

SHA1
3a4e464d3602957f3527727ea62876902b451511

SHA256
a6371461da7439f4ef7008ed53331209747cba960b85c70a902d46451247a29c

SHA512
fcd653dbab79dbedca461beb8d01c2a4d0fd061fcfba50ffa12238f338a5ea03e7f0e956a3932d785e453592ce7bb1b8a2f1d88392e336bd94fb94a971450b69

Download Submit
F:\Games\Red Dead Redemption 2\_Redist\QuickSFV.ini

Filesize
155B

MD5
c5c28798bca6e9ed5d84fa67b656065a

SHA1
4b6fa3465f1b393e22e9f083b177462028a48e93

SHA256
74ca5a42469197eded04f5a0bf34ca251c72f7cc06a3416ac035230cb8e81629

SHA512
c06baa4b31e2866fc3f298826930f43fb1d9c2de24e0984594e41f72f022a9090712b478e84d3cb46e0cb0f45d4e81d6c6443b69c7513775340324d9eda92963

Download Submit
F:\Games\Red Dead Redemption 2\_Redist\dxwebsetup.exe

Filesize
292KB

MD5
56d52c503adf02184f19eee4767ef60a

SHA1
ca133f67a286f4f20282e19837b53b38a27a1caa

SHA256
ed79c8f65b02ed83d5db8c355328294a73dc447f08f657312bf8f3a5b40c7494

SHA512
246f35664a9af548d402878a3e6ce6d8901a0978477b145db5fd4e5857021efc4016369e9e02e709a27cf5c84f44a32e106008668ba96e2b45d4d06599090d8f

Download Submit
F:\Games\Red Dead Redemption 2\_Redist\fitgirl.md5

Filesize
7KB

MD5
8133d0ee1450855e359551f60f12265c

SHA1
b5fbb7e433762543284301788fc50f6ca2aed5ea

SHA256
acbf20b8dc89da8dec9bf93a0c64a9d836542911b23e388f611b0ada9813fee3

SHA512
9148e845ffcf2b9c97788d190de05e1601ad2cc62537d3b015ae73518c5db37e2374cfc004e92645122f861891e7f67a3966e459d3822d5c825082b553378441

Download Submit
F:\Games\Red Dead Redemption 2\_Unlocker\Open Saves Location.bat

Filesize
63B

MD5
1ddfc64079ccd067636c25b6e054d84f

SHA1
3aaeaefb231f10d4352780bf241a71150348e3a2

SHA256
b1d622c94ed3753edce08f74913dc07b262655ea53905072c3a8130ca840e145

SHA512
1a29509a1824def581c62602b5da209476fb928610f61fa50049fd85437c5b4e62e95dcdc5ac1a17ed5df1eaa13d9667054484d34543a1fa5f1d68aa7181b899

Download Submit
F:\Games\Red Dead Redemption 2\_Unlocker\Player

Filesize
112B

MD5
75f1e1300427d83306812e8f63a112cd

SHA1
63e61884e5ba3fc6fdb80bf8bbecbc7020784e4f

SHA256
4e805f20007326a9573e04c8d7fa012935def7a5af9ca464f53dbcbb9f365b0b

SHA512
a034400834a254386d7bd84836dfaaa00c8b83f896cfcf18413a2ee6ada55abbf9069efdf7351f2914b154ba1156aa049fce755c59168e199e18e9dce5035cc8

Download Submit
F:\Games\Red Dead Redemption 2\_Unlocker\readme.txt

Filesize
768B

MD5
f6a51d3e17a688a9560b486717c86ca2

SHA1
ecbdfde9e6cf51cbab485b1f0ebfdaf6a6122708

SHA256
af2188e3507a48ebbe7c26d15eec457a1206a719c7080269e2d4451bebb71612

SHA512
df8f9ddf0fe868a2fafab58eab4839e3846976c2298a1b872eb4053575513ff04339dd70672099fb1bf79a604182ab0cb5d81a5d7b71e05d61b35e8706c66aac

Download Submit
F:\Games\Red Dead Redemption 2\unins000.dat

Filesize
107KB

MD5
95ba874c7be682ab91181cd053b70d9d

SHA1
9d9f6ea6d35dedfd9a8254ef98150c1198a27238

SHA256
909cda6c653661efc7ad89809ac09f7b371e311ab76f76b8c09d16b53d1c18bb

SHA512
bd7048bef4ee87a18c66347775e48ba71a81ff5a04b9b7abe75e835262d0001583d4f8477555a7f26499ff297176f9ed1766b29eb293b42292344c5a836ca1b7

Download Submit
F:\Games\Red Dead Redemption 2\unins000.exe

Filesize
1.4MB

MD5
0332bebb5088a80be0840afc52ec7d22

SHA1
a5b604ed4ec1e21499be9528f984900285fdbae8

SHA256
07fc81aec2011c392efba9a4dab11e3f21ae66c71d1e47f6d6f3030abea36c97

SHA512
be4050f754cdbd7083a6d65696ca3dd6cfb71cf9e43114a79548a1f487cf806aed7723cc32ed95ba1c28d491c5c7e6efff7d8f18046119b11705dc2a3e51deee

Download Submit
memory/460-260-0x0000000000DF0000-0x0000000000DFE000-memory.dmp

Filesize
56KB

Download
memory/1276-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/1276-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1276-858-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1276-81-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1936-242-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/3044-239-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-545-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/4272-86-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-248-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-245-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/4272-544-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-244-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-97-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-101-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-103-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-96-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-89-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-93-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-83-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/4272-85-0x000000006B080000-0x000000006B08D000-memory.dmp

Filesize
52KB

Download
memory/4272-84-0x00000000034E0000-0x0000000003545000-memory.dmp

Filesize
404KB

Download
memory/4272-548-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-87-0x0000000006AE0000-0x0000000006AEF000-memory.dmp

Filesize
60KB

Download
memory/4272-249-0x0000000006AE0000-0x0000000006AEF000-memory.dmp

Filesize
60KB

Download
memory/4272-80-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-73-0x0000000006AE0000-0x0000000006AEF000-memory.dmp

Filesize
60KB

Download
memory/4272-64-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-28-0x00000000034E0000-0x0000000003545000-memory.dmp

Filesize
404KB

Download
memory/4272-785-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-789-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-21-0x00000000033A0000-0x00000000033B5000-memory.dmp

Filesize
84KB

Download
memory/4272-814-0x0000000011000000-0x000000001104C000-memory.dmp

Filesize
304KB

Download
memory/4272-7-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-857-0x0000000000400000-0x0000000000579000-memory.dmp

Filesize
1.5MB

Download
memory/4272-246-0x00000000034E0000-0x0000000003545000-memory.dmp

Filesize
404KB

Download
memory/5080-190-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download