16f7d9d609c24c5af75c0141059d49008eb9b1f016d198e224bdb486668cc7b5

Analysis

max time kernel
518s
max time network
521s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12/06/2024, 19:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
Size

3.3MB
MD5

e23d97827ea3c90cd85f2d11402e8940
SHA1

67c01979b3516f9c3082cc05367142a74e413be8
SHA256

16f7d9d609c24c5af75c0141059d49008eb9b1f016d198e224bdb486668cc7b5
SHA512

e9dfd9ebf77aa615b17c05f99a5efed0c5dc993b7ca59800aa7ffa45d0d7fe4e207d0e4386c4fd9b11ceb49b5a4d28b4014ab9d6327ed86a8321cd9f3e90f646
SSDEEP

98304:EyasyD6Lvd557Vh2EKTlpFGuKIKRv6owpuC:XyOT57V7jFiowgC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
684	sysinfo-app.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
4812	powershell.exe
4812	powershell.exe
4812	powershell.exe
3644	powershell.exe
3644	powershell.exe
3644	powershell.exe
964	powershell.exe
964	powershell.exe
964	powershell.exe
2552	powershell.exe
2552	powershell.exe
2552	powershell.exe
4564	powershell.exe
4564	powershell.exe
4564	powershell.exe
5004	powershell.exe
5004	powershell.exe
5004	powershell.exe
4692	powershell.exe
4692	powershell.exe
4692	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
Token: SeDebugPrivilege	4812	powershell.exe
Token: SeIncreaseQuotaPrivilege	4812	powershell.exe
Token: SeSecurityPrivilege	4812	powershell.exe
Token: SeTakeOwnershipPrivilege	4812	powershell.exe
Token: SeLoadDriverPrivilege	4812	powershell.exe
Token: SeSystemProfilePrivilege	4812	powershell.exe
Token: SeSystemtimePrivilege	4812	powershell.exe
Token: SeProfSingleProcessPrivilege	4812	powershell.exe
Token: SeIncBasePriorityPrivilege	4812	powershell.exe
Token: SeCreatePagefilePrivilege	4812	powershell.exe
Token: SeBackupPrivilege	4812	powershell.exe
Token: SeRestorePrivilege	4812	powershell.exe
Token: SeShutdownPrivilege	4812	powershell.exe
Token: SeDebugPrivilege	4812	powershell.exe
Token: SeSystemEnvironmentPrivilege	4812	powershell.exe
Token: SeRemoteShutdownPrivilege	4812	powershell.exe
Token: SeUndockPrivilege	4812	powershell.exe
Token: SeManageVolumePrivilege	4812	powershell.exe
Token: 33	4812	powershell.exe
Token: 34	4812	powershell.exe
Token: 35	4812	powershell.exe
Token: 36	4812	powershell.exe
Token: SeDebugPrivilege	3644	powershell.exe
Token: SeIncreaseQuotaPrivilege	3644	powershell.exe
Token: SeSecurityPrivilege	3644	powershell.exe
Token: SeTakeOwnershipPrivilege	3644	powershell.exe
Token: SeLoadDriverPrivilege	3644	powershell.exe
Token: SeSystemProfilePrivilege	3644	powershell.exe
Token: SeSystemtimePrivilege	3644	powershell.exe
Token: SeProfSingleProcessPrivilege	3644	powershell.exe
Token: SeIncBasePriorityPrivilege	3644	powershell.exe
Token: SeCreatePagefilePrivilege	3644	powershell.exe
Token: SeBackupPrivilege	3644	powershell.exe
Token: SeRestorePrivilege	3644	powershell.exe
Token: SeShutdownPrivilege	3644	powershell.exe
Token: SeDebugPrivilege	3644	powershell.exe
Token: SeSystemEnvironmentPrivilege	3644	powershell.exe
Token: SeRemoteShutdownPrivilege	3644	powershell.exe
Token: SeUndockPrivilege	3644	powershell.exe
Token: SeManageVolumePrivilege	3644	powershell.exe
Token: 33	3644	powershell.exe
Token: 34	3644	powershell.exe
Token: 35	3644	powershell.exe
Token: 36	3644	powershell.exe
Token: SeDebugPrivilege	964	powershell.exe
Token: SeIncreaseQuotaPrivilege	964	powershell.exe
Token: SeSecurityPrivilege	964	powershell.exe
Token: SeTakeOwnershipPrivilege	964	powershell.exe
Token: SeLoadDriverPrivilege	964	powershell.exe
Token: SeSystemProfilePrivilege	964	powershell.exe
Token: SeSystemtimePrivilege	964	powershell.exe
Token: SeProfSingleProcessPrivilege	964	powershell.exe
Token: SeIncBasePriorityPrivilege	964	powershell.exe
Token: SeCreatePagefilePrivilege	964	powershell.exe
Token: SeBackupPrivilege	964	powershell.exe
Token: SeRestorePrivilege	964	powershell.exe
Token: SeShutdownPrivilege	964	powershell.exe
Token: SeDebugPrivilege	964	powershell.exe
Token: SeSystemEnvironmentPrivilege	964	powershell.exe
Token: SeRemoteShutdownPrivilege	964	powershell.exe
Token: SeUndockPrivilege	964	powershell.exe
Token: SeManageVolumePrivilege	964	powershell.exe
Token: 33	964	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
684	sysinfo-app.exe
2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 2412	4360	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	75
PID 4360 wrote to memory of 2412	4360	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	75
PID 2412 wrote to memory of 4812	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	77
PID 2412 wrote to memory of 4812	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	77
PID 2412 wrote to memory of 3644	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	80
PID 2412 wrote to memory of 3644	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	80
PID 2412 wrote to memory of 964	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	82
PID 2412 wrote to memory of 964	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	82
PID 2412 wrote to memory of 3196	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	84
PID 2412 wrote to memory of 3196	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	84
PID 3196 wrote to memory of 684	3196	cmd.exe	86
PID 3196 wrote to memory of 684	3196	cmd.exe	86
PID 2412 wrote to memory of 2552	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	89
PID 2412 wrote to memory of 2552	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	89
PID 2412 wrote to memory of 4564	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	91
PID 2412 wrote to memory of 4564	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	91
PID 2412 wrote to memory of 5004	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	93
PID 2412 wrote to memory of 5004	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	93
PID 2412 wrote to memory of 4692	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	95
PID 2412 wrote to memory of 4692	2412	Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe	95

C:\Users\Admin\AppData\Local\Temp\Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
"C:\Users\Admin\AppData\Local\Temp\Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe
  "C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe" /app "C:\Users\Admin\AppData\Local\MobiGame\\"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4812
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3644
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:964
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\utils\sysinfo-app.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\utils\sysinfo-app.exe
      C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\utils\sysinfo-app.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2552
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4564
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_OptionalFeature | Where-Object {('HypervisorPlatform','VirtualMachinePlatform','Microsoft-Hyper-V-All','Microsoft-Hyper-V-Hypervisor','Microsoft-Hyper-V-Services') -like $_.Name}).InstallState
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5004
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4692

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4268

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1360

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
128b5c395d2956830809b9b9e5c65b5e

SHA1
34603e22e3daf2379fd6f15c0af9980757ffd97c

SHA256
7e5984cbfd4e429dc8c98159d0f65c514e8e4ab09fb39280999bcce59cc5a93f

SHA512
749f11e940d35e17af95d336a6accf88e5a69cd73b028ed23dbae07f38de30b748a324c6e390b1d87abac03df530a992d04879de079f5323fb78de61fb8ee9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
53b5807e57a3dffc43efe28b4c6b1f9e

SHA1
58326a13b0e04e7eff1532138e4f53b951f194a5

SHA256
4c4c97647e7709367b4848c65362f94850c1250ef663469f90b890b82db84162

SHA512
bd16faaa1361fdc3d5490ed7a7a0f2dac870b76bd649e68230d9ce90cd83d7a9e9f2fc1f87f814782df4e3d66b453eafa81f14270f504a321e7bd2606239fb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ad3ba6a407e7ff982abe20ff2001f512

SHA1
100693c5b1f9c76ce3d3c8792e94b7930d744474

SHA256
f383c7bb3ed961d8987f976181165583426b8d5e2f3d39417c8046da1d2a10a1

SHA512
b3596a839441c6f2baec28066fc08321cb6a1370782d313b403dda4e818cde83484fc8b2a0e82395f2a413b65a63edffb7cc0b7594d96671d0447c8346f9b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ecf7483cba1367106357f763c61802e2

SHA1
7607a38b9a8a2db749cecc91742ecf5574baca37

SHA256
57751c881049b058a22dfd19b7cebb10e9418deceb8a17d8c18d54ac7ef30b73

SHA512
b04f7aef03b5695a25b88ef8af788a2920124b2f9975e21d6e128d8b135ac7f983da8e1e073e406ad4568bf2ad519021230a59a2f60ab1c04309c64e2d09f766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5a784f1418ec886088896128c2cec7ea

SHA1
161ff02aa5bba8be9fc44f0dd9a561d933a193a5

SHA256
39bedfc332ada14d56ac88aef7f26eae9345b4cb11ad3f80f3847e7dfdf112eb

SHA512
b1279072ba28ff8fe54922cf3d85ba31fa27ea85bbcd2bc81b999d5f9de0b3d47098190ed43aa326d366ca13e79ce92e82db5e7940b5f3cace2243e3e4d0f76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c2e1b052a54ad50dff5a3737caec8723

SHA1
a652388400119b51c3e57e555d3e064415db4da9

SHA256
43fcf8d04b4a35f910dfd23e1a099b5c1f164f2225b484a9fbc42aa1671dd9bb

SHA512
a5133a83f50f182b2a46fad4ba3c095924c37febedaee44a363ceaa918b13dfaadd2166b85b9b845bf776108dab7e3a5c24199a190d08275aa7f117afc85676d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b67543e2b7358de3fe45f8e6c8600e03

SHA1
f6eedade4a29aca610d2ab87f28d1ff9567163e5

SHA256
c2ad52388d09a1ccb1721023d2cb5366584b489807fb625042a6503d9ac5b1fe

SHA512
6d46658273859e0e28ef224d33f4f18afb407fa0431a4b3840c00270b7cc9f3f5635a1e0a3ccdcae991df918e4e3ffa375b2f0df5624952ba4e0a9979fe9e730

Download Submit
C:\Users\Admin\AppData\Local\MobiGame\hwid.dat

Filesize
32B

MD5
684ed537a2d0d3e66635146dffa6aa31

SHA1
7afa22ea25864d432f984c0ccc4b2c9583cb735a

SHA256
13790c82c403fd86974871c9549c5b205908eefb91ab535b3fe5a80b53ca77ad

SHA512
63f2019ba4d1c08cae17df10a6c73b3ceca5b56748641aec050e1dcd2a0972214c6b07b373af026ea6f3712a0bd93454584279ca0fbef05a7d36a4be48b40d6f

Download Submit
C:\Users\Admin\AppData\Local\MobiGame\installid.dat

Filesize
32B

MD5
43054c1620952a0f1d9bb9853ac0b704

SHA1
8e54714e042e92576a16a98c0619fe9ba192772a

SHA256
611dde629565530aeffbae5ff8ad3c02cb6b6d04348f2c997405b868b77c89a1

SHA512
b9831225bdb0c888da9c90c67784667e40b7f8b5ed5b027ce3ce11b797f6864d7620b97e86c571326b594dc1469557155b6673e604a057aa455b4f0b4c2f2f9d

Download Submit
C:\Users\Admin\AppData\Local\MobiGame\logs\downloader.log

Filesize
4KB

MD5
26be2170f6b4553591504d9e8aa4a006

SHA1
e2b0228d39d693e451fd3c59f5b92d1e66d1f7ce

SHA256
bcfa42487c1b2d20f7065ce0c4aa490e84804e8b726baa4d95099495c33c964c

SHA512
2cc8e79e4fa45e6016588b37231166da72032cef8aca995f5a6f693bc35c91b2d148a276c0033ba9100202bf272839ae043a4bee72d0322248aad3309170a62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_muyeg2dp.ibu.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe

Filesize
1.0MB

MD5
8afdf50f0097e7fc7254c83b2b2bf097

SHA1
771f30d91517ce306e93b548f31bd595139255a8

SHA256
1c96bab3b22b9e52736982b58ff5d75eb22293aa184024ad29c4f722bf1420f3

SHA512
51e70ae50cc46be7670ce73c559ffa11f6cc324a0256b44f394c789b5e7fd78089b934f7a91b06d5ceba55caede217a87296bbdb0ba17e48e59dad8ca33a5e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\Chicken-Gun_com.chaloapps.roosterrudy_gameslolc_27838297.exe.config

Filesize
3KB

MD5
6517457e21bed85a6e41e8b84942c8dc

SHA1
45451a32d6246265c94660030642137ff0ac4629

SHA256
3148b743bb5599ee95ff171d8ed7f66c48979d5993a328f9e9291c1443e0fd28

SHA512
e694240d22e240f3b4ba78a2d0e38b353ce1f5ea348d46e688cb60166cdd91083b5069d1cbc79f94cfbf322edbdeee3511eb9360c2a08c3002d1ca28175451a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\Microsoft.Deployment.WindowsInstaller.dll

Filesize
182KB

MD5
82eb1ccf28f3af897c2db27282b41156

SHA1
9f945d8b18ff0fbb5f013efe5e2ff33aef136104

SHA256
ced6cab3c04c08ce5705af0b6986965dbdbfda17cbd66c973bb371ed3b95f37a

SHA512
9458fabeae4dabf8109b9736496a01d9168312faec1c17d6eed89e8f09cbb8287d74ff758948cf07838720c11005e87a734e920be4ead275354f46a0a6176f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\MobiHelper.exe

Filesize
590KB

MD5
751672b3dc8e48b7632544b57e01a069

SHA1
a497158550201b67a8340756529c8909f13ddb5a

SHA256
acff977962ee68c47b786c28186b43b093ef41ec6ed617ee019f1227e17d8799

SHA512
96e0d9a1f15c55ab69b37ec095dda802a008c37c14a51bce6b5e04ca60d83e09bf9d69be604d0fd5f407471c959fafec0d8477856570fc8862a606a237baa97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\MobiHelper.exe.config

Filesize
1KB

MD5
4c77703bc70d087c272b1b4f8db55c4c

SHA1
3bbf0cc26c0b888aedefbfb077ca1e270d3c45c3

SHA256
dfddd98c2f704875c1b40cd1c81005faf10a442135c2c84b9ebef51f935d4b06

SHA512
bb0052a2c5904e503429017c506f03122c2f4b83d0609c1d40a153848d392303c1ec441338fcb18977e6f310f634abe0bd3ecbee03cd7e468795dd2cb75f8dc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\Newtonsoft.Json.dll

Filesize
464KB

MD5
83222120c8095b8623fe827fb70faf6b

SHA1
9294136b07c36fab5523ef345fe05f03ea516b15

SHA256
eff79de319ca8941a2e62fb573230d82b79b80958e5a26ab1a4e87193eb13503

SHA512
3077e4ea7ebfd4d25b60b9727fbab183827aad5ba914e8cd3d9557fa3913fd82efe2cd20b1a193d8c7e1b81ee44f04dadfcb8f18507977c78dd5c8b071f8addb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\ResumeService.exe

Filesize
522KB

MD5
d293db543d714d4b6a959911f04982cc

SHA1
69c6d24cebec0d0f82b2006d9f9f9c3add831263

SHA256
dd31c28d11f79d4dd84c531b68fe52aa8f1076ef585bcf438d8976f8d3baf14d

SHA512
8abcf620c879092fcdc77b16877a9d7b50d9dd7b0e7a89187150bf03c1a7e05021cd30e30315d881ed5e819cb0d85050fdf294fa41bb8006c7cfe582fb68dc5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\ResumeService.exe.config

Filesize
3KB

MD5
c0ecf23c7cf4e09c426ff35e83eb34b8

SHA1
6e42205b40fa610e3d3376cc21997745f448ced7

SHA256
61bcc5c65812305576bd37eb7237ac29f04f14cef3ab9b9e7e8f940d5522b393

SHA512
ce8ee53483211cc488df90f396fa33877866cdc862b343625c736cf676be37e95021e465d277aff503f01eee8e5883175ab6a74ba2317285e843f87285f9995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\ServiceStack.Client.dll

Filesize
241KB

MD5
e7eeaacea4bb7ca8625dbc72f9c05177

SHA1
6e540e594d4e7fe1c55f2f9e406d3c0f6d02af9d

SHA256
67f5c0fedec2ca57fc1b3118bd772b987c01b573584c08c4264fc8030f0944f3

SHA512
9b45ab2f9b865da7775405eb05b805073f37590573c50b70644c6e694f2e6effa5c9b0cb15ce30b184f8afa71a382bc4bb9096599ccce8b68e130131da502c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\ServiceStack.Interfaces.dll

Filesize
169KB

MD5
bbaa88e5567a6b9c134f28262c54ca65

SHA1
5d59256abbc0226d4966cfa7f96511453736bb63

SHA256
2e2cf708db9d86b04c62a6273aa326225181fb739f6b950fbe2e1bd4905ecd0b

SHA512
eb714c554123a9405f1beb952e82f79b684995a4f567f3fb9bf934f51496eea0d325c791fddafc2105922ca51f93132db85ee8b555880ac04e0e039636c58779

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\ServiceStack.Text.dll

Filesize
540KB

MD5
01e10fdd82dff5e70eff077adc2a4528

SHA1
5bc845e65e732c4bbc246174eb18874140d26772

SHA256
57f75c075376c8977860c3bcb8d7d693289450a08b569159bf7ed1dc1824e1f1

SHA512
fe0f0e8c14d6a8318a1a4320e427375b309e2ab5f05286ecca7d7ce1c3047c75054cce2153233c07bf7a921d43fea3fc5093af928bb7b555de46dfa2adb55366

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\System.Memory.dll

Filesize
140KB

MD5
2bc5de386a4297144781d15b8e812b63

SHA1
ae6b19d49b413f1549b3540a9fbba00c1e8b3d27

SHA256
9c266080fb5f31e02a5005b91657093bd8c1faed23102e021a8be283c1753461

SHA512
e4d43c871af5c03392d2fb139fdf10c2f2da2f1d6fe0edd089e3e30369d6d350727b483c98868626f81d680400b44ee4d328e475b0017bfdeb38cdb44a8b4d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\System.Runtime.CompilerServices.Unsafe.dll

Filesize
23KB

MD5
a5aa80f49ad64689085755ab1ebf086e

SHA1
27e88cf0d2b34ea91efaa5cef9a763ee2722c824

SHA256
a79e1c30e9308afe4d680f0bfb82de3e8c1fe94aeca453ec4092c3ed4789ae6b

SHA512
f3dbd77e3a2ec3915b34d1387388abad45c99459ce03c06dc9a83d04f751b837c7b56cf9b4b7630f7fcd897a1d8057fce4cf761b1dc140a3928431b22b9b5b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\WixSharp.Msi.dll

Filesize
31KB

MD5
346d813cb3b38030edbe2342b21ecb0d

SHA1
578cc0f818bb3c414e5b806fe628a100f2eed63c

SHA256
4a807bec1041e2a900688f17d338a06b952a1a8e76b61f681454302753ab79ee

SHA512
72d6117ba66f1939fcb1f1bd89fe3a7cc5d93ae67ba7ed9927746a388eec4885986915372d5ff92176615f6e73e9ddcdff5e8feb30d2b0c17f8aaaab1e4f744a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\log4net-loggly.dll

Filesize
20KB

MD5
647ef1d7ccf030a09f17a54c5f40bbed

SHA1
08a71074606354e53a5c25aa9b084dfe9bef551f

SHA256
dc7ba0dcf33d3599c6d471cedb604e141d24a9aff9964225b8de1dfbb8a285db

SHA512
16d7dfc6033114c247c252f5463ab874418b609811ef31dd82365482487c6a8dcb2260f9b288fa883d3ba70c8b8836bb9e38d5bc24303db71fdcac8778b769fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\log4net.dll

Filesize
280KB

MD5
7c11f28d40f846515c132c5e358913bb

SHA1
fe7d3cd47352835016ffe5be86185165c4a09f69

SHA256
8cdae744cb81a397c61f9311e1bd089206783b8b173d6e8216005b84662fda1e

SHA512
12acfc71df4e7d24fe0ac9de97d21dcd651480fd0c9e46035cd3a2f3fe1ee6833fc9679cda0b07ffa33bb6ff0a97b6d28f3fa161747990b18cea73c22bf124c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pcgame_0C45CEB0\utils\sysinfo-app.exe

Filesize
234KB

MD5
2b30334153d41d8c762207309be73d92

SHA1
a54f5fa79252b1b9968f6e1a44fde7f007a12548

SHA256
9b4eee17b496a35e88b5f1631ba21c2bee262b3c6da0024c18e3d1b7996b3484

SHA512
cc9972e8f8952bef7364b00d269848a918c47bd4fb66cb0fbc97ea7c74dab467ca7fa694c79a3d07cff45869fe9bd6643a3291b4fd83c53c544320470ab78aeb

Download Submit
memory/2412-53-0x000001A2A8440000-0x000001A2A84BA000-memory.dmp

Filesize
488KB

Download
memory/2412-45-0x000001A2A8160000-0x000001A2A81AA000-memory.dmp

Filesize
296KB

Download
memory/2412-522-0x000001A2A86F0000-0x000001A2A8732000-memory.dmp

Filesize
264KB

Download
memory/2412-972-0x000001A2A8320000-0x000001A2A832A000-memory.dmp

Filesize
40KB

Download
memory/2412-524-0x000001A2A8770000-0x000001A2A87A0000-memory.dmp

Filesize
192KB

Download
memory/2412-974-0x000001A2A8740000-0x000001A2A8748000-memory.dmp

Filesize
32KB

Download
memory/2412-975-0x000001A2A8760000-0x000001A2A8768000-memory.dmp

Filesize
32KB

Download
memory/2412-976-0x000001A2A8750000-0x000001A2A8758000-memory.dmp

Filesize
32KB

Download
memory/2412-977-0x000001A2A89A0000-0x000001A2A89A8000-memory.dmp

Filesize
32KB

Download
memory/2412-1715-0x00007FFA675E0000-0x00007FFA67FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2412-1714-0x00007FFA675E3000-0x00007FFA675E4000-memory.dmp

Filesize
4KB

Download
memory/2412-42-0x00007FFA675E3000-0x00007FFA675E4000-memory.dmp

Filesize
4KB

Download
memory/2412-43-0x000001A28DC90000-0x000001A28DD96000-memory.dmp

Filesize
1.0MB

Download
memory/2412-50-0x000001A28F920000-0x000001A28F92C000-memory.dmp

Filesize
48KB

Download
memory/2412-48-0x00007FFA675E0000-0x00007FFA67FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2412-47-0x000001A2A83B0000-0x000001A2A843E000-memory.dmp

Filesize
568KB

Download
memory/2412-527-0x000001A2A8330000-0x000001A2A8356000-memory.dmp

Filesize
152KB

Download
memory/2412-1276-0x000001A2AB070000-0x000001A2AB0BA000-memory.dmp

Filesize
296KB

Download
memory/4812-64-0x000001D12FF60000-0x000001D12FF82000-memory.dmp

Filesize
136KB

Download
memory/4812-67-0x000001D1485B0000-0x000001D148626000-memory.dmp

Filesize
472KB

Download
memory/4812-232-0x000001D130020000-0x000001D13004A000-memory.dmp

Filesize
168KB

Download
memory/4812-251-0x000001D130020000-0x000001D130042000-memory.dmp

Filesize
136KB

Download