6fdfde627bc491459f12dc2d7ad14a95b0e730c62df78c2684bb5832dbc57666

Analysis

max time kernel
46s
max time network
23s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe
Size

229.3MB
MD5

12fe8dd46d2b418d88072545ee3b7e14
SHA1

bb2a4110a811757295bc6b3fd8d6e3486868f2b9
SHA256

6fdfde627bc491459f12dc2d7ad14a95b0e730c62df78c2684bb5832dbc57666
SHA512

ff72c5b1dd0489cffc17672e6010eafcd8e64e73fe984eb64de73d484c7c4d1bb0ec2b72c71c4775f566d86d6fac07f6cb5f0fc91e1d90a62a189ae90bbec5cb
SSDEEP

6291456:wYD0323vhoJpK3d1WiE3cL0MwLwbRXShdjAvxn9tflP:m32ysticL0gbRXTpzJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2632	scriptinterpreter.exe
2648	scriptinterpreter.tmp
2796	VA-11 Hall A.exe

Loads dropped DLL 22 IoCs

pid	Process
1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2632	scriptinterpreter.exe
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2796	VA-11 Hall A.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2664	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1068	2796	WerFault.exe	38

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2648	scriptinterpreter.tmp
2648	scriptinterpreter.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1924	shutdown.exe
Token: SeRemoteShutdownPrivilege	1924	shutdown.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
2648	scriptinterpreter.tmp

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 1968 wrote to memory of 2672	1968	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe	28
PID 2672 wrote to memory of 1924	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	31
PID 2672 wrote to memory of 1924	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	31
PID 2672 wrote to memory of 1924	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	31
PID 2672 wrote to memory of 1924	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	31
PID 2672 wrote to memory of 2632	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	33
PID 2672 wrote to memory of 2632	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	33
PID 2672 wrote to memory of 2632	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	33
PID 2672 wrote to memory of 2632	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	33
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2632 wrote to memory of 2648	2632	scriptinterpreter.exe	34
PID 2648 wrote to memory of 2664	2648	scriptinterpreter.tmp	35
PID 2648 wrote to memory of 2664	2648	scriptinterpreter.tmp	35
PID 2648 wrote to memory of 2664	2648	scriptinterpreter.tmp	35
PID 2648 wrote to memory of 2664	2648	scriptinterpreter.tmp	35
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2672 wrote to memory of 2796	2672	setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp	38
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39
PID 2796 wrote to memory of 1068	2796	VA-11 Hall A.exe	39

C:\Users\Admin\AppData\Local\Temp\setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe
"C:\Users\Admin\AppData\Local\Temp\setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\is-S41DA.tmp\setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-S41DA.tmp\setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp" /SL5="$80122,239907072,185856,C:\Users\Admin\AppData\Local\Temp\setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /a
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1924
- - C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\__support\scriptinterpreter.exe
    "C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\__support\scriptinterpreter.exe" /verysilent /supportDir="C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action" /productId="2074961301" /buildId="50941660149518139" /versionName="1.2.3.0" /Language="English" /LANG="english"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\is-SCL3S.tmp\scriptinterpreter.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SCL3S.tmp\scriptinterpreter.tmp" /SL5="$5016A,569884,191488,C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\__support\scriptinterpreter.exe" /verysilent /supportDir="C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action" /productId="2074961301" /buildId="50941660149518139" /versionName="1.2.3.0" /Language="English" /LANG="english"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Windows\SysWOW64\icacls.exe
        
        "C:\Windows\System32\icacls.exe" "C:\Users\Admin\AppData\Local\VA_11_Hall_A" /grant Everyone:(OI)(CI)F
        5⤵
        Modifies file permissions
        
        PID:2664
- - C:\gog games\va-11 hall-a - cyberpunk bartender action\VA-11 Hall A.exe
    "C:\gog games\va-11 hall-a - cyberpunk bartender action\VA-11 Hall A.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 420
      4⤵
      Loads dropped DLL
      Program crash
      PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\VA-11 Hall A.exe

Filesize
3.6MB

MD5
f1e5de046b344b71beb84ca9e83e7336

SHA1
9e4d89bd7a6bc3bb964afea67972d13b9f148ff2

SHA256
03253f7dca72a9155e83914806d01b66125ae811538b405c9101327ac038eda6

SHA512
f35850e1f91885bbf723e7ea38ac8a3ef5a224b481fdb0c893d5b0598152162899a9cc1d84f4e33abdb61bf57729024f260addd76aa2b86e20adeed439f524a6

Download Submit
C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\options.ini

Filesize
97B

MD5
40ede613879f6406fd90c4bad9ba08cb

SHA1
234d1a88ecb5eb2f945f0f8959df69bc154a4677

SHA256
52a59e5417778aac32756ac0617d5b00fd47a9015e54b3865fdc17a867b58cf9

SHA512
c42b738b58298bdd8866b6f053df12a13b9eee3917e86846a7fa3d00248a7dc1c7658878c06f51d6b9e0450a4eee940c61d56ad11fe32656bd64f9341abdcaab

Download Submit
C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\scripts\jp\is-8ORL4.tmp

Filesize
34B

MD5
8273589697c604bb24074775cfe5a1d2

SHA1
395b284a7b86bcece04a72ad79ee641f92bfc5af

SHA256
f7ccbb069f0dfea3dc7cbc683a8b76d3c9e3d72a28fe8513b0a46ded53c6b3f1

SHA512
3c046e97ee9061ff46708741a4b3633f406ae9d1f95fb246f3f8e5e13b691e19542ee1fab642777a7e719fe27c53d850fe96fddbd5c7dca36d9493d521f5df95

Download Submit
C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\unins000.dat

Filesize
287KB

MD5
e1f5223e8ed4ed05c92f327a8026d89e

SHA1
5fe4edcf1323d830894ca929cc174fdf1648dda0

SHA256
a1ca124c1d7aef3f3b4b7a286b43b48f392dc752b696726e8c3ae94ddb154524

SHA512
77d5b9dfedb14b1d62c8a374527968061451e969f1402e62ff5432e0cf28e3097ac42f5837dd7b8f785158056fddff1da6fc19c2cf33ee7a729005304fd0c228

Download Submit
C:\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\unins000.msg

Filesize
22KB

MD5
b3e7d68e55acc068ec56b6698133c7d5

SHA1
2e2a4daad88882d4903a4592c020308ffdf51e1e

SHA256
a7433647dfdf59ad56bfb900009803fab135ca83c68ad79141583ee5451afcee

SHA512
c4fa5235aee2d4608a6eab5d8af8298b69810e6a9c6d93e1eb91649d1248bd45f11f734ca15e71e6d8106c014bad752d74ae0a89271d3e40276128f9cd286db2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\VA-11 Hall-A - Cyberpunk Bartender Action\Documents\Support.url

Filesize
156B

MD5
5da19fdbe14ffdce6081a5f1f92c871f

SHA1
3319efe023fcb15d7ea96d84ac197a4b12425cf2

SHA256
ff13b1335ec4e9fdfe903e626a03142b06ec962305e475f3fa0eb12b8c1fe841

SHA512
f27ea62e175aeeb376ce02220d1d20151b627f94ee3dc7a37b0accf193ac17bd112f704ebc9f20abc6bd4d6bad8c766489974f728e81c852520df1e540c5466a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\VA-11 Hall-A - Cyberpunk Bartender Action\Uninstall VA-11 Hall-A - Cyberpunk Bartender Action.lnk

Filesize
1006B

MD5
7b8a99d756800d447d1b3a6ae00c01e8

SHA1
a687b03a954e9cdb3662e5a493f246013de9ce4c

SHA256
361827eb7562bc7ba4c21a8fca1c0fc3bf88e7eb24b14e9f76eebce1abc6eef0

SHA512
e60bbf38dcca03a14a195cc6c0e0a756fdcc63753632c174a4471571c4e64bb830b2ef54798ad35b0cdd6db918f41d268ff99f499cd3179b83a1a805eef06781

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\VA-11 Hall-A - Cyberpunk Bartender Action\VA-11 Hall-A - Cyberpunk Bartender Action.lnk

Filesize
1KB

MD5
722c21a1174cba956481eb7679c20cfe

SHA1
5973478f83144001cebb062c75f67f5c575e515f

SHA256
3d224cadb2200c2589a6511728df679be72e96218ef5d86cca99eb232529b7a9

SHA512
3e7908811eb9712ec9888b2ef6ddd7fc7a46578dbcfe1e21ea4cf9bdccaa98ac74867034ef63f3557638796fa55c534829dea88884aecc6e1f6bd713b0401396

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\1207659081_english.jpg

Filesize
198KB

MD5
57eae3d84792892848cfc1d99d31627a

SHA1
18b1603f769bc77559cd8155b1bd77516fd81652

SHA256
8d15ec2cd5d4e9d8bbbbce2b8ad379dccc8db9f01e9fb4a3589f4675073a58f1

SHA512
a29dc67642c616bca710d9e2866e917bcdaafb98b8d3a926953e3a8187e275541317044b46fcaf89465f8747bdf68032beadc0652528f43696858f6f9ac5a844

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\2140144872_english.jpg

Filesize
166KB

MD5
7566698708b33bd8ba137ed985ce8c30

SHA1
bed194e6d6c53c891974091fd5ebe507da9ad13c

SHA256
d9d5408c8012549e4bff4b5b6163f1327ae46c660fd4f1fe481f3c3c49f63786

SHA512
1debe83e28461c0ed3d19200b06dda32f5cd015c89537a53b434556b9d8daa1d1dda346c7b583f1e53da11e1cf6d8b6ffa49c27a69560c108b4ed8d63aae4c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\GOG_new.png

Filesize
3KB

MD5
d5b63bdfa47ef5954917c148bacf7b13

SHA1
5302c6715d9e9b5d2768b130f3e516e175684cc9

SHA256
0804b385c1736e009fe8c3b1b14085b9b9abb40ce487360002ab4a8f3505f4e0

SHA512
b5cde681be9ad1c1211559dc4b363003bf547e8dc965dbb9560fdddfc28ee1d8f27cc534dd00864d800fd351c48694d7dc8df55fc3d8d69acf8b702c7b421aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\OpenSans-Regular.ttf

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\background.jpg

Filesize
403KB

MD5
5d046d35de0be9fd45c2eb1a7f846f39

SHA1
5d632dd247b09ad07d403810e2def96d42dc4adc

SHA256
931d6e7d93c125eeeaccb92eb756ad9ab21f1db8fb3e40f54c88d54555b743ff

SHA512
5e78eed5c6c0a2cbc078540fe81476a0fce85dbce57e868d00995734fd13fc9291d565904f355c908df5bb2b948356d0c2d1773fd1de1954b5777f9c6d787b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\progress_center.png

Filesize
1KB

MD5
ad7fc1e37e40da38dd57adc446cc6c0e

SHA1
08033265deb9b45243cfa0065d98ffe13a039e26

SHA256
2b9dae87340e66b67ab1d8247d4a137628e324969f92fe1098f95a7c5bab2f43

SHA512
dd715d74f8e1ed6ab75b7b6530b383ac47040d8baa7728be160f6d230bf485a9cc54f15f7dc85b122ce56e54d63fa4890e510dfc89d9c9344e31f789ebac8756

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\progress_left.png

Filesize
1KB

MD5
290c7612ad7a077028cd3dc78ce99673

SHA1
18995fbe39d05e4a1cafc7cc2e0f6fb745442f77

SHA256
85e39d909a7300fa2043ec42818582867b981401264b14fc5408e477ae0b4668

SHA512
799841f5b8a1056e78a49c823009750e4b93af130a6c4ff9dc6d386c06b88614e53b46a6df62f5a217d5c99da01cf4e2fe8392c73d39e81000045291cf24205a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\progress_right.png

Filesize
1KB

MD5
c25a41f022a74308d944d1e807d72f44

SHA1
83c6bbec3fb373fcc78ce0e737742100994cd6d4

SHA256
396a3351fe409328782ab138282cf9cec061a5a9540a3506700a620db1f54e7d

SHA512
d2f4449195f3e60c826cfabb52a083d829eb9d0509272977d8fdb33bc5214678949cd27d0594684594e0a3eda2351c39cec8d91923cb716ad144ccf2b966c8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\slideshow.ini

Filesize
297B

MD5
d9c00390d39eecded94ad357d2082592

SHA1
96999008f10bbde8f9aab6c7816fb8602c8cfce0

SHA256
84ee28f9baa1b7f1977075ee420e6686c4ed30445629595371613506540c75b4

SHA512
c6fdc46bb06258afde365bf8ee01e6fa080bf60877a2e3958ed308d488a60c3f87d0ad2152fc534032bf59c864aa617c72ba814bcbf892bf1d24ce5ad0b20f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\track_center.png

Filesize
1KB

MD5
3f2b0c22f8ea28dcbb82b39a16a039aa

SHA1
b3f4dfc2ea86fbdad05877b4c356b7fa8016731d

SHA256
794f9eeca7fd99846968376b76a296c927532cef1271325cbf555caa0d0d5860

SHA512
b4bf65d751717e85418947662d315ae3bcb177f60914832fefeeb95da9eddb75eb5531c62e5a5a70ff03c8a025b5a03e61ffbdecc9f483bea9684454ca9362d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\track_left.png

Filesize
1KB

MD5
55dacb00cbe2825a8540236c5777a205

SHA1
18a52ac6c741b558500fbc1716d46b4fe4471982

SHA256
a8340fb5380c922b60ea40043590dba067dcfed6e22636851691df38156a3aa8

SHA512
2ea444cc1080f20761c8d71d96fcd04ef48254cdc1dc41d1d139f459ea5613fe12f6e4bd026bf33a5c01ff038e72e05dae2f8fba33ff517dd395e1911f10ff10

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\track_right.png

Filesize
1KB

MD5
ddec70b6c49be3e8c3a7d01c2f6ff1c5

SHA1
5383271999f787c36b1dc8f3cc13c8407b195439

SHA256
f54cd6e42f2b2bc5cb8a15f6a28f1499abf094a519ebdf39f4c4e167312c9c16

SHA512
f43f94b194b5a7eafcec9e831f61042859c30e1af2e2447195bdd06b12c90982181161a1c1be5aa5223ff664f88e4891bd71cfffb7ef672d6fe4f614030e0e01

Download Submit
\??\c:\gog games\va-11 hall-a - cyberpunk bartender action\goggame-2074961301.info

Filesize
879B

MD5
08492f4b1dc75809edf61074f1cd43e0

SHA1
c26e7e2814711c2dc75bd6097bcf1c30f60f8e8f

SHA256
dd01d299082a910472fcf9c653f29186e01b885b9f57204f77f7e078948e11d8

SHA512
93bcaa9bde027484ed2802102fa1cedfb9c602639a1a321f3766eb9780764d041d4f79bd77196a1a90a93d32679a695e76bcbca1c67b08018a5460e7b466c39e

Download Submit
\??\c:\gog games\va-11 hall-a - cyberpunk bartender action\goggame-2074961301.script

Filesize
422B

MD5
4c68b28333f69b3462bd88a7670d5486

SHA1
073bb1a5c5332475e93a9f331a454f0582651d6f

SHA256
685143bdcea17273175f68a3253788939feda83b9fbf32d6791427160aa51a41

SHA512
c7fc087546e4f49476f4d202df612325bca158bac77022e5e54a94938473278df1d8cffc9f72191e6fc1450b343e4926861b965b2caf739af2b133318820ffb7

Download Submit
\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\D3DX9_43.dll

Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
\GOG Games\VA-11 Hall-A - Cyberpunk Bartender Action\__support\scriptinterpreter.exe

Filesize
1.1MB

MD5
cd0222b112878c6b1074c2354aa026f0

SHA1
395bccec3fb71ef8f0c4ceb9dee63efa21d948b0

SHA256
6dd87cb725336bcce9c75eed40fe544cd5cab32a2ea3ed09c6fa901a47db2f53

SHA512
8afaeef70f6913b898621516900c133465d5eef481217417caee012fc776c2a75fe6aa589cbf6b01f9423838be4c898f7cf2051ac8729ce22e7075bd24535f33

Download Submit
\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-0AMNE.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-4F1S4.tmp\uninstall.dll

Filesize
698KB

MD5
73e7b1edd7e389d8fddf31273b34bd14

SHA1
c4d51c194b1901b186c815101424a58419bbcb3d

SHA256
5091cd5eef67f8f4cf9ae53b52160d6bedf7245c580d8a231595ba39e55ffdb1

SHA512
1d0673f8c87a42cff4f3440527824e192c2fa3c410227ed46aa05dc2fe068f170df771777cea11f171f75b7a7897e9e0d9eb9106db56996f8c95cbe7abef5c8f

Download Submit
\Users\Admin\AppData\Local\Temp\is-S41DA.tmp\setup_va-11_hall-a_-_cyberpunk_bartender_action_1.2.3.0_(18492).tmp

Filesize
1.2MB

MD5
4eb747efa681c70c6142d6239978c37c

SHA1
e130b240ebc2c57b45254cd6b73ef36ca9d23925

SHA256
8b5709095e190aee710ca13c550312227708e2ef71de7f2a2fa0fee2a1df834c

SHA512
312111d907b8c7fc5c2aa14974eb6f3f15ac365488c89515b3cf81dd503ec6e6291e6f2674c9793d7450733c12b87ff659446b758c2549cd1c415e534a91db9d

Download Submit
\Users\Admin\AppData\Local\Temp\is-SCL3S.tmp\scriptinterpreter.tmp

Filesize
1.3MB

MD5
25909912e6190316be2fca698dc86d7e

SHA1
ddeb3a1b00e537e0cd364af87727bf4d66d39162

SHA256
5a1fa7eedda77ab1b422ec7bfa6ff22dd10449da5f3ad557c147302913cffd16

SHA512
1913ee97b93f6b2b3cb88ccf02e617bcdce54427fc5d6c4030bf5108f9143868bb98beb1e82a86269d64fce482810850fa8f6b6f2694e478eafa4b79f4bc4457

Download Submit
memory/1968-561-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1968-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/1968-131-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1968-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2632-454-0x0000000000F60000-0x0000000000F99000-memory.dmp

Filesize
228KB

Download
memory/2632-396-0x0000000000F60000-0x0000000000F99000-memory.dmp

Filesize
228KB

Download
memory/2648-408-0x0000000002040000-0x00000000020F7000-memory.dmp

Filesize
732KB

Download
memory/2648-453-0x0000000000070000-0x00000000001C0000-memory.dmp

Filesize
1.3MB

Download
memory/2672-134-0x00000000033A0000-0x00000000033AE000-memory.dmp

Filesize
56KB

Download
memory/2672-174-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2672-176-0x00000000033A0000-0x00000000033AE000-memory.dmp

Filesize
56KB

Download
memory/2672-132-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2672-175-0x0000000002010000-0x0000000002025000-memory.dmp

Filesize
84KB

Download
memory/2672-133-0x0000000002010000-0x0000000002025000-memory.dmp

Filesize
84KB

Download
memory/2672-12-0x0000000002010000-0x0000000002025000-memory.dmp

Filesize
84KB

Download
memory/2672-55-0x00000000033A0000-0x00000000033AE000-memory.dmp

Filesize
56KB

Download
memory/2672-8-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2672-180-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2672-389-0x0000000002010000-0x0000000002025000-memory.dmp

Filesize
84KB

Download
memory/2672-390-0x00000000033A0000-0x00000000033AE000-memory.dmp

Filesize
56KB

Download
memory/2672-560-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2672-388-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download