42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c

Analysis

max time kernel
50s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
01/07/2024, 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
Size

286KB
MD5

60172ca946de57c3529e9f05cc502870
SHA1

de8f59d6973a5811bb10a9a4410801fa63bc8b56
SHA256

42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c
SHA512

15d37af3cab96fc9026a1898e09c775fe0d277098a3fe20c2e591272de996a243850d43f3b48b4c037c5fed359e57795a7cf1652547d7ad8b16b186ab9508792
SSDEEP

3072:lFi6z/VXzAf3ocMNqB3r1Josf+OMhERMlm+twHBumSYyDgIoIPM7l0UGHM7:lxFSIjs+OM2eLFmSFgIZk7+HM7

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2348	setup.exe
1300	GamePall.exe

Loads dropped DLL 16 IoCs

pid	Process
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
2348	setup.exe
1300	GamePall.exe
1300	GamePall.exe
1300	GamePall.exe
1300	GamePall.exe
1300	GamePall.exe
1300	GamePall.exe
1300	GamePall.exe
1300	GamePall.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Windows\CurrentVersion\Run\GamePall = "C:\\Users\\Admin\\AppData\\Roaming\\GamePall\\GamePall.exe"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	GamePall.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
1300	GamePall.exe
1300	GamePall.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1300	GamePall.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 2348	1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe	70
PID 1588 wrote to memory of 2348	1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe	70
PID 1588 wrote to memory of 2348	1588	42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe	70
PID 2348 wrote to memory of 1300	2348	setup.exe	71
PID 2348 wrote to memory of 1300	2348	setup.exe	71
PID 2348 wrote to memory of 1300	2348	setup.exe	71

C:\Users\Admin\AppData\Local\Temp\42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe
"C:\Users\Admin\AppData\Local\Temp\42ceb2252fec41fd0acc6874b41c91e0ba07c367045d6a9a7850d59781c2584c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
    C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Control Panel
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1300
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=2816 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=2968 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3964 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5844 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=9972 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe
      "C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=12620 --field-trial-handle=2820,i,9776682775118860606,3515100178303009704,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
      4⤵
      PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1300_699522384\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1300_699522384\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
2545f8d80edd60999be5d188ec78f90f

SHA1
dc311b1dade4b78804ea156dbdd8c96297d34af6

SHA256
346b46dd61958a259891daec2879bf680ae23d5265f71abceb0a0eeeda02cee5

SHA512
f01996e5e8b5f6e41d17d0bfdff40943469391512546869550e901e5b74368807dc8ce228f761a4ef67ab4568c913a0aeea69b856e13140bcefab5c36521d4a6

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
831B

MD5
66fe8c51e98a5cab9b9be0095cec028c

SHA1
754cee2677910b2b55b25e5f477faa4e58365cf5

SHA256
9508f2b92412d59bb4bd2d79239d1942772096a4b3fe04644583a625018c43d1

SHA512
9e5f9cee93db07adc7840b4f4b2959d8563b4d3bcf611e46152c889c7e6916056bac262a5d62919d13fb32546aa1ace9b0d166519fed39b6749c2719067c516f

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe59b6d3.TMP

Filesize
529B

MD5
e68b063a0e195d569839eaf798e8068b

SHA1
06d5c10181028313f3285ddbe403f0df661e766f

SHA256
9fbf792b02730046d9c490a04d7f1de42981a89699d8c929537eb223264fc650

SHA512
8d3db8907aadf95cd63feac51daa1e383abd3389aae73b0a271cc278ee8c63de2e1556e3c40e61218737c19f1d2477be0fdb3b38114a7a9e51a79ac0dc8f4e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8F8B.tmp\liteFirewall.dll

Filesize
81KB

MD5
165e1ef5c79475e8c33d19a870e672d4

SHA1
965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5

SHA256
9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd

SHA512
cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\D3DCompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\GamePall.exe

Filesize
289KB

MD5
7a3502c1119795d35569535de243b6fe

SHA1
da0d16bc66614c7d273c47f321c5ee0652fb5575

SHA256
b18fefb56ed7b89e45cec8a5494fbec81e36a5cb5538ccbb8de41cce960faa30

SHA512
258b111ac256cd8145cbe212d59dff5840d67e70effd7cddc157b2a3461b398bbc3446004980131faa6a8762c19305f56e7b793f045331b56b8bd17d85b884c4

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\Xilium.CefGlue.dll

Filesize
855KB

MD5
b03c7f6072a0cb1a1d6a92ee7b82705a

SHA1
6675839c5e266075e7e1812ad8e856a2468274dd

SHA256
f561713347544e9d06d30f02a3dfcec5fe593b38894593aeedf5700666b35027

SHA512
19d6792eb9ba8584b94d0d59e07ce9d1c9c4da5516490f4abce5ae0d7d55b357bda45b2093b3e9eb9d6858061e9d3f530a6655c4779a50c911501ae23925c566

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\chrome_100_percent.pak

Filesize
641KB

MD5
3404dd2b0e63d9418f755430336c7164

SHA1
0d7d8540fdc056bb741d9baf2dc7a931c517c471

SHA256
0d3fca7584613eb1a38baf971a7dd94f70803fc130135885ec675e83d16a4889

SHA512
685d63633db8a57d84225c2b92c92016e1ce98ba2bf8d3ddace2eb120b3bcf84c718787d59db6ec61f34cf91cb651500b4e4ff0ac37aeb89561cdcc586946c80

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\chrome_200_percent.pak

Filesize
993KB

MD5
3fbf52922588a52245dc927bcc36dbb3

SHA1
ef3c463c707a919876bf17c3e1cd05c0d2c28ca9

SHA256
c6fe346106c5e4950161ed72eb0a81fe3537a94e4a59461aaf54e750d1904f76

SHA512
682eb6d61b564c878fdb971a6439fcda9f1e108bd021a32e8990b68b1338986a4866a0965dea62567501c8826d43cebf2b7c8be8323de415a75e8d89a9d592e7

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\images\0.jpg

Filesize
4KB

MD5
269225983ae322ac3fccf0c9a73bf42b

SHA1
f50796253f0a1f4e10b9519bce87f4ed4a3af8c6

SHA256
49c704ccfc2f4d15fa7cc9ea31be4cd362b3b65c7f1e858118197668b142126d

SHA512
a4a5ab388372d54d9906c8dd25e60cf1163960c8680a9c80d801078f404c0313d9a8dd5b252fd88a2882a03545573791a83a8358a2be38820295852d27ad5c34

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\locales\en-US.pak

Filesize
424KB

MD5
feab603b4c7520ccfa84d48b243b1ec0

SHA1
e04138f1c2928d8eece6037025b4da2995f13cb4

SHA256
c5b8fbdbb26f390a921dcacc546715f5cc5021cd7c132fd77d8a1562758f21f4

SHA512
e6b3970a46d87bfd59e23743b624da8116d0e1a9912d014557c38fd2664f513e56317afa536df52e7e703863fbd92136be57ee759a2ffc2958ab028f6287e8b7

Download Submit
C:\Users\Admin\AppData\Roaming\GamePall\resources.pak

Filesize
7.8MB

MD5
f7ec58aea756f3fd8a055ac582103a78

SHA1
086b63691f5e5375a537e99e062345f56512a22c

SHA256
517418184ea974c33ffe67b03732d19b1234dcb9e5c1c2e9e94ed41b3bc1d064

SHA512
c620c6e16bbcee9bc607e6ca75d602c756276ac69e5f3761d82de7728164133656a71a69043eb1a86ce3051fde4327a47efd41d1ff47c8385699ca67c423ad7b

Download Submit
\Users\Admin\AppData\Local\Temp\nsaE12A.tmp\INetC.dll

Filesize
21KB

MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0

SHA1
d850013d582a62e502942f0dd282cc0c29c4310e

SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

Download Submit
\Users\Admin\AppData\Local\Temp\nsaE12A.tmp\blowfish.dll

Filesize
22KB

MD5
5afd4a9b7e69e7c6e312b2ce4040394a

SHA1
fbd07adb3f02f866dc3a327a86b0f319d4a94502

SHA256
053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

SHA512
f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

Download Submit
\Users\Admin\AppData\Local\Temp\nsaE12A.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
\Users\Admin\AppData\Roaming\GamePall\Newtonsoft.Json.dll

Filesize
560KB

MD5
8f81c9520104b730c25d90a9dd511148

SHA1
7cf46cb81c3b51965c1f78762840eb5797594778

SHA256
f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886

SHA512
b4a66389bf06a6611df47e81b818cc2fcd0a854324a2564a4438866953f148950f59cd4c07c9d40cc3a9043b5ce12b150c8a56cccdf98d5e3f0225edf8c516f3

Download Submit
\Users\Admin\AppData\Roaming\GamePall\chrome_elf.dll

Filesize
1.1MB

MD5
207ac4be98a6a5a72be027e0a9904462

SHA1
d58d2c70ea0656d81c627d424f8f4efccef57c86

SHA256
2ba904da93acc4766639e7018ac93cc32aa685db475f3a59b464c6bc8b981457

SHA512
bfb6c58774829db3d5fadc92cb51477ff4eac8fb934db6583a312bb1157468f6dd3a4a3afaf25a687b74890dc8a69857a12d0b38b18d83e82836e92e02046ff3

Download Submit
\Users\Admin\AppData\Roaming\GamePall\libEGL.dll

Filesize
369KB

MD5
8bc03b20348d4febe6aedaa32afbbf47

SHA1
b1843c83808d9c8fba32181cd3a033c66648c685

SHA256
cbee7ac19c7dccca15581bd5c6ad037a35820ddfe7c64e50792292f3f2e391e6

SHA512
3f9eec2c75d2a2684c5b278a47fb0e78b57f4f11591fac4f61de929f716bbaa8f7df05e10390408ad6628538611541548c26869822372e9c38d2c9c43881651e

Download Submit
\Users\Admin\AppData\Roaming\GamePall\libGLESv2.dll

Filesize
6.3MB

MD5
63988d35d7ab96823b5403be3c110f7f

SHA1
8cc4d3f4d2f1a2285535706961a26d02595af55c

SHA256
e03606b05eeaed4d567ea0412350721c0d566b3096b18c23bd0b3fcde239e45a

SHA512
d5f5aca00be9e875fcd61531cc7f04f520fb12999e36e4fe06beaae491b47d2e9fe182015db1cbfbb8e78cf679f2eb49e20ecdf1b16d1d42058d6f2d91bc3359

Download Submit
\Users\Admin\AppData\Roaming\GamePall\log4net.dll

Filesize
269KB

MD5
7ea1429e71d83a1ccaa0942c4d7f1c41

SHA1
4ce6acf4d735354b98f416b3d94d89af0611e563

SHA256
edec54da1901e649588e8cb52b001ab2aec76ed0430824457a904fcc0abd4299

SHA512
91c90845a12a377b617140b67639cfa71a0648300336d5edd422afc362e65c6ccd3a4ff4936d4262b0eaf7bae2b9624bcd3c7eec79f7e7ca18abe1ec62c4c869

Download Submit
memory/1300-144-0x00000000052F0000-0x000000000533A000-memory.dmp

Filesize
296KB

Download
memory/1300-156-0x0000000006840000-0x0000000006B90000-memory.dmp

Filesize
3.3MB

Download
memory/1300-155-0x00000000065D0000-0x00000000065F2000-memory.dmp

Filesize
136KB

Download
memory/1300-154-0x0000000006440000-0x00000000064D0000-memory.dmp

Filesize
576KB

Download
memory/1300-149-0x0000000005F30000-0x0000000005F96000-memory.dmp

Filesize
408KB

Download
memory/1300-150-0x0000000005FA0000-0x000000000603C000-memory.dmp

Filesize
624KB

Download
memory/1300-148-0x0000000005850000-0x000000000592C000-memory.dmp

Filesize
880KB

Download
memory/1300-140-0x0000000005930000-0x0000000005E2E000-memory.dmp

Filesize
5.0MB

Download
memory/1300-139-0x0000000005390000-0x0000000005422000-memory.dmp

Filesize
584KB

Download
memory/1300-138-0x0000000000A40000-0x0000000000A8E000-memory.dmp

Filesize
312KB

Download