Overview

overview

8

Static

static

1

Business-E...35.exe

windows11-21h2-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    163s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-07-2024 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe

  • Size

    3.3MB

  • MD5

    e23d97827ea3c90cd85f2d11402e8940

  • SHA1

    67c01979b3516f9c3082cc05367142a74e413be8

  • SHA256

    16f7d9d609c24c5af75c0141059d49008eb9b1f016d198e224bdb486668cc7b5

  • SHA512

    e9dfd9ebf77aa615b17c05f99a5efed0c5dc993b7ca59800aa7ffa45d0d7fe4e207d0e4386c4fd9b11ceb49b5a4d28b4014ab9d6327ed86a8321cd9f3e90f646

  • SSDEEP

    98304:EyasyD6Lvd557Vh2EKTlpFGuKIKRv6owpuC:XyOT57V7jFiowgC

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe
    "C:\Users\Admin\AppData\Local\Temp\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe
      "C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe" /app "C:\Users\Admin\AppData\Local\MobiGame\\"
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4812
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2484
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3932
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\utils\sysinfo-app.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4276
        • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\utils\sysinfo-app.exe
          C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\utils\sysinfo-app.exe
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1480
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2824
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2948
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_OptionalFeature | Where-Object {('HypervisorPlatform','VirtualMachinePlatform','Microsoft-Hyper-V-All','Microsoft-Hyper-V-Hypervisor','Microsoft-Hyper-V-Services') -like $_.Name}).InstallState
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4712
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" (Get-CimInstance Win32_ComputerSystem).HypervisorPresent
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4036
      • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\MobiHelper.exe
        "MobiHelper.exe" --install-path="C:\Program Files\MobiGame" --desktop-path="C:\Users\Admin\Desktop" --local-app-data-path="C:\Users\Admin\AppData\Local\MobiGame" --parent="C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe" --playstore-json-file-path="C:\Users\Admin\AppData\Local\MobiGame\playstore.json" --google-analytics-id="27993235" --create-playstore-shortcut --api-url="https://gamestore30.emu.codes" --source="gameslolc"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1900
        • C:\Windows\system32\ie4uinit.exe
          "C:\Windows\system32\ie4uinit.exe" -show
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Modifies Internet Explorer settings
          • Modifies registry class
          PID:5024
      • C:\Windows\system32\ie4uinit.exe
        "C:\Windows\system32\ie4uinit.exe" -show
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:248
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:704
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
      1⤵
        PID:1040
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:4464
        • C:\Windows\system32\wbem\WmiApSrv.exe
          C:\Windows\system32\wbem\WmiApSrv.exe
          1⤵
            PID:3620

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
            Filesize

            2KB

            MD5

            4fb9ef95197331833aec896beabbbe64

            SHA1

            fe7c97ef597db8d7d6938cc8c6d4a0669fb1b4e1

            SHA256

            c5fb79289e4120352c3d011ea7cd3d52ebe3498437cfd6b14fe40506e7d3b94e

            SHA512

            4af3dae4ca89e3b4546f711be65ffd40e06e3b588e1e57ac4668999d997d183b5342a1ccbec80a8dda6b556604f62533bf01566a48354d147709c57a993a9378

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\ie4uinit-show.log
            Filesize

            1KB

            MD5

            37fd0568cd13565e6381251a930ea6dd

            SHA1

            3a09a7506def4f9a8c9d0c1860c278141a9ba34e

            SHA256

            caf744f05f577945ee7bcc71a5d4382b08d1bddaef0d319f808225c1d7660b80

            SHA512

            c8c6ae2e7678e900c45cd2583ee8b36ad22bca03e135e7b6ba4d2ace3685e1ee55c84835d94b8254af5779e77f61dfe5ac7ff1a7244f885a803841b5468122fb

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            1492f8a7b9c4ae30265db7f0562dedd4

            SHA1

            527e25aec7bf237714ca001d674351f8241786c4

            SHA256

            dcc7ee6a19213affd6071990485d69ca4ba06a66c34a5f33229c8e670ca9608a

            SHA512

            e1c978454a95ad17d48220f8c80d28e2c5b20dd16904d7e02a526153ecdb6f42ef3826b939a02bd46e21e9353520b4bbdc47d41a407aa23aa10adb7a00b1f7c0

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            f12fb8cf04bb2c45b51e543d52cdeea4

            SHA1

            31ae79f9929edd0e860df63287cda62ccb35d9de

            SHA256

            9fcf0601bf3447d3a5590b6df858cef29b6b37b494929a7c60e4504d10f7ad85

            SHA512

            62d8483d93b5fc120d1d6e69bb4aa98a7bc522bbc4e2f8507a1408d3840502fa0da87495c3b08e7611de84be7c591199ad79799a2053565e8df4a7d158481ec8

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            14e1ba66e122c67c708f5028de930958

            SHA1

            514af878b2c0262fd8141efebfecf92904ee7070

            SHA256

            59f3760f4a0ae7c8719218f5c6ddf469d9bf8a594a2b33fc704375b55125d851

            SHA512

            2d430e79d568d98983aaa14688e419fc76bbd6a2a9587e594f89b4ae4cf6b836ec2ce0d5c8263c0ca9959a3f02b6482cdec1f512c5d8d04f83a637acdc93dbef

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            5f49e68f5ba3c37e1c4f96ab519482c4

            SHA1

            43c9af1675765b69e0152d4b62ca19a90390feb8

            SHA256

            c99e65c00197a7022cb00a587be7524f38317c65597c0c7fa29885d1fdd8aa9b

            SHA512

            ee66ca7adb7c649a154893f43fe9537fbd3e555419c000f2a2629ee03d7207e5560b628d66b0e50874ca687bb275866f76a5a7a6c7e2c13fb61c231d9d894e8d

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            569c19c78f2823f8acf4ab985166277c

            SHA1

            952a9c21b38e1028f47c2ab025513fc1a6f88e78

            SHA256

            87f9a0d419189ba8a5b0bfb4fa0280246ec713ab2932f63ae3462c5472f0cffb

            SHA512

            b8e701714dd047a4d6fa93f29434119f99466fe4dc805500f5fb1932a42347b2e64cead4084ee280cc30856749938130d6c41bb8e4c512b4ba8a1336fc8358c2

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            89442688e8c82e87a9c74d4dadb08ab0

            SHA1

            4d90a3341007cc13304ab6e334bec225b84ef642

            SHA256

            6e122bd6dbd58133693623c110949b5768ebe579f461b756c236ca1f09861f0b

            SHA512

            dbffefe03c2e6b3344444ae8cbcf81c15bbed5314bfc5aa877ff96b56c78e1820c3fd35a78813ff6e31c5f7e0607873fef105ea8f9072c059adfc59d6db3dfd0

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\hwid.dat
            Filesize

            32B

            MD5

            3e1e629ba91eecd766d18f5a20494c45

            SHA1

            5ebf9c26e622e5f5a669ea9db7529f235208064c

            SHA256

            39f88d6d4038302a249b90e4089d90c0a706f729536921b1c58e1904d7a34c56

            SHA512

            76b71c953a4654cfb54a5d43965d8d9633ab705b2ead0ddf80ee7dc1130731e2b855175812f3c579af1986482230243a90de205f4c35d82045fa941473b19ee8

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\installid.dat
            Filesize

            32B

            MD5

            ef4340e9ae8ac81fdda08627d9ab121f

            SHA1

            72e4845e3da6da1269e71bd976b705d94b780a49

            SHA256

            f78801862f426c2578faf1a1db13900904942c0a682aa2d461d053b7d1f0359c

            SHA512

            9070c650b0940cccd22de34c8bc48ba6f53e430f8f5ee66a16dd5a7aed50f872a5be88195237b7f8193b42021ad019551420696d86780a0b3080c9abd964718c

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\logs\downloader.log
            Filesize

            4KB

            MD5

            2aaa2b1c3a018f7567a6f5dc0517c5af

            SHA1

            d7376ff99384d6c23eabd1a77c746e728c94faa8

            SHA256

            ec5d67d143bc36a9641794a0d2cfc1d5e966f4cb027b5cfcc733bb04b7905c71

            SHA512

            41c7966cb1b54e4ec0ba298552e17b07e8e971d37ebf6e3090b1a137ed82a5bf1ba628382d6815e7a61d803197fcf56a077a9080432d5226f05528f8e3133d6f

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\logs\mobihelper.log
            Filesize

            2KB

            MD5

            5fd19c097ded118f759e4269490781f2

            SHA1

            a96c7549d463fe7dd91b002c54a8e94bbf25b4b7

            SHA256

            33c43e7df67b3a5a5e0c252611f7af7e063d372647e4e2d9313cdb9960fa9013

            SHA512

            606b63513f470105b5a4b32190ae274988864f2c82cb282f393d123802229b82b182e706078f8fd48f6e082278cbe5a124631e65619497d490c879a1b26da79b

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\playstore.json
            Filesize

            537B

            MD5

            5feca042545b8c85fc30c3cdb6f36b9b

            SHA1

            53555b4f48d4945b41bf887f3ad7825159654c77

            SHA256

            e02252206a390428ec0a5ddfdb2ec048593cfb0ed967f4885e54c22224650caf

            SHA512

            5d734ab9bc5ca72014886715c49739ce42a5ae462ab5a752ce1aa3d7031cc511053459d4d762f8955aafa05c42c1ea5eb688e59aaaf978c3335de7ef00e11c65

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\sourcesettings.json
            Filesize

            5KB

            MD5

            e09ca833ccd4a626fd1da2543d5bef68

            SHA1

            7ae21f74c8b8bf564123d7e61ae11c63c5bc4e01

            SHA256

            1db566b34afa6dbab3e076f43553e0e04fdbc566542bb7fc52f5342358286991

            SHA512

            7ed39b694798759fcb6948c277261a4f84937ac439a0743cd6ee107f2377e3cf30d7400ee36fd6520531af5f1d516f5be1616116a4bcd62d2348d837acd03ada

            Download Submit

          • C:\Users\Admin\AppData\Local\MobiGame\userconfig.json
            Filesize

            154B

            MD5

            f97f3970ebf4ccd7ff1adda4825230a3

            SHA1

            5365cece98aa84a39f482039e731796812335f76

            SHA256

            e0fc86d63617a38cbbc965ee94fe6b5856b8efff380a556f349c7652930b95fc

            SHA512

            ceb06133494145c332095fe91ae8290430926a14c7763d67e515683ba402c36d736564f50724a9c2a1dc911460515e506431bed17f63be6fffe87efab54b35da

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wydkkhaf.dkf.ps1
            Filesize

            60B

            MD5

            d17fe0a3f47be24a6453e9ef58c94641

            SHA1

            6ab83620379fc69f80c0242105ddffd7d98d5d9d

            SHA256

            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

            SHA512

            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe
            Filesize

            1.0MB

            MD5

            8afdf50f0097e7fc7254c83b2b2bf097

            SHA1

            771f30d91517ce306e93b548f31bd595139255a8

            SHA256

            1c96bab3b22b9e52736982b58ff5d75eb22293aa184024ad29c4f722bf1420f3

            SHA512

            51e70ae50cc46be7670ce73c559ffa11f6cc324a0256b44f394c789b5e7fd78089b934f7a91b06d5ceba55caede217a87296bbdb0ba17e48e59dad8ca33a5e2b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Business-Empire--RichMan_com.ttterbagames.businesssimulator_gameslolc_27993235.exe.config
            Filesize

            3KB

            MD5

            6517457e21bed85a6e41e8b84942c8dc

            SHA1

            45451a32d6246265c94660030642137ff0ac4629

            SHA256

            3148b743bb5599ee95ff171d8ed7f66c48979d5993a328f9e9291c1443e0fd28

            SHA512

            e694240d22e240f3b4ba78a2d0e38b353ce1f5ea348d46e688cb60166cdd91083b5069d1cbc79f94cfbf322edbdeee3511eb9360c2a08c3002d1ca28175451a3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Microsoft.Deployment.WindowsInstaller.dll
            Filesize

            182KB

            MD5

            82eb1ccf28f3af897c2db27282b41156

            SHA1

            9f945d8b18ff0fbb5f013efe5e2ff33aef136104

            SHA256

            ced6cab3c04c08ce5705af0b6986965dbdbfda17cbd66c973bb371ed3b95f37a

            SHA512

            9458fabeae4dabf8109b9736496a01d9168312faec1c17d6eed89e8f09cbb8287d74ff758948cf07838720c11005e87a734e920be4ead275354f46a0a6176f84

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\MobiHelper.exe
            Filesize

            590KB

            MD5

            751672b3dc8e48b7632544b57e01a069

            SHA1

            a497158550201b67a8340756529c8909f13ddb5a

            SHA256

            acff977962ee68c47b786c28186b43b093ef41ec6ed617ee019f1227e17d8799

            SHA512

            96e0d9a1f15c55ab69b37ec095dda802a008c37c14a51bce6b5e04ca60d83e09bf9d69be604d0fd5f407471c959fafec0d8477856570fc8862a606a237baa97e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\MobiHelper.exe.config
            Filesize

            1KB

            MD5

            4c77703bc70d087c272b1b4f8db55c4c

            SHA1

            3bbf0cc26c0b888aedefbfb077ca1e270d3c45c3

            SHA256

            dfddd98c2f704875c1b40cd1c81005faf10a442135c2c84b9ebef51f935d4b06

            SHA512

            bb0052a2c5904e503429017c506f03122c2f4b83d0609c1d40a153848d392303c1ec441338fcb18977e6f310f634abe0bd3ecbee03cd7e468795dd2cb75f8dc3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\Newtonsoft.Json.dll
            Filesize

            464KB

            MD5

            83222120c8095b8623fe827fb70faf6b

            SHA1

            9294136b07c36fab5523ef345fe05f03ea516b15

            SHA256

            eff79de319ca8941a2e62fb573230d82b79b80958e5a26ab1a4e87193eb13503

            SHA512

            3077e4ea7ebfd4d25b60b9727fbab183827aad5ba914e8cd3d9557fa3913fd82efe2cd20b1a193d8c7e1b81ee44f04dadfcb8f18507977c78dd5c8b071f8addb

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\ResumeService.exe
            Filesize

            522KB

            MD5

            d293db543d714d4b6a959911f04982cc

            SHA1

            69c6d24cebec0d0f82b2006d9f9f9c3add831263

            SHA256

            dd31c28d11f79d4dd84c531b68fe52aa8f1076ef585bcf438d8976f8d3baf14d

            SHA512

            8abcf620c879092fcdc77b16877a9d7b50d9dd7b0e7a89187150bf03c1a7e05021cd30e30315d881ed5e819cb0d85050fdf294fa41bb8006c7cfe582fb68dc5c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\ResumeService.exe.config
            Filesize

            3KB

            MD5

            c0ecf23c7cf4e09c426ff35e83eb34b8

            SHA1

            6e42205b40fa610e3d3376cc21997745f448ced7

            SHA256

            61bcc5c65812305576bd37eb7237ac29f04f14cef3ab9b9e7e8f940d5522b393

            SHA512

            ce8ee53483211cc488df90f396fa33877866cdc862b343625c736cf676be37e95021e465d277aff503f01eee8e5883175ab6a74ba2317285e843f87285f9995d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\ServiceStack.Client.dll
            Filesize

            241KB

            MD5

            e7eeaacea4bb7ca8625dbc72f9c05177

            SHA1

            6e540e594d4e7fe1c55f2f9e406d3c0f6d02af9d

            SHA256

            67f5c0fedec2ca57fc1b3118bd772b987c01b573584c08c4264fc8030f0944f3

            SHA512

            9b45ab2f9b865da7775405eb05b805073f37590573c50b70644c6e694f2e6effa5c9b0cb15ce30b184f8afa71a382bc4bb9096599ccce8b68e130131da502c2c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\ServiceStack.Interfaces.dll
            Filesize

            169KB

            MD5

            bbaa88e5567a6b9c134f28262c54ca65

            SHA1

            5d59256abbc0226d4966cfa7f96511453736bb63

            SHA256

            2e2cf708db9d86b04c62a6273aa326225181fb739f6b950fbe2e1bd4905ecd0b

            SHA512

            eb714c554123a9405f1beb952e82f79b684995a4f567f3fb9bf934f51496eea0d325c791fddafc2105922ca51f93132db85ee8b555880ac04e0e039636c58779

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\ServiceStack.Text.dll
            Filesize

            540KB

            MD5

            01e10fdd82dff5e70eff077adc2a4528

            SHA1

            5bc845e65e732c4bbc246174eb18874140d26772

            SHA256

            57f75c075376c8977860c3bcb8d7d693289450a08b569159bf7ed1dc1824e1f1

            SHA512

            fe0f0e8c14d6a8318a1a4320e427375b309e2ab5f05286ecca7d7ce1c3047c75054cce2153233c07bf7a921d43fea3fc5093af928bb7b555de46dfa2adb55366

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\System.Memory.dll
            Filesize

            140KB

            MD5

            2bc5de386a4297144781d15b8e812b63

            SHA1

            ae6b19d49b413f1549b3540a9fbba00c1e8b3d27

            SHA256

            9c266080fb5f31e02a5005b91657093bd8c1faed23102e021a8be283c1753461

            SHA512

            e4d43c871af5c03392d2fb139fdf10c2f2da2f1d6fe0edd089e3e30369d6d350727b483c98868626f81d680400b44ee4d328e475b0017bfdeb38cdb44a8b4d4b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\System.Runtime.CompilerServices.Unsafe.dll
            Filesize

            23KB

            MD5

            a5aa80f49ad64689085755ab1ebf086e

            SHA1

            27e88cf0d2b34ea91efaa5cef9a763ee2722c824

            SHA256

            a79e1c30e9308afe4d680f0bfb82de3e8c1fe94aeca453ec4092c3ed4789ae6b

            SHA512

            f3dbd77e3a2ec3915b34d1387388abad45c99459ce03c06dc9a83d04f751b837c7b56cf9b4b7630f7fcd897a1d8057fce4cf761b1dc140a3928431b22b9b5b82

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\WixSharp.Msi.dll
            Filesize

            31KB

            MD5

            346d813cb3b38030edbe2342b21ecb0d

            SHA1

            578cc0f818bb3c414e5b806fe628a100f2eed63c

            SHA256

            4a807bec1041e2a900688f17d338a06b952a1a8e76b61f681454302753ab79ee

            SHA512

            72d6117ba66f1939fcb1f1bd89fe3a7cc5d93ae67ba7ed9927746a388eec4885986915372d5ff92176615f6e73e9ddcdff5e8feb30d2b0c17f8aaaab1e4f744a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\log4net-loggly.dll
            Filesize

            20KB

            MD5

            647ef1d7ccf030a09f17a54c5f40bbed

            SHA1

            08a71074606354e53a5c25aa9b084dfe9bef551f

            SHA256

            dc7ba0dcf33d3599c6d471cedb604e141d24a9aff9964225b8de1dfbb8a285db

            SHA512

            16d7dfc6033114c247c252f5463ab874418b609811ef31dd82365482487c6a8dcb2260f9b288fa883d3ba70c8b8836bb9e38d5bc24303db71fdcac8778b769fe

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\log4net.dll
            Filesize

            280KB

            MD5

            7c11f28d40f846515c132c5e358913bb

            SHA1

            fe7d3cd47352835016ffe5be86185165c4a09f69

            SHA256

            8cdae744cb81a397c61f9311e1bd089206783b8b173d6e8216005b84662fda1e

            SHA512

            12acfc71df4e7d24fe0ac9de97d21dcd651480fd0c9e46035cd3a2f3fe1ee6833fc9679cda0b07ffa33bb6ff0a97b6d28f3fa161747990b18cea73c22bf124c8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\pcgame_C585948B\utils\sysinfo-app.exe
            Filesize

            234KB

            MD5

            2b30334153d41d8c762207309be73d92

            SHA1

            a54f5fa79252b1b9968f6e1a44fde7f007a12548

            SHA256

            9b4eee17b496a35e88b5f1631ba21c2bee262b3c6da0024c18e3d1b7996b3484

            SHA512

            cc9972e8f8952bef7364b00d269848a918c47bd4fb66cb0fbc97ea7c74dab467ca7fa694c79a3d07cff45869fe9bd6643a3291b4fd83c53c544320470ab78aeb

            Download Submit

          • memory/1676-55-0x0000020F36710000-0x0000020F3678A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/1676-50-0x00007FFC7B4F0000-0x00007FFC7BFB2000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/1676-204-0x0000020F36670000-0x0000020F36678000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1676-140-0x0000020F36640000-0x0000020F36666000-memory.dmp

            Filesize

            152KB

            Download

          • memory/1676-137-0x0000020F35A30000-0x0000020F35A60000-memory.dmp

            Filesize

            192KB

            Download

          • memory/1676-135-0x0000020F365F0000-0x0000020F36632000-memory.dmp

            Filesize

            264KB

            Download

          • memory/1676-44-0x00007FFC7B4F3000-0x00007FFC7B4F5000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1676-45-0x0000020F1B3B0000-0x0000020F1B4B6000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1676-201-0x0000020F35A00000-0x0000020F35A08000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1676-199-0x0000020F359F0000-0x0000020F359FA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1676-313-0x0000020F39450000-0x0000020F3949A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1676-328-0x00007FFC7B4F3000-0x00007FFC7B4F5000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1676-52-0x0000020F1D1E0000-0x0000020F1D1EC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/1676-202-0x0000020F35A20000-0x0000020F35A28000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1676-362-0x00007FFC7B4F0000-0x00007FFC7BFB2000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/1676-47-0x0000020F1D210000-0x0000020F1D25A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1676-203-0x0000020F35A10000-0x0000020F35A18000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1676-49-0x0000020F36680000-0x0000020F3670E000-memory.dmp

            Filesize

            568KB

            Download

          • memory/1900-419-0x000002597F120000-0x000002597F2E2000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/1900-379-0x000002597BB10000-0x000002597BBA6000-memory.dmp

            Filesize

            600KB

            Download

          • memory/1900-421-0x000002597F820000-0x000002597FD48000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/4812-67-0x000001739EF10000-0x000001739EF32000-memory.dmp

            Filesize

            136KB

            Download

          • memory/4812-71-0x00000173B75E0000-0x00000173B760A000-memory.dmp

            Filesize

            168KB

            Download

          • memory/4812-72-0x00000173B75E0000-0x00000173B7604000-memory.dmp

            Filesize

            144KB

            Download