Overview

overview

7

Static

static

3

TETR.IO Setup.exe

windows7-x64

7

TETR.IO Setup.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

TETR.IO.exe

windows7-x64

1

TETR.IO.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

3

resources/elevate.exe

windows10-2004-x64

3

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$R0/Uninst...IO.exe

windows7-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TETR.IO.exe

  • Size

    168.2MB

  • MD5

    320d2c73c633341c2b114c796d941161

  • SHA1

    09fe45a79a6d6accbc20e6a84ae169a82531f0d4

  • SHA256

    eb12da60c8f3c26bc96406b06b38718b23f13f22c74f56b8196968fe386fe9eb

  • SHA512

    da784359301460e681f62108ab61fd253be11ab76f05fc4e593d52cf31d420c7b28455205a73c85aff4096b907e9004a71614298a31c43684f6d87406475f8b2

  • SSDEEP

    1572864:TQqT4eFUirK1e2zSQ5Rcw/N5cae/bHhrPdacyodvcPSBoHESUlyAzl/5:FBKRcAMyAzB5

Score
7/10
execution

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs

    Using powershell.exe command.

    execution
  • Modifies registry class 7 IoCs
  • Suspicious use of WriteProcessMemory 59 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
    "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "chcp"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:556
      • C:\Windows\system32\chcp.com
        chcp
        3⤵
          PID:3420
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:1240
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:4708
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:1364
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:4832
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:4952
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:4276
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:3532
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:3652
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:4684
      • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
        "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=gpu-process --disable-gpu-sandbox --disable-gpu-vsync --disable-gpu-vsync --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        2⤵
          PID:3552
        • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
          "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --mojo-platform-channel-handle=2124 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
          2⤵
            PID:4220
          • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
            "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2480 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
            2⤵
              PID:4328
            • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
              "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1800 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
              2⤵
                PID:3836
              • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
                "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --mojo-platform-channel-handle=3832 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
                2⤵
                  PID:1036
                • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
                  "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1292 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
                  2⤵
                    PID:4136
                  • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
                    "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --disable-gpu-sandbox --disable-gpu-vsync --disable-gpu-vsync --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1192 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
                    2⤵
                      PID:5104
                    • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
                      "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1308 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
                      2⤵
                        PID:4852
                      • C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe
                        "C:\Users\Admin\AppData\Local\Temp\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3996 --field-trial-handle=1928,i,11168710604553663731,11341757735679743899,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
                        2⤵
                          PID:1260
                      • C:\Windows\system32\AUDIODG.EXE
                        C:\Windows\system32\AUDIODG.EXE 0x410 0x304
                        1⤵
                          PID:1472

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                          Filesize

                          3KB

                          MD5

                          06d16fea6ab505097d16fcaa32949d47

                          SHA1

                          0c1c719831fa41cd102d0d72d61c0f46ec5b8de8

                          SHA256

                          54e15de2bef9f651d7717e2a336ac6b2ea2b723e6f29d2b153d8fbbc89aef723

                          SHA512

                          03c00f1eebb51cec11703141ae9d9c3ac589f5495bc04d8a4b043714089a9d50bd3a520e4d72b4a4c99f5b9bf5f689bf2585fa5c7d4ddbe6f71cbba0172f593a

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                          Filesize

                          53KB

                          MD5

                          a26df49623eff12a70a93f649776dab7

                          SHA1

                          efb53bd0df3ac34bd119adf8788127ad57e53803

                          SHA256

                          4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

                          SHA512

                          e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                          Filesize

                          2KB

                          MD5

                          2f87410b0d834a14ceff69e18946d066

                          SHA1

                          f2ec80550202d493db61806693439a57b76634f3

                          SHA256

                          5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

                          SHA512

                          a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                          Filesize

                          2KB

                          MD5

                          7a1e03fe1039bf494d77070f2c583626

                          SHA1

                          bb6b31d644873fea13cb3c37e6225670b5682c8b

                          SHA256

                          53bb6e31c2534c61d2bb23c0ef4d9550c1b9361610bd01ef1816a97297147ed2

                          SHA512

                          e45c36ab8a4ba0c84783b2ddb2c26a9ab66cd5d26f1f0999b1288656288b1f8f33922a92c05641e6dfad03fac708525a1a37815d8ce1088ed0c72217e2f82827

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4ijdtcam.swo.ps1
                          Filesize

                          60B

                          MD5

                          d17fe0a3f47be24a6453e9ef58c94641

                          SHA1

                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                          SHA256

                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                          SHA512

                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\be14aa93-1a41-4859-b0af-24d1c270ae55.tmp.node
                          Filesize

                          95KB

                          MD5

                          e9dd3524a69d66b498da49581e72b70b

                          SHA1

                          b6ade7129a96d3be63d01da67f3917451b4eb999

                          SHA256

                          7aca2ed3da7e033d1a4251f7a92b774bbd8b794734ae8bac750d86dbaf62385f

                          SHA512

                          154c11f4d78f160c76f5610e3efde82eaea5159fb7eefb0e8bd5da129a0fecccfceeceb4102488ba36d881733f808959c57cf85dd150232d1f493f08d3d2a929

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                          Filesize

                          2B

                          MD5

                          f3b25701fe362ec84616a93a45ce9998

                          SHA1

                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                          SHA256

                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                          SHA512

                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index
                          Filesize

                          48B

                          MD5

                          dc35a97d7c5dc0aadfe26a4e64412d71

                          SHA1

                          e3b1bb4229330127cf0b7200170b779a2975cd65

                          SHA256

                          0454d82a15fbdefe9adb41d23005f697c4c4777e0ddb6f03d1dacbc139d7c263

                          SHA512

                          5aa5170257616dc6f7edc7e74df966248dbbaa2b819ca79fdbad54909a06b60af996350cfab75d73a97b03a37c8870d1c64c21045fb69da834e5182e8bde5b0f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index
                          Filesize

                          480B

                          MD5

                          d4499e45d867be25064f15051303a2c2

                          SHA1

                          2c8fed974393982dc12cdaf0a4a286cc17becca0

                          SHA256

                          9c6613139b949ee0e34796e718979884abeca9639d9b845467aa1b082a344e98

                          SHA512

                          f0894eaf30e02ef258b57c4e3710cedcaad04ce8be0ee53ee74fb22c96f315e30e4dee9455f1fc70fd17508c7464aa5d6d4bf57fffabe9f69a2fa3dbe9db7aa2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index
                          Filesize

                          168B

                          MD5

                          f9065b85a49fd29a8eae1c8db482f8ab

                          SHA1

                          5be3d9055db0426c6d4edb850ac7ace032c6d8b1

                          SHA256

                          8637a1bfdc7bf6dffa333c38de19c9a0c961971e9c8d06c2f73af211c4324300

                          SHA512

                          1b732c42e0bb0f1376007c4c9e4d1a3f090b459cb9e842bb74fda589765906e51325ff5cee4c2d02e6e94dcd992d9bb9d27a9d5eb0d31314f04f8c3ebd5ed0f6

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State
                          Filesize

                          718B

                          MD5

                          32a0598c0f05d7f2e1b91874bc47d8ce

                          SHA1

                          3f93b4c66a4aad6fdd547c31a6077da304d7fabd

                          SHA256

                          6e9761ef6656f84bdee1aaa4e091c5c0e9d06ab927f0bfbbc3aee5310ae671fe

                          SHA512

                          cd497769c3bd7e0088492f7308e20b754492e0d065c2591377f08bd81c211616579643a4b1c501a66934d5fd47655a5969c9fcce896cebc17c74b76b16f78efd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State
                          Filesize

                          59B

                          MD5

                          78bfcecb05ed1904edce3b60cb5c7e62

                          SHA1

                          bf77a7461de9d41d12aa88fba056ba758793d9ce

                          SHA256

                          c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

                          SHA512

                          2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State
                          Filesize

                          718B

                          MD5

                          b4e0c80de4a1718d7a259eb1c10c4003

                          SHA1

                          8ef2ede68cef4b833fe6b137b5730e96ffc142a0

                          SHA256

                          84dc648b54f201fe8696d7c49aa0c21ed494135bc890f02673a2f46fff40030e

                          SHA512

                          c7ff5ad9461ef3fdd580b711f4bb01b60a667556a035a6596febb8bf878ee4af841c8bcbf35a61b9fea59fd76e535517773b6fe19e97fd9a59aae52da30eccfd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State~RFe58a5ff.TMP
                          Filesize

                          59B

                          MD5

                          2800881c775077e1c4b6e06bf4676de4

                          SHA1

                          2873631068c8b3b9495638c865915be822442c8b

                          SHA256

                          226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                          SHA512

                          e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          1KB

                          MD5

                          a9867c2a922082248649b2ad16b418bd

                          SHA1

                          0466562e555249e6fc0db3aab61ee71e10f08caf

                          SHA256

                          afbc1239161bf8ac4db2e59dd68a2f2fd65ad0762a827d36af63f5d1a773a00f

                          SHA512

                          43a790108fa3744cd1c2aa34da05a572817b765bfa05522b8107d45480b4bd3711da886271340999646d20f5014bf81138936739b8f7b09f9ca5d2ea405d3cd9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          857B

                          MD5

                          ff32b76db37c812d6483114886ae9abc

                          SHA1

                          7c64aca8e273296a483ae854ceea41badf7a3f87

                          SHA256

                          cbdbe0d8523c693dfbb4d7723d6c6569db6fb02491da30308892b5db496acf3c

                          SHA512

                          22228e020b427d46bb2d096527765c70305ac75cb1aa389457c7a845ff07d1ab77c3aaad12d5258ddbec3a16b4316ec2102991b28ee24afe190b718bd2077b95

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          857B

                          MD5

                          1506d240e12f3451eae5de6cc138ca7a

                          SHA1

                          8c844984a5b1ac41602b1b7ba5629771614063e5

                          SHA256

                          83b4e403eeac95826d3324eb2c51e77916e247113e49e81c9e7a9705d061a8cd

                          SHA512

                          5ffc07c9701ad22af77f1ff09b45164c79a48a3210e1424ab0a66bc86c77112e0d7b42d85ecace35c10684b2f108f77660f7f79b453f7cff61306cb721e5ebc4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          857B

                          MD5

                          bc0af763b7390d0b9c95819ea538dfc1

                          SHA1

                          0f045699cd4d6cea9454ad014751ef3a6efbd8c3

                          SHA256

                          8c12d2b1a027980ced9f32ee59ae95d296614324ddbdbdffd357c25597a6ab5c

                          SHA512

                          c44c243c60ccbf515802c50554aa46ff14951ace77987bb03dfaa05c44369e87fb8b89dbc0a74cd6c1e546fa1f9a8b484f5c494f5f83fcfad91c54a6d4074a36

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          1024B

                          MD5

                          44f92e531dcf73eafbce594e0d82c1fe

                          SHA1

                          9e0a85ad83f1818ce36a8a16f3aae6098f137fc9

                          SHA256

                          2fc205263b57094b1d46239803ab4d561fac756060c55c25d35c6802eabee5a5

                          SHA512

                          f05e84642048e475e731a84424d9dd7573d647c8dec5e8a37c76c69a227307ad2bae4353aae6d411ec0ae7280c74ce99914b47b2d1c389a60661ba2a48faf428

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          1KB

                          MD5

                          e4c82061e87bdd11f68104bd3d336304

                          SHA1

                          1e9ebb1251612be5dacabe34fe283550a55f92e9

                          SHA256

                          76b07dab7aa7a1d64c4354333a86ca5d742627d6272c097fc76f36594d2cbd4a

                          SHA512

                          ff734d5f058c9bcd4ac5db5678cbb9d57672e8cda0a680ff80db5beca02d85188d705cb0ba6b3ada44bf14a3b9d9fab05116891162c55dc3970cc40c62957515

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity
                          Filesize

                          857B

                          MD5

                          947b0113d4d7f8243e4b199e87ba9de0

                          SHA1

                          9f005b42e24e31c4a3172e310a9876e7c09138b8

                          SHA256

                          234fe99cf866bdc4a06e99afcfef9419819895b6dd93155432bbf30f1f5fda15

                          SHA512

                          405c425076012b9a0623e087de38c025b6890da18c70ab186608d4fecc7448efc2884f0b26780058e15601874b7acf1c92d95b302f7c67cb06158639bccd3fba

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity~RFe583a26.TMP
                          Filesize

                          690B

                          MD5

                          d01aef5b25469c22c8cd1362d645065b

                          SHA1

                          eea3a371010cf58e92b6154c691ae37cf979f6ac

                          SHA256

                          1fc0f0adcf5462e5cafb665d60d34365d31e99ec39bf6731e96b9da0c25ef74f

                          SHA512

                          7d8cc563b7b5430bfc37ae03fda1770364fd341475edcca1635f8cefd1ab5bb3e69107f6c91c465be27582a683f4c50626c449ac390c8ce94b98f66e80b11911

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\tetrio-desktop\Session Storage\CURRENT
                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          Download Submit

                        • memory/1364-244-0x00000217B0CC0000-0x00000217B0CEA000-memory.dmp

                          Filesize

                          168KB

                          Download

                        • memory/1364-245-0x00000217B0CC0000-0x00000217B0CE4000-memory.dmp

                          Filesize

                          144KB

                          Download

                        • memory/1364-181-0x00000217B0FD0000-0x00000217B1046000-memory.dmp

                          Filesize

                          472KB

                          Download

                        • memory/1364-170-0x00000217B0F00000-0x00000217B0F44000-memory.dmp

                          Filesize

                          272KB

                          Download

                        • memory/3836-227-0x0000021C9C670000-0x0000021C9C71C000-memory.dmp

                          Filesize

                          688KB

                          Download

                        • memory/3836-226-0x0000021C9BFF0000-0x0000021C9C09D000-memory.dmp

                          Filesize

                          692KB

                          Download

                        • memory/4136-444-0x0000017F40FA0000-0x0000017F4104C000-memory.dmp

                          Filesize

                          688KB

                          Download

                        • memory/4136-443-0x0000017F40EF0000-0x0000017F40F9D000-memory.dmp

                          Filesize

                          692KB

                          Download

                        • memory/4328-124-0x00000233D0A00000-0x00000233D0AAC000-memory.dmp

                          Filesize

                          688KB

                          Download

                        • memory/4328-123-0x00000233D0950000-0x00000233D09FD000-memory.dmp

                          Filesize

                          692KB

                          Download

                        • memory/4328-53-0x00007FFEA1350000-0x00007FFEA1351000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/4328-52-0x00007FFEA18E0000-0x00007FFEA18E1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/4952-59-0x00000232B3E10000-0x00000232B3E32000-memory.dmp

                          Filesize

                          136KB

                          Download

                        • memory/5104-472-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-473-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-474-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-471-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-470-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-466-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-465-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-475-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-476-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/5104-464-0x00000146EB190000-0x00000146EB191000-memory.dmp

                          Filesize

                          4KB

                          Download