The BH2000.exe will call two target: + the Bh.exe is the main menu+ the beachhead15.exe (256 colors) and beachhead16.exe (16bit colors) is the campaign mode. If click on those file and run directly, it start in windowed mode already (!!!) but stuck in top left of screen. Regardless, I can see why Dxwnd had a trouble to hook a game that calling multiple target.

Beach Head 2000 Free Download Full Version Exe

Yes, I noticed that. I believe that beachhead15/16.exe don't start in windowed mode, but simply it expects that the screen mode was already set by its father BH2000.exe or brother Bh.exe.By the way, Avast found beachhead15.exe (and not beachhead16.exe) infected by malware gen on Win7 and not on Win10. Likely it is a false positive, but I'm just telling you.

The problem with this game is its splitted logic: if you check the running processes or simply look at the calls within each module, Iyou can see the folllowing:- bh2000.exe is an invisible and mute frontend. Its purpose is to run, in turn either BH.exe or one of the twin programs beachhead\beachhead15.exe or beachhead\beachhead16.exe- bh.exe is the program that show the game main menu and some intro stuff, options and everything is NOT 3D. It also checks the video modes and sets a 640x480 resolution with either 15 or 16 BPP color depth. When it terminates, it tells its father bh2000.exe the chosen action through the exit code- beachhead15.exe and beachhead16.exe are the actual 3D gun engines for 15BPP and 16BPP video modes respectively.

So, the current situation is that I got a valid DxWnd configuration for bh2000.exe and beachhead\beachhead16.exe, so that I can separately run a useless menu and a new game. All these configurations, though, require DLL injection.To make the whole stuff working there is the need to hook the invisible bh2000.exe and make it propagate the DLL injection to its son, a thing that in theory should work, but so far the hooked bh2000.exe refuses to work.

First hands-on activity was observed two hours after initial compromise, when Trickbot downloaded and executed Cobalt Strike Beacons. To guarantee execution on the beachhead host, multiple payloads were used. One of the Cobalt Strike Beacons was the same payload and command and control infrastructure as used in a prior case. The initial access method for that case was IcedID, which shows that the threat actors utilize various initial access methods to get into environments and accomplish their goals.

2ff7e9595c