37f9ef58121be8aea583bce2112f5192bbff22aa3eda063f1978626bc42d6177

Analysis

max time kernel
146s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe
Size

4.2MB
MD5

322f6e2c296183cbd2d177304e896b6d
SHA1

1271eaa59e3451a331613c4c6a529bbba1f8334b
SHA256

37f9ef58121be8aea583bce2112f5192bbff22aa3eda063f1978626bc42d6177
SHA512

a87ab7e218515187c031e21e8a19c443a2d35b2231c94a23da7e7ee622c05d7224d302f6e4c244bc9554a05cbe2130a8c3610a151ed4e6a55192db172d16f224
SSDEEP

98304:9WTFeiFYbqNMQZyXNG2NbAHfr88Owb/v30uRLEqJ3oNURsUmE:sxXabqN2k1T8GXHRLXJ3oKNmE

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3228	MiniClient.exe
4144	GameRender.exe

Loads dropped DLL 1 IoCs

pid	Process
3228	MiniClient.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	GameRender.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2340	4144	WerFault.exe	95

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\GameRender.exe = "9999"	GameRender.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3228	MiniClient.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3228	MiniClient.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3228	MiniClient.exe
3228	MiniClient.exe
3228	MiniClient.exe
4144	GameRender.exe
4144	GameRender.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 3228	892	SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe	94
PID 892 wrote to memory of 3228	892	SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe	94
PID 892 wrote to memory of 3228	892	SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe	94
PID 3228 wrote to memory of 4144	3228	MiniClient.exe	95
PID 3228 wrote to memory of 4144	3228	MiniClient.exe	95
PID 3228 wrote to memory of 4144	3228	MiniClient.exe	95

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\MiniClient.exe
  "C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\MiniClient.exe" -anzhuang
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\GameRender.exe
    "C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\GameRender.exe" -ptype:4 -cp:0 -biw:786508 -from: -ha:1 -useiecookie:0
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:4144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 2132
      4⤵
      Program crash
      PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4144 -ip 4144
1⤵
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\GameRender.exe

Filesize
608KB

MD5
0d50650038b3c1f054ebca3383204008

SHA1
28a33c7141abd4bb893a64d66e078301d3ec538f

SHA256
d254cec5a991aab692bc0607f86d0c14f4d0a6664c521f4c51f0260369c6e5af

SHA512
c1d257a544c7dafc8262cb0aeb0bead9a9ef385b304c4f983ff59b7282bd4d3812c6558817479a9d1a212822ace7756041aabe7873c0a3865523b831c1561110

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\MiniClient.exe

Filesize
4.5MB

MD5
936955d0c2959a3ffb8c586718d8e6b3

SHA1
01c04741b3e77de7ebdb598a0a8dd3b967dfffb8

SHA256
dd190e210e545d39cf304cfcaf4335803e907553aa6547103a8b21b9656b88e8

SHA512
a8e478a252ced5ed1025c8b299624f246fb1929d864ae497152cbeb75a1d55475df947d790bf77bf7a4a179fa886ce57d0550020b83636b9e9973618675013df

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\game.ini

Filesize
81B

MD5
dab9adc314be606c79c3095c0d5a47b5

SHA1
8b29ffd372d1bd179fcc6d2f728cae1bd528ab5c

SHA256
0946b9312c31891ddfc56da701bd04674a86aeef799d42c1b57b68f36f55e325

SHA512
eac1bb0c9169ce658910f964591b29deb69a35808c2d00b16178aa90654139171446e4eb01392b005c45aaa387a6ed1be5e366043052486f0461245a6a2b82b9

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient.xml

Filesize
733B

MD5
6315fd5d56d72d2090eff67683e35277

SHA1
28568118498ac0e099c7e777610cd13e16ce0f6e

SHA256
f29e8976c23d06cbb6151802683ce0f7f1db78e93a42312d7e285e2885d6a9ea

SHA512
9093873e214d6a04609054f37b5a201e6da670668f996951ecbfb9959ba603e92ac0c56e13065295c151c7ce5bec7cea9c99f112740762a3a4601064cd15975b

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\bosskey01.png

Filesize
2KB

MD5
d8fb9b8f6e0a273211abadb5003ff80c

SHA1
9b137faf775f6a8b2f5d2e86043815a66c023925

SHA256
21cbfc98ba36ba75c380ce69db0f28c51a7d75708156612120dca32c083e815e

SHA512
16d386209b67b1cd43840c9b2592e525f03781534e3c7d83bde901d14c8c8a89df7bb48569fdd25d6fd0fade3ef7a5ed22c30d8b1267e5f633162c8464b99555

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\bosskey02.png

Filesize
2KB

MD5
33f9408ef3d50f0f94c524bbfd737a4d

SHA1
8ee75b058914941c461aa257633798ef2c98f3a8

SHA256
51d34e1cda0a4141e829a1f8be9f7e96038001720f6b4f7738afeb39b1982c0a

SHA512
be31564954e56625fae7bfd71bf4c09d6aff689a3053eba6b0b16b1cecc9951d34e9dce4f0072aea42d6a8212cb371967f7a4c4bdfc7bfcc39cc5fc892a1896b

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\bosskey03.png

Filesize
2KB

MD5
65bff7fe67bcb05d39778a2eee2c4636

SHA1
50487042f1c9bda311874826cc260ae94df1f742

SHA256
fef998d70a3690edd14007aa3696a1ac0704c5a209d9d411bd414d4da174409d

SHA512
a6c1d6e0dd3c4cf455f69470a1bd6382413e0960de22f5e833d006a9c71402be4e62f43b1f417811656ba3738d9d4d3df864e83594930e6c667fbccd48598307

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\close01.png

Filesize
308B

MD5
b1980ff47aa6d6d19a9c6b2819d98181

SHA1
7368ac58570ce8a3ddb7bed37caa31c2593386db

SHA256
a79ce6e8742b8ac3b54dd6a39406fb687ce73af6391cfb94bdbf8d4dc1743152

SHA512
5b9bf9f2968ba0feb9de7e20c3d30c58f226b0456af29034ff40ba2b00c0b1c5be98336c1381930be43fabdd10f9c9aac176fb3b9b10b08345a3822296943dae

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\close02.png

Filesize
319B

MD5
109a733a0fc0a5f893172c883c8862a0

SHA1
0b97689f4a0ab82ebe37e083c04920e750316fcb

SHA256
2a8d4e033839ad236ce82afa22b7ed8fd010efb620f9fdcbee0561309d918d06

SHA512
2b2cdb2793ff0955e9c5ac9f60d06c211ca9d7ee5698397658423b9c6c27106dab4f1a4605ac57610189fd2d0737ed4affd7a9e804284dc7b705062355af5280

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\close03.png

Filesize
321B

MD5
f92e09ea7e80524883631416cd8751e3

SHA1
504100b73e09f66503908d2903670d3860a12d39

SHA256
b60e92c06cb2a08dbd75af307d69f5d3746926badd40f19cffe8a71d0492a90b

SHA512
6cb1c6106996e12956b65c5a295286e91ca9b92b33e871c73177b27c18091846356639f159c0f165ec9f508882b14ba48d0e68de1cb9e76ed184d8763dcede62

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\fullscreen01.png

Filesize
1KB

MD5
cab831ef8d3755e66eae454f56577ac5

SHA1
6abccdfb345c3a596d8bfdd087a59fb98b4a1161

SHA256
c0ff3d9bd82cc64095467d9701136695d846da8bcc0c3455daefaf827afef28e

SHA512
494d91d475ed8d6579a265b4d92f217fd9aa68d2036e581ffb9859f2706b04dad84c2cf656b2834928ea9f049252f414a3055052e7292033536f02b94f7db8c3

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\fullscreen02.png

Filesize
1KB

MD5
c51561c1c2e029a1aac6430bda8854ed

SHA1
06e2751d1d303db77cdbfe6857194868b9feb5ef

SHA256
812e936241950abb5c4f678827b99ae2a443addc21592719fb894213a60f99fb

SHA512
abf0225bf3fbf6b3e137652fc1e7c3e7ecb4f7b9a0ba4920cad520adc2228c16ae7c26426b41fb223100af59fb4cc42a8fb893582f6ebd311ecdb40bf33103d6

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\fullscreen03.png

Filesize
1KB

MD5
a4422feb3372f95d1829e8e08994e428

SHA1
65d60a023f9beec6603969eba0cb5db313d0092d

SHA256
04eb792176f2f7e7b6eab98eff8fac93e362b493f85acbb153222af210fabe4b

SHA512
7d5613580d263a84d39b260820291c87546c40f7fa930ced10bea60724b7d90bd93ec6a497f50883c8e67cb6f5375e8042d3a80df8196c1d50165276c32a67ba

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\hide01.png

Filesize
1KB

MD5
824365f2956fb99f6e0e2aa77f1befb0

SHA1
366675d25b6781a4ee36f35a6078b6de3b80ec3a

SHA256
6dd08b0a1e166d53e700f6e10f50aa774cf52c0dbda17fc41d75086354e04742

SHA512
0283b3f5a9fa21735540fc25a85f1adf82e5793dc496ae5c2e760825104bf5e26d575a0f64ea602789f4018331f17d4d514fa000df89595fd4959cc6c13733a7

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\hide02.png

Filesize
1KB

MD5
0452db7a3fd9178b97c7116fd1808c31

SHA1
823b9db07cfe21edd035759252f6b2cf0212f642

SHA256
70d157ff71f7c9630be664c4c9f01d7746c51551757899e2e405fa8efcc6fc3d

SHA512
08f92b44dfe3e501df9e7a608b7bcf61ed614ac84dcaae5455965087d7c4dd6c4f2175e8a85e0e479eccdcaea8efaf224e4a31277d1cd3d3514ba74903a7df56

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\hide03.png

Filesize
1KB

MD5
2abc839a826f71a386be99abc014a2cd

SHA1
546fa17f78e507b43964d83a193082a168555b04

SHA256
39560d3397fcc42667a1f757215f4fd9445f6a47bab25feb8c08adfe49a53505

SHA512
ebfa3ff92131caf64ddf81ff406a2688bb43b699a7e620660284042e26e0a770f478a2e0f4fbe0e19a8d41aabefd051ab0ba24a223eef5ffdaf30b1fa32fbb97

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\home01.png

Filesize
1KB

MD5
a722febe4b45a35fcc7f4a55e55f8ec7

SHA1
fe72d6568cb9596d85d569c97e864a9801702dd7

SHA256
580232525d80ce2afb2484ce50d839a818dac269a16b943d37896ea721e03174

SHA512
e5e3cebf5c6e05f72e8c074491db96430a7c2e5f14ac36647b87e26422e4f8c31a25934247b1e4e68ede708bc5308ca79b189f2a5850ed01947772c4db1e0081

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\home02.png

Filesize
1KB

MD5
e413f11764f7c4c0ba24bc5b3f778884

SHA1
d509e94c7a4427b6c85abfa598846b4e13c78d76

SHA256
b97e3fe9c83f6e882a3cea0144d44293b0babdf8812dd352047dd758da098c1e

SHA512
ba5cde8e2d5675d9db4f37aaf2b5bc622278e980c5fad4883ff29c167c131cff3752f923a2c82d607d0cd25ed1f8d783f408e28fda946b32b78b75eef306584c

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\home03.png

Filesize
1KB

MD5
682ad83f1102eeecc5f9bde1184ade9d

SHA1
a3f55a85fa0585d68f3c7f5798e8c78efbed4246

SHA256
b4b7c1a1c6cc48e6c074f6beeab916b2f09cf2a0df6466d40c3865ab661398e1

SHA512
4a4f8c2cf6278ff63a3cf40d09999a82bd3e60a2e4035f96664920414d2e052de077532e1defec670de9ebe86d259845b3aaef2f32d4fb570e87c7e72257c079

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\mainbg.png

Filesize
798KB

MD5
5fab44780204953a040d21e4055a6cb0

SHA1
f5f7d58fa9e5a70714f6421d1420f3b549626f69

SHA256
35530c32d99ae1542d9a9629e72fa6fae86b91730d8d985909c62e60ce031b76

SHA512
6491ed2f89968d89d217d89706ba7a4655b1f55ca6dfe8709c6091259a5bea04b3e4acc4e43c2a1db170a81414297b62d8a48aa08f8103740f2d0ef2f7d38463

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\mainclose01.png

Filesize
2KB

MD5
c9b4468d1df6d532750b7b2764563c79

SHA1
bfe2272299aba6954b855693004041da590b96e6

SHA256
e8ec8c37b25a241c9bd42ecacaa54fd60778e137ae9be3558f65df692db2da2d

SHA512
3c820460467ad10782fa0a5085efb56145688d042ed18da197014872fd44f6e0c0aba3232ba381ade40f9ffdbc5497a9c786ed9778a25774924077226c184da9

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\mainclose02.png

Filesize
3KB

MD5
d0f2d023fe94e1c1f476b3985e3f59e1

SHA1
019d95b7207d04b012b8987302c0702a70cf0636

SHA256
6fc84ebcb7315e584ebd7b53e44a0db9bef931ac40d63d8492fbb165d669a39d

SHA512
ada5f5a31cd72822cd48c90bd6f539e8e9055dbe9c85ce431a3f1d14a03e089e73f728ff65bcae89360e0d05e55005e9834dbdfba83dc804555cfb2a18cde7ad

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\mainmin01.png

Filesize
2KB

MD5
35c46a6ae36af491feb02d7025066d2f

SHA1
ab37c304b3d3555e71c6980084851fe8a7b53ded

SHA256
efc26bd66efed5f587047b5f6dbd67c62a03f9c22c1ee29197e6f625160f7006

SHA512
df61ca66085e59d88aeac8038f5b4cf2f02332ec873272dd5d7a9a6a0e175feee0ed9aa89926d78dea2476a04fcd95fb308e6a10c69061694c4018f9a47da495

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\mainmin02.png

Filesize
2KB

MD5
ed7a51157b708370278f8eebabcf66b6

SHA1
1f10461439ee6580c5b9aec1844c7c24d732574f

SHA256
88a00874c667f81b4e5c8e9e33b8d39ed1b78d54ebef509584295227d30df52e

SHA512
b84a2cf0b330836afda9864e6b9c55d4f5e3b821524e52301d9e6286c7c25395ef3c3bfd2882b97d951fab1e3bc8ff035b12f82cc5778f84f7364ca8f80a1550

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\max01.png

Filesize
1KB

MD5
bfa3c58838a350f2138a255cd684cf73

SHA1
36dcf83e755bfbdc79568f3a8a54e8da8cee7eb6

SHA256
e116650a9820d299569c787ec1c0de67c67bd5aa9ca989e0377e0dd8979275d6

SHA512
dd22505bef1671b8314592611a2fb5567af24e73cfd575ec3993541229ac06511a186ca65ec376e1d8f94f75c46be90e3bfb07af0e919d45b4443e0bf2e6a28d

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\max02.png

Filesize
1KB

MD5
52d0405d781fd3c82d895fbd4d5c60f8

SHA1
924b25d5a1dd8b4821b1ab631c77153ac70d56f4

SHA256
66c3b7bbeba84c85041cbac941640f1610e4e481af5109f7743d1a465ab4c8df

SHA512
cc608f90a87d69b17a0dbc9bb39988006509d68bc6d09583952322bda5b46575563ce777e3f5aa58a962a41f545dffcf82e82dee6b3289b585626e6a8618ccc1

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\max03.png

Filesize
258B

MD5
e4362bcd93c0f9388b4f93e161e3948f

SHA1
db89059d3ac442c97241253f38d67e7000fc57dd

SHA256
6c938cfd3ee4d518df17efe0872c78b15b2b7e2f82a53b381536744951ad7617

SHA512
5a222f1873a750081579f877ab8b4e49c56a04573063070c45417ff6976d85bff7e9182df7098a8115d93d74ba8bfca4ec2093ef41b3531eca9c3af7c1516be3

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\min01.png

Filesize
1KB

MD5
ec77721255b943c9f2634eb7df250ead

SHA1
49c6cadf66bd77df6fd341b1057d714be3088cf1

SHA256
7de659db4f2d3daa5f52b90be28f6bdcecfa385553adb3752dd45a604d83983a

SHA512
2a28f42da59764a995b3f266ead0ab635aad0e1e9bcaf4b8abbc7a0de4cf0a32135a0a8804c0147388b58e3c108654157fbc41114ad5330e68645f5fe2e0a8d7

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\min02.png

Filesize
1KB

MD5
d170c02193f561461a2c61cb4f7b11e1

SHA1
792e244f2deb21e2186efd756be737866a691cf1

SHA256
65ecdbe9020034c43a97e6e2d12acf1f5ba739b104d746a706d189cc42b9e69f

SHA512
54e970fc0db8e6e96f1bcca0044dffb1c75f97c7d039505813af7e85a98a7e8ded43ef0824ef39903502c170f013deeea96434e1a473f6474a1a3a44efc2273e

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\min03.png

Filesize
1KB

MD5
67a3c8289fbb86efffa79ed72b169279

SHA1
b0a20fe5e6ae7269f336e2a1d82a04f222b26e2e

SHA256
70c233958ec7f9f474a5dce81c63cb48111adf48f4da413824a877ddc7e10266

SHA512
3f091241b4ca0bb3fa84e7b9bec56eaa5f4839edad9dc41a9f95158dc94a44467b2dfc6371d7286f8611e0985594719930e7b46a87d8081900b54bd429032cb6

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\pay01.png

Filesize
2KB

MD5
b6f5bef82fbe5e471ab88bebe64949a3

SHA1
897b8b93586a04031a3d1ae3917c002c2da91ca2

SHA256
0f8aa236b2520282ffb12b66c9f9e4b63a92a172812cad1db05cd2df67b3f758

SHA512
ff5b71b36f1b25f29346c263f2f6c93aab17e025de4effcb2da33f932180d3a1359867957211b80b8649255742bf731cd98e4e6882ba5948386462617cca783e

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\pay02.png

Filesize
2KB

MD5
6281a7a0cf0327e96181875af7fa2a00

SHA1
e5a016693b998b6cf119e7394409936910e1d009

SHA256
39d10c372b2af1fa8667b7b454e336cb2ca90c19ddd711d407ddcdef8afad470

SHA512
ed364bf6d26fb2529240344fe03cd1aaca88c9a0d68b12331fe90d32c19d2c0495597291bd6f0b822219e07bb6c777b67c5a4a13c609b0c9df017e3892c9a5a5

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\pay03.png

Filesize
2KB

MD5
873fcd045dd9857168fcda2b8d2adfb4

SHA1
39ac050e9e2b46b243e65433b8dfd2552b7e7c07

SHA256
a194f540543bda4d70f436f827dacb0d5f01b628872a40b5b23ae5c61ab28329

SHA512
76c970dc705be005429eb3d4134dfb6ad2423d09d4e93cd97050b7f4ebcf34ee3cb6c747deb0a05d579ad1d82e75ccbfac3ca26e2699d0adcb3f294fa78c971d

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\refresh01.png

Filesize
1KB

MD5
1506c03bd3753bf1fb3ef5773baa3fbe

SHA1
454129850be04dbf4ca006ed718a312ce56f10de

SHA256
49052282c9318f4e657571b55f3aa72b23500b86eb6f3d480105e506e2091e7d

SHA512
30c4a01aee2168890ed4bcd5bbd3787ba8980b51ce9b20dda478ea3337e601dac3f657af043dfe3dbd12a2aa61732659c3be31ceb766b49f2a734745095e33dc

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\refresh02.png

Filesize
1KB

MD5
062dad69ce0c4ba022814ac18d9344fc

SHA1
068f5942711b869340d84d088b7a33af46e96d8f

SHA256
9e50d5202d0f5235618c338bcd8bf838282d9569aa26472b6312d152f5656eab

SHA512
49f7ab0d8b28f598748a1df00256668e668f3df8ddcd5996638c551ee60513021cb4edb9060e3e3f78dff3ba3a164932b3e02bc57c46183d76b5ca78957af53c

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\refresh03.png

Filesize
1KB

MD5
a7c1e76c5075443d80385bd55281abf4

SHA1
77b93dce8e3d18e7218ee35cf0ddebde349aca66

SHA256
9d3263a7680e048f6f61f94cebe95e3a56155480bb63c052620f9f99faa7951c

SHA512
9870d7f701695c91a7a4dd27d7af21b52ad76e282f41e291115f8baa07c239761e6c496e6064918a12311b7a985e644449305bb28fb4b657427697d4b7a5ec5e

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\restore01.png

Filesize
1KB

MD5
5e73652908f2be6b9a23a5e04b940d3d

SHA1
110d3974d0fabf56e4c57e86a0f9e189f1bff09f

SHA256
ead8184df634506d486a650cf68dce4f31d28eb816f42af03b2887dd19f57496

SHA512
55e140ad1b8481fbb44fae82a913a01ca5142847213a913f9d6c80667f4c0d1359e8249320ad7144e9498965966280cf4075fd1c935c48955c8865364a99411d

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\restore02.png

Filesize
279B

MD5
7c3e781df232a4693012f7d78414a551

SHA1
7b371119a1350ce105923d713d2d9e5d0b7d5772

SHA256
e900ab141e9a0a3df385b05466b79d8f0b512bef08ed49265014c94be2cb7f28

SHA512
e33b3c821df56ba8b607eb0acef505006e7745c7071384eaca992353d8a32eb101e8420c67817ba901ab11bf57cef4a35b2f3772621253d0f37cd210ac041ec6

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\restore03.png

Filesize
291B

MD5
f24ec6b2ddfffe24b53b61fb4cb8f7ae

SHA1
10be192ff98fe4d145b5417e86f5da028883ad92

SHA256
0fce885ab9083b12f364b5785547436886c5e376b0d94a195e8a0ce4fe003e29

SHA512
236af0db00a8710562cf602ae65c21b32af457955a7c809c930ad36080209be5050d1e6c8bd65ad9eb8aacf32ff73f9fe10a015f2ff4334d10d0bceafdef6775

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\service01.png

Filesize
1KB

MD5
a7625f6d0e4e743b1779731c8df00267

SHA1
ccf3fe027f5746fc11e4d3de13679e76b53845f4

SHA256
5dfe2a8ead9e6ddbd3ccbd36b3c8f8af63b96d1e2b7a4c0e5cd42769c0a2d268

SHA512
5901bb8f8a034fd820134d3869c3f57f62608b9f94f5bfd0ec282203eaa64690848ba3545d67b5b58e13c0d7b2e91f1909f600642af6d33e31a2bdee5b1e79a1

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\service02.png

Filesize
1KB

MD5
0711a63388c2e7e0b1149fb69f43d82f

SHA1
21f9c657c2502fc12092b507d378a1af4b1a1e20

SHA256
0f57b89b32b63fe2a187c9152b4667919c61d41d52224015abcde268361c68c4

SHA512
d77e9b241a11201fc5c3e3c2a828d1fc62424027de6aa0e23de0becc96be7606d43baafaf74df36ddad5cd3151ed0ba77ff2933aacfe91903ab2e9236687c39e

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\service03.png

Filesize
1KB

MD5
a8c608ce291a2ceb1e8f750aa7f169dc

SHA1
9b2f3dd7403782ad47d97c74b47c44507741312c

SHA256
ec68a620c91b35855c81b75ecf5d5318d82616c2d201b4bb3d8223751c6a13ee

SHA512
18014c7d749b82fc8087b5005df0eefd15c660792d9444399ab1138245a91ef2e0d95a67191e3522c7e98493e145a20f9b28342e7dfbc45a48fadf5db2e545ad

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\skin.xml

Filesize
5KB

MD5
c73e0952b2d892325707ee4462d8c4e0

SHA1
cf06412b7e632a22b32f17ef63f1458d5a79eecf

SHA256
a429a7180f6eac82759a9f4ffee99cecfce274969c3671aa706452ac35ac27aa

SHA512
a19b5f3f5d8e9355427b1154bf35f883a7590143d1b87bbf4b3d1e3f878990b848d2dcc91abec0525c17824a86daeb8a05e8b4d3ad98ff9c6f61257f28605b6a

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\soundoff01.png

Filesize
1KB

MD5
a1710774a792be2527141423300ad448

SHA1
4759bbd12c1be54ea62ad377c65ee5e6a257df4e

SHA256
1ff9ad290e5cb2245fb9b8b1e9a2f469107722c42106a6cd1c82f35cf55cc293

SHA512
fa8a1a31ca038df80ae395b4629e3159585314012c28e6f515d581358ace24fca4722e95dd3e8e511c92ea5c0e7154f13e15b197c4318ceb60cb2d6092184b95

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\soundoff02.png

Filesize
1KB

MD5
ef0e3de67bc5b8b857704950ccb30301

SHA1
43fd3dfc7d708e09ad85f6839f8764f3e6709b6c

SHA256
e6c38b95fb3659ad74a1294f74feea92a7c00f516b24b3b83b492c0e97d2c77b

SHA512
e8b939b3ffc3741863d6e8c9d6e42968da2607f22a91935a5a99578223318d2702dbb390390dfcf735a46ef59d8bd816a189209ac655a1fc8ea021fbb008de01

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\soundoff03.png

Filesize
1KB

MD5
ca9945f9ad7759f6c9978a3e1a45eaad

SHA1
46bf847ea3bea1579675c0db998a084766f54679

SHA256
bfce88b33a626ec785670c9ed2a7c7a6a90b364f8b4fcc52ecdaf871b9d8a09d

SHA512
c6cf6f7505b1e27eab8de96236e315f2230d555f1b9750dad7e4a7c5ec0971cda826b943b9def7d8a71f4aab2cf5fb5236274fbc4a5d8c673841a53f60b05896

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\soundon01.png

Filesize
1KB

MD5
9f2ec2d8eca7aa6fdf684928824a6714

SHA1
98c3d7be7753f2fa26900af3f3d46b5f9ef5b2b3

SHA256
3285654edc06ddf2afcbe0352e7e48e2ed20ee21a45c04b2348ce8ff22fcbd15

SHA512
b39abb24c09aeaa54facc0bceffa1518ce350c5dba9e63c73647233c9037caa89c641434dd40381bf3c221b20ab29b243a29fa463cec31a3e73cf89e09a8a73f

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\soundon02.png

Filesize
1KB

MD5
e075712b26463a3b320297f4b86d8376

SHA1
e525dfa1a29d90f288b1916700551d104a2acb83

SHA256
8068e702c5418e4c758fbba915db6d80ac4914435537bda98b2c125c624101aa

SHA512
9a23170cd92ec21e86d17f5a3af072bfb028945038c7935e1b31cb03ad51a34cfc4659aff412af3f61fd3f61594225accf13b447997b8ea009a382bf2288c974

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\skin\MiniClient\soundon03.png

Filesize
1KB

MD5
fdcfb14f461603361e84dea69c003134

SHA1
f016cbf566ae1165c23d8e09bec289c82979fd8f

SHA256
7e3d530cf3cd0a260945149773c4fc6d8beb9fd62d1c8d6165a7160593aafc50

SHA512
548ca0c72534b91752eb1265c6e632b41154a3b8a02caa7ebe20960765e0f4ed9da95ad08657e59cdb0953fe2c9d0547f91072816850172e4a06c814381afa02

Download Submit
C:\Users\Admin\AppData\Roaming\3dmÈý¹úÈºÓ¢´«\zlib1.dll

Filesize
105KB

MD5
b8a9e91134e7c89440a0f95470d5e47b

SHA1
3cbcee30fc0a7e9807931bc0dafceb627042bfc9

SHA256
42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71

SHA512
e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54

Download Submit
memory/3228-164-0x0000000062E80000-0x0000000062EA2000-memory.dmp

Filesize
136KB

Download
memory/4144-115-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-106-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/4144-116-0x0000000077190000-0x0000000077280000-memory.dmp

Filesize
960KB

Download
memory/4144-109-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-110-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-111-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-108-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-114-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-107-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4144-113-0x00000000771B0000-0x00000000771B1000-memory.dmp

Filesize
4KB

Download
memory/4144-165-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/4144-167-0x00000000771B0000-0x00000000771B1000-memory.dmp

Filesize
4KB

Download
memory/4144-168-0x0000000077190000-0x0000000077280000-memory.dmp

Filesize
960KB

Download
memory/4144-180-0x0000000077190000-0x0000000077280000-memory.dmp

Filesize
960KB

Download