Malware Analysis Report

2024-09-23 13:20

Sample ID 240612-yxfmksscmp
Target GLP_installer_900223150_market.exe
SHA256 bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc
Tags
bootkit discovery evasion persistence ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc

Threat Level: Likely malicious

The file GLP_installer_900223150_market.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion persistence ransomware

Renames multiple (94) files with added filename extension

Downloads MZ/PE file

Modifies Windows Firewall

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Enumerates connected drives

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Gathers system information

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 20:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 20:09

Reported

2024-06-12 20:11

Platform

win7-20240221-en

Max time kernel

77s

Max time network

77s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe"

Signatures

Renames multiple (94) files with added filename extension

ransomware

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\Netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\Netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\Netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\Netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\Netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
N/A N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
N/A N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File opened (read-only) \??\F: C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
File opened (read-only) \??\F: C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\I18N\1042\StringBundle.xml C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\0.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\37.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\Menu\close_normal.gft C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\44.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\hardwarecheck\progress\8.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\47.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\window\web_load_error.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\httpdns.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\libGLESv3Detect.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\libexpat.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\minicorelib.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\bg.846d4ca3.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\WMPF\runtime\wmpf_100_percent.pak C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\component-models.079ab662.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\api-ms-win-crt-process-l1-1-0.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\5.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\arkGraphic.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-halo-jsbridge-syzs.51356c03.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-login-sdk-utils.8f561e97.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-syzs-welfare-component.6faaf14e.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\libs\beacon_web.4.5.1.min.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\common.xml C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\61.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\dlcore.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\static\media\title.4f8ea11f.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\17.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-halo-downloader.48dde779.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-halo-utils.e87d7334.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\runtime.49aed387.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\I18N\config-tr.xml C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\WMPF\host\WeChatAppHost.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\img\logo.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\98.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\cef_frame_render.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\GameDownload.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\locale\vi.pak C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\WMPF\runtime\libGLESv2.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\ae_connect_server_hover.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\restore_down.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\hover\13.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\68.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\hover\21.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\QMIpc.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\WMPF\runtime\liteav.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\WMPF\runtime\txffmpeg.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\ae_connect_app_normal.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\qqfeedback_normal.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\ScrollBar\scrollbar_bar_highlight.gft C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\oversea\normal\25.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\pages\syzsweb\module\lib-thumbplayer-tvk.d4064342.js C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\api-ms-win-core-console-l1-1-0.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\qqfeedback_down.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\Menu\menuEx_background.bmp C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\4.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\42.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\locale\en.pak C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\WMPF\runtime\ilink2.dll C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\RadioButton\radiobutton_checkedNormalTexture.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\73.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\TGVoiceBuddy\I18N\1028\GFStringBundle.xml C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File opened for modification C:\Program Files\TxGameAssistant\AppMarket\AowGame.xml C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\button\close_normal.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
File created \??\c:\program files\txgameassistant\appmarket\AppMarket\Res\tvoice_entry\normal\9.png C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\systeminfo.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Tencent\MobileGamePC C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Tencent C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Tencent\MobileGamePC\sf = "F:\\Temp\\TxGameDownload\\MobileGamePCShared" C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell\open\command C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\DefalutIcon\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\apk.ico" C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\DefalutIcon C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open\Command C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open\Command\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe -localpkg %1 -from localapk" C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.xapk\ = "syzs.apk" C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\Shell\Open\Command C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell\open\command\ = "\"C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe\" \"%1\"" C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.xapk C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\DefaultIcon C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell\Open\Command\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe -localpkg %1 -from localapk" C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\ = "TMGAProtocol" C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.apk C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\Shell\Open\Command C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\shell\open C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\URL Protocol = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe" C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\Shell C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\DefalutIcon C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\.apk\ = "syzs.apk" C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\syzs.apk\DefalutIcon C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\syzs.apk\DefalutIcon\ = "C:\\Program Files\\TxGameAssistant\\AppMarket\\apk.ico" C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TencentMobileGameAssistant\DefaultIcon\DefaultIcon = "C:\\Program Files\\TxGameAssistant\\AppMarket\\AppMarket.exe,1" C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
N/A N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe
PID 2944 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe
PID 2944 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe
PID 2944 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe
PID 2944 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe
PID 2944 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe
PID 2764 wrote to memory of 1852 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1852 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1852 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1852 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2404 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2404 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2404 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2404 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1776 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1776 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1776 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1776 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1888 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1888 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1888 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1888 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1308 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1308 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1308 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 1308 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2212 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2212 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2212 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2764 wrote to memory of 2212 N/A C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe C:\Windows\SysWOW64\Netsh.exe
PID 2944 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
PID 2944 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
PID 2944 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
PID 2944 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
PID 2464 wrote to memory of 2720 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe
PID 2464 wrote to memory of 2720 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe
PID 2464 wrote to memory of 2720 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe
PID 2464 wrote to memory of 2720 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2464 wrote to memory of 2796 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe
PID 2720 wrote to memory of 1892 N/A C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe C:\Windows\SysWOW64\Wbem\wmic.exe
PID 2720 wrote to memory of 1892 N/A C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe C:\Windows\SysWOW64\Wbem\wmic.exe
PID 2720 wrote to memory of 1892 N/A C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe C:\Windows\SysWOW64\Wbem\wmic.exe
PID 2720 wrote to memory of 1892 N/A C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe C:\Windows\SysWOW64\Wbem\wmic.exe
PID 2464 wrote to memory of 840 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe
PID 2464 wrote to memory of 840 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe
PID 2464 wrote to memory of 840 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe
PID 2464 wrote to memory of 840 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe
PID 2464 wrote to memory of 2036 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 2036 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 2036 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 2036 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 1772 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 1772 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 1772 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 1772 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
PID 2464 wrote to memory of 1036 N/A C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe

Processes

C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe

"C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe"

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe

"C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe"

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe

"C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe"

C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe

"C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe"

C:\Windows\SysWOW64\Netsh.exe

"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="AppMarket" dir=in program="c:\program files\txgameassistant\appmarket\AppMarket.exe" action=allow

C:\Windows\SysWOW64\Netsh.exe

"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="TInst" dir=in program="c:\program files\txgameassistant\appmarket\TInst.exe" action=allow

C:\Windows\SysWOW64\Netsh.exe

"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="bugreport" dir=in program="c:\program files\txgameassistant\appmarket\bugreport.exe" action=allow

C:\Windows\SysWOW64\Netsh.exe

"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="QQExternal" dir=in program="c:\program files\txgameassistant\appmarket\QQExternal.exe" action=allow

C:\Windows\SysWOW64\Netsh.exe

"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="GameDownload" dir=in program="c:\program files\txgameassistant\appmarket\GameDownload.exe" action=allow

C:\Windows\SysWOW64\Netsh.exe

"C:\Windows\system32\Netsh.exe" advfirewall firewall add rule name="TUpdate" dir=in program="c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe" action=allow

C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe

"C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe" -apksupplyid 900223150 -from TGBDownloader

C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe

"C:\Program Files\TxGameAssistant\AppMarket\PcyybAssistant.exe"

C:\Program Files\TxGameAssistant\AppMarket\wmpf_installer.exe

wmpf_installer.exe --log-level=0 --product-id=1004 --wmpf-sdk-version=50056 --mojo-platform-channel-handle=936

C:\Windows\SysWOW64\Wbem\wmic.exe

wmic path Win32_ComputerSystem get HypervisorPresent

C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe

"C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe" --conf-path="C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.cfg" --daemon --log="C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.log" --rpc-secret=d280d57e969784da3a91f54916895b97

C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe

"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=gpu-process --field-trial-handle=1888,1531912613556253730,15273301746825782751,131072 --disable-features=OutOfBlinkCors --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=15576484469854121615 --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe

"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=utility --field-trial-handle=1888,1531912613556253730,15273301746825782751,131072 --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=12149889149875241985 --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe

"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1.00 --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --field-trial-handle=1888,1531912613556253730,15273301746825782751,131072 --disable-features=OutOfBlinkCors --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --disable-pdf-extension=1 --ppapi-flash-path="PepperFlash\pepflashplayer.dll" --ppapi-flash-version=18.0.0.209 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8239013706742386206 --renderer-client-id=3 --mojo-platform-channel-handle=2676 /prefetch:1

C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe

"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1.00 --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --field-trial-handle=1888,1531912613556253730,15273301746825782751,131072 --disable-features=OutOfBlinkCors --disable-gpu-compositing --lang=en-US --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --disable-pdf-extension=1 --ppapi-flash-path="PepperFlash\pepflashplayer.dll" --ppapi-flash-version=18.0.0.209 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=16472688679269014984 --renderer-client-id=5 --mojo-platform-channel-handle=2976 /prefetch:1

C:\Windows\SysWOW64\systeminfo.exe

systeminfo

C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe

"C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe" --type=gpu-process --field-trial-handle=1888,1531912613556253730,15273301746825782751,131072 --disable-features=OutOfBlinkCors --disable-gpu-sandbox --use-gl=disabled --no-sandbox --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 Tencent AppMarket/3.71.3146.81" --lang=en-US --gpu-preferences=KAAAAAAAAADoAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\TxGameAssistant\AppMarket\debug.log" --service-request-channel-token=16260905628437404772 --mojo-platform-channel-handle=3380 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 master.etl.desktop.qq.com udp
CN 157.255.4.39:443 master.etl.desktop.qq.com tcp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 unifiedaccess.gameloop.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
DE 49.51.131.79:443 unifiedaccess.gameloop.com tcp
US 8.8.8.8:53 down.gameloop.com udp
GB 43.132.64.188:443 down.gameloop.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 157.255.4.39:443 master.etl.desktop.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 webapp.gameloop.com udp
GB 43.132.64.188:443 webapp.gameloop.com tcp
GB 43.132.64.188:443 webapp.gameloop.com tcp
US 8.8.8.8:53 masterconn11.qq.com udp
CN 157.255.4.39:443 masterconn11.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 113.105.95.120:443 tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
N/A 127.0.0.1:53296 tcp
N/A 127.0.0.1:6800 tcp
US 8.8.8.8:53 sy.guanjia.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 157.255.4.39:443 masterconn11.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
DE 49.51.131.79:443 unifiedaccess.gameloop.com tcp
DE 49.51.131.79:443 unifiedaccess.gameloop.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 163.181.154.234:80 ocsp.digicert.cn tcp
US 163.181.154.234:80 ocsp.digicert.cn tcp
CN 121.14.76.43:443 sy.guanjia.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
DE 49.51.131.79:443 unifiedaccess.gameloop.com tcp
CN 183.62.104.184:80 tcp
US 8.8.8.8:53 masterconn.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 masterconn2.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 tamaegis.com udp
US 8.8.8.8:53 sy.guanjia.qq.com udp
US 8.8.8.8:53 halo-components.cdn-go.cn udp
US 8.8.8.8:53 webapp.gameloop.com udp
HK 43.129.2.69:443 tamaegis.com tcp
HK 43.129.2.69:443 tamaegis.com tcp
GB 43.132.64.188:443 webapp.gameloop.com tcp
HK 43.129.2.69:443 tamaegis.com tcp
CN 121.14.76.43:443 sy.guanjia.qq.com tcp
HK 43.129.2.69:443 tamaegis.com tcp
DE 43.152.137.29:443 halo-components.cdn-go.cn tcp
CN 121.14.76.43:443 sy.guanjia.qq.com tcp
HK 43.129.2.69:443 tamaegis.com tcp
DE 49.51.131.79:443 unifiedaccess.gameloop.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 conf.syzs.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
NL 211.152.136.203:443 conf.syzs.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
HK 43.154.254.18:80 masterconn.qq.com tcp
DE 49.51.131.79:443 unifiedaccess.gameloop.com tcp
US 8.8.8.8:53 snowflake.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
N/A 127.0.0.1:6800 tcp
HK 43.129.2.38:443 snowflake.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
US 8.8.8.8:53 unifiedaccess.gameloop.com udp
US 8.8.8.8:53 cdn-go.cn udp
US 8.8.8.8:53 beacon.cdn.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
GB 43.132.64.190:443 beacon.cdn.qq.com tcp
GB 43.132.64.190:443 beacon.cdn.qq.com tcp
US 163.181.154.234:80 ocsp.digicert.cn tcp
DE 49.51.129.71:443 unifiedaccess.gameloop.com tcp
US 8.8.8.8:53 img.gameloop.com udp
US 172.67.10.1:443 img.gameloop.com tcp
US 172.67.10.1:443 img.gameloop.com tcp
US 172.67.10.1:443 img.gameloop.com tcp
US 172.67.10.1:443 img.gameloop.com tcp
US 172.67.10.1:443 img.gameloop.com tcp
US 172.67.10.1:443 img.gameloop.com tcp
US 8.8.8.8:53 otheve.beacon.qq.com udp
US 8.8.8.8:53 oth.str.beacon.qq.com udp
US 8.8.8.8:53 aegis.qq.com udp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 14.22.9.112:443 oth.str.beacon.qq.com tcp
CN 43.137.221.145:443 aegis.qq.com tcp
CN 43.137.221.145:443 aegis.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 14.22.9.112:443 oth.str.beacon.qq.com tcp
HK 129.226.103.123:443 otheve.beacon.qq.com tcp
HK 129.226.103.123:443 otheve.beacon.qq.com tcp
HK 129.226.103.123:443 otheve.beacon.qq.com tcp
CN 43.137.221.145:443 aegis.qq.com tcp
HK 129.226.103.123:443 otheve.beacon.qq.com tcp
HK 129.226.103.123:443 otheve.beacon.qq.com tcp
CN 43.137.221.145:443 aegis.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 157.255.4.39:443 masterconn11.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
SG 101.33.47.68:8081 oth.eve.mdt.qq.com tcp
CN 157.255.4.39:443 masterconn11.qq.com tcp
CN 121.14.78.51:443 sy.guanjia.qq.com tcp
CN 43.137.221.145:443 aegis.qq.com tcp
CN 121.14.78.51:443 sy.guanjia.qq.com tcp
CN 121.14.78.51:443 sy.guanjia.qq.com tcp

Files

\Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll

MD5 2814acbd607ba47bdbcdf6ac3076ee95
SHA1 50ab892071bed2bb2365ca1d4bf5594e71c6b13b
SHA256 5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67
SHA512 34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

memory/2944-7-0x0000000000130000-0x000000000013A000-memory.dmp

memory/2944-6-0x0000000000130000-0x000000000013A000-memory.dmp

memory/2944-11-0x0000000000130000-0x000000000013A000-memory.dmp

memory/2944-10-0x0000000000130000-0x000000000013A000-memory.dmp

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\Res\webctrl\loading\10.png

MD5 74a1a84cf7dcd03933a27e414ea1e354
SHA1 da891deea2b1b8dd1cd15f97dc41abd6cec7c901
SHA256 101ecd4b2fe8076a437a4ce1ed4d5c6f92acd6db0f2bb79db64a40bc8cbabe55
SHA512 5eed2d9c7b426b681703ca1a26671e5dc984de39e6c71b0fc7f8bf0aa27f2154a907a05ce25fae6da25e53220f8a46d31acb7cfccdce33b79acdf9e1a5e5be69

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\TGVoiceBuddy\I18N\1033\GFStringBundle.xml

MD5 fc8ce34f4a62b9303302c1bca236af54
SHA1 98e924ac192dcf6d76a5e9db51252ffeec16e183
SHA256 1568009a2e2b87fd2c80bd1238773e11bb096f7db0165c9cb0124a913dc4bbc2
SHA512 8be121cdf463dd207d436abb758a07f89f83ee73127428fc868eff927c9b14afacf6685bb1e27b681c50eff1eee6f417c403aa4513960c5268a471388f40bbd0

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\TGVoiceBuddy\I18N\1055\GFStringBundle.xml

MD5 57b3a79c8d67544148b4a3a931755da1
SHA1 7f4806fec0ca2cbc41f1344e1717ac4e627b5ab7
SHA256 d6e1a0b5b8be7703ba735fa33d6f95b24d798e965809558dad356933a32f0838
SHA512 b5dfca652097cc27d4539212ea526e2fbd6c3db2b8cd33d07822396f2a3d5358a57d462333e6ed4f668554475f8a478f1c8d438c61f1d6b5179fa6ad87d9831a

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\TGVoiceBuddy\I18N\config-zh_CN.xml

MD5 c620fd72f8c0dcdfe1ca656da4321d84
SHA1 84da1abb07d9225e32f1f1cc8dca5e5713f1e2ec
SHA256 581f1f16ec516fcefe8b940bd38f936022616d7c0e0665918981f4769e1dec1d
SHA512 5677644550cbbaf4c136ae04a3ccfb4f4330dc120b561bc0fbc36bc3d311feb58b5a99cc4dddf106720f8e9f0b9f605add92fac5fbfcb07c17ab5b9b40484f03

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\uires\window\logo-oversea.png

MD5 1af13060d206bd8c2d07035be2c88ce7
SHA1 def54fe95fb4109f41c307d809e27311362e93fa
SHA256 b45cd60fb9b2659f6b177c63abd3a4eb663912fb9531c97f1942baa36bb2d298
SHA512 0bddcc1edf3b87d50235af479297ab16d0f9d7d5bde4d5503c5b4607961f416ec4ca67d24f9f4f454c24152a70673045df66351b2590c11f4d93794c159cb3a7

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\WXFace\WX_default_face.png

MD5 254e845033d51419f8770acf35c931a2
SHA1 9e267cf86c136d738eb13ce9ccebca95234cce63
SHA256 7ca81ae30b2b7e92a40b1fbd30dae53344cac06dfeb633915b6407c8731e4727
SHA512 5dccaa119fc1d7c8cf17bde8201313c2cf00784bd85542ae8f02dd2a46cca748e38c9d94a8d56f4ba9d805bf3d16b2882314bea0f37c22b7be6a2443a5ac0af4

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Tinst.exe

MD5 3250be17f84e19a44c9a484f54c760e3
SHA1 4253ef01c20c63a692065ee9a74d4abe1eea3b74
SHA256 e090e0cbf39243c8a4625b6f281530cc55609dbcfcfc249300765acfef1105c6
SHA512 170a6702a1ad1c034973b76c60f3df3dc72646fbae1e8c1767d6803528c7b68041a76f27494b2347ca3f9bfbe0a92a622bcef0b6db4b3e1ef6f56a6d86172ce8

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\Config.ini

MD5 ba50063cd1a85f562d5c6a92f28fc062
SHA1 41d01f5bc2c800424277dc39ddfb4a70bdbaf00e
SHA256 1d02987a9b23cb3c11ad6c8123446efcd8e43c0069a616ff09dfc80426a82861
SHA512 2fe0aa3e2b6dd171f25d792991328737a15905d290a3d32c4fbe6bc452976c6cd88e157b98a032f1348e53d26e4eeae9928d430e700849baa95e9c73207079b3

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AECommonDll.dll

MD5 b58c94617df43430d2342a66eaa0a554
SHA1 f8eb3f773a9851652bd594cde56ec97c4e58c5db
SHA256 74c2288b4ff073c5c947f96b0c79a01c587981a8b9440290a9ff33aa14f06e6d
SHA512 b312043f96b739eb02c4352fbd4b773c52e04964bd04a9eb8e8cbad1fddb00c683c2001224e264a9220e75c41dc6de0163210a3e372220736eba24ef3524e6db

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AndrowsInstaller.exe

MD5 0238214ff5f8a40a66d535e1795fed50
SHA1 4bae3cc8981968d9ef13232ad731407de7af5f0a
SHA256 8e91ebe57ad70a58866abdbaa5a406a3b036e519e9c4463e5abebe3986001792
SHA512 07b2061b6955e74e3e77ed23707bb7f619deb1b96bef639ddd8fed5cff470d60e0bd55cbf5312790170ddfb590690651e02709ec9210c8043c3d418f464b8c96

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\androws_logo.png

MD5 022fc5c29d8cf5ec7abe4eae57e5e311
SHA1 4a44c9a91d636bd6aadaf787f83e215a0c690311
SHA256 88dccc3165b30052117c4fb9a17d8bd08ae014c8d6ec65366331fc078abb54ac
SHA512 223a4d990462770a365bef618d287e84e097a1ea7cfb50043a063105326604296e63246c8f3ad89e1a611c178526e57d55d422caf8620ddb0ec9381cf031a0a7

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AowGame.xml

MD5 5fd0b9f7612369bca18996d8aaa9f62c
SHA1 316f119b126302e20a9eee501614a7a9feeeb3a1
SHA256 9937addc0f2eea66ef456a53b21f93e8ae2732cb83f3e0e08e94e763f0150537
SHA512 b1020ce74032d033ecec93edecb987a0d9c266b8b022c397e73965c4b89b7d2f873a96aafe193b77774407a6738b0476ca5a5ed13342ab39d377f57ac3545e83

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\aowgameex2.dat

MD5 c99bcca61c47433e0df19b4a7668eb56
SHA1 009882353bad84d3cb5ef15a4bce629cbab731d5
SHA256 010c86cac8101a693c2f35f798c40162fdc510cf809fa2604d42ef2b929a0062
SHA512 9ea53f7f2aeb5ba9a65482694f8fa0becfed2b3abec1918453cc630122e7a9f089e625a736e5f109119aee2f4dd3a40defc2e8a24cce1619dc66a16f3d3136fb

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-console-l1-1-0.dll

MD5 11e55839fcb3a53bdfed2a27fb7d5e80
SHA1 e585a1ed88696cd310c12f91ffa27f17f354b4f4
SHA256 f6bdc8ffd172b44f4d169707d9a457aeef619872661229b8629ee4f15eefff0d
SHA512 bec9419e35de03cc145b3c974833f73f1a5082d886de4739351b93bb4cc6c0234efd0e35ad845faba83fa600c4a7d5343eaae949a837d00d5528e6db79438ee4

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-datetime-l1-1-0.dll

MD5 9f3cf9f22836c32d988d7c7e0a977e1b
SHA1 1e7bbd6175bdb04826e60de07aa496493c9b3a3b
SHA256 7d588a5a958e32875d7bd346d1371e6ebfd9d5d2ede47755942badfc9c74e207
SHA512 16c98e6aec67ffe4558c6d3f881301490be5d8a714c1adc6735005613251adb8e1c2cb9b1c0d2504a9a99c61a06b0e30c944ca603fc00fbb18cd20ba1c9bd697

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 9d74d89f2679c0c5ddb35a1ef30bd182
SHA1 22eaed07a6e477a4001f9467b5462cf4cc15cc16
SHA256 e207ffc6fef144e5d393e79de75f8f20d223f1ac33a011eeb822d30fa2031046
SHA512 725626e961d32398ea5aa120ac0339deeb493fc02ee7ef4d8e586173fdbf768b5cbb1f16f093ae4ecfee87e661170f8f832777640a353df5d651af4a62a2d819

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l1-2-0.dll

MD5 ec4f2cb68dcf7e96516eb284003be8bb
SHA1 fb9237719b5e21b9db176e41bdf125e6e7c01b11
SHA256 3816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088
SHA512 6cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l1-2-1.dll

MD5 a32230b9bfdb8813e94d095222aafa11
SHA1 04b9d7d2a3f92a0054af2547fb6176385cc9738b
SHA256 7068d2b8aea252294e6b5c3bf3630475d0a91e11877f11a04e8ed1f91196410f
SHA512 6484c7c7fe574d797c74c285353040dfa364b9a9425cbfa4a4c8bba698176656c78e228a33c9eeae39a97caf2ab192f1f02dba472824f8a5757db5f14c76e2b0

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-heap-l1-1-0.dll

MD5 ee5c2fb7bc23bfd06ff32556cc7c3b4d
SHA1 5d60ebf016219bbec340d353a4fa541fff596d3f
SHA256 efc9f0e32bce971900ddf66a1a9e68daa3bfb2099a1ba9f24c6ee82da2cbd6e8
SHA512 5d1b8a130c27d8eb63ca0c836bdf63e76afb311de26ed4f25b073bda843ebfa25e136849e3882822257e3783058f30af818a96764d60821a40329cff4e1badac

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 e33f52e89dfc376eaf7aa655f260ca76
SHA1 b66e1f934f491544190714966031b6dfd2e349ec
SHA256 0bd03e89a539aaa3100e2f7d9a058964730320e55aee1f85be8fd243eea7017a
SHA512 95cb889599801ba7fa225b633d0fe25fdcc8b495dee5eba05b15a6e53a8a3643b5defe1a881236c40f4fa4365d6775ece067dbb526afdf2015f4d1355c9dfc57

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-localization-l1-2-0.dll

MD5 dbb81fcc74c59490008ee59bffff5a6d
SHA1 edbb465ab3bea3a4df3f05e5a4e816edbe195c3b
SHA256 f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1
SHA512 2847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-memory-l1-1-0.dll

MD5 0ee9e0c830a7534dcfc9be72146796f9
SHA1 cecc860b494135482ae693f8e252301073a98578
SHA256 8f3f0fd765a37f48162f0bd00c3047e79b4eda355223bfcbed4d35b51349cfcc
SHA512 47161e02f4478464ab45c1e3bf9d244d34613e0e68ebe48511a9a0c4e7f8ddb0c1dfd59707c6968c5d76d5027cd19ef748d1235bf74b976410ea6672a6a4bcaf

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 2a61e4e21bf255107884b6520af5bbcc
SHA1 884eb1a835bcde4e7fd98134f0be797229f4239a
SHA256 64742ee0729cbe72555247b0165fae03bea7a6b0147869253dae3bb0072173e8
SHA512 d0ca104904352586bbd3da654125b3df9355fe250938a465e8e900d135cec397f1118fdf54829b076df82b8e45fcd7656c2c7aa33ad3c0af5189f7a55e43f498

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-processthreads-l1-1-0.dll

MD5 d5c4b8f7260563f72150a84fe884ee31
SHA1 dae1185359ed25a4974504cd1ceaacde28d4318e
SHA256 02839f3b2bdf6adfc89d2f800cc8acda59a40c3e7ce14ef3026f4c72e202297d
SHA512 09ca23413eecf1df94aa36e53fc6fff0f402f21eda2ef79be6aa087818a5bb82ed98db790a2b5cf4ef91a8f70d8e27f56313bc2054a26872d2cad611c472f0b7

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-processthreads-l1-1-1.dll

MD5 f61b9ecb79cd20fc2e8fce87286cfe43
SHA1 7a48accbe43e156f886f1f2836f74e1043feec59
SHA256 bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386
SHA512 42ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-profile-l1-1-0.dll

MD5 a472bd416bdc12668523670360650910
SHA1 831d930ef9917e0dccacd8e7f7fd6f3d90082441
SHA256 48dceeea29558966c391cda34e5755386c2e7e252ea0a03d8d1f21e3cb370c5b
SHA512 166134e6c3403f4437e10afb514a55677481d3b03f7cfdf17917a0bb6fa1f387feae58d7dd5dfbc375eae66d24f10c3163ba5958c22beb6978c0b778c2883b6f

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 525a156e0ff61306fd44bf7937cacfae
SHA1 6a9a88317a55c939c0cb9f77256f5c3f961d0562
SHA256 41c69b545d931045a280f83b2f5fbe0ea18c35ac42dfca54b661b42fe8e4f982
SHA512 c99147eba45e9561b7a2802b0c15a2df2ac886ce95a95f2980f8bf4d1dff92a69b94f11cd17383b577303f24295b1b7e52b8c80ad26c0bb08862c726b9cd8841

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-string-l1-1-0.dll

MD5 e57ec98e69961e45cc7a4e0666d26b7d
SHA1 70462a1d68bf49908fcb7186743a47a1affc5d7d
SHA256 52c9b061c4c74eeb70019edde2b690c7e9d9744979a3b718d6687b3a83f00def
SHA512 4a450bcbce0eb3f98f78af07673227a55cdf8e7840fa892196cbb8d0f90551b32731f70f171644f8097fda97d57caa4b7430023671b19881764613231a20cdc9

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-synch-l1-1-0.dll

MD5 99572ae21d1c8afe3d02f1124979e911
SHA1 5b17addc80b1406a3eaa615f5e37d92e953a0bb7
SHA256 e7d39dcb79d739ec030e9a4e2165b264a24c400566056e1fda267fdd1a8b36bd
SHA512 27ca8149d1f0c625de90a3f4cd4a4930ab0c1362ee10a7131ebfd2a88065c2a34c8ad7fb6d95ce33072146b9309488cbfe122984606d631b99d925e3fc42fcff

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-synch-l1-2-0.dll

MD5 e4110aa5c8a32b63de2c85e0bc297c54
SHA1 6039680f47750cf56d0c9a1768de815a44b83de7
SHA256 01bb32d692b86ebb39a76893125e0f3aaf957c6e4bd682fb46eac32f6fb65be7
SHA512 0631ea8224403ca113dff9b17852e92c1fcb2820e4f335b668b12689d2a8f058ba33905692f2fd0f4897f8f766db816747ec95478d854b75a0803d2c899e6d98

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 a13048905fc64cd2103094c871c6d826
SHA1 cebb1a74bd5196a3fe174a20543335074a1b7397
SHA256 fb23439a5982e723e8e4ae1a5a35f9bbbfba1e76feb4596668f57093b231da6b
SHA512 e23effc6c17177d07f43955cc8ffa17ed05cc2c0a6430078b37de8536170dc3cb4f8970eba1049b10a789ab5acb423745f9d842dac4d63d5714751186a3f071d

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-timezone-l1-1-0.dll

MD5 00b548bf3eab7a6debce296ee5e877de
SHA1 ae18022eb78c192ac3baee32664b9eb011194772
SHA256 d592b91a087c001f9ea38dc5912a90c78fad3a368879d04fd7e5650ed374c8dc
SHA512 3ba15d9a0f1680c2b182cf04fbbfcb0d4f1b607519c161c590928930ad1b3eba8bd417575a51305b9552f0abf0064c74267336ec09cea709aed9228e4eac799e

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 1557093add722d1c5a97c359bfcd0d77
SHA1 a8ce995f00a12a81a13d3ef47ce0834178ed69a4
SHA256 3a20635a223e68418c22858413e8c603aac25723de1cb0f54dd675349ec3213d
SHA512 b7acd6882b4d36b52f1e49e4b61ddd025de8503f765b72c94ec5a0d85b6ced513c348f7c4898675728c851a2632ad71c78937cdec9dff994b7b27ed2d85cdddd

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-interlocked-l1-1-0.dll

MD5 48a5e206d92f3102256ec65e8d570ee0
SHA1 76024fad398dfa4734afce0cc2e5ac117f090ba6
SHA256 a272ae4fc60e511f48950b08f106fcdd3bc86831df908ee78d630f1ae921880c
SHA512 65407da566b571e050c25448be6042e84b0c1c7248422cba00b543af9de425a723b0c7c54c4eb6f534e42b1679a058562d500875ddc4f2b52e6b8e6107b1b575

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-conio-l1-1-0.dll

MD5 032a139ea3cc41f2bb801cd580759a75
SHA1 4d88e10bcc4e75edc83bca578510d53fc827aa1a
SHA256 905f86530c56c9b453dd8bd9770440de0f6f35aa84b171de747a04d112e35aad
SHA512 4f574dfe92e90c7d6f162c0b69dd56c96031790abe15e52121c7e44980bbab86914ee06fc153fa5f3a77c4f1c6e4c24d7044507880a80b587872477708506a50

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-convert-l1-1-0.dll

MD5 94e386a317faa200aa1dc270ce54e5fd
SHA1 e352ced285c04378bc3f6af4b30fa69df70b8974
SHA256 e4ccd13d5861e3e28984fc7263d79b580a0bc7bbe0d234ed8f1a69706ef908f3
SHA512 f622d303adecdce6ff88acc779d108556c2fdbe1f4140092d2d637c2fc1aaf651c1798291239e1334aabea702d7d380150922abd4e0122cbfc9c079a64dc0e76

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-environment-l1-1-0.dll

MD5 e8ccecac4f06679b9d5e77333d216ee0
SHA1 377363813d0fc18083bdb0456a66efb6598a763a
SHA256 2cf24c6aac48261ab04eb616e85dd707417697764f860fc29dd3955dd2c49226
SHA512 e37db74e11138639e3bb02270589f977bfd803d450ff098d474ca461fd1fabc8e646a177a2082fd0a901fbe15225c4d352567a561c453f56ad8e0097838b945e

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 42153324a982f848d7a49bb7406125c2
SHA1 f0878690d23ad0c905f0a6ec37e9ea1edb813195
SHA256 fcd8b213e2e9962b84d1eec4296bbefdf4465398a235e118be12c878fdc08c05
SHA512 1710b3fd90210dd6603f2104de249704cad9d83acdc0c6b96ac24e20c4913679b1e4ee41bb7812d919ba76cadb36f7bd8210ee127325fd9db6b542cf2d0b7f69

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-util-l1-1-0.dll

MD5 96d9965ea02eefeadf1f122dfa724449
SHA1 c6f9eb1babe64b30fb1ff6b74e93db8ac41d1294
SHA256 4f31b2888ca82bd1ff40d71e2d11500456b99940dd469bfb097fcd304676fa38
SHA512 4018eae1e00899a5bd392c9b4f25561cf03292011f52387edd77058f49bd1b7456570f0108338088e5711bf5d6ba33aeb2c7bcd5d24d2744b173ff75bba0347b

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-handle-l1-1-0.dll

MD5 6a35a52d536e34ba060a19d06b1dac80
SHA1 0494a9cbf898e5babb6e697fc2de04a128d2fc35
SHA256 a369ef130749bf8cd9f67055179e6f537f200c060af47493d49473912a95021e
SHA512 a8aeb58bcf4b314212c2ab5a8fd3c2edeb97e680f774171d4a79390aa23bb62a414aef0ecd5286ffb68b7ed8f6e713ff1892d6d4cc2cbb67de916c6062e762d9

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-heap-l1-1-0.dll

MD5 aad41d33906cfdb31681ce8276648481
SHA1 6367d1990873c5af2f5d05d31ea083fb8b127883
SHA256 242cb185643df586a5f55735e8810b8d2b6b095c78be206e42cdaae7665bb2cf
SHA512 43b2cf09fcb13211f5bcab6942050e03dfb9ce36b727727f7c764df3754f332f04dc81f411e55caeecfa676c43dd1e977f29b0042c485babaaad609c239a84a9

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-locale-l1-1-0.dll

MD5 bc75b80a80802146e79c383c94542f06
SHA1 7da2020a855ea6c003d905551a28af456e7519c2
SHA256 81a7a98e11ae94236f34a82a0d450a1100a9b8e752205248de0037a764b91a07
SHA512 0b6a8f6809f1a39c90bfe58ef0d05d997be307cb18771ff8fed6539bf7e19ee8cc3bedc44e1c22f34441db9b82a6470d3814fc7465d1ea82fa30d37278a0fe65

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l2-1-0.dll

MD5 b9287eb7bcbfdcec2e8d4198fd266509
SHA1 1375b6ff6121ec140668881f4a0b02f0c517f6c7
SHA256 096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895
SHA512 b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-math-l1-1-0.dll

MD5 1028042a84aefe816280f22a4517dc68
SHA1 b3437beb0e5a6a062678a0b32cea98f3c5e33580
SHA256 4a88f73cae12080b9a637f76f8ab1b8ac29829817ff03ddd611a25b6981ee573
SHA512 1da4a2d152943447950ae5de80360741c8a827647d1568c18b026376645f15cc9b5d1915dbdb43278adeac1423b20d6e1c97f6ad67ce724a0d91ec84c4e5250c

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 b7e1023ebbf0e5018c58b5488c03a643
SHA1 b10d3a570d4a44b87480d015aac4d04ef3f0a355
SHA256 e7238f5e38d3991e9d6219255e8cd951d6dd431402c4b4b295a68bd43efa3d48
SHA512 c5536416aeba4b37931e2961a29ea4c8679f6d942289325c9067d46b36797e404c0d8dfd01ce997e89bd42a7f084029d2f2d3cd7485b8cec5e66db50ac1df565

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-private-l1-1-0.dll

MD5 538057da2c6ec8b927904346bb808792
SHA1 1156a3d1a653678b9f85aa64ff65bd3c10510b5e
SHA256 f8720e9250c5d5aace6918e1f67f6105f2cd08c0cf55633d2b6b28032d904e9a
SHA512 228531381ae55e7c1a24cfe36101325cd0b95899f2a125c72e82043f13248236171ad89a497e5b1d6c19a5febb8d2bd38cb43e81fbd753f3088aaee1c1791b7d

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-process-l1-1-0.dll

MD5 4aa747ecc612240d522c23b51a8be7c1
SHA1 b037be0bc321e9329c7cf0dbf609fdb9b2d82fb4
SHA256 ecc116471ccfa09c599d389d71a574ebed01260b9760021a40665c4d8a22257d
SHA512 fb8c0d4f661fe6c8ce6cd04a3c0661a2f0b6058223edbfea811891aedd343d006c22a8524bf8508c2cc396853252477d5cf3c520889650a24d661f4964bce5c9

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-file-l1-1-0.dll

MD5 d826d27c73d9f2420fb39fbe0745c7f0
SHA1 6e68e239f1a58185c7dad0fcfaac9ecfd2e5726c
SHA256 c0e5d482bd93bf71a73c01d0c1ec0722ea3260eba1f4c87e797bae334b5e9870
SHA512 c49843eb10e4e54c66e0e194dbd29ceab9094bdfe745b6a858cb03e34d73a6326f54804e5e5505deacc87146cbdfba17a0f02e62e76c685bce0cd1ff41962ff4

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-stdio-l1-1-0.dll

MD5 65fe48962755451a1a5bab26e6fd978d
SHA1 d1322c477fe4ff61eedf9433b8deddee27f5adb9
SHA256 5a3d9a0a2c1f9b14cb52d9cce92b761ec1fe0460ea7d994179c96648455ead84
SHA512 940269af2c3a8b5b43ca936df1bb5338ae5166f04c34a163b5938895d19bdd7eadc156add1b96b5508e06088419a7d8f466f40bf01e64b4c547fbc1b20328ed7

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-string-l1-1-0.dll

MD5 a3eccd7f2f2c45d1553055593278645a
SHA1 23cd6aed1b198ca515d7adb213efae780fbf0537
SHA256 d51dfd972e6df5e8185dce0b4eb26dccb0527c5f1c63bc081677335f69b92b67
SHA512 1dbf60f5df95e72b98b72faccb52f83585bc0bc5b1f65c259e8568d812461b738bb37c96e72e2f272370788cc7dcd7a8e5a698d9fb2c773ce0e17978c19ef858

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-time-l1-1-0.dll

MD5 c8f1a3b19e5103751202010805bce5c9
SHA1 179cf585ce939d05f9610d4b684e4dda6f452f76
SHA256 d5e2fb8495bbbfb66b2612cd5179c1a5f4746dcdd043ecd474363ffe4a8deb4f
SHA512 879fbe66e5440cbe01bd1814a36345fce6454196c8457969d2ee9e93b749df91d0d95b1da1d368063b7ef2a3ed538449b456eb2c7507a27de60105a0d37dcb71

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-runtime-l1-1-0.dll

MD5 2f10f2255271b09d58af75f58476899c
SHA1 ca37f8e4c99fb178e718e99eed286d1ef32b00fc
SHA256 24bc147f7c8a2dfcbe9296d83ce75a1f2c02076d8f6e6c81f6032c927ed5888a
SHA512 74d85f5a40bd22eb9c85973bda5e596c3688096dc78fb6984f84ded4757ae82d77894c4cae0f24de77d211bbd869f9a4120a104d7c2ed161b4bb7b8568cf5103

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-crt-utility-l1-1-0.dll

MD5 e0aeba2d9d9ae584d6c1aa0f5929526b
SHA1 3f97b977d8877398d350b373fd441867167bd2ba
SHA256 4eca5b9e5be5750b0bc03fd74b6d5e351cb6d70fd63d5f740a1a122f906390e0
SHA512 cfa02a7afa052c5149a741500063f110462d272af417c33bedeac6ad3af424b181144c8045adc04a44a54dffca4639ae3c135f23d64bcfb66f7d3aa980143799

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\api-ms-win-core-debug-l1-1-0.dll

MD5 64978e199a7239d2c911876447a7f05b
SHA1 0048ce6724db08c64441ce6e573676bc8ae94bf9
SHA256 92b947f1d6236f86ed7e105cff19e23c13d1968861426511b775905e1d26b47a
SHA512 9c64211895473ffc7162b56b0b8e732dec54cf03ea9b9b36fe3cc3339c35fc71fc7173d4e146989db399cb1bcb063079378bb6f778f7d2591cd545550038397c

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\common.xml

MD5 c771097a1d490053e97638198f2f02d8
SHA1 f2d060f6e91688425e56e4b4f846f4ba4425f0ba
SHA256 175760389e292e7bbdc8ba697551dee44d9e3727e54df1d50a6bbbb3db6d503c
SHA512 28a70542fa4a2e1d6d434512bf46c92297a96266c40d46e54ce7e00a80bce438165d705e1828385dce434f59360b0e7135134e09da27eb4d72a5bbc7e26fc54d

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\gf-config.xml

MD5 f7b1bcf930a68845930ac056877658e1
SHA1 2b97e403cfe29f39f0b908404d293af077c47a3f
SHA256 9ce36b7d7b85d4c1b23b773cf78eb7c688ea3f0abe00a2bdbec30b6f9994b384
SHA512 bc5be9f320607a89d3c84c2c481cf12c046f132cbbcf0753a32aee94d0b3c3ac7f60eb13f21c218487461fb927645f2771d6457abb19ace1266865dc6e1e85f3

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1025\GFStringBundle.xml

MD5 95fbc628435390e27f0b3e44588efefa
SHA1 0b3ec4ddbeb28e3bdd46e1d860b130317ad981cb
SHA256 173e6a9c3f2433f1df223a88b9b594fd6fc7ca0466979b01c3dac64e943ef508
SHA512 0001887f88a4e058ac547a32604265ed2af16e4b5f48ad371ee20b0711556d068c5fafbc9377946118caa37f76a05c26e625bcd2f8291276725061e6a9ef32d9

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1025\StringBundle.xml

MD5 051ccdfaed4a5e7a3f08018f308389d0
SHA1 a2fe00ed6f2d348c781620cb52c6bcaa33fbcc37
SHA256 f02b76bcafc50f26b54562e8fdc6a01bb3091abf50942f834aaebd0187250df0
SHA512 3a0fc59fa37ea884369780585da4fe5d8b9a8b4b81172712bca9f1058cca8848a9f3aa9b15d14beed133b7f5bc8d09dffbb4fef6d178765c70b9d8072be0f600

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1028\GFStringBundle.xml

MD5 eb31e11bee249db5b31768048321da79
SHA1 b80990cbb863cf6f37d73c3ffff871502ab11d43
SHA256 43166ec540d7f849f4f275a1e3388012ec6076297626dd1fce64a7832c66ac4e
SHA512 0b9f3586b368637b9dbab39a5c325cf3903d89b0ec05a55223d1f3e240c3785c67779e2481153f8ec4c2c0f34f6083827f9986faefe3b77754df115e51116e12

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1028\StringBundle.xml

MD5 60c7b23dff92d4f4c0e33f46321f1b30
SHA1 414b7c5972d6b3f4bb5d3083b512887dc3fc6ccc
SHA256 4a24395569b3a6423896062b7eb4482c72d94ea585be0ab9cbc2aacab2ca34cf
SHA512 5ba5aef84d5bd7ede7bf247efee8addc31563ca181985cb954b00e81a1588ed396bece978e288431100079fa8ad3427a63c67c55918b5538950d01e9f1b7ebd0

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1031\GFStringBundle.xml

MD5 94e9c8953d4f752d69bf2959fc000574
SHA1 d702b4d9591fbcb63a1da27b6e7c6300e333f6b2
SHA256 6c4128b96a1ddaa79f15037c78d1b4c764cfae049b25538ab3c158f72ab803c7
SHA512 9aef93a6abc9d4446b5460256abc830821cf1e646bef204d1deae2cb740abbce3304519477cae359608b6eda24f19ebf733d042396fe9001d74ebdd175b6d517

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1031\StringBundle.xml

MD5 d2e9d761c1f254b218ba543a22407080
SHA1 4882d462a0e6781fcc2faf448cafc76f74073672
SHA256 d3712ed0f80fe99b25853553295cf08c31b1efc3baa0e0ca8c87ebcb325f2ea1
SHA512 c409ca63ea5539d5a77efd971c9114951f12831ec2b3e41e742d8ed113fdfb930091f593edf58150276d008710f42cdeb8ebfb10c30bfaf61d7d3a1e690b62fd

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Setup\AppMarket\I18N\1033\StringBundle.xml

MD5 90453f8aa43a7f5e17a86296bb56941d
SHA1 42e40e6f0555bdd1d56c1caa4b5e5a1b5b80bba4
SHA256 42b4ae064d79b8a024eb70641e011979669cac8e406ad8044f47eac11c4cc2cb
SHA512 5c76051c99670af0a9ec4ec6222ca26867a2d9ad29e22401b49c7a2ab422de717114855c35403b00b00f619be6bcf8d0470983c027df49c690839c22fe0b88ad

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-en.xml

MD5 1f8732c2fffb83b09abae916afa417ea
SHA1 26102b442325fcdc3e7f72f0855f03d353f2a55f
SHA256 e97f7ada887eb751c6e6927ab57b04f5121fd7c14eb266c45954abb72833327c
SHA512 1ac6c7ccf50e69489c8e7fbd8d825d1a5e9e32d9e8764bd54de58efc0def5fa0c935097aed921c8cc89638e02154962ab9e8265e10843e3aa0a3e8cbfb7f6491

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-id.xml

MD5 80c5d8008844619df82e2d5ad65b5da8
SHA1 03bfb95bcac5f2b52de056deb089e6495e7f9b30
SHA256 76994bea62ad8c19e2ac0c193d05f87b2acfd7a4387c5adfbc24cd5e2d3da29c
SHA512 d3ac11a03843383cb3496fe963df3665e879a5ef28a359bcbff3640ac084137aeb30d9bdf937c651762e6ba09d45b5722c4019290ba8e16d3f9f4a1f96548fcf

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-ko.xml

MD5 b96fa0a7ce5d7baf6467d17db4112338
SHA1 06ffdb34e6aabe8e52d9f5c44c56b611700abe75
SHA256 17e9689057e15cf5a4e51a4db9cf97524a07f3ce7acc2c9c1ced8dfab6fdc048
SHA512 5cb997230ec2552e881dd32f2732d5ce4920b2f56f58e54bb0cfe840bbce3973094958ed2a0f77110f2f6eff265091ad4a2ad6a3c3d48467611482ebee5f6100

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-pt.xml

MD5 051a004b05cb01bc4c7fa92ff498d390
SHA1 215c2f4dc6ab14fad406dfc287f7e134e783c5bb
SHA256 a418aac47f73420d812b9947229e9bab36b991629a3dd9a5f6c4649e8b02c955
SHA512 7d2f70e8e54199c8c0bbc784a65022a1239af6adb8498ee676ae1e2114692b273211b45bede99123a339e05d92f132d05d1b86f86ad5f4aa39408e4911d4003d

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-ru.xml

MD5 0910e48c7ef6ee3cacba63d19b1d81f4
SHA1 b9cf52f8ab64a5ac5095cd70a4c8d24873a486e4
SHA256 f15fd6d344c1f926c818b18104a463e345c74a17dfda688c4d6af3a8ce8eafba
SHA512 025437e36dc8f783afea950805b8cbc931677322985b98310fe86d9e1c96844193b9aa4bffa291d033e9e3513070a619695e037074cc48dc29fb961973aa7d0f

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-th.xml

MD5 a737838e3c93e95f1f8555c83e19bdf8
SHA1 01a3c3427c5badbc38ab065913a0f1ecba81aed4
SHA256 a6d47646219f993a45eb8cb1b33625cfb357b1c2ecb69ec165fc6d62b91949ad
SHA512 1e2dcfc4a01a43f16c9f5f89fe372b31b0e4f35ed4d2f7670c9edf2fd55feaebc96a409b47bf02a9e5485a5b05b11878cfb4132a73ef024797de54d11620a877

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-tr.xml

MD5 d27fbebb5f581b0c9960d4cdaa093cbd
SHA1 aa6238139cc6a48b83f226667806e4ac009d31ac
SHA256 7f28d495375253347d1d947fb12a9d25082309b8288dd7af058f4cddb427245e
SHA512 e79fce5afe37b7d44dcb7b1aada2f5f07209723dd71c5e4195658f125b18d2c4be23123079e30f8a12a0bf5c52717b701d01bd892e8ce0579060da4080c70d92

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\config-vi.xml

MD5 a3cc17103e2f161042fa24dee1ebd243
SHA1 1e03ad708bc7b3c9878f367a4241bc9d83c02079
SHA256 6c071064476b4bed118072014abf8075046dd5fc2afd9b0c9527b3c2722bfc8b
SHA512 e4f71f4f2c6814a6ef50ce6260f22024a670c0768114ed048de38e1db62c8c3e105cd1f7f204f7dae03256ec5ee54d09b190a5f2cc1e851a61deb4a44890e0f0

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\I18N\StringState.xml

MD5 bba8d8127e3eb9e91679885c5f42a8f8
SHA1 b7583827b29251253eb476d8553b78b8ec111725
SHA256 aee0cacdf2eb6d8f5a0168a0756f1834c21632cb5238fcb366763e93b7c5d011
SHA512 931d257f9a689e0fefaad5c7d3699fb998716638c03aa501575d9ad9dffff0d2bce3f485ac3dcbfa868380fda0bdbff84ac3a1e110c1ab0734f585c1a1dd5cd5

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\AERequire\feedback_down.png

MD5 db1e630f6a2edbcbd4d6351de1e23178
SHA1 c4a9444c25207fca2f66108dea4d3e00af2f7f44
SHA256 766afb00a71210fd8a97331dc936aeb3bf5832da4011e0faf3de111479618604
SHA512 23732bf4a2c530fbd5bf3f85593b33ac0ce47cd45369f7772299613b301a5b2099baa47f63268e823f7ed8d87458980c4ca262aa5148a59bb6f14442e4fd7d52

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\close_down.png

MD5 ac8663eeb86f730ba61ea1eb7a305517
SHA1 ed84d55fba2870b06a05a0366c1bcea5a18a1d32
SHA256 3ad5369cf8b5e7c371c161dc222da9339da443d6f0d19192a75654a540211800
SHA512 00d3fc94e8a243b35a4317b32e0c8b98a7c68bce54eed73341247bfacdb3c20f5194edad99ac14c7e3664fb5bc54f574d87346557812d1a53f53337712644a78

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\close_hover.png

MD5 f63b0bcdefce2dc6c560ee6dafc8305f
SHA1 e01d7b5a99798e1b46d96a14daba6173cb51f428
SHA256 a04f3175fd7d6d26bf58c0dde03b6f6e8c9edee5c0eebf6aedaafde6a6b968aa
SHA512 1164aae024122600225649640079c49191b679d16b469ffadf806c9d0de1482032b235ec1ccfcde8b618393399b09c8115c20b45ccc9a0d68d7b2e2884f62ef8

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\close_normal.png

MD5 58d267466f6716c513d8867d361e42d3
SHA1 f1257787f3748c9298cf43ab435d2088b1e9fcaa
SHA256 bb7e6b43a8d86aee131a31d84ebf71f592b89f45f9ec26b194406f90510c54c9
SHA512 cd967beb40ebc0bf54630041296ed9cabe23472775474d6af5a350a1e39cccbb72d3cd38757115c7a86ee40d89975d076b4fcc3248639241b73cfb4345a1076f

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\max_down.png

MD5 069a5181128070af374b7eacd0f1a9f2
SHA1 e08c6e8ff34edcb59bb3e067f3297b0cf29fc203
SHA256 28d44de3a3ed3039324730883b5ee7f36ecd77c351f0dd470f0addd3c90d7c46
SHA512 dee9c6bd584aba5049daed7e845f49d7485d311a0f8a431376a2ba09a802b9f24b1f9c6fd25fda250e76ad7998b72fb792e542a0a885c7c0a72ce87d08144a89

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\max_hover.png

MD5 19f33a66c1bbd4e8b1fc2208ebe8738e
SHA1 2a944bc87758f87877795716576594002bee0920
SHA256 8862c6c91917a10615bd4ef11d1afcdc4f5c03cd498b15be1f00c6c7fd9e704d
SHA512 92d4ceeb4500e5f183f3df4a1a8501945b16a8eff9f68273e89dc6d20711dc9931fca6153bc5c239d0f273aee43ebf2a824f5d9aaed25d1fad62fad2171197a3

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\max_normal.png

MD5 3979eb2a7f4f11cf739af806e55dcf24
SHA1 aea935b02b9eee4a6787ab40d1b66d06ba479827
SHA256 495df5662da43a916eef4451f046526697b518c796d529d7a4afa0c4f62adf0b
SHA512 2ef413d624c7d74daadb7e403aa34724597f395ffdb21cad5f65b38dceb44574e570cc8ff01885cba9212b1f4e8b1b9c114a45b3aaa5544f5890953823031485

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\min_down.png

MD5 ef106171918eb3ea4a60ee955f851fbb
SHA1 45052d56ee73fecba4816f4ebfb23e5c4a114fa4
SHA256 0651b1f15c33c959064acac84021bb92739dd0c36d59a4d37cd6e738257255b2
SHA512 67fd33d62ab89a37478b829449b3eb795fbed37c3e38e8dd33801a28d7ab9a8460f688747d1f48e5ddbcfed514cbb808517e1c035e00a66a6c3625711a5bae82

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\min_hover.png

MD5 a8963c9a7d5f4e262cff6d6a3b7063aa
SHA1 de2d4494bd44a8cf8f81944bf1966083102448af
SHA256 4909bf144b1e5641ca945ed9046f46d5c6eb3d01f43581a575df826399e6097d
SHA512 ddb78a911e297e84e67c5f3bc37034c27e7c8ca629da610d9b11df44f15fb40344024b4b847d1130df31107c406f694ac73daddf10e350d3ed93bd4f54260c9e

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\min_normal.png

MD5 19ab5e38c56c0859b8d18c1bb84903d6
SHA1 081319712069f6446a1ef792a287cb72845b4b37
SHA256 bbd72095f035e68f319040b538d7af46e23c7222d5ecaba6404a1c96d647cd71
SHA512 8c111d80ef37480ae7775c1fede09552708dab51b42c3481b658ea3a6640c555737b30fb50e64bbcb42cb412750d078f0f0e2b84b59f485c2427e81aaa640d56

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Res\button\retry_down.png

MD5 f0d939af0ddafaf08f9e4bf980796515
SHA1 ab2a9c979f419e342f7b0240cc29eb2ff092ac3e
SHA256 0b86dd63dc5087e6e5eaee29e08f32f866586f608263fb900262b065c28043fb
SHA512 cc8319c323d07cad1efaeedb362a644446c61688d0e897ecca305f6e460cda98817b002e4866c67b3f3c4bf49a7c48cd3e1b7378d798ce5afa9d1f20dcf56ba5

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\TBSCoreConfig.xml

MD5 12748b15d251c4708df86cbf00544929
SHA1 132f82c4570045b92e25f8e68e34c4a6a03605cf
SHA256 605161e8a540fc3c50381b7f25baad5bb5ea4a6ebd3efef31c41c4b8075615cd
SHA512 0fba6314e5664ec88251abcc292d40a31327dd0ff0ef9f7d9dd292964c4d90a7378999a21c49278d6fc655885b3a499026f7ea6fcb45a8c2fdbb45b04871ef4c

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\Theme.xml

MD5 f340d3ff3bda959d8966bfbf56d34d8c
SHA1 2bb7e187be9f74fdc42e11e5e4e7abf52a1caf48
SHA256 1690526c13ed1ba0a8a3b811eb6358a09e145a2161a7fa0028c346388f866184
SHA512 a2c6d48bd95d16b1dc90c265202f74e02683448ba8ca203f74ab04b1e3957a0f7c694770ce107bfa3f8f5239290ffcc3331a37f00062bfbed3b616ee6c0d46a1

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\TypeDef\ExtraTypeDef.xml

MD5 9725b213ac7129d7ea32be460cd85e41
SHA1 2d020148c5ab4d4cb523cca56d17cc255511e7b9
SHA256 ba32bf96a3ba1ddd301399160398319378386e229937b7fea8c2daf2fc3e01e1
SHA512 d8951bd3f79175274e309137bd6c69ce22e120c4379ca742033984e3f591740eb59c1ede24addc691f2d0aeaa337cbf1e3dd4554f89e2b13bfa861e996f6ddac

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\TypeDef\BasicTypeDef.xml

MD5 d1683ebfa9a9885a5319a11018ab795e
SHA1 bb581cb096504b8c502853acbf20a239028e1577
SHA256 2d34f1afda13d8eebb8fc1232f280214b27fa77196dd29a72bf175c44c5b3a1c
SHA512 1db13bc2272d34761154c822e3a717dbc46870e6428ce306e915e589c7b9194d9d320e5674cb1d2b1435f8f64908d20a38f785f69569ce699eade454e9288145

C:\Program Files\TxGameAssistant\AppMarket\AppMarket\TypeDef\TBSCoreTypeDef.xml

MD5 98fa6d64788dce991ee9d308e58cc4e9
SHA1 5fa038f6cca6c3e4fc4f1e48673194c2bcb95e97
SHA256 0954e5e36d0f11e6cd6088b421844b21405c569565dfcdc1431ec849279ad56a
SHA512 71ea6c7f0154674a0e0b65b16ecce681f891e615b7f443117bd0bf4f69ea2e7f6e45fd1e964b2d9b54f4d0e19067b0174c4473ce52e93add74df02aaa3563401

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\module\lib-syzs-login-sdk-v2.ac53bf12.js.LICENSE.txt

MD5 783f14fa45b10e088e68f98251448010
SHA1 cd522246a57b87ba54b1b6b92174b9091f70e983
SHA256 0d8f66cd4afb566cb5b7e1540c68f43b939d3eba12ace290f18abc4f4cb53ed0
SHA512 b7c82962cb44702c31572d8d4057561649bf47fe553441f54a9527c14f5b4f0fd747bc346e0ebd108879a9482f5afc3cf73229ac52143c5914139e108b8b58d3

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\recognizationMobileError.html

MD5 f9057c1192a7f5b1d180816137f0e730
SHA1 9b4795815e73d7f3ff9949ecb8d22a42deb66315
SHA256 4f29fdcc65a006e9de11ecf94a82288ca73850271ca908214cbf1a167fe9127e
SHA512 c1bffb4a7aa116bddb502f6e8875674a76fc8a7f44cbad1bbb56c0b66c4f89e2e021033381059449dcfc0261744f7fb86cefb4a4699568c7e8ba1781aee37eaf

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo-uptodown-simple.b218277c.png

MD5 b218277c112ffe9b6f1f1fe57c064e25
SHA1 d007a13ecfc40d5567706234b9b70206f065182e
SHA256 b2ad11221f75608e311561fc6fd05993e328a3b86e839eba9a80cfa2b522dbf1
SHA512 5650a31d28d8a22925d9e3eff289473258ccea5d18e57489d633a7ec46da3dfa8d6375eaf55e287749c1dae95d7c81e785c40ae1e368eadf2710de3efa61f980

C:\Program Files\TxGameAssistant\AppMarket\TGVoiceBuddy\I18N\1028\StringBundle.xml

MD5 ddfc333a5cf6c05dc44f45bcd729a42e
SHA1 cc452db43266b5cd6576af59c2393945d79b6aa3
SHA256 d1cf9e7d5c67d1fd4c12fb317813f4c4ad1d4a94d992d3758b0ca30d7ee513d2
SHA512 4988792ab971496a822615e2665f9c0653c02846a782af410e6b981f162b8e968426ade697ba835d357f5dfdfc62dd1041f6c25db2e5f240e0fac6c8b6c0fadc

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\aisee.html.old

MD5 1d6aa4f0c1db1675696b845a1b0cb766
SHA1 e95212c56868fcab76b2ee9b3b8a93a9f5db83f4
SHA256 1d9a5ae40789be23effc6cfbdcbde2b07d442533370924240731e58484d7cf66
SHA512 57723570de8be3cef7d8a6470bfec40700615dda3febde73116b1073aaabaa33fa95ae8fb1ed7586cb47b4c512a85cc6b9c4041774218f56ebed3dc4148dc3f9

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\liveplayer.html.old

MD5 00aa757ab13bc8b6b2910b0ae8533cf3
SHA1 f3bec91cc669e05527c7ac9094155e466c8cc721
SHA256 28d9fb50468ceb55f01cd44153aec920038589349e86097a9e5f61d534fe77fc
SHA512 a3fd92ad920ab61fc49e296d90d47d947fcab41b529961fa371afb4eb12bcb02f449c1d152ea3bb872d4ce96bb8c86f64366372406a7754df972e139b083f032

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\about-logo-oversea.1db3cb82.png.old

MD5 1db3cb826f48df2106114a6afd3a4e4a
SHA1 e4fe155f291af39f509aff9f42ab115690159108
SHA256 2131c1444334e92a949c668c768e9f13a10ceb153a421ce15f71aa6f538ebc3a
SHA512 14689f7f1eea5c5a96bd19cdcb1ed8f03905b5515146c8271e0a66e9ab04b67e6ff1f9d51115e58c7d7d910d8b695dc9a97d6153d3cd70bf8badeace67d1bfdc

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\about-logo-uptodown.f4b36feb.png.old

MD5 f4b36feb94fcf2dff1c704c05ebc9865
SHA1 946e0a8be7651959fe19f9c34e63934c40c48e17
SHA256 7dea199c961b22190fb00f27a30a6393a7457668d0303b7a982abc8b8af99edb
SHA512 bcd1d8b36b9e2aa9c99f57db92d91775c43cc41f553ab5786cb27e013a2b69617f4b5b2f86fedec14e0675c27036d6e1a6b3e4d7fe0d9364ce41db453fd264bc

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\aboutBg.c2ec7658.png.old

MD5 c2ec7658a58a6befbc5dbe99a7ec31cf
SHA1 15ff3e5c77f430f894c766c66f8663edc66902da
SHA256 f46308e39efabb1df8216c12abd9fcd982372f741d609c19ab17070cf27d1746
SHA512 b87dacdf8b1f928784d4eeda964a6907c88cba3d105e18785af52919455ef579e4ab525076993499200d12109d98f5a4f57d98d4ad6d3eb82a092c536ad67108

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\about-logo.37448401.png.old

MD5 37448401493d55bf36cab8a2cb988561
SHA1 0b734bcda25744769c1349465a230e039ed9a34c
SHA256 b4ec90ac64403b00799d8d4ec872c5e2c45ad74597ffc4587de2f6550df43fbf
SHA512 68bee5298e26ae244f060a2c76a998ad5b62cb8526ddc979879cd396d29ade09f1a28580552b5cedb525aaeb4a92f72a4ce34b60b9a4574ed54b9666a6fa9bce

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\ajax-loader.c5cd7f53.gif.old

MD5 c5cd7f5300576ab4c88202b42f6ded62
SHA1 7a1aa43614396382bb15e5fde574d9cdcd21698f
SHA256 e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
SHA512 f0d7ada22a3eb3b2758198a71472fb240c74ce4ca09028076e23690c70b2339c6b2a40f9158dd71c52d953ef27bbcc0105b061bdc74fbb0ad0b304c7c6a04a38

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\android.03fe0024.png.old

MD5 03fe002464016d9ef2bb8cacabe08ba7
SHA1 315d7c6caa6b85be2b394436d171f66743cfc114
SHA256 3f623c66ba79b46c29cd687e2176ba8c14654cb837373826d30c1ad74fe731c0
SHA512 2e470b27cc28dc0ea1ed7dc9a609e2f113a63cb5690a8df7963fc853a7e5d8a03f9656671e96300d31188433fdbb630a1ce8e5d41e3664efe88a4c58a1eef81a

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\background.2f301ae6.png.old

MD5 2f301ae6176f39b0bfa7d295ab15a005
SHA1 bac9a8324c7cb531100e8334447e6fdd2f542016
SHA256 398c7d9731e7ca31bb2321d1a2d4b94dc756624a370e5077a98e62cfcdad9b14
SHA512 994578788290215518488dff1b7989ddf75d723facd5655b926883c17598600ab1b81e52b7acf22be2f425f3d598c185d5f00823febd5edc61145d3484fb46b5

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\battlePass.6c1d0bb1.TTF.old

MD5 6c1d0bb14fbebcc2c6ccc6c9dd21d97f
SHA1 3fdc7436086bb15718f0cfc99f8d16aa029bdcb6
SHA256 00aaeeba5b3887173248f050beeb8bd7c05ec9063dd9d9f2452ffa2132cbc53c
SHA512 f14e19f8f1d4e07ecd84182735400235e41b9942a86b6d0e4d09dc1e1d2b4f56c5abe52052821d0d1d6e22566d17b2f00d383dcc5321824e2d35b0c44db1722b

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg-large.1a662cff.png.old

MD5 1a662cff1d69a71a3aef1f55140d356b
SHA1 399ccdd1f09da09c1172554e0b79753246692628
SHA256 4b7158efb66fc15ad7453392073a9e8b06e15dd3c77b92513e79d98d86f68b1f
SHA512 21fb57eb9df8caa3d71c048c39c7928951c5909eea42f474eff3628bb09f214779ba9604c93cc489c084c0211e5b98cb9a9df1c7a5a4ddd83f673198e4c0dda6

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg.3ea671d3.png.old

MD5 3ea671d3314c837be2470038c5d1a95f
SHA1 a45ec699e606b0b4f4850e9416151aea6a5ad58d
SHA256 8210ecb596defb0467db7fe3dc4300ff48742e8fc81921f134ebe5ed52e531e9
SHA512 ae2487b042a6a5b04d92f887050fc41083bff9362189dde5878b7814460813072757877624610afe2dfb4d5095855930178292fe9e1b6524d01dc007c99afa91

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg.81b1dbdc.png.old

MD5 81b1dbdc26501410a580168f457e6205
SHA1 f35803940af60e1e731375b9d2815cacbff5b766
SHA256 135bddf4cb6e42f0616875b1d519753edde1720adf9b13abe2910db9db917655
SHA512 1ab9a4e5f739adc81ad4a0435431adb423ad15475c06ca96036de61a6e99a14ca4b74397dbfaae83f36e17b6a61a0818d6e42c7e37c4308d7b4ad2193a19f7a2

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg.846d4ca3.png.old

MD5 846d4ca3038fddf01b726a2f4d04f806
SHA1 06b09d8122d02178455f35925d6c3c6274111bc1
SHA256 c365916c4287643bf3c88722adc88dc40ca8e59ea1dd34f4f58b23ac22e6aa63
SHA512 a9b5e01b19d45d4227527f08a209f6c0f455e0b9d0f0b505a3ec0bdc6dd22accd0e90d1d90f0a5b18340dfff97c0e8c151f332a9f270a8b4b2d5cf7382210908

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg_complete_task.321f45c1.png.old

MD5 321f45c1db908621755c98db87db9bc2
SHA1 33fcb9c82716a7181783ef5035f424a23630bdfc
SHA256 4b1119d8b1934648fcecae567a79c0b90ecbc874512a046664d504f09443bdcc
SHA512 91624217e967ae29c876160662c24cea04681faaa6edc40f6193c9324f1e150f3b907bda217c1aca881322194dd098e6ff0fd4aadf5b2f895979792d027f6f80

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg_gradient.2eddd6d2.png.old

MD5 2eddd6d278303fe831ede70a0450171a
SHA1 dd4d6cd7cc3603d11c2c69684611ffa2126570fc
SHA256 2b07e1d82a6134ce498bc15ced4b101d2cf141b8b3a55a9412867b2e2a8f5976
SHA512 21510105f816e389b76bca0f28d6306e1854198097713783176e2fb76d04b578f25f6647af8384d3b21d9c68bc5c0da29a64c270f011fbf3ebf8b37150b902cc

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\bg_incomplete_task.48285349.png.old

MD5 48285349595126daed523546a64a3c22
SHA1 a287e0358127f9d87981f5f807d97c81a1039cd0
SHA256 8ed80645f298cd85f66bbfd2cccfcf1502cf15f05f9828cde6c63851f6b11996
SHA512 2cf426688bf1972e0d1bff8e12981ba8642b1c65080b67977d96a829e403770d5f61bae242d5923efa66e1b45b81f6c851bf3f9d020340d3421e82b01f3fdd6b

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\cdkey1.9fa025f0.png.old

MD5 9fa025f054f4e904fd9958de830d03d6
SHA1 462a39d9d9048279c841904168a862536511972c
SHA256 e3779114edfee021b64f62be5640ae23482914c09b31b4e1af154cab88c9573c
SHA512 f2849d79a7934958251936c6a89fbc35dca525a2b44409c7161ff139c7f02e97844cabe4a32ef981219b1b832243195d1c330bf20c14c4f2514f41fd8923f46b

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\cdkey2.ff9babc0.png.old

MD5 ff9babc0fa823abc0c2c3a1345db0f5c
SHA1 8a33dc2e17f1060faa02ab4a6363a471ee8d8aab
SHA256 26e15bf243bf369595c68af14f68d2072ee41ce99cf148ca72ff45aa493bc1f3
SHA512 3bc5dc3e30261a5ca7d52f7a2e71851b79746032a90b80bba6ed8ce33eaf0bd2dfa5be3a974801d7d76126ce58f96f9c5d8ce5e27611d1590043da9d837f6196

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\defaultIcon_oversea.a16bcae9.png.old

MD5 a16bcae99f0a1079b8f0981faf8fc71e
SHA1 65230e816fd67a442bba3cfa4119dc2a2be3baf7
SHA256 3d8f64b763a0793bcebc22cf79201e85bf4663794ede991d1c5ce0a7edced67c
SHA512 f0776e1116af5119ee07509ad494cc09ee993558fa2722d3e3e688255c9e70b555cc71653df222f2d3d7e20124b19e42a3df8ca980efc68a61e287e903be7877

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\defaultIcon.e78c301e.png.old

MD5 e78c301ecd617da8a85093937423258e
SHA1 2a0432e05fa7d526016a1077a51718fc80a4d061
SHA256 36400e4a9d7f9fa7715ad4033c9d886e7febba1782077b8abd57cba6e3716427
SHA512 f6d00fc24f4364e2936644bd9356be5cc4c614917e297620a82a3fec1041d26e659b367cffc2329024bc7b3b29bdfdfd850966e3b418ac21cf3070340ba1d81b

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\default-icon.d631fb1f.png.old

MD5 d631fb1f9f72cf20e77193470f343c7c
SHA1 2e9690acdb2a5b52ee1c5266c161c220b266fa6b
SHA256 0e8db8ae2e31b531d54acdef59279b3d3ca16230ebfb41dfbfa7d7d790cc6905
SHA512 e00b5276811089c0f051243c2057bf03b4ff5087392bfeafa933a59b6e3fff4e553ffb36af2aab27bc953c29eee26fb1acc60be6fa811fb992b3325ee7620267

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\Close_hover.374e4045.png.old

MD5 374e40458924d7ef173d117fdf71a844
SHA1 920eb76babe7004cde1cb0b7bf70df8ea1c15c54
SHA256 92164990579dd866f0882e7679f78df8eaf3006346ae7cb3ae8fe8e4ac86b054
SHA512 bec29a1764469821ce6d49668b7123403f904d28b6c0d2a8278eb8bd1cae96175292fde613dac157fda32df6c34c5e1c3a0c699641e499c8d3748c0632efab4b

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\Close.224ea384.png.old

MD5 224ea384d24029ce8ca8c0e44803bb88
SHA1 432ca47e034a0c6096528e69f93fce022989b7af
SHA256 f535ecab5f2bf5d797da60caee9438d097389f91c49fbf2a8414f97fc326b6dd
SHA512 f4f0343be8bbc983a434f0b3f3085073cacbad3fa0896c97f4d53094206b0049ed81e6eaba334aa84aef8b029a288839974e8f410889bc8a1c7b666abc05e4d9

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\checked.05568521.png.old

MD5 055685219fddc93d79f4e4c1abf87721
SHA1 3b3dc06171ad57dfb80ee1de4c21f751d7973f53
SHA256 f1de84602dd322f99138c47603bb6788289fb92b0c471a6c0ab2f34ef012e533
SHA512 e3a25436c9ac81601abce2a40a1964770ff47a0187fa788644247045e4644c1ed23d93cee71ee165496a3cd972c00cf3045c9840433586311ffd69d5cfb01a39

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\DINMedium.ttf.old

MD5 902d51bb5dfdc3a3b8c11af3cc56f901
SHA1 14df878f65df7447c14e690f1041da6968d4c4b9
SHA256 39cddb576e0e62f6b9f9553dac9be7a5d41565907546f3c30e5af49cc62ad832
SHA512 6be27b65fd5b50f78b07d5d91215ab094216e81b06a11541045f406b95ec4c512165484707b652ae8b07ec1610e73a9cc77a4dcc39d43c4fdc6f01678c591969

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\description-yyb-logo.c4a4b824.svg.old

MD5 c4a4b8243dce83fc395e680dbb1f9e64
SHA1 a0dab4ee176b6c2525c5c27f1647650447ae244c
SHA256 e5b8aa8eb288ddad07d3de21cf779579677b7704d8f74a3f623f6aa2bdfeef1b
SHA512 12969a9066b91ab6aeca838332a8832a455c3511d0f91a2b29ea6f510cd4b529b0ecff3f622e5b37eb1ca0fc8f4389e050f5248fb423f1272d87d4e2e7f85503

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\dot.7a96dfea.png.old

MD5 7a96dfea8357864d3c63cda0a3875862
SHA1 de89315c7b37223280e6c00383144cc58a74bcb7
SHA256 7655a4a2b66c09e7fcec1ca3f544fa19d3e27c9ecfec98f28171504be0cfa77e
SHA512 c6a01afd7776a1cb000a1f3d3bc4fc895215a8f4b73b290f4a2aef8f16c18316fd35561aaaa32d7d23313cb5d80a7de786944a49c282560ce6973588a2c48b72

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\gift_bg_normal.13d51e4a.png.old

MD5 13d51e4a0b8277905e442b1d900df92f
SHA1 c7a1decaf878126e719f622ca792976df26bc1bc
SHA256 18c7c0ba6001ee43b464ecb3554d151fdbdb8eb2c4c9a1fa0772fb0d46ef7d57
SHA512 7c3b875299865a399aee55475186c066eff7857e29c0254e68d3d59bd0fc39041c64571db1055fd21160e6feeb0d949ae32bf50aea3fa6e28c5d52bf410fd5f7

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\gift_bg_vip.0b211d75.png.old

MD5 0b211d759807a65a50e8f257a0f2420e
SHA1 0fac404b29629b85b20fcf4fb3fa7ebf658a8c6b
SHA256 6d83712a89d88b53ebeae370ce10fc85a8fe08e98639b1bc45ea0251ade548aa
SHA512 75c7af5ac59989e72285b8e0ddcc375422088ca7e89c4b2067173248bf9235729568003b45f87f3f112e81f81700d91d648e409ff8dbd8eafcd2eb0712abfeac

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\gift-loading.ae16e16f.webm.old

MD5 ae16e16feac614bcf99706ed40d0e734
SHA1 0f99a0c744d56b6643ac5d774fde1175df85228f
SHA256 cc7714c6ef444133d5ac345d54e09ad7eda0ff7ee59797037f75bf45d677c038
SHA512 379733e0a71de74a0025ab6b1c3d82ee9a13bc1c914466bbdf0988738c54a323f7df2cc224a703fac1f5e42db3ea7d7c9a8b8ef55606b7d2c5c864208b4f771f

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\FontsFree-Net-D-DINCondensed-Bold.ttf.old

MD5 5846f45b4c6987e591316047f0840020
SHA1 a241a05ce8c9e8102af34050527e233365dfe732
SHA256 954d998202722eadeb5d1174457d25723f2add665f0448d2f23e8c42fe344002
SHA512 0cfbca843fa5e7ef498ea3561775aac5d8affc657a547c399eb03c8956f339c2174b9cf1a1195490de6b53e5375ca1ce4f25828057085db476cc67a3f0389b63

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\entry-bg.1edd25de.png.old

MD5 1edd25de5f4defe501f810e0f0eaf685
SHA1 b8bfaccdcb3221304a680611222a0e11323e6909
SHA256 f6f27e5cde105db9b33321a6de48aba13bc809a9285d963a02bdc37f86e1af4c
SHA512 61b9473551b4fc2806885cee2dc8c21595b83677b245275916f4dedfa9de8c0201bfa92dcb14dc8c6c6904144b1e40ce9b27a60a6879505f5da9497ffa550e87

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\GP.cad24f18.svg.old

MD5 cad24f189ae96628318a697e7b37305d
SHA1 9a2db8961a31a37cb4797874829bfe95fdd8b00e
SHA256 c21264af4db3b76c28b6f74d6ff10f6d69342faf0033f18911fb6a85e1e240f7
SHA512 f81c711b141c4a4d7e49097708c94ed33947795067f2cd95b273496aeb4c8142b5eef6f64ae7146e3323cca4f8e84fb4089d8b6a67019c1d473999be7483c398

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\gp.d1ba99a1.svg.old

MD5 d1ba99a111e4dc36190e276f11895a14
SHA1 e93c50fdef20e18d60d354dca92bcbe468154747
SHA256 d62aa275af6642f9f3e544d80321cc97bf9dc92690566a4bd8c22d9e7e149df9
SHA512 f58554847939749f8e4e20cbee623a16538672575088689800962f47becdb214d18b9bab663a2acd0f03cf3b835b50772cfe279ecf7dbef5765c749361dd02e1

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\guideTips.1c0529b0.png.old

MD5 1c0529b0bd785b4cdba37dda169be707
SHA1 d9b7fdc7c23a8d278222a1bc4481c4c0a955e7b6
SHA256 473aa04a2f6d997093de710493a4487084b6caec0029f1859e8c81adb027198d
SHA512 ff929aeab03f0a53afc28ae5bebfb93199d519447ff963ffce4a229954bf411592a57eedaff4b87ce4a18edf3cdd4cfaa4bb5252d3a8dab088ee648785931a30

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\icon_normal.c6e1e1e3.png.old

MD5 c6e1e1e314c4f61a520bd0b50376977f
SHA1 aa5fe9597f8cd0792b18490c45c00a2d026cf9b0
SHA256 649f982820d9caf4540ffac713cdc8c4d3a31bb12ddc11b6cb075c1052c0de92
SHA512 670f434c6b015d8c154c3e8a89ea756cfb02cfbc7b9f483caa9ac574cc89f700d7f0898bd0778f6feb11fc9c444520a49b4ef77e09599dbe5a65ba57a1bc95b4

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\icon_vip.c3df2d09.png.old

MD5 c3df2d090aa216ba942fe0f20c958ee2
SHA1 6cc19ad7dffdecce1681b1f792f9dfe20ec96d3c
SHA256 024e468cd79a2a77e8ab3b9324dac9d1374ce89c703d7c693c675f417e39821d
SHA512 32f36584fc061d87b567b3bad33ff630887f2e14f4e42062936cb222e30addbddd04d01c32ccd4a67c59bd102821394ad91cd1975e479f2a9fe989c4119c6194

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\liner.9b9d79a5.png.old

MD5 9b9d79a585e51be94bcd58e42d655e89
SHA1 235f1d5f8d8a5bd4f9f2c9f5e3654505d3cd340e
SHA256 df1d1e1693f395313fb9e4eb5c46e67d8c6bfe45386eedcc2626f658992883d9
SHA512 038977f338b521e644d641c1170987679af94977132db476eb986374cd145560c7a2c225c9de99c9d38d713252875fe66525f9e94bc065e77b2b5b69985b04c4

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\loading-uptodown.b3670225.png.old

MD5 b36702255ed6173a67d31166dd30e60b
SHA1 ab832cb4c3a77172b91dd9340003804db3ff7ea0
SHA256 6112fce1e01f1f31b841bc1496d1fbdfbc1c2b97be73d15f4c6a0d912e71b70c
SHA512 d595e7387db012d27215b85f64e0f627d7b2f6d3f1c7480dd575d8d98fa3a75c6a4fd3249032abf8546dc6148f42d592ecb3e343df74449b04b0b9ab2704d715

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\loading-oversea.54e4db97.png.old

MD5 54e4db97aa581c72ada118ea8e3116ef
SHA1 2e77533d7d9936ec05b22d42815bace937b71af8
SHA256 064508290665a3110f129d0127e747ae80c59ba2ba995f33083b08160c76f527
SHA512 d4756f629e74c45e6dc0aea84bbefee7c637a5b90ba66c98076aea7199b4e710ef6bf8437a79a98d9a954e37e18b7e30dd82928b01805629c921e2ac0e2b4bdf

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\loading.60bf42e6.png.old

MD5 60bf42e6f8472eb824f7c215c816f155
SHA1 16eb6612822f18d720593edaffdb4883a0e62e02
SHA256 3f5fa7afd7acc5e3d73de74bf0252d2edcd9864b65da7369263d0a0eeefa1bbd
SHA512 755af12fc80c812973cc14d4cdc3cb79657f8f7c0cec365dc2a0715e0f25c012b07ba86ea783b6a3ef5ca649cc6925ed499bd6ec59a7ec7606026c0296035213

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo-about-edu.f4e07ec5.png.old

MD5 f4e07ec53f000456714d80faafe4adf8
SHA1 52fb187eb1afa18333cc34688d0476e06bc12411
SHA256 a61f72bf2c583974d5b8c76376dfc5cfb8f6d0b229565988a884f43a10583e6a
SHA512 456a78835b2965ac33337789eca67a1eafdff61607f16513cc9945bfa7859a779db53948087232d48d02b67daeed2e12b2fc1c120cc461dfd796c51491dabf95

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo-edu.5be32200.png.old

MD5 5be3220076a14a19f5fde9d25907356e
SHA1 bf0e942b43f981b624b12728883ed6d784fe4bd2
SHA256 e80ffeed1a6779335ca28906da1072849b662223c0f776dae3bc9e4ce1de69f9
SHA512 de49f581a7c3d88add885132bc03da96e51c2ef7ab65eb43919a7bf1350297f42eaebe9f438fc303bffcb3faa47cfcb73c2ad55e221679763122b65bb904e12f

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo-oversea.1aa2bd26.png.old

MD5 1aa2bd2627782333c51277d3827b5b22
SHA1 0e0fbefd4cc5d8a229dc7d029cea1fc0bbc4cfda
SHA256 8bbb0cef40176b111c96ac0bd4a3cac0447a730166c8f6c23bdad60ddb1f9697
SHA512 ad2af46ec78a6928b9eef4149362749a9a5b473d4cc1f8821f294cc4e264113c423bbb68faf17f9ce01c68c175bfe25deb1e55761994a1c3a386e54cfcd5aeca

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo.2d57816e.svg.old

MD5 2d57816ed75556725280ac1daac08338
SHA1 1755de38f7533603437ba7fe34d78fcbca423208
SHA256 e5eafc50188ec4bbefc1da8aaccded19820988cd466eebf5dcb2ea2786ea99ac
SHA512 ce26da1df642d4fcb0bd5e1958fcfea5df74f5cafcd64a560a8bc099819a5051d06eb0168761e4b7cbfe5a0b464b2874d145fc50699461ebd15539d2bed6a30f

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\Logo.339f6000.svg.old

MD5 339f6000254daedc8773ae6efcc89acb
SHA1 91b0e63eff58249d4ae4c6ddf56aef19c4ef087d
SHA256 e3e59e4b32af5cda6073e7c39b77ae1e0fc0405fba4323813644cb5ed2f5a0af
SHA512 6ce330b2e67b2b07cc45dfaa306c6725a6c1aa1a66d6652b2ff088a4cd46d42632f46ca235de59f217eb6ba3e811f10181f86c50926a2d8cf1c2eccc86bf7b90

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo.679094ed.png.old

MD5 679094ed9828e0ccd83b45e21fb19e01
SHA1 319fb461b200fdf75a63160a9edae60581ca6748
SHA256 bb4fb444b33c46d797e4124060175b79ae704390359a4829feb847451536b621
SHA512 c1d7140ab2da5eded8884991fa4fa1c46391795f553b8a0e77accb480fdb1a24264872231a7b74424c3750135c997d37b1252c3a26a8f684c6d7027197013e7a

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo.a0435d4b.png.old

MD5 a0435d4b592b6bce4203d7a833047a7c
SHA1 3c71058e8995b04649988741d907d3150ba94daf
SHA256 3b6f429e5209d988a297e288a74c096688c1c1e71daa6217ddbde80de110b29a
SHA512 1d4bfe2207e3c56fb6b0a098c2394cb52e6fd851c71e950d1469c7bb489dc864a2dca93ef4868dcd80e33183acdb0e1607c23364a87a7386a33bdd18e5c47a86

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo_oversea.53b6f88b.png.old

MD5 53b6f88bd4375ece1b5cc9ad14bb42b8
SHA1 820381965071a44fd41327c965a8d8788dfe25ce
SHA256 3bbd6f3853d5556de52e6300ab3cdb839e7f66d2e36a976f1eb7022e6e1e931e
SHA512 09e9bc0af6a3c5aa8e01a7673adb7fd894e066cd0443091d7134d43dd5326a68e9b17a06bbf23b7866947ff5710eacbdc093c164eccc68c179fda86104288637

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\logo_uptodown.1d1ea0f2.png.old

MD5 1d1ea0f2536afe5ca163c6bdebd2901a
SHA1 fce00df759304e57915c53accc9936ef38b06cc5
SHA256 6cf731340cd9e8cb99fa1f6144cafb9b5d282ec0ffba5fd81b5b11bda1267c76
SHA512 abbd3c155d6dc41c3deab2f5264c85486352bfb8c8ce2c4f2bc73bb2015691ab0c15aba4dfc3819930d688871be368117432f0ecb1262fa58be559e08094ccaa

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\modal-tip.f838f7c7.png.old

MD5 f838f7c72f1731b4eb1ec991e0c671b1
SHA1 25b9e6052bb770eb1102c52e584581eea92d1aed
SHA256 9bfdce32cf916a2b220564966ad75b72e52a3320bd73ce42dfcda8b91574bf71
SHA512 f7c40190174426de9241c5d5484bed575fe3cb73af032b1d4630a09f05b2280d4056feb33bcb13694c1d7f13693e9c0aeeeb0a12f84b2b0f81c618e7b8af18b5

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\model_normal.72e6cb29.png.old

MD5 72e6cb29365c8f5f83c18040095cd228
SHA1 8101b1e35664f70126f247934f25ec1cf2075739
SHA256 2db41802f5d6dc78cf35f6c6f75b09cbc9a9f152f01ac9fbc4cb556278b04626
SHA512 a9843525b570ef7b51d28fb5c9624d6d117dd9dc3e88c470d9c0b70b3549890d0151b5a6fc2caccffa188464831ca748ebe309de5da6afacca9b0df39d1b7bae

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\model_vip.44ace2d2.png.old

MD5 44ace2d22c6ad86c0913e3d05c9c3f74
SHA1 08ae15f4c6d299ad765357f8f428ecbcaab0b659
SHA256 7775e50a8fb564c3d17b8e3276d033d3852e52dfede0ab3fb8291a621ead40c9
SHA512 0fe365cfb1f2338078496d77dc958f001003b8cd301574e74969ac5e859e75ba808bd84f7078c7bf59f4245aae20ca7ffcb01d8ccc73f959cead04fbccf4ac54

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\newback_video.9862b89c.webm.old

MD5 9862b89c97560057f2e4783159e5e82e
SHA1 ea2c23d16ef3d6b0345e65e21b49b218d4bee260
SHA256 f362dd87dde5fe132ea6d91b6a382dba788a8bb1667400b50bbb4bb34966fe8f
SHA512 1d7fdfd8ba8565eb674367e5aeb8b25bfb4e2268d2cd99405d76f75261ce10ac74a56b70262f59a8dfea22ebd12f2bdf00ea27571ed32c709237123dc3c0bd17

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\noResult.0220faa8.png.old

MD5 0220faa8381e473a302d60eea06babe1
SHA1 3958ab249d6759942a3dfa1d534055dd7edb5c9e
SHA256 ee91fae5ef6c4d018d01b67a2845e4f2899390f27cb4ed1f38ff700e376beda4
SHA512 5ad4cb4d15050e55da1105425748958cdbf215de8544bdd3d2babede79c780d1e8bbc3d32c1f88efcc2f158d254b62fa4b1c38881792ccd9a25e84957e2053f4

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\page-common-background.43681e74.svg.old

MD5 43681e74ebd51767600d2fc57637b4f1
SHA1 ac9ea81eca17aa1499181e2482aefbd6a77f6ec8
SHA256 4e8c66811f416c7a237d4ea590be4d6c4a6771754a673b06ca792f50871e59bd
SHA512 29770cb3b47b70e359510a56cbf1f532a0bd8d07f4c1bf000b8087854d34a1c0ac0c33b543f5aec40a2cbce748f505ee690ac20218780e28197400066039039a

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\scrollTopSprites.abc41cc5.png.old

MD5 abc41cc5ed9921bfdcd57b13013fe18f
SHA1 2e142b09621abb064be80e33a557c9a1384eb1a5
SHA256 129fd569cc6a8116fcaa5f7512a62c3273d362fda3e9b4e9a78b3eea1337a821
SHA512 bcf0a774ee32a2a344f94c5d49b75f080c93cd49f5aaa29f4f89c31bc4e5de4f3d550413063ad72b2a6ab20379b36d9e5398d241b96d7fcad8623a80aaae467e

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\skeleton.7f8f861c.png.old

MD5 7f8f861c6c2d91f0f49cb26d0a6cfed7
SHA1 b7f004cb202222bee586cc449f0c5a4be246bd6f
SHA256 00a69a3b5ce25a7eedf88bce0619ed8da7607618de85cb7f8f2c132a4a0081bd
SHA512 334d085a2ebb1b2288a75a50f35f0f2bf82cf80ff05d1a61d3a157599373a5dd822d984fde146bb1def856cba4bec55fe585b99d428364dcb85ac2ef55576ef0

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\slick.eot.old

MD5 ced611daf7709cc778da928fec876475
SHA1 2dff0768f4c0a53228761eab917e2c65556042d4
SHA256 06d80cf01250132fd1068701108453feee68854b750d22c344ffc0de395e1dcb
SHA512 715e81b2e85cd3de2c31001a08a84647e4b222c674aa60e3cbe80032043b2d5cec7b364e8cdc24b7fe29e373ad2ca66c2ee5d22b327adc349d576951104c8f51

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\slick.ttf.old

MD5 d41f55a78e6f49a5512878df1737e58a
SHA1 3331eebdd4ba348ef25abe00c39ffbe867d46575
SHA256 37bc99cfdbbc046193a26396787374d00e7b10d3a758a36045c07bd8886360d2
SHA512 29b8e7b7b2f6a81c1e6ccee7c8b816485c6b7b0831a641ec7204b2cc9486b4258f2819a144b122e57f74c3ac13ae41c2cded4154044e5094048e4e74277a88eb

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\slick.woff.old

MD5 b7c9e1e479de3b53f1e4e30ebac2403a
SHA1 af91c12f0f406a4f801aeb3b398768fe41d8f864
SHA256 26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
SHA512 976f6e9d65859b1a5e3bbd426441e6885d1912f5694f40e2897b10f46b3bd0c7d940f7917a6050d6bb8cdeaaa5e5f0332391d3d398f6c21ce27299dfc7036911

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\SourceHanSansCN-Normal.ttf.old

MD5 1def9981faa460e4e4529d4656f28ff8
SHA1 1b9c02984a79104c455f25835d75a70825a885b3
SHA256 cd1c5b9c6740c570ab7289402d1af2f39437c5e095e83baf81c74d80e56a75ba
SHA512 cb6f798014b05bbe8f822063d309df9d1539232919346e1ed521cc5b9441b26917b61cd6ef51af638a11da8012f1fc2877449977153d1166fceddd61d6ec20ce

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\TENGXZTB.ttf.old

MD5 b02e269889ca9a96bff1afeab2b3eb86
SHA1 b47ac993cef945659fb9e8b2d75186eaa7b5780f
SHA256 9e8b81fce344100ba628b33aaaf4e797998211e770e2e82985cbe2f5673538d6
SHA512 7e079c9139902e50b6f4e68840d268d05996d7a741c0dbf6d30c2ecf1c84e5bc53b4b06e1dd75b93136ceb2c8de9163d6806aab6aac6f7f161871d4002cf05c3

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\video-error.e06059f9.png.old

MD5 e06059f9d6e1242728db97927b0cadda
SHA1 989f3590e32673eb0d33f6bcf032317f798faafe
SHA256 bf8349d7095eb91a6be53e12af5fa8527fe847f268eb1ac0a2183df9c44c9edd
SHA512 ab6a936cecd473d2e8bafa61a48efd6123c6cbe16df58f9bd9b174aa159dee0bac15162e9c3dcb33b4a12d8cb96d4a1d73b8a819d233536193a5a1d0eb9c4eb1

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\WelfareIcon.bb215fa8.png.old

MD5 bb215fa807270e76f1b10875419994f8
SHA1 fc7449af0833fded4f50a662f48205319c4674d6
SHA256 b5f03327bd8ce54057730f4241b3eb12609f27c3376f24c18958e44b5c6d1329
SHA512 341c2cdf93fc7545d7eb652e3441192ee999df5061684b5ed6384428806d2d660809d221c8401c7df5140e249abbbd22aaa37f0f53d931a4e18573ab9ec8ff42

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\wx-logined.dc457fa5.png.old

MD5 dc457fa52fc4908ffb82107366a37e3e
SHA1 79615ae081508f146b81a0fd17cd8f01f88f60d5
SHA256 c4917c3bd3b9c202f0e8d118284083e4dccbf960806e115cbbcf624c84c63683
SHA512 38eba7f804940b7cd3fabd9b9627c01f872090c3d6e76ad7c2b7b5c66e6d5dd8417ba8d1955f9ab9a7cb11ef5cb2eaed94227f01c62ef18d58c58a2c60e9ea3b

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\wx-auth-tip.cb1fbc2f.png.old

MD5 cb1fbc2ff2ec4248ef2eaee3f2a93e4b
SHA1 92359d458b00f023d99d5663bedfd2a9d6e7d27a
SHA256 2fb903a9b875102c10f8af54894a8d778e6c3907ef36df6343c29266dbdbd51a
SHA512 0d520dd6d2ccb3d2d80642bf556f415a627081ceb0b6166f1b8d8dfe3dd17d01139a4c6cfeac84d6955d85100f4e8a824b4f83af5851f05e330e4fac78d285b2

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\toast-loading.de809d29.gif.old

MD5 de809d29d49e3c49ec37b45fd6512f21
SHA1 04b434b12b92f98905e09b33ba5ef53d8b580ffa
SHA256 b2e70655375661b93b4b76928fdabd83c4bc18f13952419501e8e81e1d70beb4
SHA512 2babaf81eb131456f1de28266d2fa07ae09f36a9aae336ea786ca2dad2b84d51affbff6d68531564328dc39dc57e67fd948d4dccd204a8299a77c8ffc99c8cea

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\title.4f8ea11f.png.old

MD5 4f8ea11f15166ff6eca18aafe067355e
SHA1 27bd450402187a135aa417e7a76eec29a3aab65c
SHA256 458bbd7488a244bf0b843c13a16791924f5e3e6fd88b2d470313dad515732d83
SHA512 1d9b84209697e2a6c49125d24e4191264de569e3c9130432bc531e84a884bfecfa74d06899979487aedd751597fb34c4b299f4ff4bf7c560fab53cd22b00c5c1

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\libs\beacon_web.4.5.1.min.js.old

MD5 59a39f95b189baa9b0d372ee20ab78ad
SHA1 1c7efdf40b467df9cf44c3ddde8797f0651d3df4
SHA256 022c34380f513aef1011bfade4f6d42aab457cc1656b93e0d1d7b30a4aefcf62
SHA512 f25dc8744bb5fd121b289ed5df4de424b0f39b70dce0964c1e684d883474023ac316c7969eaf655831f4312a6df0cdd4c1b70141171da0a171661e1c2e4ac4f6

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\media\title.09b1666e.svg.old

MD5 09b1666e426c82e32b94cb44947d9f6b
SHA1 1f16641097deeccd6b6b5b63dbf9ecdb3070edae
SHA256 459dfea3665da172a442f5973f40f0fd10061e787634866117cb6d5971ef6d84
SHA512 f039eaa233c30b84cbcaf2710ee794d9f7a1cc7e15a47c1be21031d3033db22a173334df7d29baa3a4f81002934ef598d24af13dda2e07b4d07a15ac08633638

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\libs\jquery-3.6.0.min.js.old

MD5 1881464337728d17657b7c23c6d0ee02
SHA1 bfc5c3542c7b6f8e1fc28db3d1a0defe79ae539e
SHA256 1f20afe2298cb15bcefafbcaa7ac8f5d7253b7e47ea52601f6f4ca3ea62fbb3c
SHA512 701b7bb16b6e496f96cb037da0581d0c6f4d7d1c7e6e4d80217899faf24c34909ed90c83b649f4677dc543ea327ecd7d63feff5d6189d34632358275631fa1f1

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\img\playzy-tip.png.old

MD5 37a81c422383949c82ef3c87b87caf1c
SHA1 e1cc6af8c16d83eb2b7f0c3d68a989a569b2e45a
SHA256 266d447260366b3952638a4b579096bafcd4ce6b1eb36ea87de4040c595f42bf
SHA512 2bb80be95be71fbcf449111cc049cb70527ac5b3c082474fe69d3bc793603bd7a7796c4b4cb949dee95ae8749f1ccda0450dc45eb711b785ea45d250ee8cd8d6

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\libs\wx_sdk.js.old

MD5 b319838dc55fa679d5ec38c671796b2d
SHA1 fe8f2bdc12b8d2a3371ca6ff02549f5a8fee0e7c
SHA256 a42306a21a0faa17b36e78a4f25503cf58f161082db4babc587ac2d15f8f7742
SHA512 5252192021fd2e1a97a9863d4403a827b0906c9ac677deb638fa49685d9dccc7fe8736ca589018205a08808b8bca7353c43b136dc6c8358c52314726c2235be0

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\static\libs\wxsdk.MD.old

MD5 8f021e0c7e6a699810382aa7b95d38cc
SHA1 11311156a5d230a07253b825ef594f994050258d
SHA256 4c8c5aa8d5fcd32db82cf6caf18ca52c144b5b559298ec6e4fd527c12d7fd9ec
SHA512 2e532d62780eca764c4fa8238dd09724b188d27fcacd04fa5cec8b647a264bd79770e0fab67eb7644528a21683379ca3e179d43fca420064a802a8cc5e12e950

C:\Users\Admin\AppData\Local\Temp\market_page_17182230250x772a\module\lib-halo-downloader.b7461615.js.LICENSE.txt

MD5 b23d7a495722fec387cea56b861b816c
SHA1 21d9593760be18f0097dadde05824aa52851a086
SHA256 86701d478c8b5cd2981db0c9715b0c27b1d76e1b0bd10dd7447a35b90cb14728
SHA512 08f2397203a34ceeabdb9581b07dd65e28e3775b4ae13010bee3d4ca8963a996da93018e92d8713e7a4d8f83d573600678677da916f68d1cf9819284c04d99cb

C:\Users\Admin\AppData\Local\Temp\market_page_17182230250x772a\module\lib-halo-utils.805ce7b7.js.LICENSE.txt

MD5 bd995e27eac3745ca6d4ad4022fcb917
SHA1 469bf7519e238d7987af6a804a6857f91b9e026f
SHA256 90fdd6754a69086abae5c1d02782ddc4c82d179682b2b66c51a21e4c1edce6a7
SHA512 ef9e1848ed9b58fa6f9bfa711254488dd8c04d76eaf00b6e49c89869a4cce2fabbe9057a72326d166d9fb73946e8b28a6aeebd12395c154aeaabc376a0cd8320

C:\Users\Admin\AppData\Local\Temp\market_page_17182230250x772a\module\reactVendors.8d62e300.js.LICENSE.txt

MD5 008037d1673d08e24a5e325889d17d3c
SHA1 a53f9798365405ff49a4ec7200ada0fda816a874
SHA256 65c975feb9646a852151f33fca761891752ebfd24a2268b8eb63120e04191a7e
SHA512 a34a2787dbb6c8e4dcf132c28fe989d11b77b5364ffbb45439ea1d4ed60c02be863a85d1583a74ce7dbedaed48e21582bdfa641c7d6be9f94f9a0d3de43e9e4f

C:\Program Files\TxGameAssistant\AppMarket\pages\syzsweb\css\yunGameExitModel-6c103740.css.old

MD5 5f74194a68213f713c8ea5b7dd723290
SHA1 4180649a737062633d565ef307d14542ea3fb4c4
SHA256 87d2d2efe41cbf51fe3bb18492e2818916336d43f8b021fed97863e5f14bc232
SHA512 6845b701b27b3967912fa57c815c430aef74cd91aa8ab1dbe0f0d87b749580d1dc6ea38ad34442219d636ba61d54fe79261184e73d6fe3d93f795e5488868a84

C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe

MD5 09edb5a9bf963d0020e7fdfda2d79c34
SHA1 f83bffeb58ec8b16340ff84ac25235252687b52c
SHA256 2a49f8f46f90097824952e58ed65cb4c76957d00e86a9c5d329e9e74bef1cf6e
SHA512 01d7af03cfe7fdb2a8ee8b9488c9e71518c4f09f11d10b3595498caf87cb6e709f2ccffc25d3ed7b71ec3eefef751d83a555c8265d18debc95e3d85fb1d6a10f

C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe

MD5 b32964b1f283ce35a96e14fdf8f8f6fa
SHA1 5cf288aba9cfecea125bda66d2359a7266169404
SHA256 6068aea2fcf490fe6e2125a1eb50b7059424b6d3da5394bf4ab3245ba2f25cf3
SHA512 8856c6275f0f68e1eb203b925ad98267718f35673938ebd8f1ae1604467f2bddbc290d06f40631fc56eb7389a05029312c5750616789cf57b4621c8435ce2f7a

C:\Program Files\TxGameAssistant\AppMarket\GF186\TUninstall.exe

MD5 456b7f7a9706c0acfe82bb7ae88c3406
SHA1 264ea2a57626a314e8bdd5b6d923e7ee1329904a
SHA256 a53ab0e94c7c763b1dee2761d4fd66b38fc13c5a2b5906797146446e22d09866
SHA512 b8ae70f7e163254663efb667625fd8e9d3195e55a442eee290a221c988bc2657a49738309b67f07116a53a6ba678d25b62181b1fa6b9e7686830916d86c2f6bb

C:\Users\Admin\Desktop\GameLoop.lnk

MD5 60bce4cb95925981c1fad743c3dace02
SHA1 c2511889907a1e7a691e672c80bed1f81a1bd76d
SHA256 e3baf553bf7a5014237e8b86e41de1a509bb383e2b7b4c4142f852bec28f1b26
SHA512 e173e6c02d8088690750cc349f282f9431d5d5fad4963610ebd64f5ccf3620576581bcdbf191d2965715157249af697cb895669647d36734be1918fbf64833e0

memory/2464-4088-0x0000000069DA0000-0x0000000069DB0000-memory.dmp

memory/2464-4090-0x0000000002560000-0x000000000256D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\AowGame.xml

MD5 870feb562db730750377af9a18eb9984
SHA1 6eae0ba3de24952c8b1f65c2aed9c0b1b88a8fcb
SHA256 2e4f338bf938b55e8457656fd69c9fc8cdebc1231097de4820d1bbb8a2602920
SHA512 46719411436ba79fb19a7df1607f19a83db3b0612cd5ea28310e66070586d67c410eeeaa5dba08866b7303ce4d342a1220cc93aa756a8beb9e2a4df1f263ce75

memory/2464-4140-0x0000000076D00000-0x0000000076D9D000-memory.dmp

memory/2464-4141-0x0000000076DD0000-0x0000000076F2C000-memory.dmp

memory/840-4146-0x0000000000400000-0x00000000008DB000-memory.dmp

memory/2464-4199-0x0000000076DD0000-0x0000000076F2C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Tencent\MobileGamePC\WebkitCache\AppMarket4\Code Cache\js\index-dir\the-real-index

MD5 15f142195925e0b4a69a361c092bc1f7
SHA1 79d3ec7e44b057ff7b4802ab2d126cf3f863a3ea
SHA256 84ff605684965f750355ac31941251ff270f0c6d5e1851fecb1179afe3112894
SHA512 4335d2f8f518524871ba93e0303445fb73fe087b525c25ba24cfc5b035e4cf86e5d2312aa1137eb9df69ef4c3f2c0e36906a02e341a94afd56f00ff1ffd09cdb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 20:09

Reported

2024-06-12 20:12

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe

"C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 master.etl.desktop.qq.com udp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp
CN 113.105.95.120:443 tcp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp
CN 125.39.120.82:443 tcp
CN 113.105.95.120:443 tcp
CN 125.39.120.82:443 tcp
US 8.8.8.8:53 unifiedaccess.gameloop.com udp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp
US 8.8.8.8:53 oth.eve.mdt.qq.com udp

Files

C:\Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll

MD5 2814acbd607ba47bdbcdf6ac3076ee95
SHA1 50ab892071bed2bb2365ca1d4bf5594e71c6b13b
SHA256 5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67
SHA512 34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498