Malware Analysis Report

2025-03-15 05:52

Sample ID 240628-nqtwhszfjm
Target tcgame_setup_popkart_20240104.exe
SHA256 34454301c8be5053273ed2772bd6bb76356b7e9b5e062e89ea4f12c0fe8d094e
Tags
discovery vmprotect
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

34454301c8be5053273ed2772bd6bb76356b7e9b5e062e89ea4f12c0fe8d094e

Threat Level: Likely malicious

The file tcgame_setup_popkart_20240104.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery vmprotect

Downloads MZ/PE file

VMProtect packed file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 11:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 11:36

Reported

2024-06-28 11:38

Platform

win7-20231129-en

Max time kernel

124s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\TCGAME\res\client_ui\gameicon\is-JHOU6.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-F36FO.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File opened for modification C:\Program Files (x86)\TCGAME\tmp\res\client_ui\XMLS\area\closers.xml C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\area\is-2JL30.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\common\is-JHT17.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-4S7BT.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\gif\is-N05HI.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-I89K2.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-59GB0.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\test\is-F31FF.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\is-GJ64A.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\XMLS\is-K33CH.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\addgame\is-TT7HF.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\common\is-180F2.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-BP0C8.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\XMLS\area\is-4DPKC.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File opened for modification C:\Program Files (x86)\TCGAME\tmp\res\client_ui\XMLS\Setting.xml C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\left\is-FT6UR.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-QILJG.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\head\is-VKS1S.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\bottom\is-ET2G5.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\common\is-SPHPU.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-V66FU.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\logo\is-0C7D4.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\is-8GKNG.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-M5SFF.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-TVPVG.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\is-E8LRK.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\is-G0JQ5.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\area\is-CH9SS.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-HATSF.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-B4GSL.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\bottom\is-85B1U.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\browser\is-TQHL3.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\left\is-SM887.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\browser\is-C1TTP.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\is-O20LP.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\head\is-F11NT.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\head\is-6T3UC.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\is-D53LF.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\area\is-A1EE0.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\bottom\is-OMU2L.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\is-GD7QF.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\test\is-VQSTI.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\head\is-ULSIG.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\menu\is-0PN80.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-91AC4.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-2K5FV.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-M4LN0.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\left\is-H4K6R.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\left\is-3CJCR.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\left\is-05SAJ.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\XMLS\is-20O9R.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\is-MRAVQ.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-QI1FD.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\is-UN5MB.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\Top_Menu\head\is-S978O.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\update_ui\is-A7KNN.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\gameicon\is-7HT1R.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-M3GUU.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\head\is-2DI80.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File opened for modification C:\Program Files (x86)\TCGAME\tmp\res\client_ui\setting\combox_push.png C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\left\is-2KNDJ.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
File created C:\Program Files (x86)\TCGAME\res\client_ui\XMLS\is-FQ86T.tmp C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\URL Protocol = "call-tcgame" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon\ = "C:\\Program Files (x86)\\TCGAME\\TCGame.exe" C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\URL Protocol = "call-tcgame" C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command\ = "\"C:\\Program Files (x86)\\TCGAME\\TCGame.exe\" \"%1\"" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command\ = "\"C:\\Program Files (x86)\\TCGAME\\tcgame.exe\" \"%1\"" C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\URL Protocol = "call-tcgame" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command\ = "\"C:\\Program Files (x86)\\TCGAME\\TCGame.exe\" \"%1\"" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command\ = "\"C:\\Program Files (x86)\\TCGAME\\TCGame.exe\" \"%1\"" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon\ = "C:\\Program Files (x86)\\TCGAME\\TCGame.exe" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\ = "tcgameProtocol" C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon\ = "C:\\Program Files (x86)\\TCGAME\\TCGame.exe" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon\ = "C:\\Program Files (x86)\\TCGAME\\TCGame.exe" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\URL Protocol = "call-tcgame" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\URL_Protocol = "call-tcgame" C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\ = "tcgameProtocol" C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\DefaultIcon\ = "C:\\Program Files (x86)\\TCGAME\\tcgame.exe" C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\ = "tcgameProtocol" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\shell\open\command\ = "C:\\Program Files (x86)\\TCGAME\\TCGame.exe" C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\ = "tcgameProtocol" C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tcgame\ = "tcgameProtocol" C:\Program Files (x86)\TCGAME\TCGame.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\tcUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\TCGAME\tcgame.exe N/A
N/A N/A C:\Program Files (x86)\TCGAME\TCGame.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 1044 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp
PID 2184 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp C:\Program Files (x86)\TCGAME\tcgame.exe
PID 2184 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp C:\Program Files (x86)\TCGAME\tcgame.exe
PID 2184 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp C:\Program Files (x86)\TCGAME\tcgame.exe
PID 2184 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp C:\Program Files (x86)\TCGAME\tcgame.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2144 wrote to memory of 1828 N/A C:\Program Files (x86)\TCGAME\tcgame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe
PID 2564 wrote to memory of 2520 N/A C:\Program Files (x86)\TCGAME\TCGame.exe C:\Program Files (x86)\TCGAME\tcUpdate.exe

Processes

C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe

"C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe"

C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp" /SL5="$400E4,50225399,1046016,C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe"

C:\Program Files (x86)\TCGAME\tcgame.exe

"C:\Program Files (x86)\TCGAME\tcgame.exe"

C:\Program Files (x86)\TCGAME\TCGame.exe

"C:\Program Files (x86)\TCGAME\TCGame.exe"

C:\Program Files (x86)\TCGAME\tcUpdate.exe

tcgame.exe TcUpdate

C:\Program Files (x86)\TCGAME\TCGame.exe

"C:\Program Files (x86)\TCGAME\TCGame.exe"

C:\Program Files (x86)\TCGAME\TCGame.exe

"C:\Program Files (x86)\TCGAME\TCGame.exe"

C:\Program Files (x86)\TCGAME\tcUpdate.exe

TCGame.exe TcUpdate

C:\Program Files (x86)\TCGAME\TCGame.exe

"C:\Program Files (x86)\TCGAME\TCGame.exe"

C:\Program Files (x86)\TCGAME\TCGame.exe

"C:\Program Files (x86)\TCGAME\TCGame.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 img2.tiancitycdn.com udp
GB 163.171.146.54:443 img2.tiancitycdn.com tcp
US 8.8.8.8:53 cdntcgupdate.tiancity.cn udp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.146.54:443 img2.tiancitycdn.com tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.146.54:443 img2.tiancitycdn.com tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.146.54:443 img2.tiancitycdn.com tcp
GB 163.171.146.54:443 img2.tiancitycdn.com tcp
GB 138.113.20.12:80 cdntcgupdate.tiancity.cn tcp
US 8.8.8.8:53 cdntcgupdate.tiancity.cn udp
GB 163.171.130.139:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.130.139:80 cdntcgupdate.tiancity.cn tcp
US 8.8.8.8:53 img2.tiancitycdn.com udp
GB 163.171.146.43:443 img2.tiancitycdn.com tcp
GB 163.171.130.139:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.146.43:443 img2.tiancitycdn.com tcp
GB 163.171.130.139:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.130.139:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.130.139:80 cdntcgupdate.tiancity.cn tcp
GB 163.171.146.43:443 img2.tiancitycdn.com tcp

Files

memory/1044-2-0x0000000000401000-0x00000000004B7000-memory.dmp

memory/1044-0-0x0000000000400000-0x000000000050D000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-9TCKU.tmp\tcgame_setup_popkart_20240104.tmp

MD5 4c3241f1be5715b30dbeaa5d7b7f0690
SHA1 6d5282566186acc8b9dfc3ec3476c58e0bc75097
SHA256 5e41a778ecf9665c55fde7a41e6a9231640d274973906e79028d28ae6f53f85e
SHA512 76e2d507ebaa57001112e14e727692132ac2b5d727394cd770f90d69c43ea2121a17f1bb2131bbc4b8957361578dbab169aef435c077c11d4892efd29e50dde5

memory/2184-9-0x0000000000400000-0x000000000072F000-memory.dmp

memory/1044-10-0x0000000000400000-0x000000000050D000-memory.dmp

memory/2184-11-0x0000000000400000-0x000000000072F000-memory.dmp

\Program Files (x86)\TCGAME\TCGame.exe

MD5 bddfc9ab6b0b02dd47a3444e2a1e0b04
SHA1 9ff399f23075020feac2a9e0c7158c2a77ce8113
SHA256 6a53cc2e02839d26ff3bf9d5781196bb7b535cc23cd53b37a8064d8c473da16a
SHA512 9aaa663f25818881a9db3bbe2b554cd7a42a4cc2e814d6c66482602d9de0306ab592a22ad996b248d6742f4e3feb282c0df1582fef57b9e3b820a98e2ede9cb9

memory/2184-67-0x0000000000400000-0x000000000072F000-memory.dmp

memory/2184-70-0x0000000004340000-0x000000000502C000-memory.dmp

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\button\is-M899J.tmp

MD5 c7994003ccfef47eae2100aed5b934b5
SHA1 b427197f819caa6790aacf8e9a9e9cd7b606a6ba
SHA256 8d6c1a1cfc6c11c177b36d98ff3c287ac4fa8089e3784fb96c3e51498625c33a
SHA512 bedd75622c976721bbebd2dd2577aa9782975a6fe14c5671e3b1d1587730baa80b3ac66de68ff0b9ed5566c647d7be27c17ce32bb83063bc607542470b28fc38

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\button\is-96S3B.tmp

MD5 319f42a7c7cf114237f0ea53655be9fe
SHA1 1a216641180b4cdc6a0babe0b6cc88c0e70f6801
SHA256 04acae4d578d83357a015e1d3fde68179aff450b8b54f70c27c88dcaba9be18b
SHA512 f62687372662dbf29c4ec60b497273d6f9081bbaa636a2f8abe4af1dfb08b75ddd9fb4647c5522c991e1f9fd10b3f3c9463e7f913aea80dbea92f6fb1c98324d

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\button\is-9P4QD.tmp

MD5 7da2b6b5e4ff92ba78e3ac9cc0d825c8
SHA1 8b06efc564a91e5e5bf050f31e1bf9575130133b
SHA256 113294bdff9f0b671f45629dcccff82cc01068022781779994d599e55426a0eb
SHA512 f0158ec8e8eb09ddfe39c4a35cc2a52927a6cfcc74c4bbc28801934959d7360cd4e0c67a8863dd2c866588b54bd187cd4b0c930f4cce87abe940b65f3bbb82df

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-7OA9Q.tmp

MD5 f1505299f432eddc58d69e8cb37440ee
SHA1 648b8d6207f3e6bed7778c875cd2c14958f09a80
SHA256 f009f07ba45cf6501b69b7985daf1a17beaf25b7c707fbc353f2d35ee4e4f0b7
SHA512 123421bdea520167d3e81ba54c78720782824d2ef8ec1ee76ef81dbdad15b8b7164fadb550663b82ed228ec8a2c55488fbd432dfa24d13d7cbd3fd4677e375bd

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-MGGGN.tmp

MD5 f31f2b91a211aba6b693d9dc4f5afd07
SHA1 309ec342105ac16448ef05575cda0fef56737c8a
SHA256 45a40f117f047fb3c3eef30fb055ac8ec9b6cd72e9b5e61e2231d07ca58753ae
SHA512 52a2a7e75701fea319b5bb9ed016fef70da49c9f74e6d919c9bb6ef49909a9667bb5d6310420c8807b3e54fe2ae43d0e89875858ebb40fc80ffae5e5b4d1f6cc

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-9O7EI.tmp

MD5 325d29036fe5b69c07aa330a586f519b
SHA1 73edf5882e96e8c50f0cc2aa73bd28f2508c7e52
SHA256 3376acd6c97d039fbcaabf40be70cdb9e28e3b23c5a031b07fa690352ffb104f
SHA512 000a52f267136a94e31276bf90e6fdbe36b8f991a12ca67514912b0f401d36ef118423c64f9f2171d26ecf36f49d0b902a56b3317bb01655c4cba119b89a92e8

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-5T8NR.tmp

MD5 59de6893dc68aa812599e7a91f2a14d5
SHA1 5bf893fc92492edc1f9af8b7b82b50ef9afae67b
SHA256 6b10edc4b9d997f3f9cf07f9323a1f84625b192b3f8fdabb8988904fd5251528
SHA512 a684aeb797f911273738478a53e8bc71e3cabd9f789f9fe06f6ee3d4acf23fc27d77878de9b96a02ee2ecdc40dcc45da8e52c5bdb89712e54e545db8d1ee7426

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-09BRN.tmp

MD5 56a0a4d19a0aa92412b848a4d3aee5ef
SHA1 72df206b608dedaa60d36e01a73b17f0a716d56a
SHA256 013f72f13dc034163fe1a1d4849c265bd23b1d93f9909406f224f220cb5df8fc
SHA512 ab40eafed1c5b28aaf63e91ec0e3ec88750f27a6db8519c2477e6a6d8b34da9750017207b4abf62a3a83ec7f612647dc22933c4ace94db7190196294c8eaf65f

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-F6QS3.tmp

MD5 0567150ca3936eabe60e75c316b1a8a5
SHA1 5957c0dbfb1b13a69cdfde625343dc8e14a7dc09
SHA256 07f3edc23ae2b1b71801a2740bf1f2e193627f467a055f69dcc795d878403d30
SHA512 5dfee66fd2fc441ec7132b17a9c0765578ee7cb6142da5571ff3ba5ab60bdcbd1580b5c211b24aa306894e8c8b4278715da5052fc9ca075f774c2fcf4b42c43d

C:\Program Files (x86)\TCGAME\res\client_ui\setting\is-NAIQS.tmp

MD5 8c5b659f1cae4fd610e4c8a8a3117ba7
SHA1 40db26455bbe605806f7aab8478cb8db79932cad
SHA256 7fa2fc1bb9a2910c5e4e8b3157d49601269af3db64a6d07e71459a759e6a58d9
SHA512 1ba2053d2aa66ab9ab2aa5f466590e24202f7361d3f2f369a057319bef61d25bc386cd265e0cb3585e11e83ea4d933010e34a21911d237c22c69d698000625dd

memory/2184-881-0x0000000000400000-0x000000000072F000-memory.dmp

C:\Program Files (x86)\TCGAME\res\update_ui\button\is-877UO.tmp

MD5 065752b7c54ab89bd6be0f27298b4ac0
SHA1 6d635a2300c3f0b36c5ddd74ca1a1eb88e93ef3e
SHA256 4cee25e42dab9358260e6a665e6d12d15c5336602b153eed030f2e780f0252f5
SHA512 2990da80baf9d236b8924ccf51af6dc0bfdc89d200e36d96db8ade1f00e2f221f343e759688d70d0f721e1d03ad98a7ef37477799f4ac04d67d107e151300097

C:\Program Files (x86)\TCGAME\res\update_ui\button\is-J8IN8.tmp

MD5 f0657937ffff951e1500bc9b557256cb
SHA1 cbc4b0c8dd0f225f44c095b2ea45c3d7700e04be
SHA256 2d556e321388220d0eb95f8540e03297b61738e036e897e1a9b857882db46957
SHA512 668bbfdefb00f6ee1ef7b9774d9f64dd0a8cf2b43f55dc219731d24da20c99ca7eb7a2ae517c858326522938bb17fcc1e8756f5b4f57578eefe90d7c0c10069d

C:\Program Files (x86)\TCGAME\res\update_ui\button\is-ECFMC.tmp

MD5 97f90bd39456e1285b397ace0ff4592c
SHA1 620d9a8834406c496225c2a86eda901692f13614
SHA256 f503024d01d54fd5aca0413d4aa18665964f8089d6fc243caea5376d5242f19d
SHA512 6af9bdf0c353e6de5612829b791274aa554fd1860af49d84ce0874d94f62801ea13872c7aebfa5acfab37c9f45bc29b1fdfdf0e60003c1476b1799cb76e7bce0

C:\Program Files (x86)\TCGAME\res\update_ui\gif\is-RTI7E.tmp

MD5 122f258e3987938c135ea8f4ce3552cb
SHA1 cb5595597283584958a03a57addcfc5d20b0759d
SHA256 69d19069ef292917d32da1e6b576120f34cb9dbd94d8fbfcc9c2379833f8eb44
SHA512 030558192a602cfe0dd3f902e2a39963ae179266321da93e8ed832ed7e1774425455583e370031dad2cab1376330fea49387c2439c7dd1db0ed81d56ec5cf919

memory/2184-944-0x00000000038E0000-0x00000000038F0000-memory.dmp

\Program Files (x86)\TCGAME\unins000.exe

MD5 cb76c96e24e31d3e8881a532d6e2844a
SHA1 d4aedbea66910d828859c08f3904f5b9d7484edd
SHA256 474a8046c16df5a6ac228c1bb72cb37bf5e33ad87f61d1a0294fa7f5635058d8
SHA512 1ece332be7f0f0d59d63995298730d508c5d0894063af76fef0028f8e202b51a13755b4a70ea7b7436acfcef933218b507fd0294b265018ab532bdddc78b7961

memory/2184-966-0x0000000000400000-0x000000000072F000-memory.dmp

\Program Files (x86)\TCGAME\ssleay32.dll

MD5 3c2188ec625b213b4810a9965a7d0ba7
SHA1 55deee70b50345d561a5521434fa25831e57f037
SHA256 3b54716740a738d0576fd426fafbfb88f65aaeaf16a715e54d1d70d8679ab808
SHA512 830c409c713a25b09fd06f58e220aface40a23d0c29b4a916ca966ef08c911eb7d7d258110468f8d1b29c286b592b617605ce5a5cd9e52415530be96191a2929

memory/2144-971-0x0000000001280000-0x0000000001F6C000-memory.dmp

\Program Files (x86)\TCGAME\msvcr100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

\Program Files (x86)\TCGAME\libeay32.dll

MD5 64784b8a41fa9ef5749c523a58846a8e
SHA1 1441a550880cd406420e88be5dfa54011a61d0f3
SHA256 8192e49fd40b5d52bb2bdf5b1ea377e1417f1fa8574e16116869f341de637d9b
SHA512 5381e592c2627eba256ddf0f8a9babb85abf045825a322cc72b1ae8587c0c2fb95169c71f96628066c1805516da320246d3006e80025d94353b25ac5054c17ec

\Program Files (x86)\TCGAME\libcurl.dll

MD5 bfe097a0c9811e8e5b12653353dead75
SHA1 49ce608cb02b933a959c169351acce2dbe48d3b1
SHA256 1832d60df9af2671046ff572a9bafc0c828bebf5c6d0b877c6a6fc4472032787
SHA512 4e42386d22aa408a75c895a4d078687b5386c2aa39df3bf77b82ad04e27ecd09e0929a5405f89d6b1eb24917fca614212fd3a1b3dd3b4a2a5c95b7be3b0dfb70

\Program Files (x86)\TCGAME\DuiLib.dll

MD5 5eea971c84448dec7c21c5181b39af1f
SHA1 c53dbb9364f9d520d00495adcf4091804524868b
SHA256 01ba542b6d0944df9c7de42086b8e6dbc40b8416d4075ce10d7a9a3c880e5864
SHA512 74e82750beeedbde9120a46af43e43f0b671ebb52531c42a8b2fe6aa1f105e3a9615807060a562a971bd6bb98769087f438595e59b14f5e3ac645c0de1faaac1

\Program Files (x86)\TCGAME\Everything32.dll

MD5 97eda9e469c19f1e328a27d99456e973
SHA1 e1278f57142b9eebe6b752b1865bfe468e1afb20
SHA256 89d8eaeb7727b4eccbf3a540181cbd04a37e2f18784e731265a7af75aebb45e9
SHA512 210e343cf277ad05918b023d65207f3bbc945259e63d6d43228ea7766db47447baab3e1ba178d4664b59fe69d70dea4a6dd1d18c5f35f9b1482428090efbc016

memory/2144-973-0x0000000001280000-0x0000000001F6C000-memory.dmp

memory/1044-979-0x0000000000400000-0x000000000050D000-memory.dmp

memory/2184-978-0x0000000000400000-0x000000000072F000-memory.dmp

\Program Files (x86)\TCGAME\node.dll

MD5 8aede9a9fe576273459b4b578c2b11c7
SHA1 afc420cef9415e4167148681e6bc8bc504f69da5
SHA256 c78b1444de0b1305d9111820bfe316749265a89e77d98a0f2948a146505f2e98
SHA512 c8f186da64dcae06aad76cae43c3a7663c4680efc7b5ee9a85916b327284fe81d0245daeaec36d552758e1506d1419efbb4a37295e22fc2d27b2144fb48b3271

memory/2144-982-0x0000000022E00000-0x0000000022E01000-memory.dmp

C:\Program Files (x86)\TCGAME\res\client_ui\XMLS\login.xml

MD5 78c9ac8fe0afe4c1f00bd9393e745a45
SHA1 01780eace2852787358bace4a41ce371c3b37263
SHA256 061e22f7d106d3355c904c3021a0f7bccba2a3b496b980265b43b7f64ca723b6
SHA512 d5dae7704874719ed9c49bc43cd87bcaa331f00087e8f92bfeeeae7922d9715613ff85dfbfa2685718c7ea3baae965273bcedc98406fe81635ff249aa70644c9

C:\Program Files (x86)\TCGAME\Plugins\NPSWF32_11_9_900_170.dll

MD5 f891089a6ab9e12fedebcc5ec0f40d66
SHA1 a9faae59566e6797d1f0e30d403997c29bba0e33
SHA256 3beeb1ae31c84ab30816235d5b70a63d33ee62f9dcce466ffa8df7e6d6df3f4a
SHA512 d9a1a1651c3633a33bff2be0739c1c6f0021b628baa4e88c3c46a54d664ae7a449820dba3fd28ecb644c73be781ca5c993ca14eb2d963d369430116bac62bfd4

\Program Files (x86)\TCGAME\plugins\np-mswmp.dll

MD5 99f97c9fe748c37528c338a423577fcb
SHA1 40d76ef18e457868d3e3695b8901f41db517c09d
SHA256 8b688cc16cb9c64f30c42a844a92b49d76b9601cfb99b533da96f91aa0844fdf
SHA512 e4b0b173a9d4783ec8d05a03e515abcf3b40d39b32bc23953a93827cac71244ab098ce0ff4c481ed29b21b259ab3c54b91c181704c65314d404c0bc4fdee2ecd

memory/272-999-0x0000000001280000-0x0000000001F6C000-memory.dmp

memory/272-1000-0x0000000001280000-0x0000000001F6C000-memory.dmp

C:\Program Files (x86)\TCGAME\TCGLOG\TCGame.exe-20240628.log

MD5 cf1b32e3ccae37782a4e56339e0a27e7
SHA1 fa8b82411331c8a7f0f482032a92ea8b10221829
SHA256 1dbfb7aba47c37320c99fdfdcdfb61403b9b8fbc3febef221804048a0584a512
SHA512 aed759694c1d1087b79cbe7a959f1643fb16a9e0f2f02015a8e88883e98cc034449146a5b926dfb4c467b4c91705ac174f6639f25b23053bc59d5876ab0527fb

C:\Program Files (x86)\TCGAME\res\client_ui\common\icon.png

MD5 97ef446cf201cb301036b26fa3f948f5
SHA1 5717afb1b1343151db544c6fba23946d09eb57c9
SHA256 68be4c1ee708408089176edb14223d95318ec3e7e2a2df99533c58a46ec51c02
SHA512 6e723dde1757aed249742611a96210261ec040f3e85592e382e706869f9304ddece6903e58a417f5254ad252c9c4dcc469b93dab5492fbaf90af6e47e0817606

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\button\look.png

MD5 a188404abc3c49e3d62d919c7a31956c
SHA1 fe7f342460d86ac1337d32d54042ecad0853af16
SHA256 82403b662f4dda16f2a8b49ad1bb3c726f578e49e269a7222bd98c1c0aa1251d
SHA512 7dac62c89f5f246e74be8d2c8f687aeb5c9a8cded940a64f6cb598da222f32f865f55dae0e947104544d486de310535b259ee455453315d1f7bea574bd3090f9

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\AD.png

MD5 537dec911cebfcbdc84192bd1ee08eb1
SHA1 7470db3b479ab84da8a38da297d0875690f1d044
SHA256 987483e31a4c7e196c3d721b09b5a6c11a7202ee0cb106786df8b44b1d01e068
SHA512 1fcd487b43db24f8ec766151d888971cdd930debae1b6d153eec4291303a624e71fbd2c4f97a2e27658bc05eae22e1c5f310295c41c15ac37b82c07de7468f4a

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\progress_bar_bg.png

MD5 cdd0d0b7896171b24a83bd158b594db5
SHA1 0d5fc4c220c056fc40065475f0c824fa5972faf0
SHA256 3aaf045b99456db5011684d7e660b6cecc5cf064ef0f566a9de4e3d74fbfc939
SHA512 0dce4fb38d28bb29120a984d801c1b07fdee9969f28666e651ecbbe130d860681d3660f203b5616a1955d7d109ac89419babb2f588ac449d0b3773d9cc8e6bca

C:\Program Files (x86)\TCGAME\res\client_ui\launch_ui\progress_bar.png

MD5 0f79f4e9e05021fc033483ed5e52e654
SHA1 c2dfe72e440c0fa1953e6be71dc299418badae41
SHA256 236c1d8c7cdfa1397b12171eed1716544a07c187e68e23389458b5c635bae86e
SHA512 2bbe11c962a12b641f7f5757eba981da4da3fa81939f5745ef7b8df9a391d7e00bb8aeb3a7c854e3b5d6b95cf0ae2452a697d0821bd98b7d3865bcfc685eab60

memory/272-1013-0x0000000001280000-0x0000000001F6C000-memory.dmp

C:\Program Files (x86)\TCGAME\config\tgaver.ini

MD5 b3e0f096a000443c69b7cd2868a111c3
SHA1 d4f12f4055423b1bb07b0fa0bbdc492abd362c5a
SHA256 9706f6ba1a656fb1bd659cc469fd08f7e0abe52e99a78834804595d63bb4d0f5
SHA512 b8498a975f5f52abb7fec9dbd0d0a71288b7fb44e6f943efcf8bb47825b3c51048d5160e0aed4c931e15bf0e31a906176a4b6b4beff52b11ec4c5357a9e36bd2

C:\Program Files (x86)\TCGAME\tcUpdate.exe

MD5 0b4989c895c26d2f9bed37c6fee5933c
SHA1 9cd92ad7c9fbe015f29c06f579e11af37817a31a
SHA256 c359d7d8f7f52b30f46fe8edddd583b7fccf3ea6f419074b83b2ed47d39dbda4
SHA512 92f9b8d4111d40d52f90f790935677bdb688ee60e67445aa9ce9a0a828260eadae86ee090538182f38545ca75c272b50a2e3b724a223275ed9fb5009e02fab26

C:\Program Files (x86)\TCGAME\res\client_ui\XMLS\tcgupdate.xml

MD5 0151952ef7ec755d88ada0bd1d9863bf
SHA1 28de91de848c4aa4f36f82a449b360ea8e7f0538
SHA256 afc1493fea743de0bb1208a632b7c4d83653e5dd3735b2dd2e3333d67b110b37
SHA512 71ee8192e0de5b22bacffcaf8ff602ea70efdded638fc1a2b2fc667b40a73f8e6ce77a320b8a9e4c81d8900df2ab468099e0380088d95deb0f660a135d99686e

C:\Program Files (x86)\TCGAME\res\client_ui\setting\progress_bar.png

MD5 c739f4e1a988eb94ffef61911c186a52
SHA1 29873913d231b33ce24c5060e084a8f463318bcc
SHA256 be72d17df73f2044a3fc77abd0103348c9afb521f6eebbd4914cf05ea6638c4b
SHA512 d351f0b0cb5df30cc2aeaec53034626979c4e84938e85a29c86742466054fd33c4bc2040dfa107fe1e10d473a6d2a0c2f54498995f409b0620c2c24ae032b5d0

C:\Program Files (x86)\TCGAME\res\client_ui\setting\progress_bar_bg.png

MD5 ff8f70b2444d05bb3e2638610c33ec4c
SHA1 7a2b7c6d9d22cb3583a7e15c09b830813237e7aa
SHA256 599dc578ca28c9b2d5950c06142c771a26c683c04b982cb45b0d8c22ded3ffdd
SHA512 b2532ca2b516593f39c703ca4b79d2e778e3fa0f4a2d92d093ac34f3fdf2ff7d97a83b29edf54886bf0e4612d9b951668b8c46e3687de4dfd4805de87a98e20f

C:\Program Files (x86)\TCGAME\res\client_ui\setting\cancel_update.png

MD5 e2f9402b260c86faa540e883d1f35a72
SHA1 0b6f966da304c587e051563ef6b2ae5d777435cd
SHA256 b7e9821a42ec0ce113421e24797496c25f13112aa73d3040f333f73338df9222
SHA512 cc3aedbb37409fcb61f0775221039f193ca8e4c1c247ef940f21b11ad33a2098b83c7f5fc9da871426d13355aa9ab96c9c4300b43193146a698504f50dc3b46f

\Program Files (x86)\TCGAME\msvcp120.dll

MD5 fd5cabbe52272bd76007b68186ebaf00
SHA1 efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA256 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA512 1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

\Program Files (x86)\TCGAME\msvcr120.dll

MD5 034ccadc1c073e4216e9466b720f9849
SHA1 f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
SHA256 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
SHA512 5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

C:\Program Files (x86)\TCGAME\CLSPatcher.dll

MD5 00cff89bc8c60085a96b34c6c30ed1fb
SHA1 23b03dba512c5e6ae17a46e7609d17b8d7808d4e
SHA256 28b3997eee31aa677f26a4ba18aad85f60688eb95b86f8527896f9e10ff9277a
SHA512 47d53e4f60da14525f2aac9d72aae88998d654cb181941010426cc9697d7c5416cfb6724eb887346cf61faaa06ed38c9341078fd279f724140d739f1f73da999

memory/2144-1047-0x0000000001280000-0x0000000001F6C000-memory.dmp

memory/2144-1120-0x0000000001280000-0x0000000001F6C000-memory.dmp

memory/860-1121-0x00000000001E0000-0x0000000000ECC000-memory.dmp

memory/860-1123-0x00000000001E0000-0x0000000000ECC000-memory.dmp

memory/860-1126-0x000000001CF00000-0x000000001CF01000-memory.dmp

memory/860-1127-0x00000000001E0000-0x0000000000ECC000-memory.dmp

memory/2564-1128-0x0000000000AA0000-0x000000000178C000-memory.dmp

memory/2564-1129-0x0000000000AA0000-0x000000000178C000-memory.dmp

memory/2564-1133-0x0000000022780000-0x0000000022781000-memory.dmp

memory/2564-1134-0x0000000000AA0000-0x000000000178C000-memory.dmp

memory/2504-1135-0x0000000001350000-0x000000000203C000-memory.dmp

memory/2504-1136-0x0000000001350000-0x000000000203C000-memory.dmp

memory/2504-1140-0x0000000035700000-0x0000000035701000-memory.dmp

memory/2996-1141-0x0000000001350000-0x000000000203C000-memory.dmp

memory/2996-1143-0x0000000001350000-0x000000000203C000-memory.dmp

memory/2996-1146-0x0000000001350000-0x000000000203C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 11:36

Reported

2024-06-28 11:39

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe

"C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe"

C:\Users\Admin\AppData\Local\Temp\is-175H0.tmp\tcgame_setup_popkart_20240104.tmp

"C:\Users\Admin\AppData\Local\Temp\is-175H0.tmp\tcgame_setup_popkart_20240104.tmp" /SL5="$7006C,50225399,1046016,C:\Users\Admin\AppData\Local\Temp\tcgame_setup_popkart_20240104.exe"

Network

Files

memory/756-0-0x0000000000400000-0x000000000050D000-memory.dmp

memory/756-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-175H0.tmp\tcgame_setup_popkart_20240104.tmp

MD5 4c3241f1be5715b30dbeaa5d7b7f0690
SHA1 6d5282566186acc8b9dfc3ec3476c58e0bc75097
SHA256 5e41a778ecf9665c55fde7a41e6a9231640d274973906e79028d28ae6f53f85e
SHA512 76e2d507ebaa57001112e14e727692132ac2b5d727394cd770f90d69c43ea2121a17f1bb2131bbc4b8957361578dbab169aef435c077c11d4892efd29e50dde5

memory/220-7-0x0000000000400000-0x000000000072F000-memory.dmp

memory/756-8-0x0000000000400000-0x000000000050D000-memory.dmp

memory/220-9-0x0000000000400000-0x000000000072F000-memory.dmp