9d840cd1a16a77d032d08c553df63f445f20bd5245b7edb815bc145d17b7e1de

Analysis

max time kernel
143s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Size

13.0MB
MD5

4e939759112f36fbb309d906856839f7
SHA1

68c38ff286b4551f5b66a685c8932ca25c88385c
SHA256

9d840cd1a16a77d032d08c553df63f445f20bd5245b7edb815bc145d17b7e1de
SHA512

fc262571363cbd4efbb40966cf6ba38c250bc187d3d102152b9a1a9d280cd328acdeb67e1bd791617f2c580093c086f5b297ffcf5fca038f226a4653f89d472c
SSDEEP

393216:qZyLqZZRnUdEoP35E9LfOWMcpG8DG6TK5nS12g1qB:qQLARUVPgTOclS6TK0h1A

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1752-0-0x0000000000A70000-0x0000000003260000-memory.dmp	upx
behavioral1/memory/1752-202-0x0000000000A70000-0x0000000003260000-memory.dmp	upx

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	GameCenter.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\International\Geo\Nation	GameCenter.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
344	GameCenter.exe

Loads dropped DLL 8 IoCs

pid	Process
1752	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameCenter.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini:Tamper	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
File opened for modification	C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini:Tamper	GameCenter.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1752	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
344	GameCenter.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe
344	GameCenter.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 344	1752	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	30
PID 1752 wrote to memory of 344	1752	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	30
PID 1752 wrote to memory of 344	1752	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	30
PID 1752 wrote to memory of 344	1752	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	30

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24953.20230.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe
  "C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe" -startedbysetup "installer=C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24953.20230.exe" game=0.2000297 -removeifinstallcanceled
  2⤵
  - Enumerates connected drives
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GameCenter\BigUp2.dll

Filesize
2.5MB

MD5
3bb706c6f01e81b64f8dc43383d4bb52

SHA1
1ac3efdbbc209173ed1da0cb53bc4e94260e9d9f

SHA256
7d1ff968c2b6349a00552c98eef246bb51a1765bb11239b8956b1a772e8401c5

SHA512
02ae44e3b428259c30a54fd360c98c2383e13a37db2d9ead798743bbf18fa152e07ba422f5e081d067f15c27d03e5cb6199ff9b3856ff33ea73a9d1abf61f711

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\Cache\GameDescription\25F00DC5

Filesize
46B

MD5
f127e31d7b603e5c3bbdb98e249991f5

SHA1
65d08aed2b2d5f6bed7e28a6609f00561c29d85c

SHA256
2804c9f678fa7a7bece1d16f3cb939891b44896470f6509e7b811c53ffb29fb0

SHA512
491e79df29db2e4ea9c6b7bf43c21aa89ac124b79583d443f915198d580173949e21c3cddd0d8046488965a8991ab52f7734d38dead40fc15c3e2d40f356a067

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini

Filesize
76B

MD5
8a0067ff45ae6ebd94794ca0d20fb679

SHA1
4781ff7287a3660d43834bd3c36e2807aaad5169

SHA256
ba6ac68a52e2b3237e2c35e397032698171e3bb7240a4d95283223b2bc899dad

SHA512
a7b74cefed609b8971f00d8f208ad3ef4e910d82b6e4c78633d5757803f81d9eed1d8b95af2ce02b0e768e6027fbb1f1be889f15b61e33f77fcb27e25fa9d8ed

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\SkiAcc.dll

Filesize
5.0MB

MD5
7bafaab470e10459ca254422dc5c875f

SHA1
32b284b086c9eca98a80315b0bc05b061bc95cad

SHA256
9b3697cc171bb32d368b4da03d84fde5c885e1e0e211cae7c775765a51dabfab

SHA512
fb4941e4bf05cb084dcaa3fe6f635546651e4e17d8e05026557669621af34b3ef9346d735ae4a8be672761848021af16249b61e26cca0c9842235ff3500106f4

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\icudtl.dat

Filesize
9.7MB

MD5
f39348fe94ae63f7830bd98166a1565f

SHA1
4c59f7ac5ca75591a771b895bb098219ceec2b4a

SHA256
846942a316b4e38fdbd4de3ad83e4faae78a8bced50f4720acdbdab6ee7c4b8e

SHA512
fcbd1135c39b313608de6b6718b13dc3a234a1ab3a85ac709240371429596d7df19f25eae431ffdd59351e4525841238650deaffc6cc83d65b8e8871c0b7eb41

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\main.log

Filesize
1KB

MD5
43e1d1efb67c57edfad8aa4e38fb3987

SHA1
2d20cac970a2f389491e0595968eda21e86b990c

SHA256
5c46a9f9ec6bf4be6cc30c515c92e260202c322f886cbb3a6c149a0441b46039

SHA512
ef3533bf9b43655e1a71ed9244f77ee89f631162402c855ba784d47417ea9eafacd3299646c3093fb72c749f3872245e52624f28e7db2e9cfc85672589ab0c17

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\main.log

Filesize
1KB

MD5
5bdc23f5bb51db0753cd356d7d9437f7

SHA1
46451a035051e6fec9f8ba432acd7695cb4f4efc

SHA256
4f1e41ace559fa0268e38472366269f24081e5254c20495727cc9e8d15ebfd5c

SHA512
fdc4cb9a3551735ddb90a5a6f00dadcfdf518956006460b44d11800bb687fe88f78e6d4567eb30403d3da837f8bdbb1f9797017fd67933404d9793deedd22012

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\preinstall.brs

Filesize
75KB

MD5
a189fc15fd0938d5bc1b8b3cd5782128

SHA1
72e1732394e00b8c2139b4d4a8b278035fc59b84

SHA256
a6e875d6052646ba1b7767b20be93bbd0a98428e5e222c2f79880e441c79fdbb

SHA512
f7ef5d5975dd05f6e6fae1dad15de8e6be8b54aadc9e90c18d3e61dcd779551debb86d4147a8b25f77cd862fc724ea44ec8dee4acf04688e97e84d4eb64b4b99

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\pxd.dll

Filesize
81KB

MD5
67245252b3545085d69ecfb878d7e0ae

SHA1
d2b4464f2c8d1e5bc9085a5016a8316241f13c23

SHA256
43fc9d41a43f67304f00aa95540e3854f3ad31c4ad30ea99f04e41ef9fc318a0

SHA512
c4c6f418101fd6ef0690c73276b3ace7317c1a3af9cdcd401028cb64f37979151aaccf5e33e671aecd62019e51f334b84d1e40bdd17018b2655f944c11f3f3e1

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\zlib1.dll

Filesize
183KB

MD5
9bb9e26e803504fcce8c4223918f15a0

SHA1
711e1caff1203d3d828a514479f128f51f5bc8ea

SHA256
7f9a181fd2afdcdfa8d593ae7a095adb36023576bc8fa2345b363e4fd32b19cb

SHA512
8e5f13754a5cefc4048e2b648459fdf63dc9abb05f1d0e9945220fbe04d6389d4ac01095988312551b50f7c19e9651e8a391ac97c65a4bce4b5681d538b1ffb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA67E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA78A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\GameCenter\7zxa.dll

Filesize
159KB

MD5
222916317f2babcac0fd6fd6f75e4a49

SHA1
bab95732f8f20e4bdaea8de5b916115fc0f0d492

SHA256
8a7e8bed4b8fdbbb463f431b9edc3e5a2d1cce316ecee5c842fb0b5dea11a873

SHA512
fb0c2d52443d98ed9b36190e19bfdd1c930d99d4fe4f8f067ed4f135661a39ef9374f49d20df1e7834a94b5a812b0e8722932564fdcefa3de38e74cba4a3df71

Download Submit
\Users\Admin\AppData\Local\GameCenter\GameCenter.exe

Filesize
12.0MB

MD5
2460bd20e0246bf4e9a011f656ddd4a6

SHA1
4c35fdffb23e2ec2a917a4e516880b7972c93c98

SHA256
5032293e6a12a59834a6f08b6c265081d7f8a0baf30b4efe30f3461e3c1df79f

SHA512
e570b780fb22e1d6b1120c83611a4df87d64087da0ded1a6b120eb5a3673df9fd3d1854806cb19159f8b51f3e56d27a058b83ca1208d7559a8e6bb1a9ac174b6

Download Submit
\Users\Admin\AppData\Local\GameCenter\libcurl.dll

Filesize
779KB

MD5
7c434518fcca3360fe7f3f8ba559f6d7

SHA1
92aee84c70eaff8fa5b299d99a2830fbe421738f

SHA256
3a229efc16be7f03968b153383e1a0261b9fefcdd63aac71626fbe4f4cdae6fa

SHA512
f018b7283c73a5a4beaf8dc5355dc26c1d9af3b9924daea08cc2ba6b2dcc9c8e6810c0ab4291e0f246dd4c3685de91f6083ba26a519b4360e801dc3446e66842

Download Submit
\Users\Admin\AppData\Local\GameCenter\lightupdate.dll

Filesize
250KB

MD5
f1ec86626e9368c58019c055e5834ffa

SHA1
0c04d92a8c2dd8bd4d556fdb89f0f2f4c5e2a5ea

SHA256
a4e5081a86abc8a82b6157e5a54fe76669159f70c8056d51c09c9ffb87eb97c6

SHA512
245811e56e8e1f1e79edf9fee8ccff0ab67210cef8ce806ddb6aa90a8ab19ba29bfc946ef357a5c68e44dbbc7478c5541ec7919880c87bb3b7144657e541f3a0

Download Submit
memory/344-146-0x0000000000DC0000-0x0000000000DD0000-memory.dmp

Filesize
64KB

Download
memory/344-203-0x0000000000DD0000-0x00000000019F5000-memory.dmp

Filesize
12.1MB

Download
memory/344-207-0x0000000000DD0000-0x00000000019F5000-memory.dmp

Filesize
12.1MB

Download
memory/1752-0-0x0000000000A70000-0x0000000003260000-memory.dmp

Filesize
39.9MB

Download
memory/1752-202-0x0000000000A70000-0x0000000003260000-memory.dmp

Filesize
39.9MB

Download