8cd7f1c9b3872902ef0156c5aafe205d3868d72d3dfdc2641408d4a16dfdb4db

Analysis

max time kernel
143s
max time network
70s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Size

13.3MB
MD5

055b148dcde74e85e0de675fee80bbd2
SHA1

a793c9c218fdbbbb6bc109bd45d4d16199867124
SHA256

8cd7f1c9b3872902ef0156c5aafe205d3868d72d3dfdc2641408d4a16dfdb4db
SHA512

5915d6fde663be90d33df3c56a9a678349bc25a1e7c786551d18146a5e3ebf8b99db0c89e0629a452788f8585c57461741821dcf1cb61638220785be7c357aa0
SSDEEP

393216:OHo/Gez/QvGXMum/5oe0rC4VkVzUKNst1LfES:OIeiIvew5JqfGqMS

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1184-0-0x0000000001390000-0x0000000003C0D000-memory.dmp	upx
behavioral1/memory/1184-190-0x0000000001390000-0x0000000003C0D000-memory.dmp	upx

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	GameCenter.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Control Panel\International\Geo\Nation	GameCenter.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
2888	GameCenter.exe

Loads dropped DLL 8 IoCs

pid	Process
1184	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameCenter.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini:Tamper	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
File opened for modification	C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini:Tamper	GameCenter.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1184	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
2888	GameCenter.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe
2888	GameCenter.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2888	1184	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe	29
PID 1184 wrote to memory of 2888	1184	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe	29
PID 1184 wrote to memory of 2888	1184	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe	29
PID 1184 wrote to memory of 2888	1184	SecuriteInfo.com.Trojan.Crypt.24459.3425.exe	29

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24459.3425.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24459.3425.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe
  "C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe" -startedbysetup "installer=C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24459.3425.exe" game=0.3 -removeifinstallcanceled
  2⤵
  - Enumerates connected drives
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GameCenter\BigUp2.dll

Filesize
2.5MB

MD5
3bb706c6f01e81b64f8dc43383d4bb52

SHA1
1ac3efdbbc209173ed1da0cb53bc4e94260e9d9f

SHA256
7d1ff968c2b6349a00552c98eef246bb51a1765bb11239b8956b1a772e8401c5

SHA512
02ae44e3b428259c30a54fd360c98c2383e13a37db2d9ead798743bbf18fa152e07ba422f5e081d067f15c27d03e5cb6199ff9b3856ff33ea73a9d1abf61f711

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini

Filesize
76B

MD5
428716c5aeaf3ba85f1bed7915e41793

SHA1
ee069e14fac05de3ce3d4dd2a759cca919bd23ef

SHA256
d3b6e89b96ddb44eca7ff02a5b9e586d16ef8272be56f01890417d578c3d1762

SHA512
e41533cdae5e9cd3fe4164cac18a1c07bca5e89ba0812e4c26032982edc9db15d9a50b2121840c79f33713ccc211010a5b6f05c80aa692ab657c7efdb42439d4

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\icudtl.dat

Filesize
9.7MB

MD5
f39348fe94ae63f7830bd98166a1565f

SHA1
4c59f7ac5ca75591a771b895bb098219ceec2b4a

SHA256
846942a316b4e38fdbd4de3ad83e4faae78a8bced50f4720acdbdab6ee7c4b8e

SHA512
fcbd1135c39b313608de6b6718b13dc3a234a1ab3a85ac709240371429596d7df19f25eae431ffdd59351e4525841238650deaffc6cc83d65b8e8871c0b7eb41

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\main.log

Filesize
1KB

MD5
21a713cb5b55742f91645733ee73f967

SHA1
1b42436d5563e4501667e35373373cc3ada523ae

SHA256
f5ca08ea15eeb6fc06355fac0476b40dadc077fe89132d8eb3f400cd2814bd47

SHA512
9c2e5a6775bd1ae840f5517a477bc568fcf5a610692440e30a012b7f9ef09c9c4d0c0a550b52af139cd1d8de0579db2c028eb191864a243ba2a662b7e8d7742f

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\preinstall.brs

Filesize
77KB

MD5
ffd244d12a6cd0b58de124dbdec345bb

SHA1
9c02c28978c8386e641bc8d746f5226e90fcc329

SHA256
82de3cab949aec93ce8b6208c04ae4c47015a4d51362d20139227ca7aba680ee

SHA512
31c160258cf4462c08116dfe77d6c144001fdfe2e54a2daad6d1c0f03659d1097735a4c84c50104ee4574b5a2e6da0f9df02ecb4f68d2d203224d1b7bcd4dab6

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\pxd.dll

Filesize
73KB

MD5
f5d20f5b2745032f1523a550ebaf1043

SHA1
7ce64bcf6b3fbb9b3bdb9c6a78d6b772051b96d5

SHA256
ae10cfa9a2c8f1c36a216e1ca0a8effcf6cfa0655a4320ac207a88e91c2f0989

SHA512
b7e6815a983fc9b48e6a36661887b866c94a82ff4bf9a7e8ddde3aa3df6b692fe73543104abedcf331b4b90e42f3e5cf5ab293218753c002b2b1adaa95171f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4E03.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F00.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\GameCenter\7zxa.dll

Filesize
159KB

MD5
222916317f2babcac0fd6fd6f75e4a49

SHA1
bab95732f8f20e4bdaea8de5b916115fc0f0d492

SHA256
8a7e8bed4b8fdbbb463f431b9edc3e5a2d1cce316ecee5c842fb0b5dea11a873

SHA512
fb0c2d52443d98ed9b36190e19bfdd1c930d99d4fe4f8f067ed4f135661a39ef9374f49d20df1e7834a94b5a812b0e8722932564fdcefa3de38e74cba4a3df71

Download Submit
\Users\Admin\AppData\Local\GameCenter\GameCenter.exe

Filesize
12.3MB

MD5
b3258acbdcb6d19352b589bdd6ff25b1

SHA1
e5630e8852d736e2eb4815aa2f155c40b9a10fc8

SHA256
7d40a980c4fae19521675d337a82cf53d09eed6708af2dc4c143b411404c4c0a

SHA512
30db032276c7474e5a4ee94c44f5419315f2fcf20493cfa82fe475769bf65edbea5714f20592954341278e3cba69175ceb61e18bc3eb441c27960ad1ad463789

Download Submit
\Users\Admin\AppData\Local\GameCenter\SkiAcc.dll

Filesize
5.0MB

MD5
2cfcc9c00bbc55d9b285f6b8d086bf3d

SHA1
2a10b687761dac79a9fa4f2b2135d46e7f73f1a1

SHA256
210bed8eb6552ea3178c41dac96fee3340b3cd6b22bc0bd205696c86a37a1d92

SHA512
f6cbb1a021d5b90439d4c4d243cd6054a8366f2c156aa7ce8036786b2176c3d3767349b769ffb8efaa3377e88edf2b878dd3c15730560194cc0c293fc99f4109

Download Submit
\Users\Admin\AppData\Local\GameCenter\libcurl.dll

Filesize
779KB

MD5
7c434518fcca3360fe7f3f8ba559f6d7

SHA1
92aee84c70eaff8fa5b299d99a2830fbe421738f

SHA256
3a229efc16be7f03968b153383e1a0261b9fefcdd63aac71626fbe4f4cdae6fa

SHA512
f018b7283c73a5a4beaf8dc5355dc26c1d9af3b9924daea08cc2ba6b2dcc9c8e6810c0ab4291e0f246dd4c3685de91f6083ba26a519b4360e801dc3446e66842

Download Submit
\Users\Admin\AppData\Local\GameCenter\lightupdate.dll

Filesize
242KB

MD5
da4d450ff5f5daa9d025f1be1ab15da4

SHA1
86cd3b41601c789b6527f25750a882d1fbd002a0

SHA256
a439b2ab671734cc17a2b3373ef249d56eaebac7291923d53a3c4e855cc6f5c5

SHA512
85f536f654329a6c875a073c0fac30b9af14d21827ea5a6c3653530a086a857f131b11a30781a51648b6cad3f0d6d7ffcd6e3ca76c6bb13db5953d890f42f9d8

Download Submit
\Users\Admin\AppData\Local\GameCenter\zlib1.dll

Filesize
183KB

MD5
9bb9e26e803504fcce8c4223918f15a0

SHA1
711e1caff1203d3d828a514479f128f51f5bc8ea

SHA256
7f9a181fd2afdcdfa8d593ae7a095adb36023576bc8fa2345b363e4fd32b19cb

SHA512
8e5f13754a5cefc4048e2b648459fdf63dc9abb05f1d0e9945220fbe04d6389d4ac01095988312551b50f7c19e9651e8a391ac97c65a4bce4b5681d538b1ffb2

Download Submit
memory/1184-0-0x0000000001390000-0x0000000003C0D000-memory.dmp

Filesize
40.5MB

Download
memory/1184-190-0x0000000001390000-0x0000000003C0D000-memory.dmp

Filesize
40.5MB

Download
memory/2888-140-0x0000000000970000-0x0000000000980000-memory.dmp

Filesize
64KB

Download
memory/2888-199-0x0000000000980000-0x0000000001601000-memory.dmp

Filesize
12.5MB

Download
memory/2888-203-0x0000000000980000-0x0000000001601000-memory.dmp

Filesize
12.5MB

Download