33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 23:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Size

7.3MB
MD5

b8d6211e17f5046af5f3d357b87d0e2c
SHA1

6841e69f029822fc98a0a95259661aa0afa8a8e2
SHA256

33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243
SHA512

1e40cb851ffa8a6cd892eb3518fb9dec352f4f7906ab3c2c59970039e66d4bab52fbcf6c1efed0cdf3c4eea02e3d7d2f17c85695f7cd3eab9b089bae573ea6dd
SSDEEP

196608:K2kSKEko1nisbpW2/JuoLl5oSwf669WxvWU1ZMNZuc:ESKETnrdW2xuoLl5oSIrcIUzY

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	GameAssistant.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	Wallpaper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe

Executes dropped EXE 4 IoCs

pid	Process
4796	GameAssistant.exe
4056	GameAssistant.exe
1108	Wallpaper.exe
3024	LocalServer.exe

Loads dropped DLL 43 IoCs

pid	Process
4336	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
4336	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AhnLab\V3IS80	Wallpaper.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Launcher	Wallpaper.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Launcher	Wallpaper.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AhnLab\V3IS80	Wallpaper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File opened (read-only)	\??\F:	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File opened (read-only)	\??\D:	GameAssistant.exe
File opened (read-only)	\??\F:	GameAssistant.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	GameAssistant.exe
File opened for modification	\??\PhysicalDrive0	GameAssistant.exe
File opened for modification	\??\PhysicalDrive0	Wallpaper.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GameAssistant\Uninst.exe	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\360NetBase.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\360Util.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\cacert.dat	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\CrashReport.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\GameAssistant.exe	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\7z.exe	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\DumpUper.exe	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\Wallpaper.exe	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\web\screensaver.zip	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\360Base.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\7z.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\DumpUper.ini	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\LocalServer.exe	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\360Common.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\KitTip.dll	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
File created	C:\Program Files (x86)\GameAssistant\web\web.zip	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameAssistant.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameAssistant.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wallpaper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LocalServer.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\GameAssistant\\GameAssistant.exe\" \"%1\""	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\ = "手游助手"	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\URL Protocol = "C:\\Program Files (x86)\\GameAssistant\\GameAssistant.exe"	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\DefaultIcon	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\DefaultIcon\ = "C:\\Program Files (x86)\\GameAssistant\\GameAssistant.exe,1"	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\Shell\Open\Command	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\Shell	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\Shell\ = "Open"	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gameassist\Shell\Open	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
1108	Wallpaper.exe
4056	GameAssistant.exe
4056	GameAssistant.exe
1108	Wallpaper.exe
1108	Wallpaper.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4796	GameAssistant.exe
4796	GameAssistant.exe
4796	GameAssistant.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 4796	4336	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe	87
PID 4336 wrote to memory of 4796	4336	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe	87
PID 4336 wrote to memory of 4796	4336	33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe	87
PID 4796 wrote to memory of 1108	4796	GameAssistant.exe	90
PID 4796 wrote to memory of 1108	4796	GameAssistant.exe	90
PID 4796 wrote to memory of 1108	4796	GameAssistant.exe	90
PID 1108 wrote to memory of 3024	1108	Wallpaper.exe	95
PID 1108 wrote to memory of 3024	1108	Wallpaper.exe	95
PID 1108 wrote to memory of 3024	1108	Wallpaper.exe	95

C:\Users\Admin\AppData\Local\Temp\33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe
"C:\Users\Admin\AppData\Local\Temp\33994da6090887deef1a718a2dff12077706d9ffd04c8e6e0e9588f56ebfd243.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\GameAssistant\GameAssistant.exe
  "C:\Program Files (x86)\GameAssistant\GameAssistant.exe" --tray --setup --from=setup --param=" --startup-id=879"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Program Files (x86)\GameAssistant\Wallpaper.exe
    "C:\Program Files (x86)\GameAssistant\Wallpaper.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1108
  - - C:\Program Files (x86)\GameAssistant\LocalServer.exe
      "C:\Program Files (x86)\GameAssistant\LocalServer.exe" --local-path=C:\Users\Admin\AppData\Roaming\360GameAssistant\Wallpaper\Screensaver --outer-path=/resources --port=8081
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3024

C:\Program Files (x86)\GameAssistant\GameAssistant.exe
"C:\Program Files (x86)\GameAssistant\GameAssistant.exe" --from=--from=tray --startup-id=879
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GameAssistant\360Base.dll

Filesize
965KB

MD5
4f241e5de9091f6d78469bf1dc141cbd

SHA1
dec02d084f94049a4087a0f23db063ecaf98269a

SHA256
b96a9539e9a77fc0d21131dad0df7b065d297de79010ea7a763618f670206659

SHA512
2cfb06650b6d4acc212ccb7dc1da0b55457a7dc8ea0c8f550c0b3794a2ceb41a50a4e4d2e8057878eca27d5d14ca7df36564c79ee3f3b6c5aac70ef08546ed3a

Download Submit
C:\Program Files (x86)\GameAssistant\360Util.dll

Filesize
664KB

MD5
d1b5dfc13bc47b666d0bffa3520d4c29

SHA1
a6dc1e9bcddda234acb2bfd80c76a6b2131983bc

SHA256
8733f13c9161db106b1b547fe8e8e29ae006e9311ec4ca510783720d5331923e

SHA512
abdf5b9072a741202cfce4d2f05bc9c9f634ade38c5e4657a7c379496c43d3795c7ad299e0fe55562d0c4069722531edcb14fe6cae55068f416f81ca8325077a

Download Submit
C:\Program Files (x86)\GameAssistant\360netbase.dll

Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Program Files (x86)\GameAssistant\CrashReport.dll

Filesize
171KB

MD5
a1015b3bd68bdcf4627decca879685ee

SHA1
e8a18669a4ec1d1ce8d16f321beb7c492db272b1

SHA256
e5126f27a767c2ec225e06bb0352945557127c47d1c2ecce3c7e4ae952d411f7

SHA512
a701f37a890c92331780e0414739881a11841e7effd4107a62f427cb10b6682e36aa0c20a4e1b4907b03779d2d800f2934c743f68d8e212ef2a2bb8c713253e5

Download Submit
C:\Program Files (x86)\GameAssistant\GameAssistant.exe

Filesize
2.0MB

MD5
b21504f1734e75fdfbd6a34cea7e553f

SHA1
0915b9d3688c32a4e916d4768f788d93b7058004

SHA256
1e93646172f6b857d18485658d2a09151272335a6c6288cffbe9847a220622b2

SHA512
c5fdf20d9f2c95714fd5c14da62da9ec279a6dd521f98ab5c44563f87e49b2f3c63878aef3af68d8eea796115f78cb0c7e07209894176e294e133c21acbc13da

Download Submit
C:\Program Files (x86)\GameAssistant\KitTip.dll

Filesize
899KB

MD5
2412599c3516eed54c2d283859d4ca41

SHA1
39f2a32652451efedf005ec3d49525c5a1546965

SHA256
a3d84f02f58f7afb7dedea22feef432b5758987e461e621b4c2cb1ba07f5dbfb

SHA512
729dbad16bc751a34b39762603d867331f8890876384ce04d0654ffd749c4cbc03a7150079da676216370ff73992a08001f121133ec8465191553753a9c9d782

Download Submit
C:\Program Files (x86)\GameAssistant\LocalServer.exe

Filesize
411KB

MD5
2b2ebbdb95ccb946a4996d7ed4b63382

SHA1
70b23942b6dcd78b59a9a3b6eeac5ef1711e824e

SHA256
7d917cd4eb6838ce6781a12d1f7c1902f93a12bd1e6b8f304bd34880f849b62e

SHA512
42da489392939fd717c70ace1614c89bee75237b1ada0791d129aa9a0bf5e070b6a8138a31cfc98b34fa5711dfeb6568bf30c1ff8363bd859784e3f71662d6ee

Download Submit
C:\Program Files (x86)\GameAssistant\Wallpaper.exe

Filesize
1.6MB

MD5
6c9a03cfeac3333e0f23e022ae5f10e8

SHA1
5f543b4da8d3a28603781a94c4c1fbee58e654a6

SHA256
46b1eb517a9d772f377f972e76db6f2caedaa576aa8022ac7cddfd87d656d389

SHA512
075696d7bbc59c9c5ad6d0d1dc70e9608fddd35b3644246e9c0f8d18ab4841d08ca197cf66cf2508691cbd84ff5f3f79dadfb8d123bddad0df385521fc9ed468

Download Submit
C:\Program Files (x86)\GameAssistant\cacert.dat

Filesize
240KB

MD5
fddaa2c6ed188018bb28f38066b56d79

SHA1
38a2d83f5ce482299f6ca38dbac184112a612b62

SHA256
04f4445461ff76c45a932deef2aba90a9f6c192fb81431b026d3fd01c6d2bcbc

SHA512
19853eb627387db0365497cf7699888574d154e15ae893be8fe906253c1b193b639c5e6aadc7f4c57b16df606a40bbdcc1fd3b1e8bb1b3ffe2b2559ca27b84d1

Download Submit