download:

/wgc/releases_tTrHgLCKHBRiaL/wgc_24.03.00.6203_eu/wargaming_game_center_install_eu.exe

Full analysis: https://app.any.run/tasks/6fc6fdf4-12b7-4d22-ade0-a0a19a7c8a6e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: July 28, 2024, 15:39:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
crypto-regex
discordgrabber
generic
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

7BB3213823AFA84006CF9B3F70C5D311

SHA1:

D657C6DE541D119B605B18001716F23AD8C98CEA

SHA256:

F491B133F2B87080EB581B2E5BF5FA781A6477159B2B4FBBF3DE28BAD9979ADD

SSDEEP:

98304:/UkSUC0Sfcs3D7lRi4VdANO9PcgegKp9aRSA+qeOL4Go4UeO/gAkcLMsQxQU7h03:QKGmcu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • wargaming_game_center_install_eu.exe (PID: 4288)
      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1780)
      • wgc.exe (PID: 7016)

    • Changes the autorun value in the registry

      • wgc.exe (PID: 7016)

    • DISCORDGRABBER has been detected (YARA)

      • wgc.exe (PID: 7016)
      • wgc_renderer_host.exe (PID: 5436)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • wargaming_game_center_install_eu.exe (PID: 4288)
      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1780)
      • wgc.exe (PID: 7016)

    • Process drops legitimate windows executable

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1780)

    • Drops 7-zip archiver for unpacking

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1780)

    • Reads the Windows owner or organization settings

      • wargaming_game_center_install_eu.tmp (PID: 396)

    • Reads security settings of Internet Explorer

      • wargaming_game_center_install_eu.tmp (PID: 396)

    • The process drops C-runtime libraries

      • 7za.exe (PID: 1780)

    • The process creates files with name similar to system file names

      • 7za.exe (PID: 1780)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • wargaming_game_center_install_eu.tmp (PID: 396)

    • Searches for installed software

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • wgc.exe (PID: 7016)

    • Reads the date of Windows installation

      • wargaming_game_center_install_eu.tmp (PID: 396)

    • Application launched itself

      • wgc.exe (PID: 4192)

    • Creates a software uninstall entry

      • wgc.exe (PID: 7016)

    • Found regular expressions for crypto-addresses (YARA)

      • wgc.exe (PID: 7016)
      • wgc_renderer_host.exe (PID: 5436)
      • wgc_renderer_host.exe (PID: 3124)

    • Potential Corporate Privacy Violation

      • wgc.exe (PID: 7016)

    • Connects to unusual port

      • wgc.exe (PID: 7016)

  • INFO

    • Checks supported languages

      • wargaming_game_center_install_eu.exe (PID: 4288)
      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1780)
      • 7za.exe (PID: 1800)
      • wgc.exe (PID: 7016)
      • wgc.exe (PID: 4192)
      • WargamingErrorMonitor.exe (PID: 2668)
      • wgc_renderer_host.exe (PID: 5436)
      • wgc_renderer_host.exe (PID: 5716)
      • wgc_renderer_host.exe (PID: 3124)
      • wgc_renderer_host.exe (PID: 3812)
      • helper_process.exe (PID: 7148)
      • wgc_renderer_host.exe (PID: 4416)
      • wgc_renderer_host.exe (PID: 1476)
      • wgc_renderer_host.exe (PID: 752)
      • helper_process.exe (PID: 7656)
      • helper_process.exe (PID: 7716)

    • Process checks whether UAC notifications are on

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • helper_process.exe (PID: 7148)

    • Creates files in the program directory

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1780)
      • wgc.exe (PID: 4192)
      • wgc.exe (PID: 7016)
      • wgc_renderer_host.exe (PID: 5716)
      • WargamingErrorMonitor.exe (PID: 2668)
      • wgc_renderer_host.exe (PID: 3124)
      • wgc_renderer_host.exe (PID: 1476)
      • wgc_renderer_host.exe (PID: 4416)

    • Reads the computer name

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • 7za.exe (PID: 1800)
      • 7za.exe (PID: 1780)
      • WargamingErrorMonitor.exe (PID: 2668)
      • wgc_renderer_host.exe (PID: 5436)
      • wgc_renderer_host.exe (PID: 3124)
      • wgc.exe (PID: 7016)
      • wgc_renderer_host.exe (PID: 752)
      • helper_process.exe (PID: 7148)
      • helper_process.exe (PID: 7656)
      • helper_process.exe (PID: 7716)

    • Create files in a temporary directory

      • wargaming_game_center_install_eu.exe (PID: 4288)
      • wargaming_game_center_install_eu.tmp (PID: 396)
      • wgc.exe (PID: 7016)
      • dxdiag.exe (PID: 6860)

    • Checks proxy server information

      • slui.exe (PID: 5496)
      • wgc.exe (PID: 7016)

    • Reads the software policy settings

      • slui.exe (PID: 5496)
      • dxdiag.exe (PID: 6860)
      • wgc.exe (PID: 7016)

    • Creates a software uninstall entry

      • wargaming_game_center_install_eu.tmp (PID: 396)

    • Creates files or folders in the user directory

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • wgc.exe (PID: 7016)
      • dxdiag.exe (PID: 6860)

    • Process checks computer location settings

      • wargaming_game_center_install_eu.tmp (PID: 396)
      • wgc.exe (PID: 7016)
      • wgc_renderer_host.exe (PID: 5716)
      • wgc_renderer_host.exe (PID: 4416)
      • wgc_renderer_host.exe (PID: 1476)

    • Reads the machine GUID from the registry

      • wgc.exe (PID: 7016)

    • Reads Environment values

      • wgc.exe (PID: 7016)
      • helper_process.exe (PID: 7148)

    • Reads security settings of Internet Explorer

      • dxdiag.exe (PID: 6860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (79.7)
.exe | Win32 Executable (generic) (8.6)
.exe | Win16/32 Executable Delphi generic (3.9)
.exe | Generic Win/DOS Executable (3.8)
.exe | DOS Executable Generic (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:06:23 15:10:45+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, No debug, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 139776
InitializedDataSize: 235008
UninitializedDataSize: -
EntryPoint: 0x235e0
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 24.3.0.6203
ProductVersionNumber: 24.3.0.6203
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Wargaming.net
FileDescription: Wargaming.net Game Center
FileVersion: 24.03.00.6203
LegalCopyright: Copyright © 2009-2024 Wargaming.net
ProductName: Wargaming.net Game Center
ProductVersion: 24.03.00.6203
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
171
Monitored processes
24
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wargaming_game_center_install_eu.exe wargaming_game_center_install_eu.tmp slui.exe slui.exe no specs 7za.exe no specs conhost.exe no specs 7za.exe conhost.exe no specs netsh.exe no specs conhost.exe no specs wgc.exe no specs THREAT wgc.exe wargamingerrormonitor.exe THREAT wgc_renderer_host.exe THREAT wgc_renderer_host.exe wgc_renderer_host.exe no specs wgc_renderer_host.exe no specs wgc_renderer_host.exe no specs helper_process.exe no specs dxdiag.exe no specs wgc_renderer_host.exe no specs wgc_renderer_host.exe no specs helper_process.exe no specs helper_process.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396"C:\Users\admin\AppData\Local\Temp\is-FUN6V.tmp\wargaming_game_center_install_eu.tmp" /SL5="$D0430,3752677,375808,C:\Users\admin\AppData\Local\Temp\wargaming_game_center_install_eu.exe" C:\Users\admin\AppData\Local\Temp\is-FUN6V.tmp\wargaming_game_center_install_eu.tmp
wargaming_game_center_install_eu.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-fun6v.tmp\wargaming_game_center_install_eu.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
752"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,17389266054492220591,2025918423986049026,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,WebRtcHideLocalIpsWithMdns --lang=en-US --service-sandbox-type=audio --no-sandbox --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --log-severity=info --user-agent-product="Chrome/92.0.4515.159 WGC/24.03.00.6203" --lang=en-US --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --mojo-platform-channel-handle=4432 /prefetch:8C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exewgc.exe
User:
admin
Company:
Wargaming.net
Integrity Level:
MEDIUM
Description:
Wargaming.net Game Center
Version:
24.03.00.6203
Modules
Images
c:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer_host.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1476"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1 --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --field-trial-handle=1976,17389266054492220591,2025918423986049026,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,WebRtcHideLocalIpsWithMdns --disable-gpu-compositing --lang=en-US --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --log-severity=info --user-agent-product="Chrome/92.0.4515.159 WGC/24.03.00.6203" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exewgc.exe
User:
admin
Company:
Wargaming.net
Integrity Level:
MEDIUM
Description:
Wargaming.net Game Center
Version:
24.03.00.6203
Modules
Images
c:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer_host.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1780"C:\Users\admin\AppData\Local\Temp\is-839MK.tmp\7za.exe" x "C:\Users\admin\AppData\Local\Temp\is-839MK.tmp\WGCArchive7z0" -o"C:\ProgramData\Wargaming.net\GameCenter" -yC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\7za.exe
wargaming_game_center_install_eu.tmp
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
16.04
Modules
Images
c:\users\admin\appdata\local\temp\is-839mk.tmp\7za.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1800"C:\Users\admin\AppData\Local\Temp\is-839MK.tmp\7za.exe" t "C:\Users\admin\AppData\Local\Temp\is-839MK.tmp\WGCArchive7z0C:\Users\admin\AppData\Local\Temp\is-839MK.tmp\7za.exewargaming_game_center_install_eu.tmp
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
16.04
Modules
Images
c:\users\admin\appdata\local\temp\is-839mk.tmp\7za.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2668"C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe" --pipe "parent_pid_70160cb308c5-839c-43c6-a981-f893bc97ccfa" --superuserid "WGC" --self_crash_handling_folder "C:\ProgramData\Wargaming.net\GameCenter\cat" --self_crash_handling_receiver_url "http://cat.wargaming.net" --log_files_max_count 5C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe
wgc.exe
User:
admin
Company:
Wargaming.net
Integrity Level:
MEDIUM
Description:
Wargaming.net Error Monitor
Version:
04.00.01.3950
Modules
Images
c:\programdata\wargaming.net\gamecenter\wargamingerrormonitor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
3124"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,17389266054492220591,2025918423986049026,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,WebRtcHideLocalIpsWithMdns --lang=en-US --service-sandbox-type=none --no-sandbox --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --log-severity=info --user-agent-product="Chrome/92.0.4515.159 WGC/24.03.00.6203" --lang=en-US --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --mojo-platform-channel-handle=2020 /prefetch:8C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe
wgc.exe
User:
admin
Company:
Wargaming.net
Integrity Level:
MEDIUM
Description:
Wargaming.net Game Center
Version:
24.03.00.6203
Modules
Images
c:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer_host.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
3812"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,17389266054492220591,2025918423986049026,131072 --disable-features=CalculateNativeWinOcclusion,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,WebRtcHideLocalIpsWithMdns --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --log-severity=info --user-agent-product="Chrome/92.0.4515.159 WGC/24.03.00.6203" --lang=en-US --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20240728_154119_675.log" --mojo-platform-channel-handle=2832 /prefetch:8C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exewgc.exe
User:
admin
Company:
Wargaming.net
Integrity Level:
MEDIUM
Description:
Wargaming.net Game Center
Version:
24.03.00.6203
Modules
Images
c:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer_host.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
4044\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4192"C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --setLang -l en --session-id 930C56F5C5094C66918AF3BC3B33DEF2 --event-sequence-number 7 C:\ProgramData\Wargaming.net\GameCenter\wgc.exewargaming_game_center_install_eu.tmp
User:
admin
Company:
Wargaming.net
Integrity Level:
MEDIUM
Description:
Wargaming.net Game Center
Exit code:
0
Version:
24.03.00.6203
Modules
Images
c:\programdata\wargaming.net\gamecenter\wgc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
Total events
23 466
Read events
23 271
Write events
178
Delete events
17

Modification events

(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:Wargaming.net Game Center
Value:
Wargaming.net Game Center
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:DisplayName
Value:
Wargaming.net Game Center
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:Publisher
Value:
Wargaming.net
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:DisplayIcon
Value:
C:\ProgramData\Wargaming.net\GameCenter\wgc.exe,0
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:UninstallString
Value:
"C:\ProgramData\Wargaming.net\GameCenter\setup.exe" /IU
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:EstimatedSize
Value:
430080
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CLASSES_ROOT\wgc
Operation:writeName:URL Protocol
Value:
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Operation:writeName:C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe
Value:
~ HIGHDPIAWARE
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:DisplayVersion
Value:
24.3.0.6203
(PID) Process:(396) wargaming_game_center_install_eu.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wargaming.net Game Center
Operation:writeName:WGC Installer
Value:
240300
Executable files
115
Suspicious files
157
Text files
162
Unknown types
11

Dropped files

PID
Process
Filename
Type
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\WarHeliosCondCBold-Thai2.ttfttf
MD5:4ECA917CF75576F76F9B6DEAF22E6200
SHA256:8709BDB1C8E04043C14647930AC71A3CF4D0DB2F6639468F8F085E8E5901AE11
396wargaming_game_center_install_eu.tmpC:\ProgramData\Wargaming.net\GameCenter\data\wgc_id.dattext
MD5:7FCE43E48ED5C7479E3CF21F06967F01
SHA256:B29F5523B2A490625CD78551163A23A25369A1686DAD217A48A6822E66BD88ED
396wargaming_game_center_install_eu.tmpC:\ProgramData\Wargaming.net\GameCenter\data\pc_id.dattext
MD5:024FB518BB8909A8FC6F303409488100
SHA256:0B6DFF8113663EEFCD3B3200117D42EFB0417DAA83090C2C1CE372ED952B4E69
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\art_WGC_100.pngimage
MD5:7011F920E87F7CFE24F8A83732D56943
SHA256:6A5FB83E16F4800C21485CD57DE3AF0CC63A465AEA90E53BADEBECB1E1683CA7
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\VclStylesinno.dllexecutable
MD5:805291A85F58787A38D2A30D47C626B4
SHA256:864DE39680B1E53CFDDB92231D8191074A5A15A5A1CE9C86C84423D538B8D33C
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\style_100.vsfbinary
MD5:F131394D6A272A978A54096071EB2D7D
SHA256:9DC1C71B59A6D33F5A1F7279B2DB69465F06121DF77CA11EF598044879DF4A0D
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\btn_wizzard_close_100.pngimage
MD5:5C1319C2237C35343D330E667B388B21
SHA256:9DEEDE6FD5D7B97BCCF772C81219FA371D3C4160308969C78167FF1CB9366986
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\bg_wizzard_lang_100.bmpimage
MD5:67B41AC61E784F9F5FC054E78105BFEF
SHA256:04A68F2CEAC3352CAD4FF704F00C1D486125305FF3E1538B9357E64DF7CA9519
396wargaming_game_center_install_eu.tmpC:\Users\admin\AppData\Local\Temp\is-839MK.tmp\InnoXmlParser.dllexecutable
MD5:FA1969E8A1FD8690DAC63C523487F790
SHA256:B2A37E406A18CDABCCB375328B13FA90D58E250ECD9866EA286E64D28AB536F8
4288wargaming_game_center_install_eu.exeC:\Users\admin\AppData\Local\Temp\is-FUN6V.tmp\wargaming_game_center_install_eu.tmpexecutable
MD5:2B8E9C42006859DA58FA764F8BA3CCB7
SHA256:0208FFEF990C47129E762CD6D2FEA649F4CA0371A29DE9DDA43CB8F14F9BDD6F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
1 304
DNS requests
56
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
396
wargaming_game_center_install_eu.tmp
POST
200
92.223.24.5:80
http://wgusst-wgceu.wargaming.net/v2/wgc_installer_launch_v1
unknown
unknown
760
lsass.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
760
lsass.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAp7mVqqBJlqgugcXJUsNZo%3D
unknown
whitelisted
396
wargaming_game_center_install_eu.tmp
POST
200
92.223.24.5:80
http://wgusst-wgceu.wargaming.net/v2/wgc_pre_installation_finish_v1
unknown
unknown
396
wargaming_game_center_install_eu.tmp
POST
200
92.223.24.5:80
http://wgusst-wgceu.wargaming.net/v2/wgc_download_start_v1
unknown
unknown
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2672
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2616
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
unknown
6012
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1156
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6744
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
1044
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 104.126.37.128
  • 104.126.37.161
  • 104.126.37.155
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.163
  • 104.126.37.123
  • 104.126.37.162
  • 104.126.37.178
  • 2.23.209.144
  • 2.23.209.147
  • 2.23.209.141
  • 2.23.209.150
  • 2.23.209.149
  • 2.23.209.139
  • 2.23.209.142
  • 2.23.209.143
  • 2.23.209.140
whitelisted
google.com
  • 142.250.185.110
whitelisted
wgusst-wgceu.wargaming.net
  • 92.223.24.5
  • 92.223.24.4
whitelisted
redirect.wargaming.net
  • 92.223.56.43
  • 92.223.23.153
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
wds.wargaming.net
  • 93.123.17.254
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
7016
wgc.exe
Potential Corporate Privacy Violation
GPL P2P BitTorrent announce request
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P Libtorrent User-Agent
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P Libtorrent User-Agent
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P Libtorrent User-Agent
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P Libtorrent User-Agent
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P Libtorrent User-Agent
7016
wgc.exe
Potential Corporate Privacy Violation
ET P2P Libtorrent User-Agent
Process
Message
wgc.exe
[0728/154119.738:INFO:gpu_data_manager_impl_private.cc(1550)] Falling back GPU mode. fallback_modes_.size()=3; system_shutdown=false
wgc_renderer_host.exe
[0728/154120.066:ERROR:gpu_init.cc(441)] Passthrough is not supported, GL is swiftshader
wgc.exe
[0728/154121.224:INFO:CONSOLE(2)] "Deprecation warning: use moment.updateLocale(localeName, config) to change an existing locale. moment.defineLocale(localeName, config) should only be used for creating a new locale See http://momentjs.com/guides/#/warnings/define-locale/ for more info.", source: qrc://ui/vendors-wgc-overlay-arsenal.2c82fed2ce302bd23ca2.js (2)
wgc.exe
[0728/154121.272:INFO:CONSOLE(1)] "[webChannel] connection established.", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
wgc.exe
[0728/154121.274:INFO:CONSOLE(1)] "%c[React][initAppTransport] Running script with autotests, autotestSource = wgc color: green", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
wgc.exe
[0728/154121.306:INFO:CONSOLE(1)] "[PostMessageService] init: start listening messages", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
wgc.exe
[0728/154121.378:INFO:CONSOLE(1)] "[Subscriber][Binding: overlay] No qObject for this config; ignore'; See binding #1 from config = [{"binding":"overlay","subscribers":["type"]}]", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
wgc.exe
[0728/154121.387:INFO:CONSOLE(1)] "%c[React][AppInstallationMonitor] render: appInstallation is empty; ignore color: #9c9c9c;", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
wgc.exe
[0728/154121.389:INFO:CONSOLE(1)] "[Subscriber][Binding: overlay] No qObject for this config; ignore'; See binding #1 from config = [{"binding":"overlay","subscribers":["type"]}]", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
wgc.exe
[0728/154121.393:INFO:CONSOLE(1)] "%c[React][GroupsMonitor] render: selectedGroup or activeGroupId is empty; ignore color: #9c9c9c;", source: qrc://ui/wgc.f1b51471511b333a9a22.js (1)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/wgc/releases_tTrHgLCKHBRiaL/wgc_24.03.00.6203_eu/wargaming_game_center_install_eu.exe