hxxps://www[.]gameloop[.]com/game/action/pixel-gun-3d---battle-royale-on-pc

Resubmissions

25/03/2024, 14:09

240325-rgmmmadc51 9

25/03/2024, 13:54

240325-q7ybdach5s 9

25/03/2024, 13:44

240325-q16n6shg28 8

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.gameloop.com/game/action/pixel-gun-3d---battle-royale-on-pc

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation	GLP_installer_900223150_market.exe

Executes dropped EXE 3 IoCs

pid	Process
5744	GLP_installer_900223150_market.exe
5704	GLP_installer_900223150_market.exe
4320	Market.exe

Loads dropped DLL 2 IoCs

pid	Process
5704	GLP_installer_900223150_market.exe
5744	GLP_installer_900223150_market.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	GLP_installer_900223150_market.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	GLP_installer_900223150_market.exe
File opened for modification	\??\PhysicalDrive0	GLP_installer_900223150_market.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 808036.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
4684	msedge.exe
4684	msedge.exe
364	identity_helper.exe
364	identity_helper.exe
5520	msedge.exe
5520	msedge.exe
5704	GLP_installer_900223150_market.exe
5704	GLP_installer_900223150_market.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5744	GLP_installer_900223150_market.exe
5704	GLP_installer_900223150_market.exe
4320	Market.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 2236	3248	msedge.exe	89
PID 3248 wrote to memory of 2236	3248	msedge.exe	89
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4760	3248	msedge.exe	90
PID 3248 wrote to memory of 4684	3248	msedge.exe	91
PID 3248 wrote to memory of 4684	3248	msedge.exe	91
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92
PID 3248 wrote to memory of 1880	3248	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.gameloop.com/game/action/pixel-gun-3d---battle-royale-on-pc
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff608d46f8,0x7fff608d4708,0x7fff608d4718
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,11101950226789574630,8797884099411288898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5520
- C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe
  "C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5704
- - C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe
    "C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4320
- C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe
  "C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:5744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe

Filesize
24.7MB

MD5
c5c17865d2259ad3cd7ab8ba92b243f1

SHA1
0aecb4900362bd49d29da9627d77c50cae17599f

SHA256
07b0820a44799b1af3853e7320e6e41525a3360fa9f7c888016de08cff1af678

SHA512
b228de4fef1da636cfeacb07a4b3ddc5ef835052fe66a1804805cdf1d6e6f091bab4839758ebfd80c1c7822252caeec4131f0f244fcc2bf1ef5516c8f557d083

Download Submit
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe

Filesize
18.8MB

MD5
e492b070fc1300a3b404cfee3c0255f4

SHA1
1a18850395a4c34fda47f5ca6bc8ff6be98711d5

SHA256
9da6570866d3d50623664a30ec549a9a5b03049e01ee1e6ee81b98c4d76191ad

SHA512
92201fe9ad6eda5276bea549a889b93f7788cc5f2de54de1258c479755c04347704d12b8e3ffc1faa0f401aea2b0db5a3d3e7802d53541036424be62538b9af3

Download Submit
C:\Temp\TxGameDownload\Component\AppMarket\1d218714941abf910cf39c6d4f265e7d\Market.exe

Filesize
5.0MB

MD5
049115cff8c9158dde3ef17e36e73513

SHA1
9f641eae5766207c07d4ab329a58a7ee3ad9b904

SHA256
52fac8822ebce480af2cf137f80c2d494cd2b424031b882248aa5676e3238469

SHA512
a01c39f06b235595bff603c30769b6c018b32b12d6dbd946f13c1afb033d89a6654105ab77aeab0ec036cf940928ffa30c1a29b73e52c3e53491cfd9a62cd0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1b1672d2bfa805af73f507cccc4e274d

SHA1
4cf5ef6bbcb34281dd573355c2842272bc8d2fdd

SHA256
3e97ccccfca34476e9c2fb8913685164d62d614001b6029ad6b873c9ad7cac6b

SHA512
713bfbacd2277f1d12b4f2fc995f51e9abe18bb0c6b983bce722049e5cfc036cec27bde7392b0b135833e48b8c12866bcf5a7fdced7f4de069ae592ba7c49398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7fb58aecbe2d221e1b68cf2718c32a91

SHA1
2ced36eaa12fe5c8880c094c2543dc761f9b8b44

SHA256
1367abed73ab7f4d3bdbd693fcfb8bf6563c600fcdbbdcd8273600c8f053d7a8

SHA512
7fe09be065f58498a30d53f2b7d361d52de74d008bbb65d8a2ce9c5ba9ac28dd0e71475edd977165b049a86887f23d36410359354b9891d462af82a9b3bd676a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3dbdf7dfd6c245718baeb4fb5dcff7b9

SHA1
87fbab4b6f401203117d753c2c03adebdb875e86

SHA256
46336d24e1e19c64d666233a4282a2b595e9559a2e762d2f34ef3282baef2295

SHA512
f18a5d915d625cfa248202b4ea9b0eeaed5fe70b8f911db749f2c396531596f4cf054df57f87733813a1ee36a77344865968d05e24c36135e33fb7d1119107b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c77ac90fb88e99482b48101e5ad00e8e

SHA1
eb78d6010e832e3314d06fc3617d8e377944b088

SHA256
9fbe41f8996ccf860257f954c4468620ffdd6b391f3a4a5d00bab3784b338418

SHA512
47118fa1973ae9d0fcbc90c45288a5543a8e7d1f5e63cc44499a54f8f1271de870b27eac3cc6a12968cdc4d6a0155890a08c4806b340fbf2a49e55efa7cf451d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
588ec1c59d09fd8ea7f0e5e0c7519667

SHA1
08af41dcdf8c20fb5ffe7b48e8d7c89dd762b503

SHA256
be6cc52648cee40ee6bf5dd074bb4219033b3e1361d51c875a338e18f518b098

SHA512
06e5eca0a5c0e72700cb0dfe712c3bc4c5bd70912d331c64bfe2a50c3e37f640a56375f0e302f18a9befe6babffa80c431d6ac86f2daf909b683c59968a18e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b10111c4bdd890611e367698a51edef6

SHA1
320e8b9b64d0e5d1aa2afe9c43057ee761a4f1c7

SHA256
791b32d99988ce3ae291d288331d1f52287db1ce8b787daf6d186cee93f0c959

SHA512
3236cea2586819310ef1bbe068ab1d1be8e81e12f46587ca66cb32dfeea0ed3bb255a84331a818f55de60f92486f1d589a8b728171063b107d737ac29cc8156e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
645fcc27395546ffd1afbfe536daf938

SHA1
df348f5e377f0d8a1aad774b2a47fa4d779f6be0

SHA256
d464df55d0e580e7c77e68a9d9ce529ae7e1a2921bde5c82c9d05a0a165119e0

SHA512
25781387b6249e5da9e8aa7486c14a3d2eae0c257a42038f55f93e7dc98493aef2ca8de26ca63dbccb681a6b1f9ccffdb50157dc76e662570bcea64c662865fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9e5383959bf25d651f6a4703bfa1f46

SHA1
65937d438bfb1a485ef7fb5509645620e459d07d

SHA256
a969630852fb21aa0c307cd297170f2cbe7311541e23f9d7d7a1539e2ce1770e

SHA512
fb46554d7e36355ebf7700ba29a5c5f2e1c087785c2013d373200cc30b3543b6b555e42005542f9345f44568dda1ae49dd7384e18cbf37e8ab4cd6b00ef30139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8676116b3aa7e346afcdf84762b4e7d

SHA1
c8f1004cd028cda23124e526289610ab6677e3e4

SHA256
2a4ffbcb0decbbf68159c68369a64524cc035a4ba55ea74ecace6bfc66916ece

SHA512
d6df040fe25a0191ce9795a0e51e19839fff9774cc01e87b1ddc391066ea26d53857fb2e67b320795be6ee40d8c65bed0a7e4481f0cdd01185f3c5513fc0df56

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameDownloadLog\GLP_installer_900223150_market_20240325_134521.log

Filesize
2KB

MD5
6746240cdea13d1d455f0dd2202dde55

SHA1
f80e6c5339d02a2986d2a2bcf6cd1fbab587e930

SHA256
78f892ca40cb3e27ec0a38500221bc4a8b06f3893dc941201b7386f3c71b98f3

SHA512
d4d27fd66b5fca486cf70fd91e684465671534ddac6946e18fdc39e1873327c20a52a591f8ac3c1e6f558c331e94846a91a55d25ca9186303bca240179b424d1

Download Submit
C:\Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll

Filesize
74KB

MD5
2814acbd607ba47bdbcdf6ac3076ee95

SHA1
50ab892071bed2bb2365ca1d4bf5594e71c6b13b

SHA256
5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

SHA512
34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 808036.crdownload

Filesize
3.6MB

MD5
0ac1fd602f5ec2d2231fe311777791e8

SHA1
52ca6ccd121faf4f3aad9e7760ee1a519b323d83

SHA256
bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc

SHA512
10fb445ccf904c20b1b3736d02f53bc43a3b9161465c6915c89a06e978be9e988342f40d4c895acbfdabf236fbdbaa87c8470577626cbc2ba1838dba48e57623

Download Submit