c26d260edf67eed0d104d12182ef69387effc61539345bf0cb9ff1526b5feda3

Resubmissions

30/04/2024, 21:29

240430-1b76tagb2s 7

30/04/2024, 21:16

240430-z4qa2afh5t 8

Analysis

max time kernel
652s
max time network
654s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 21:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

rpgvx_e.exe
Size

42.3MB
MD5

1c55e91c51e057032fb40bb3b68fb3cf
SHA1

1f11a5ae4b41458d921f715bcbfc6f26560898e6
SHA256

c26d260edf67eed0d104d12182ef69387effc61539345bf0cb9ff1526b5feda3
SHA512

a7bbda90c28171f928f1345c13fa30c6136a93a81f0d634b590d7c376aea3a04a5ffd06c7159402f364fd5c0dac28bd2b236bc69c960a824b3165426f484b31b
SSDEEP

786432:ZTCla53RqgkVqe5WFa3IwppjUW4ppUN04NngV6RI5dWsL4WXikGMXCAkraH:ZTB3RqgkcFa3RpdH4pmN054I5csLDXi2

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4120	rpgvx_e.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 40 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-8J1I3.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-4UEU2.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-R9SJI.tmp	rpgvx_e.tmp
File opened for modification	C:\Program Files (x86)\Enterbrain\RPGVX\RPGVXENU.dll	rpgvx_e.tmp
File opened for modification	C:\Program Files (x86)\Enterbrain\RPGVX\System\Game.exe	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\unins000.dat	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\is-97N0C.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-VHBUS.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-C2GQQ.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-OLBVV.tmp	rpgvx_e.tmp
File opened for modification	C:\Program Files (x86)\Enterbrain\RPGVX\RPGVX.exe	rpgvx_e.tmp
File opened for modification	C:\Program Files (x86)\Enterbrain\RPGVX\unins000.dat	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-8HG2K.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\is-DMENO.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-27KMT.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\is-CFPKF.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-BHV89.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-FTUEE.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-T1L2S.tmp	rpgvx_e.tmp
File opened for modification	C:\Program Files (x86)\Enterbrain\RPGVX\SciLexer.dll	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\UmePlus\is-NVVKA.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\UmePlus\is-OMPNG.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-61OAN.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-J2C5B.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-19RB1.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-LQUSA.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-IIPN1.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-J5ELU.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\is-5JQQN.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\is-71VJO.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\is-0UP12.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-KGSA4.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-7L45T.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-PO3KJ.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-H8QGU.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-00DR8.tmp	rpgvx_e.tmp
File opened for modification	C:\Program Files (x86)\Enterbrain\RPGVX\RPGVX.chm	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\is-H9D6H.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\is-N89CG.tmp	rpgvx_e.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGVX\drm\is-K3DKA.tmp	rpgvx_e.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 31 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\DefaultIcon	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\shell\open\command	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\shell	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVX\\RPGVX.exe\",1"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\shell\open	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVX\\RPGVX.exe\" /n \"%1\""	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\shell\open	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rvproj	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\ = "RPGVX Data"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\shell\open	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rvdata	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rvdata\ = "RPGVX.Data"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\DefaultIcon	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\shell	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVX\\RPGVX.exe\" \"%1\""	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rvproj\ = "RPGVX.Project"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\DefaultIcon	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\shell	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVX\\RPGVX.exe\" /n \"%1\""	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVX\\RPGVX.exe\",3"	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project\ = "RPGVX Project"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGVX\\RPGVX.exe\",2"	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\ = "RGSS Encrypted Archive"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive\shell\open\command	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgss2a	rpgvx_e.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgss2a\ = "RPGVX.Archive"	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Project	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Data\shell\open\command	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGVX.Archive	rpgvx_e.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2818691465-3043947619-2475182763-1000\{BD874EFF-A775-4F6F-8D59-AE609AE07D92}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4120	rpgvx_e.tmp
4120	rpgvx_e.tmp
3212	msedge.exe
3212	msedge.exe
4068	msedge.exe
4068	msedge.exe
2804	identity_helper.exe
2804	identity_helper.exe
3664	msedge.exe
3664	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4120	rpgvx_e.tmp
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 4120	4760	rpgvx_e.exe	86
PID 4760 wrote to memory of 4120	4760	rpgvx_e.exe	86
PID 4760 wrote to memory of 4120	4760	rpgvx_e.exe	86
PID 4068 wrote to memory of 3804	4068	msedge.exe	126
PID 4068 wrote to memory of 3804	4068	msedge.exe	126
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3896	4068	msedge.exe	127
PID 4068 wrote to memory of 3212	4068	msedge.exe	128
PID 4068 wrote to memory of 3212	4068	msedge.exe	128
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129
PID 4068 wrote to memory of 4904	4068	msedge.exe	129

C:\Users\Admin\AppData\Local\Temp\rpgvx_e.exe
"C:\Users\Admin\AppData\Local\Temp\rpgvx_e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Users\Admin\AppData\Local\Temp\is-93MVA.tmp\rpgvx_e.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-93MVA.tmp\rpgvx_e.tmp" /SL5="$501CE,43975581,118784,C:\Users\Admin\AppData\Local\Temp\rpgvx_e.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa54ec46f8,0x7ffa54ec4708,0x7ffa54ec4718
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6540173636552822084,7909116909161747501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Enterbrain\RPGVX\RPGVX.chm

Filesize
496KB

MD5
399f94881b398629b83581229f6240c0

SHA1
bdb9ec1334b33bd7b345fc5530ae3f4bd103bc6b

SHA256
f20c136e103f43057138cacd0d22d18af1ed4b483764f4614b8c8b7bd1bb763a

SHA512
0a6a54b99e9d18627dc14934f614380664fdac989f734043d7ce6d711a42e288e6754c98bcefb6f51f9cb48e784ef9789df932757e2231c427e6255852316154

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\RPGVX.exe

Filesize
3.1MB

MD5
b5de2a0bd436f368ff44b11fd7ce73a1

SHA1
7b624277858c0cfa7de4313a5b45cab417e0cc4b

SHA256
589b2ee2e304655abddc469fffce2f800c23514ecf1fe7ee24b8a383fb933a3c

SHA512
7d16c99fc9a4d65901814500df34a26a4af6abe555a74931d1b6b675ae25319f1b44f74e80707559f35efa0990f7e1a1431a2852560caa46664aa5702c47af4b

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\RPGVXENU.dll

Filesize
912KB

MD5
d21987a6f96bfd18cdc8a861093cbaee

SHA1
f45a8181f13a90c8e33c054205b889d52d3f2700

SHA256
fc731963517a8094534005a643a07fcd4e97f19741e61cd272c5f23e1f288c2c

SHA512
9c9555ca8de1dcd1535bc071dcc12b6b057f6a1301ae4760510e116da7ed5c60aadf74f487c937385a12fd5964835d89b5651d944b95bb9b2ac99959bdb1c781

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\RTPreadme.txt

Filesize
5KB

MD5
5a7e676a2818d1125648948d192c1fca

SHA1
74885ecbdfe94aec5e467e1ecc2290b085ae51fd

SHA256
3b52bc1b641b605c9e72c21081422a991ccd2e1e4937a1a415bbd9563d9af66c

SHA512
80736f2ab32f5e72569606b2ef7eeaf937262a20b7ab9a017549d97decefec2cfb514ab4097cefffee143142ed671a18d566efe3bcbee71e5471a2e584eebdb9

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\SciLexer.dll

Filesize
398KB

MD5
b2ecf1b4944332a452e834bbb572e0cf

SHA1
085cd40981f58c4ada5c523208e0cfcb631362cb

SHA256
7dd4e324fea8a6bf0696a71531b76c27e11587b2f40f1289c50813fa693f1140

SHA512
8040dae6c07229274f3a23519e10ab5eaf0930186ed670154699da416c05fdd9d56bc7ca13307105f8483dee370e51c08c8191c335632df64d66dae38273b108

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Actors.rvdata

Filesize
10KB

MD5
7f6425c5c28e0752ed4f0f64d5c68eae

SHA1
6956a2e2c74bf66a623543f5dcfc7b0040db289a

SHA256
0f7f9d129cbcb5b215ea21511b0aedefb612f105fc93cc9bdd0207aef038af00

SHA512
eaf0abaca73b4baa921a15338e39bbe7e734b8cb10a8980db49404198d13e546398350ee234aaa82a1d5818fd13ef54bc496ff2121812ff5a5a1454896fcfc18

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Animations.rvdata

Filesize
125KB

MD5
608a4a2fcd660a41b868d1de2f931732

SHA1
f1b8398c2770b473330a7313e6ff2acdaffe5f2d

SHA256
fb763d839eb731394b01e7e6a9c5dfc560bfb5c799ceafa34effc8de0c17556e

SHA512
9837cb950f22696429dec115013f0838cbf0e1703432b87e767afdb7501dd176d242daf4d26ea30e6d8f38d8302a2a37c38fceee50f2edb90c1d45c40e10631a

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Areas.rvdata

Filesize
4B

MD5
2152f084181d2f2a98857594f8a24945

SHA1
d5b5059f5b0974e89a84d8571c23271779f99970

SHA256
c5bc4c41ac7b4627483446a853d2bbaa2b33b1cebbb54a56dfa2a0615079b4ea

SHA512
d3e5d29081cb7603d155af2bf02be1b258e4493f14a154607861eb8d473e3c123f81fbffc77b5afcaa1813ce4e31f6adeff3ab61214de09795bcbc3a19e5d857

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Armors.rvdata

Filesize
4KB

MD5
287c5ab16d8c0e8a05ec06718cb78a6b

SHA1
0456eccfef94850a929f52437552fb19407b609d

SHA256
87386d9ad98ea97d8452af173f83844db8f3bc26648a1137bd94e85cf2b068d4

SHA512
acccca5d4ccdad53595ff29d4e636a9aad621cc31997de0c7faf0bfd9bf919e7d4bef1454df5cc64dc253a05d918bd27ab4f17cdf41ef6c5a7f2179dd28a20ae

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Classes.rvdata

Filesize
2KB

MD5
cff9c957e4048bed7dd262f69fefa802

SHA1
b1bc81589350264dc02703437a2f322310961075

SHA256
e423d256487c8e7adef8a843dc5f63d4479ab99b100a7dbc7685736e922c07e7

SHA512
4b1e70f4501a06c44a7fee6a158aa034cb68fc26d311ac8ff93bb272265da0ef1c9b82a3ce2bf7e0de35db738f89aa1cba21c903af7a271aa42e2eaf1e9c38a5

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\CommonEvents.rvdata

Filesize
492B

MD5
50298c255884cc29fdd3bd5470ea7f22

SHA1
882272e94e2a3df9848c26f718ddeda30acb4740

SHA256
f019ec714e780dd3f966baf516f13b762630c6defbc351001c1a5e32f829edfd

SHA512
95ef1aa85d6adfa678a9ebe66b00a03db1c56fbd8831c5bfd59220ae06db10d8d7b3b44c85068100f5ddc20be62ffa74bac28f602ed5298b0421dc54365b5c4f

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Enemies.rvdata

Filesize
11KB

MD5
7203c3290a9c7d5eaf87f9c28cb126d5

SHA1
b9463946fafbae28d6a098192c2234396f9c2b63

SHA256
2f112c6477429bc30e1ca76c0c84d84b18157b923110a39da0747b19c9c932f1

SHA512
6a3e35c61cbf5c4098978cec1bb653633241b69c90b3d7768760246c2bf035e3153c26b8e833ade567badc0c760c2ddb682ac25dc9100b5f5a96b80058a9ecab

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Items.rvdata

Filesize
3KB

MD5
fb290562e9e44eba898c1350d5186686

SHA1
2896eb7b008589d84240caed09d9b319dd88063b

SHA256
a330788e73d6406cad8e03b27323f333e6384bbde20172b9293a48a024d7e8a2

SHA512
7acdde7b1c4772725ddb7092a9808c1039e448f5b10a1a2523a7ace52e24b97baa7b9c6da3276bf8f8e558daee450424539412453af4e70e38a80d0bf48d910a

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Map001.rvdata

Filesize
58KB

MD5
e655defdd5902719e020d4ff69f4dbbc

SHA1
dd7662cb37f92ca61df9870f51b9347529295002

SHA256
6b6fe940dee5e6a86759f07452efa243c9389de0589958ddbec9902895c9d07f

SHA512
2c18f6bd39c243fbc0a69af1a0132a71caceac11e622489676cd020c1df4abb3eb47e85c875b21bafb358af355e2532a27105b43af05a669475fad14e8a03efc

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\MapInfos.rvdata

Filesize
103B

MD5
5b15cd4ce9f366adc12dfc13df35316d

SHA1
20c6bfc70144906159d322f3d4bcd4ecad4be190

SHA256
10f028912de3293035fca1b74941428b98d6e6c2a06156ec5f10793b57da5903

SHA512
5d10337035bf27806b2e54adf82fe1059716dc8a03653947abd8b6ff87c55cd36324875c8df8af66e3428d86ff5067a79c222fc595017c5b1a0b352893266c9c

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Scripts.rvdata

Filesize
104KB

MD5
00024264f3afd8dd745f111b4ba692c9

SHA1
ca5fa384474c06bf13b1be8fe37db342c0867eca

SHA256
d985ee99fb2d3552517f3be5244324d09b01adb9fd0cc760df877a3da231521b

SHA512
df64c215295fa2e2d0f0532872858ce2903bfd5e20263a6fd828d7255c3be748791bca4a2406aff0770287fa57708a4d0f3cdc04370dfaac00b21fd3ac8fe38d

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Skills.rvdata

Filesize
12KB

MD5
aba618ea75dbe23e8c2594dde93a1e9a

SHA1
30b2802445c1b0b44af07b6af902185b21b4db5c

SHA256
be4b731a4ba7d5480f640cdd9e2b4f8c6483810a7320c0dcb770a9f95307ff06

SHA512
919554948b2e41df8dd186a0a2c4275408d8058b47b9eb5b5d2d349a01ffb6efb08429256750834ce986ae4e946ea6fe996ab9cb12aa9e3af4b8b97bed81d982

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\States.rvdata

Filesize
2KB

MD5
2a76328304bd04cb9d4beb54b6765268

SHA1
e59a1d991d9015bf24c983330574f2f3b2d92c3d

SHA256
c5218a87d2c4af9d282dd4bdd3787d483fb6c5061ea6e5ba7209434618e23f65

SHA512
a03e2a8bf16cc95c0f5407b20b649cd729568ed6b8344cf4289b1c2f6a7aa255756e4e72741c4a0f517111f1386d503e9cb93e971455c12ab95801106736b671

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\System.rvdata

Filesize
18KB

MD5
5f058990cedbdac9e4ddfc51964d90c9

SHA1
bf5e27984584fa4f5dd4ce6c8cc810ef4a49ef41

SHA256
61d5c7fb21bc3ee98f67c9a541a175becd2f023e2fb2652149f2df471fad251f

SHA512
fbd25b004e29a3160feccd3d73e98abe811b298d785a2f428c33cbc7eb3e2a3f4605ecddfa96421270dd1b6bf19aea023be8b1ee1e75097ba09ee603264787d4

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Troops.rvdata

Filesize
4KB

MD5
98087af9bff94504a525582ff7883f1e

SHA1
da86a24092e4429dd1501f35c23ba5686670a8c5

SHA256
c0d432aebaa8b0c3276867483bd1624d8afd0852d8ec7f962122091dd0fb4f53

SHA512
39fc410093f9e5c93f1d173f89312020e2e3d3b529df8327fa8083ed8cfa5581fb5b8ee11a27138ab88445c4906b3f85ef7d79ce081075fe03a25c37b762bdf8

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Data\Weapons.rvdata

Filesize
4KB

MD5
99f3ff7a4982ad3641ec85d5edb21768

SHA1
00bdbbfa08e24988c829905a6b30d43e4a49c416

SHA256
6941a0c1d9d84cc73788add9ef40311d9284176b59c788af0c5998edca8f174c

SHA512
2f2581655886ad53826101c625250dff9830617c9c923ab1d590cd7e3aa2842868aa342751fdcd0d4e10d0c28d3152b3853b424cd69b2b21795483c68ef18b72

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\System\Game.exe

Filesize
132KB

MD5
f31d9fc3a733cbb13b7d0041415a77b3

SHA1
fa5cb865879b28de113d7654666bd7f3f3108a49

SHA256
771017ca0f9d18978a906d00cd4236c8e9f974f3c7388173492ed8f92901a7e8

SHA512
0e265e043158773070a574f04fbdfdb0f6dadda9c04aae42ee5058ebb2c0b80c64d80d37b6ef8a8bb9cc474f41335139a1f5192ae9ade4b5812b9ec190527a11

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\UmePlus\umeplus-gothic.ttf

Filesize
4.3MB

MD5
218435e8488e6340b18f8d2e0c3ef959

SHA1
cc5be2feb8cd79abeb9cb2d18226d7667ce71159

SHA256
4253ed2d08a97e6bb39e7d5ef422fe30abf93fb87a57ae8c055df00f4047a623

SHA512
f12fa4f84e4aab0c26353fc6962b1916e719fd513bdc8519706c5dc099c3c3340200038d39bd6d8419367e9902f7c6b2b0177726ea120ed9de1b7b6b70e2a9ce

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\UmePlus\umeplus-license.txt

Filesize
2KB

MD5
de93bca0e6136bea68230734c06e688b

SHA1
a594202c6076eb5954365b99f5db4a6b80e95e02

SHA256
091700abbf67dcebc1c5335851029410bfdc9b0ffbbe56e6c63f1a3eb4b654aa

SHA512
358266b7ab0e1b8b27c6ed327485fdde4b52f2bf54001b770c48b265e92f3ca78bb6e50dc7ec76967ed858d241fadbe98b023c83290955be29589cf9e3f6390d

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-activate.png

Filesize
8KB

MD5
592adc03e205672e8a4f790f685c658f

SHA1
70e40b322ad187e9860d3619edac25d30624d17f

SHA256
aabb33a465c18dcba522190d57100cf3e07107651084275645785625f3f4ff7e

SHA512
c21e1eaee0ced3e57e518bc72c87b9cfa615d84d44081e868dcaa4f5fcb95273028a1ebb7854d7feab098973e066a607d586b537b5ad2ac2a04f88e7048ec03e

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-background.png

Filesize
641KB

MD5
6a75ec058c7610ed50df001ef0157ec5

SHA1
1552f63faf191ff57b5088de628d749c463839d9

SHA256
aeb1f0e955ced04c5254f972faaf979fdfb761fe0755eb6d68789b5e42863495

SHA512
fcc0ce99ea2ba2c87a86e1eb166df2603f3a86954ac7de355ed16251fec58f55a9ba62f25d6e1428d428c3f7064aee9b3d1a012b02e224cce846cc3190c50551

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-buy-now.png

Filesize
9KB

MD5
ffffdaaf9f1c7c47a4761df64f4ee56b

SHA1
6a3fd89cf56f9341bd872fad778af56f39a418f2

SHA256
c4c87ffce5df52d6acf28a94aa5414fd7305d44825394fe4cb809ca20e6bcf54

SHA512
b19ddd75a6a6d1dc44e70c30a01c7474bed5eab02d366786ef063be756a4993896038f0a368a00b5e383d639005ecf1f2e0f1d4223133b0b40340f8d777d0c2d

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-cancel.png

Filesize
8KB

MD5
f09d55b8cf19610a2627e06dd0952856

SHA1
f8835c697d15c03efeb30cd14fe707ec30fb2675

SHA256
d7fe0116348622b63511cd0527c00914797ac4689e1ac5473b585ed9760aaf14

SHA512
7807cb81efa99c328e5eaf138a1d4d17d15c1f103645ced91cd3afaddc38316d9c71d4b1fc61ece995d6e61c7f37b458c6f78c32d692bb58c69c79e8382756c9

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-continue.png

Filesize
10KB

MD5
ff708a85d46bc03f24dbf1e5119aadab

SHA1
39882cb9b2c82f8d1fbcefe1e0b0b41acbff5205

SHA256
dba7d3497b93f4752169ea3b19ee9a2727aed3dc0f58f722908d77e315851497

SHA512
f1869c1f5f46d8d906cbe142aa4f1b08e21ce388265e80622dbc099ecdc1987709a20546f8b33018cfc4806d8c4eda3e1b4ee1f362a77802bc0eb592e30c3fd4

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-enter-key.png

Filesize
9KB

MD5
93634f19561211768bafeb632327f1eb

SHA1
f281989bd5adb3a581e4d3f1fa7408d8a8e377a4

SHA256
f7c0a0d2ad9afacfeb7cc5a88a1e697a3303d7745b759d66d8d2a2ce98cf919f

SHA512
54d8d703d54fb2b476ae6c3e7acb59237ddda99fe9e89cdbbd7bfa27ef16b55ed0fe93aac8a372ddd89a4dbdb3a08b82c4967267c6a7f881af1dbee3f2ff2ec6

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-key-box.png

Filesize
3KB

MD5
eadb31339a5c394073a734e151ad0fed

SHA1
54132f04705eed3f109e8c0139a3e00c42345379

SHA256
6ec62452f556a7f1fbe39855c719795064a7467af6ebf8b9428ff17ba6f2391c

SHA512
d4b2a97aa17c395a3f206bb5245ea947aed11b1d3d53aecaa9aca731d570d23a718488dc674a2bb5f797c3804a9264980f19b724ca657eb97f19c7ccc2776efc

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\drm\drm-unlock.png

Filesize
9KB

MD5
874f7d1c5dbc62eca93226a0a0d1b69e

SHA1
f991c2694e7ad66fef7fedfaf9d5570b06ca52fa

SHA256
9e79ac74da3139c652e8008255d8a19e13c85d0e0347cb173c31d2765e831810

SHA512
fc88aafe33f09022afe9caabe7d749526444f9f000f0f8ab0998cc395959d0057f8209e1ad520c5be829b0f2e1d0fb3cc4db3892ac987205ef11828d3afa8403

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\unins000.dat

Filesize
8KB

MD5
cf3700ee139b7e0cc1e5c6a7a296ac61

SHA1
c37d6ba94b293d8e3b28ddde5688cc33d21c34f7

SHA256
1c49680d9cc137c866c53f916995137e25eba144c9553d0305cc84b2203442ee

SHA512
6277ccda882844d44862382679d314e8116e7a70e170b4b80f932717e4785f2910b661dccc3e6684d775cf291fc0d3571ac3891b8d3cce2d215275ec972f5043

Download Submit
C:\Program Files (x86)\Enterbrain\RPGVX\unins000.exe

Filesize
1.1MB

MD5
424ef8e8cd01063bba375b3924b29d79

SHA1
b6cca3d481b057563188799abb2038b93615886d

SHA256
062778c579fb6f20524d005a2a84d52c943488baafd2517053883e8993f607a2

SHA512
45cb212957df22e229d52a8418cb268a328566a51486c64a2acea95cd8e211066990d6eccdb207f303af3e6f41637fc316c51541f8ca991f5dcf4b4b736a64dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
19KB

MD5
2857adf1a9605ffe485d8fc987dd9fed

SHA1
94e412468c687d6c43dbb9427cca3eabc23944c3

SHA256
bc7f037334953f85a56ab92753e4bc429815445ff54e727e9cb69ed097d5161f

SHA512
012e1b52dfdf8dc00633569ff161662133d37cca4df26cbbc273b0eb6cfe52c1054fc8d5036dca26d754fe21e014f5e978f334f4abb5b36e831182489272fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
f266b5b7f7a5b8b30286eaf784a209d6

SHA1
6e58bd181829f56af501fbda274bc4db888e42ef

SHA256
485702c015ca106fb1fe168d023a0bb9a6d5b144480231b601b4207df86882f6

SHA512
592b950f752c1b17d8863a8ea28641782ccb93d0fac91e4f93812f0adecb0ec810b831ce45c7bc79d89ce6212ec30afb143d8ddb11464f5407981880e2723ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
4213af90b298cc5da447190ec7f82fee

SHA1
3c923ff62d26a2e6ed1e0b64d9345a5075e2eeb3

SHA256
c2e0887476e0a35bad15b1a036828bfe44b405684fc1658f76527d5e92add8e6

SHA512
9d7c87af09ee534097316f776d95942f61481858c720c0cb22776a956555467af39468401bad565ddbca84ca4a22a362d3d2ff6eafdd68bf13295a1ca0520bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6c5efd27ef81901734cbc344cac1bb34

SHA1
4fed96124c9e124d6033fcc9b21a0cced304ab76

SHA256
ccf28ade93933a85c0b4f9c90e7eb3808604d6e144d925744e5aa69230b7fb11

SHA512
e68b599135ee3f64263fe9ca8db991e45875c8eb2448b5250399baa81b5159e2ad1cfa01e60837670e8c05b070159ba2e7f374775d309e354ed494f912d514f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ed17f5148f6a39aecba566fab850e77a

SHA1
d41179f76e803c9ff45b1be8f5973ce965917b70

SHA256
d18193114e6f0487c0e0c4a0a6f69ca56788fc249fec2495dfef257a1962c2f3

SHA512
4437dffc8afba4d843161097078b46b81f1491eca1aa6a014add29b9c9c742bef240eadd945dd9258e420344b52e80f9f19e9ec6616841b3d76835edad3da5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c56ed0000c282f64a21e733ef6da5c58

SHA1
85197317c057f5ce33a4cf3cf7984513019d0689

SHA256
792177066d666afc3b93972d0ad9afcb1cb9b8dedd0945c97b14583fd95898e3

SHA512
a68d84f8b8aca9588c0507442da3d4ad332c19effeef7eae1989de8f2f161f8bb11f8663d033d4803d07d4dbd078a973a67b3a38f195a3275978febe9bc07111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
051d2a9cf3ac2a7f4c4053d665aba9a9

SHA1
e482b96cf50432715f8fc249830a9ab3f1d6467c

SHA256
6b7b6c1b9eab14deb038d5d75125215587170f13d04e29eaa051b116bce19204

SHA512
0b97cb6dd90805615efe421a8a33ec50587425c237eda6eb180f02b2c194c63dbf1272eb03e7a86f2482f3f20ae6dd2a13c460ff4ba9cfa50e6b21125918508a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54ae39de632b2ba672d17cbe542bcfb3

SHA1
55c7d98848535ea543705effb2ecdab272258e0a

SHA256
c09fea4533a58d6c16477f7a9e32b5b082b764ac718999a8e28849ded5b21afa

SHA512
a7c819bc1ec6666c0812978684a771dee2e6254ef3164268c6b8ee12332eb19eb01bde2a0200b918e641c91e41c8a4ef28b1918a2125a5350e94dbd8b1928537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
679ac6fb14f2f479302f4f3ee277c8b0

SHA1
8b9b37fa0ae28e349f532b8aa12dc2fe8a3b2e05

SHA256
a9b8b6913b5ee39803bcfbd84f1afadd423581b465165942034663cc6b963565

SHA512
5cbf64a6f56fcb9420e839d79e2ac7bf22d94059014b83d67db341aed9b84ac4248cf8041d271f32923db7fc8351d0dc2e5f9583a7246aac5064103838b01a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e43f2387e0ee8957e60c8fcc67f9a801

SHA1
2b4e9599da0129e3d49f6bdaad678fce7da6ec71

SHA256
470c74ff4be2f92cff8452141b3b37bcb4c4465a7e800be40a088493d678db9e

SHA512
589c6592bd111d6e70753381a91a5da906551520f3b975d74fb8d501b73e80a7c0cba9dced29ce1b4e94260adf6dd300c12ac135276e2fbe8193a8512ae41ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cd8379c314855975f99563d3d36f8ee8

SHA1
8adc62cc20f56326e55a53666acfd3964aef734c

SHA256
821e4a4fdd449870c5ba710cda4bdd5a7cc5853049b145a799b3b94ce6e77df1

SHA512
62d48e2cfe99f845090283af3357153f1a9f654d7e15319f84fb52e90f51fec7656aac828fec652734042236fc5c7c1501be6ca47749caf4d2eadf95afbd2ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
125d8764266af77299d554276dd5723c

SHA1
b66454567326d335318ce5c237c54fd213051185

SHA256
bb5fc11f9f31dc1e9d3645377c602017b08a7e33c371e0d88654b1c1f2aabacc

SHA512
774ab4afbf4d2f0da89f0952e90f03255baa7f938b7363684316ec137265a11d4155039a35001063386e94a6bd64c90977ffe6e4da83a0ce0f6423a04b00c8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dfd2dccd64285d75f3aaa8772804fb97

SHA1
7a0bd2664b5534a03ab20aff7209cff541ebb23d

SHA256
8e0283bfb9de0f22435e15e5ecf6b99461ddbe4d7a1b9e1a85c5c13e0c912643

SHA512
a752b731e25aa0241ed83dc4ea10e294fcaba6614fdc34e86d5671c87e9104189267f93650392319286f7257b257eadb9e222ca0f248d301dde35b51415fcce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
740fdbcbe154d64cc0ff0ec169fc2a39

SHA1
ff2579804c3d4d98a6baf7f41b5d7a5f2ba0997b

SHA256
9dc0a319a678410bdaf1ed17045d5c302e20d44d931464371c046153037dc9ef

SHA512
f79d32ef8aceffea5d68158437c27ce543f7c285341e905125fb81a84cc31b48613eacb32a8e78cbdd361be0a62c49e6cd35a7c1142442135d1aea41eaa5ba9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
647aa436e5999c8e92d20e396a1a69c9

SHA1
2e9af7085733dd3ea768387426b90c5d8e3804b7

SHA256
1c88d941cbcf720f71e691efd96a309e264e595b788f9b03227bb06f72f7cbad

SHA512
ebf7ba59b5e2ffa2371debc6b0acdd8737036b7f56bfb890b84bd2ff3d586470d91e574f346b8903d0638ac028bfe446f963a12d46191c2567832eec54163f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a96321cf2b2b97827df34ce51d5e4336

SHA1
92d5bf3f42d4d3d93f74e7d1b0c7a5da53fd23bb

SHA256
89f21f23f1de1fbf214b1dc184739853107287931dd7898775c1fddd24b818eb

SHA512
59e96ecc743176d50431c96497c44c63f8775a0ebbdc070d81d90d11c55f3c6cf26fe80f57c466b4686513e37194f7c39c57a83c0038042204df27a6f98808ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7a8aaafa005c716fdc72f487bac7c2f

SHA1
a88690734d863801665cfd864a8c85ecbfbab340

SHA256
cd2d1af060acc74604b35c6945384d7a63008b86fccef7520fdc2af8810e4a16

SHA512
7af1bad8a42b84f798f7ad0977fe412eb0d0193253125e6b4ab7592c52e463e93756daa55ea04309119fdeb5faccc42b6a16ad8052aa48954418f46aedf95184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
228732e29bdf8ee24b8605a9949d5353

SHA1
7e81693832aec0b152b01fd17556038a4dae71cd

SHA256
00ca9ea6f58dabf0f5edd40e60315b7838028f8d187ee7d3259ada6911520a45

SHA512
d3bd88922ba3ad54710afe977cc015aa3f54ba1f8798ad07439f568057b311f2e42b4914f3526eab483860c558eae738c7930e8e8f09065f67eef6cbd1b4ecef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba399baa70a277e630e36ac5e2f449c0

SHA1
d57ffebdb6b8c60b7e1311a0231fe0e96c8f68b2

SHA256
b24dd5d30eaf235d2e021b64d825c4f265158dc7bf5c09013f5f7e143492eff5

SHA512
bcae82862e883c1ef685a58150b713ab07656bc6bee45939d1b38b6e85778fb214485f72e2c51189ae4ea9c14a2e702a0b24f7b12a5d93818dd761a079106a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e6a0c167bd59e3f01746cdfd32deca6

SHA1
3e5a0ed775470adca8ae4b00c1f857633c42d007

SHA256
20cd4970710fb91981038eaddec33fe0922a4a64e07bfbfc96f9116bfd336495

SHA512
ee711912d9bd068ed7c6b0db29bb2e9a554ce251b5c7e02ef34ee6b03064701d316e43a902f7b6511bac79d70c0f131add2fe7edcdae166bb35b5842d83b56e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e433280a66c254d61dbb0e94c601d730

SHA1
3ed6622dfc76bdcf6d19733251427882fc74eda4

SHA256
d56772cd486c59b4e7c9f8ef56f9fc9d376cd0c3e019d440ea8a57361f62f7d1

SHA512
2996886bd9c05f80d5aa93a2a3408123a7d988f01fd5deef802a5596b8ddcd562cbeec3897ef0e975b15fa4d1b4782c657f5c30b73626e24d63fed87d068ae62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
851bfb6b937c3004d024b3f5463b371b

SHA1
899743c5bb2159cead1cf8694773fea6323b3413

SHA256
130737f9d0a2fef6b06852b413392a131e027589193bb77665dbe25e79aa074e

SHA512
81d8eeb31ea64d97072211180201f589f68e062e6e28aeeea0a25ab9f1f21b8ed32db242bbbf3f72866ee037c7a82126e95c4481465acd2afbb320d5313a539f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e556100ae0d720a94e6c5f349909b7aa

SHA1
93661e57a9dce6a6f8879ae98385aaefd0788249

SHA256
8931a54ae5e565e4d0424ab123b6ce58bc27ac5099fe1ad1ebf0a391b4cd57c6

SHA512
5896733bee6348bbab85cec599bb8f44ce0fa90a64d69990f93f9a9f78e18d0c91acb8307fed471533c7a84983eafc5914083f537bc070b0ac0a54151ee23bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36440364138a2dc044f67e5e78a5560f

SHA1
723ef90951c305f5087eb6bb3822f24ae650eb26

SHA256
c2b21e3db6e0bedb42ee4936ccedda470a0a8155ef1d22cf78ed8be2008589d3

SHA512
d9c0aa5cb8d91c7e8dd114943ea8214e52dbabecc38ddd07e7a64a968be01610c7c42c156dcc76c00d2facf7fd406988c850c5fce1c1493204aefad3baa86cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a6585b1e56cbd5714c3891ff1dcfdb7

SHA1
3bfaf4913ee1dad31d577be2a4dcff8ea57f77b5

SHA256
9577c549cb6d96d6dd09fa6b8e37efe4cf2b0feecfd83749a1313be63d7981c9

SHA512
35ca97e05407b0ccb91da217c2b10d46df280eb679ed3a03e0eb8e9a788954ba7030062a5c17079d7b684cefa4675cfed9553da35eaa0e8097a8c2c723dc4872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a20422c352f8e00bc1eed43de8e5c69

SHA1
73fbee6b6c746838cbf2441a453cd5e810140e3f

SHA256
ac569d9f92034ca16c6ae01626dffbf104d0492269bbbeecaaceecefc66829ae

SHA512
8c74704e5aa19b2fc40c65f5f2ed2e2adcd4530762b26bd00436d4b3fdd4385bfd7a9655a753b57663f3f4f376baef1a526c152770109ed81f9b9fb164225aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c80f15b7386ce25d1b2657fd5c7c6442

SHA1
f4e51df4fe294a54e4948a3dca49f1c2d65a2a5d

SHA256
86766bc1678500f06a8cab2f2b6e226ac0fd73c147a94c4ba4ebcd23554edbd0

SHA512
e519288ab17b3fcb3459e27829fb2fea06446573982d50222c620a23e66b3b1612a26c3b2d4fd94fbbf71d159be0e7a7d08f53c99432bcf245de9954c55b17f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a4de8fc3797d3f26792f7f64e114896

SHA1
0aab2be8ca6a3bc2b7ed1995cd623a95409210ea

SHA256
388a552e46386688dc86707a0ef8ad2f65a3e74934d0380b53fc1f104d4fcb18

SHA512
99d06a313e7bd4d41901e43c0f241fdb2519ed4bb8001b99cfc584555f3c9cc623e36713fad8a98a851b3ae2547e6f9dd8e04aecb4b42d89aea83c4a92396675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b59d3eb9e2159472f5d6279da560a464

SHA1
1428aef268857cd7ba5de104d0a84e6af471c55c

SHA256
47c0354587aa9998ae73f43177378ef215b73a2dae7b90f1ee7120db93797e6b

SHA512
5561ecec98d0b5e9708b281bf2c18626268d273f2e51376445ace88f181d19dca0be43e93e05a464f2dd8c41d22b593eece0e775c5671f471135e858bdc7fc43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05d7409185c5e7bc7b51cfc2d80c9445

SHA1
058ffee576c2d4630e201b2a04ccedf59bddcca4

SHA256
dac9f7722b31fd117176dd2f5a10b3c600130f1e6088e6337c12a6437bcf3a4a

SHA512
64a51203b9a376301893fb39bf879a26f85b57cf9216881b3937f0d201f86a0daff09d504e36c81fd367a0c4c6085399ee692080b34dda1f2c41d5669d28a6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40c948374ba222e6b1e71970f9f6c91e

SHA1
cb0c26b1390dee40bdde720b44b458b18eed2e1b

SHA256
f4b177fa1875dc0269b3b254b5fae3ca4e3828cf518289fa6127a739c71af384

SHA512
8b848edec427f9e11676f27d3eafe4d6c42d70fd73034a3df108c7ecbee22574b8cb28797178cf38e34305ea2e77bcc86db5f676cb20e97141b184cfa2d3e6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8057f18d26e8c2c33caff46cfdc72845

SHA1
24407342425d7af30a90bb712e39cd6b9193c815

SHA256
7e0435689be7ea08891a74f2dac9c5b6827ca093a39156f040e35b79c957313c

SHA512
2746d22051cea1977fb0ea892a63ff5cc51d59a429f1f91da858131d6b96e3bc012ddd537e0c70b55e0cc3b37f0ded55b8beaf4973e91bd11345a9b6d685d6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d13786a3b9c77038d7869a0677c1a3f2

SHA1
0c88ef40d37eaa80fa2adb678325e3c0295aee9c

SHA256
26ad69b5ea5b25c8af48d7354a0b07dc145551af6f69e29717312a5b79aba26b

SHA512
7d7c5e1293ac8e343d7519f17d972b5130742063f1ce7584ae15cea915a3c172313aaace670a92373a0a22778b6ae224ab5d545ee0fd68e7f6a2058288c7f501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c88b0.TMP

Filesize
538B

MD5
0f25dbbceb60af31c8eb0d43fcb6c5d2

SHA1
3621e1e4523abd70776cd8f2651e4c71c86071ef

SHA256
c0bca479fb1ba12f5fc2401003e2d00b6b91afdc936685f4ebeb5ebf778d8602

SHA512
6ea286dbf080f4750fc232a7460fdc4c4453bcb7593dc399a2c0ae0f1b960c2f9454607a4cd4cb08997ca60eba83af9a8ea0f507e8d426985f645878bea3281b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a312f6cc997adab8e5a79a04187468af

SHA1
5fd94115e20ca3a67c07889cfca8ec166ee037fe

SHA256
11b4d6943d85a84ce7f0a8e521f0673c94a2ec77c9cfd11dc4c831ba55fa0d3c

SHA512
dd9a26198bd176a534975e149a127bef65f32d09a8aba2c532a3d9187efc9a026e4b88e95baf11e68c690ca6ddd2875d4483ea92f538950fb21729b36e74edc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1820aa54c59e0ddd14418f7d8909d0b9

SHA1
4f238c6ba225b5fb3896364cbd98924dd934d0bb

SHA256
8b23d471f28b636c7850ac470d5ecc80aeed24939c1ae7a8816f5b4fb460bfa9

SHA512
d7c67db38bcc7c6d5e1bb431f8f3207cc29b66b2434c04b1637b09ef0e85b4a5b088f321f215e0e42125ab966326a9e7c967e2b59a6031c37515e55fe49bc59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b2b507e4d585cdb1da683c91e12a805a

SHA1
5c67a410ffabd9ffaf356350acc4e1637a1e120a

SHA256
b58d884608795f2b16793e0c3cd05ecc32308b9842b02883850c746568beca0e

SHA512
967d254bf98c826e3a5fe821b9ff49aaf3e54d754e922e369d12373d27ff9be9183b5f31db5861f806ec2ed6f9a995fc1ee89042cc79e53dd5175188f857b8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-93MVA.tmp\rpgvx_e.tmp

Filesize
1.1MB

MD5
63b15124be653dbe589c7981da9d397c

SHA1
af8874bdf2ad726f5420e8132c10becc2bbcd93c

SHA256
61674b90891ca099d5fee62bf063a948a80863530ab6a31e7f9e06f0e5bc7599

SHA512
339b284b5dd7386dcfa86c8fdcf239a0e97cc168229ea9a66fc0c6b26771401fa7f27c2c6a435a836a43ea9c7e634a3e47ec77e0d27985794bbb4416dfc97ac8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4120-7-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4120-58-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4120-13-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4120-16-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4120-136-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4760-2-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4760-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4760-12-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4760-138-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download