32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
954s
max time network
950s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HzzmhLyDZBovTPI4T22zacrusoE1arwEga0PqgHu.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

sixtyfour.exesixtyfour.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	sixtyfour.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	sixtyfour.exe

Executes dropped EXE 5 IoCs

Processes:

sixtyfour.exesixtyfour.exesixtyfour.exesixtyfour.exesixtyfour.exe

pid process

1000 sixtyfour.exe
4304 sixtyfour.exe
1096 sixtyfour.exe
100 sixtyfour.exe
3536 sixtyfour.exe

Loads dropped DLL 13 IoCs

Processes:

sixtyfour.exesixtyfour.exesixtyfour.exesixtyfour.exesixtyfour.exe

pid	process
1000	sixtyfour.exe
1000	sixtyfour.exe
1000	sixtyfour.exe
4304	sixtyfour.exe
4304	sixtyfour.exe
4304	sixtyfour.exe
4304	sixtyfour.exe
4304	sixtyfour.exe
4304	sixtyfour.exe
4304	sixtyfour.exe
1096	sixtyfour.exe
100	sixtyfour.exe
3536	sixtyfour.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

sixtyfour.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	sixtyfour.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	sixtyfour.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	sixtyfour.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	sixtyfour.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings msedge.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3984 NOTEPAD.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe

pid	process
3984	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1848	msedge.exe
1848	msedge.exe
2900	msedge.exe
2900	msedge.exe
3724	identity_helper.exe
3724	identity_helper.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zG.exesixtyfour.exeAUDIODG.EXE

description	pid	process
Token: SeRestorePrivilege	4848	7zG.exe
Token: 35	4848	7zG.exe
Token: SeSecurityPrivilege	4848	7zG.exe
Token: SeSecurityPrivilege	4848	7zG.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: 33	2396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2396	AUDIODG.EXE
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe
Token: SeShutdownPrivilege	1000	sixtyfour.exe
Token: SeCreatePagefilePrivilege	1000	sixtyfour.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

sixtyfour.exe

pid process

1000 sixtyfour.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2900 wrote to memory of 1740	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 1740	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 4824	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 1848	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 1848	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe
PID 2900 wrote to memory of 3080	2900	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\HzzmhLyDZBovTPI4T22zacrusoE1arwEga0PqgHu.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd171146f8,0x7ffd17114708,0x7ffd17114718
2⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
2⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
2⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
2⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
2⤵
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
2⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6468 /prefetch:8
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,9838209558501517373,12771341149299857893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2692 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4420

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Sixty.Four.v1.0\" -spe -an -ai#7zMap12504:88:7zEvent10797
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4848

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Sixty.Four.v1.0\HOW TO RUN GAME!!.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3984

C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe
"C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe
"C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\sixtyfour" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1964 --field-trial-handle=1968,i,4531038159348235935,18173525846105478397,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4304

C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe
"C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\sixtyfour" --mojo-platform-channel-handle=2400 --field-trial-handle=1968,i,4531038159348235935,18173525846105478397,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1096

C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe
"C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\sixtyfour" --app-path="C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2660 --field-trial-handle=1968,i,4531038159348235935,18173525846105478397,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:100

C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe
"C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\sixtyfour.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\sixtyfour" --mojo-platform-channel-handle=4004 --field-trial-handle=1968,i,4531038159348235935,18173525846105478397,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2396

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
89KB

MD5
4b344d1dd4de8ece4af05a5cf7c38c96

SHA1
b892a326ccc289c6e01ae02f83c61504478e1bfb

SHA256
a6b0103ee9da6be746f7429e663f845bd3bf65ead62ced704ae07bc55f775853

SHA512
ccea64b68966255657b07d632611d77a4aa88c8e130727729c33ae523cf76a888c7eb97a0590899dbf88d2982d00e0b081f692e521f2d3367e205a415c91db11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
83KB

MD5
95ad70b0720495f26f4b7dc7aa152c13

SHA1
d325d177460b579980d6b36a4da2defbc709d6ce

SHA256
7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc

SHA512
ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d016feac7b4bc618747e13a75910ed3b

SHA1
a241fb13cd9d6ad5a798160047f0553f032cb46f

SHA256
0ebfd6a39bd20818e727b473a634e19bd69a0ea004cd7d2df39f7af5693ae26b

SHA512
6546541b6dc49bc2d28c4edd02b47c9bdeca97a0f74cbaa9a7ae600234702a54bc6e5cd932ce900782fc8cd09e47ee5b94eeda5fc698558f62c32c119b5eaede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
4d82d198eacf19d307654ce972b58726

SHA1
cc8b00434ed524ca74cfa3f274da5fb561847f1e

SHA256
5439ab6635b343ef895b74165912d4071d7ec3702e73e2a7d5f71b929a2d0ae2

SHA512
a1b42ed52ab956f2d3d42c7b9e339b26ae8c12b9c4de399884208ab6b407bd80f867f5d31d76bd221722bc80818ed37b7eec71baba281aaabd7b5f247c624b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
db2cd2681f1fc2f9acc08a69e5c3db0f

SHA1
98888b4824ef3bbf078d9a1aa3a2b5317e12e05d

SHA256
dfb6cc7d57d7c3bbff6b8d595c36a6246e580273ddc8078ea5382ab53629b6da

SHA512
e70ad0b901b84aa8f536d6f0a484597943c6598fb95508b062da639d938a985c24160bd67e0ef9a7ff166562e625d77d8064df2000b7d277fdb62d0b2b8dd6bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
9df36f2eecd844d696cbafdcd017ebac

SHA1
bf7f5adec75b0b1800b9161b3fbac9d855f99d71

SHA256
7259124cb5f720b95b255bf6e686ecdafdc51bd98379b86a02315d4e59931b0e

SHA512
b5a66c24120ff1b1c470fa50a24150717cff161b6c7f9d4450fd2c26832942908dd26949acfcb82a1be19faffa221181259f138a49c53c2f6d500cfd978cf350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
8e8e80105eec7eade576f259ca5a8a13

SHA1
268769602cc5f1fa0fd0b81078b7f76b937e78d7

SHA256
01ecbc699d5a8454ec5d76ecef4b4c8479c0e5371112ebbced25c4069170bba7

SHA512
8bdb3214d3288071aca7e5d5674427db4034c81e4fdbb8358d9d6c653017b93936cad39ab90ab85044ecdd577dacd18640fe9b02d1d41e09d9c26c5d7f6ea3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
214c39f88b815d365177f1443cbc964a

SHA1
442a95f297acc2c0b62983e4828be9110da3c48b

SHA256
af78619f1818fc41ac913f922e38b96c5b1ce7f318b2ad28a825c47c96fb8615

SHA512
271c7c40bf5584e251d141a22189c80db6fd536a6e4222097b4c1f779a3f26d306843be9457bd80071c7ea6e66e59d701e62833a0fbfde62c9019791417564d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f2099516e29c68fcac47f96d2471a2cb

SHA1
5f59f5bf5adcb7d7c0b990229f5b077eec4a5164

SHA256
fa0a64b1ff76c4f148a7a228c5f4fbc665c504bf23649a7555a9d1620ee288e3

SHA512
226a04ac37a1d26246b939e20b64255c07a1a53cf0af6b2b8f740f7d5830079f9f3fd8bf02bfb18d0eeffd155aba001d66dcdff57956f10820e8b587918c6513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
82b0d646ddcaeae27c1a60916e7a8432

SHA1
ec86a7794332683b8833ad21f54da1dd2ce84ff9

SHA256
e167066fdbc64a3a8c0641f1fd97750cba9c28b29efc6b29b243397bf9bb1dbc

SHA512
2ce810628e8264226879dd6d1d3e39c492aeb3088f3e089064c90356494dcfbc2c5eadd0b6101ca734cf308438181a906a96e31d5e54443d3550ebb38034a042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
60f1bd38a4925aa2d02ecee096b7fef5

SHA1
0186ba66fe9b3af4a0ad9a1d7551f5cbd38a0127

SHA256
c8c4f8d46339b2e75e79cc19e8848af5508526ad28517134536e102f893eac34

SHA512
68312fa45031bf2f02c63a5b7de4ffd4af5a3f019e115c32d9870eeb7d655c6ab73f519db0cdf7b9f53a837ed2bc8fb6f26424c91aac4f6f6b90f0ec667d98ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9872a5d72efb4680fcf7dd224879ceb4

SHA1
808171c30dbf75957a0df7520ed1f449471e1dc1

SHA256
bfd5ab47ec15d52d101e2a78fcf28ce7ad2408adb1702f539ff84b7cd2f2bff6

SHA512
512de363e107cfa9402213ae3f5f28cc4bc312924a4588d4df49c211dd3cbfb9f3bbdc606c51dee1a0a30111ee0aea6bdc404ce190eee84e2204978a6d95e221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4054517854f6dc63dd400f9fcdc42f71

SHA1
2e4f58c0b4138828d311a7a125f17782921c0083

SHA256
252d532dfbb109c2e124c263ce5e3a4d85fac7dbc68366e15d0ced706030f2a3

SHA512
7b152fdd9d90631d116594070e2d9f42f0199aa120a75699fdc65d57f99bbfb9bc90b3c039f422b2c1a683104b2039b4e736a5d449ea9a062d3aa45fbe97ca9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1a141c7e24599628e529af87192fa84c

SHA1
86aff517c7a0aea45e41a99097388880cf84f98f

SHA256
d0a4663bae8d201e7b233364c6a2c646500d3f4077cdf188f86b46a1d50348b9

SHA512
2068e44be8ca5149ffa9f6dedd118cf16703dd3bacc32e3adfdfdb2874eef0e87c967fb8f66d4323ef64587dcb79cd4723349dde21a07751e37d2585550f0f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d6cf2a919cd32f36788648c9d31207f5

SHA1
c9861026b79d701dd2bf886533b62ab11d36c60b

SHA256
2456028a535f44bed2cbf5b842adf013a1afb7a361819a6d3384e1ec3399e7d4

SHA512
17e1986d0c671bef6c4bec6de14b44195989d50e9e293fef003b093e38ee82bf865eb52c3f1855ef6672ddf3df826cfe256c7a85e47aef4651c207b91a821aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
0b1e92bd35a1b3d856c850a830831cc0

SHA1
1f3fcdd407b457058c29d9229ce241395770bf99

SHA256
820a1150676cbcfb0dfc01964f9eaa9b7080d5c1b7c6e465d515a8ba530a503d

SHA512
abf36e6952c585442de6918c98f3aa60f51fe1701144e1b3f5b8654f81f117b5064e4fd8d345704308e4271e7e1945b7a4b9b3c65f4275a74480c6c4eea028a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
f5fabff4a4b2125394f4b3bc7ff67e4d

SHA1
78399ba58c9eaac7b83c00f45c030a3cf3f24b64

SHA256
35497d24dbdf62059be4bdce5b62712ab37f7e25f7fc85ca6544e5fa54510c1f

SHA512
4337c054c7184ec855667ea4b9264e3b2fe8bf4c0cf8baf8afdb56698ae3c1ba7b27332c21540c0ec3a829b5d3a22cc12aab1b68329fc9506fffd161b23ff003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591e1d.TMP
Filesize
48B

MD5
09116ba71c4b0800c98c1ba26bb9e831

SHA1
8f05b0d62cc36163c598fa007c5dbe4ed919748b

SHA256
2b0c4df9d8e3ed276987983752f35683f84985ec2ecbea816e2e2b1341dedba5

SHA512
045fd8712bee12d68f40055115a5e3d4202fe8a4dc08437b7f72db358ef9ea473dff52d79055304ee761e9ee50ffbe5e7a0603c9c724fd7a558af5f0c12cd93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ccac8c47d78ce2f6b2699b14f8ac0b7a

SHA1
6b519226a7725821b3f33854a3dc86bd89eae389

SHA256
bd9ed7feae5bd3b237c9993fa2cd4b0c873d1c554b670d1e9b3eef56535d031f

SHA512
ba9f7fff4a5dba1bba8aa0d7e247c749aa6ce95c202d82ea7ce75e5b0c28ac75ecaa15c90442b041fb566c4d74ae10b503bd603c03c8b85d416ec73af040e0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ee91.TMP
Filesize
873B

MD5
4fb0035db36ad46ead70eed0b4793473

SHA1
53c7f0c1d4d0a94c28cb75f950a4469dc722103f

SHA256
afd4b6428504fe0cf8ab409f03d3bb96ee951751d1bd613c90832d8dad5dabba

SHA512
76aa98a2073b5927d3fb43f0ec892cee86bbed902caab7d492b748d5745527d2d222563b502c343944bf35f1fe1a463249058fb738d46499ded698f8460f5c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e73e08ab-34e6-4b49-9ebc-6eca0dc233bd.tmp
Filesize
1KB

MD5
2ed1d4fbc30304e2db3e2cb5314c8455

SHA1
c80243c7a71ce53728a4c2c4925cdcad84591413

SHA256
a7497d364308daa45bfb4bf19b5e1508b6f1692498f5f1a9e54ca5eda1fc678f

SHA512
cd9ac7ad36448267ecdd8c2d196a5cec300d239ff29ace04cf7192bce48261f4101abf1c51d09dacffe22a04be559f70d215894cd85c84bdc34137e14b06d11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
855827165a89748644fff1f929c9d595

SHA1
af7acc11295f2a87fb3fee27607940e110c96a4a

SHA256
9cfa345f2e139d99cbd0e8f79d3e8c2f90fab3a29a4cec28316336d4f5bda1bc

SHA512
b1d9a9c623f46350c3b980e11aaaf2410e214955cdab059d94e98bd10b8b9abdcdad4af0a56d62401fe3360183e242829a7fd1a6329f9c6f26c1e739bf533e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ae0f3dd466deaec51d1f5f463066d285

SHA1
c6beac5f0971ec99d316b61437a72e997a579501

SHA256
8ce4f9645ffeebe9092cf2f288d0d18169423be15bc3d9aefccd24bbf893a15e

SHA512
7c3dccbe3e1d0664504f7863bb4150374c258a1179525aba9ebfdf416b36a7067092176c28b2eb530090a5172df1bb6e8648f62c73b3907fbe993d46a382e2a4

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\2659900\stats\totalresourcecount_b
Filesize
4B

MD5
f1d3ff8443297732862df21dc4e57262

SHA1
9069ca78e7450a285173431b3e52c5c25299e473

SHA256
df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

SHA512
ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\HOW TO RUN GAME!!.txt
Filesize
292B

MD5
359d6012e9b3ee88fee78c96a7353e66

SHA1
8818801323807f81b6f6eb19b02a94c100f3ac0a

SHA256
e40484821d3f46a2c51b8a1e249103486ca8eb3a63ac504984943168c31d4080

SHA512
9fc6e6fdb44f0f68e345e175f04cf59cc15703bf754c75ab63b31471f185ab192e4abd3ae78ea60fbbbde088f7eeb488b7c5da8a5fae2557e4c71b38259217c2

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\ffmpeg.dll
Filesize
2.7MB

MD5
ebc33ac8fed56425d44eb3505170f331

SHA1
3f1e3cff6bd025374ca944903e149bd4b3f88fd5

SHA256
a510ea0deb0c625675d16a07bb7a0542bdd01b42e69ddfb894051bcd9ef23417

SHA512
4ae16f840c31cbff06c80b5370456de98fdbddd05c49ea82f9299a6ab4ef5964a283d4fb119a424783d836a5488440e5f2baf876c755a4f19eb40861a70775d8

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\icudtl.dat
Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\game\img\shop\eraser2.jpg
Filesize
4KB

MD5
f0004e2f1839d5fc2cad1ba412424852

SHA1
fa245546caf4c752cd080a009cc7348135f59704

SHA256
89497a72f4040f9e6009087b3582efe8191e92393e42f542a339d4acc4c299df

SHA512
a42172aa9d3a9aa71c07719f9f3228ef678d75f81ceec9a59af38b26286254325ba58b45da5d4ba841a61295a64419e6c1ef03ec6a1f32a487a2210cd568f2d8

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\main.js
Filesize
3KB

MD5
79efa191bdd4d2ed0fd3621d9a3d6008

SHA1
8a61020b2d4ece0245e3fc1591e269f7e56c3f5f

SHA256
1b7520dd88eac2641a9cef01338ce29131798d9af120219e3a9016e12653c7ca

SHA512
418525519b16c36feb581f1bb4839bc05692e77237a12b5998ed028f35c5435e865218e876f4f8a8cb763eb9ddd275a98d18983526d182007adbbd71cced3a56

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\Agent.js
Filesize
6KB

MD5
ddf6a039833aed30140d497f27ec9d76

SHA1
86c937848c01d71819689f49f81f7d2650e7f1a3

SHA256
33bc745bb263df05d3f2b65e2e9fa4472ec759d3f124ba450353b7e620700383

SHA512
4196fe52f72bf579dd1809f116732b5d24de4b4522675945ee3c1a2ea8d105d62f56fde70f69ae5dd3eaaa95cbb93e2af210385f438eb1ef2cecbb4f58686548

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\AgentRegistrar.js
Filesize
1KB

MD5
346e71f58938c8dabeb1e0f3866cae29

SHA1
a8dd03c21cbaa0fa9509c98056cdc08c37fbd03c

SHA256
3d89ab326bd97e3c934ea6578cdb80b9bc3159e73643a81665b4941d9674c527

SHA512
51575968580f820834244c40e60479298881f50b78cbdc16d4a9c5ee6cc6e83163ac61d3111bcbd2223e8ae6304d0d1f95d4592ed274aa4465e3c407efc497a1

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\Environment.js
Filesize
2KB

MD5
38b6d0aa28a07cb53084626a3e3ba242

SHA1
b92931980e4fee1d11f93865ae85b43d0d3169ee

SHA256
fc38e4b2e441544b76ed9800c489ee1c512a6bf758cfc8753617e1ad54607a0d

SHA512
7eb075170c1e1bec3ebe3cbfbe035b8957d7d9cf9e88208c952b60bc7da504eeebea61091dd2867334f8f19c62af41e181e2d58b86aae1935c537a5d50e02ec5

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\Fault.js
Filesize
1KB

MD5
67b4aa17f9c631989fc3c8b8903912ed

SHA1
7961fef58636f70a60f756f4ba6f49db97672ecd

SHA256
d7362d18390028d80730e0de197487cef87b9c6a26110b147425e21514446bb6

SHA512
45f87e96e6dd4a6709be44de2e050b21490da3a4a5bc6d1160ba3c69db1b8789198171e6d38e2433df2522879b6d1de8c2256de1d9bf370843204c97d6d59194

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\Metadata.js
Filesize
1KB

MD5
7d6fbf2ca91be36595a3a209f0f23535

SHA1
b9e5386f9dfa6d99f79beb81a96a505424392d68

SHA256
fd85e39e90f69cf35d7edba3964a65e82a4ccf59825083d35628dd1892702f5e

SHA512
6a665c2850078a41b6be4e27f57e98eb1d479ef64c87435f837ce3ff9deb9ebb564e932f21095c6c19416c50ff3ac11e440e9c9f1ef3a68848a58afd72e05141

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\Transmitter.js
Filesize
1KB

MD5
5e4808c1d92a2444bdf301467a7520e9

SHA1
600a0d9e3d2ed1eb6ba03f1a5a61f810e893949f

SHA256
e7f0da3543e108451384d04b5f52ffa6557947d7bc4eb029e1ec1451a18c6a0e

SHA512
4abe7a8abb8311492ee1dbee28ffcbd6d7f0f916d1015775c98e34fe1f784c9d3e7bba5140ec107192efbf2e1c481acf9e4041a8f646f33174687a833db65fa5

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\agentHelpers\deduplicate.js
Filesize
445B

MD5
90b40787e3cbc169edb5ceb63fa68823

SHA1
044e44b9cdeae9bbef075a42b582e3102555e65d

SHA256
f43c29893b12b04b30793e146fd2bb12c0edd3520ce7d3566ba7d93d159e5348

SHA512
491ca07d86adf9d204c979feeb0c2972e0b5b86af580c3c8013263c9b0ae3ad40411479ca63722bc6634bfd388af7dd6f1a2298e3b6990074a2b146c80cda6bd

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\agentHelpers\index.js
Filesize
214B

MD5
16dd1299fb024173929aa4cf661af557

SHA1
0b780b8ef2b824654f3f92046ab32344938ecdc4

SHA256
8f496b0be329f20ec99159b2b358e1f8a6d49411ca39e14ae4d48480954c800f

SHA512
27e2c87745bd36cff9f169938b528a5cab5773b4a1738653bb4b080e74dc9b9f8edfb406f646ef1bcb0c284cb7d5a66689a73cc7ee26f8a3bad481a0e4658928

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\agentHelpers\truncate.js
Filesize
896B

MD5
7e4a1a7d38df6f5e8ee1f187322a85b1

SHA1
97d707e9c6ea52b4e87dd68caf1daf28e8d0567a

SHA256
f6ca47c770277ad2ba27335db0a34af352db8657d699539f1e6673cb86cf2569

SHA512
991355f66e13d220e1e94d0b79ef8192af7761086e59d1a598c53b347a4f1b3633fbd7cea75c3177ea56276dbd7fa7835aaa8ae6c3489afd1fdd116b78cd2c00

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\handlers\express.js
Filesize
2KB

MD5
ee8beceffa684fdf67b53153a3d579ab

SHA1
1af62fe04f016291f7263d4569078c1c38a9b995

SHA256
28cac6e4b1df4335e86bf77e1c56a6a286d252f1c35e6fcbe4c55f1a89ef083d

SHA512
65c8477052848d954d42675df9045887cb98521eedae009fd4f8848dda0dfb12321a199f0655fb41d1749e8ff07691746e5b6354a413238490b59a99539d0d31

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\index.js
Filesize
667B

MD5
082f3439c3fff98c7b13d19709c04c32

SHA1
8490564593f57eeb8d9f48e0c6426ccf3b4e0faf

SHA256
6f43aa4d1245f6667a69607882b8f08669ec635a43529898887448c0ee92af75

SHA512
456079bcc9b1df6c6109fad75dba5b11cb5467ab2dda05d8f9aa8b22e228e396c8d92ef8d738de559b44d2d6fb4e86fe8633bbc20b5726b49e4df784d8a4b555

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\sdk.js
Filesize
4KB

MD5
89b4b5f72c66b75aaf8ec6d7e8774674

SHA1
8e9e0546a58a7ecaa6d7649c8739c9538c9f2bd2

SHA256
32a61433dcff50b75eed33fc3f184a31fab2f2f3e0398954330c1d8e8cb488b5

SHA512
416af228118e60c9e502e6df19e23ce28b02d53cf681ec87d37f7c56169485ac48d154c56b7b717f59087651734bbad05d6418e83458e07df3ec3fe1ac8ebb87

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\telemetry\ConsoleTelemetry.js
Filesize
753B

MD5
cf2ba05132751dda52bbc2a692b822a5

SHA1
cf2b244a4166512cf7c2dbbecd4e6e4b423d00c2

SHA256
ea795f032d83752e7c61826ba67509b2accdc9c133b2743188eb106af9eed88a

SHA512
69778473e39b308aa9d4804b16b288da55c67ea6844e8c2286ec52c04717300d450196d87eb3dc0c5939a7b8fbfc011aedbcd590402823bf0548697e4f13642a

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\telemetry\NetworkTelemetry.js
Filesize
207B

MD5
f83b4a1cdfcc354908fbd1884eec2893

SHA1
da80c3a9a3513118f4634f818debb7c5c19b27ff

SHA256
1dbb838d0cca430062314d0b956816925f8274932d5f20e99225ffef138b386f

SHA512
f12a2d642eb6f730ce9d6f7009031623bdbac43470cc130f14f2f426fdf89472bf06c39662490af3382d01bb10478013bfaab43c23be604f46a2bdfa08e66061

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\telemetry\TelemetryBuffer.js
Filesize
1KB

MD5
14b91d2589e1a3c12e437623f480031d

SHA1
8eeba7c6bcc261fee7e564feea4bbc565d4480b7

SHA256
2ae40568794a3ebcaee2dd5b2a95ea4c690aab05ef7a76226c002a12e4ee921a

SHA512
939cddaf2adacea5da29a2c21804a3196754b29ccc0e84e72985e06a0908ab1726606dd9f753984bd00b6e45c4fc83bc6d5e01fcda8d80a7ee4e5c53881990e0

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\telemetry\index.js
Filesize
268B

MD5
6b7a1753e5efb52acf8873843e235edd

SHA1
4221c37ddff34e7c9cfdf631ca86d9f68b9ae17e

SHA256
0010c9814a3275cd41abe4a03df9c162e2213e43c06024f90d331948e7b09b18

SHA512
b97d88589d0d06031bb31283ddc8975c6357564b67b058ccf8336b4b122f2d01c5cf60f80f6d9cde108a1d83d4d0f11eec535ba36da2c4ef821c693050435c3b

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\types\TrackJSCapturePayload.js
Filesize
408B

MD5
8b52dee2248d37ea065befc31e5120ef

SHA1
263587a5c959f03706f2398de815c0af539e4d84

SHA256
0b0bf7ea9e85aa4191a75b36bd9469103647e86e811da4d20196ddc06d1b18a3

SHA512
8a80e30e2c899a3829c4abeb41519fad9be46d62e5d9b387901d401ffc245c3475873252cb0f186bcfed03ef02745a4f5c76bdfa336ec45ce506a082b9a1cd2d

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\types\TrackJSError.js
Filesize
1KB

MD5
0b249b41f9a44bc6166f432b66d51be1

SHA1
3668721b4ca360f4a5e61c2a4b6ed63140a514df

SHA256
8757c57499f90f8934f6a25e2a6eacd88c5c3a4b6edcd2453ad5a755f7805c93

SHA512
df999b9760f6b4ce30b8caf8cd67d52cf67f39557143fdfd8af2d2642b952776e28e0687ad14c8f5dcab9085912c627789f8a9d99fecc2db8198ea2b8dbd7691

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\types\index.js
Filesize
145B

MD5
10e5ae5b92bb322b52458816a02d2bd8

SHA1
c3d9cf80c4e399b65fe0f7914a39c76a5efb53fa

SHA256
547aecbf61787fcf1be8fa4c0dd7202ba7b87e5dd3a3884affbec82a57a71050

SHA512
f832fd719ba31666d1dfd844a8ca912f7d749cb13f08712608647e84ac0bf966a7e0ebeab0fee55c16724657b892536fcb99d911930a7f85a89f671719b0e4bc

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\utils\isType.js
Filesize
1KB

MD5
e3e5a29c6ae8703d50a487e3f5470b06

SHA1
648b5ea23f515852dd5205e30a75f383e0347b2c

SHA256
6347e0bf8cd317f0c48246736a451dd71e365c124d456d8d4998827879847e0f

SHA512
e6c0b350c79cb9c14996a0639519023b94292849cd5e07dd24fd6c78349487b7545c16eeb02863fda81e0722d2406bc831aa1661090c2d86634382ef726c176c

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\utils\patch.js
Filesize
436B

MD5
892661383194d5df212cdcb88f7b275d

SHA1
1fc97a76197eef3bff6d147bb73d67be802e3b63

SHA256
f98cabd2945f9f88d94378f7f6bae21c79598780a164b93d4e41d1f7cf4ae822

SHA512
3005408a2bcf82f3428c0f762736d4209898f69368ece954d73e23fbe0b118359171df9b14f79325847b4fbef9fa29bc12c31d74fc711d7353c500c0b46547f7

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\utils\serialize.js
Filesize
2KB

MD5
9daa3bde8dd60f6cd77787b87437b4b1

SHA1
cf049cdb055f002029931af335725b5bf32ec76e

SHA256
4bcef67e9f352982bfe99914063bf9e8ea3f2786341bdb4b7cf45e80ee28f2ce

SHA512
30c00c3415b02da48af96ed3d9826498d488db667b4d004d819f7c9126df5328292dc2adfc8acb0d95c2fed50e077419bbaa49beaaab34f562a4f44a38150842

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\utils\truncateString.js
Filesize
315B

MD5
88c41c85ccac2761fa09833bac23e2a6

SHA1
6e309dea296b9f59f2042176a0c11756ab3d37a8

SHA256
d2520cc7ed3f2f1254c61c6033a7f5a8299a8342bce8bf4038f9e6ef64a67979

SHA512
7196e49bab52c632988412fab1982d283aa8ee1cf0bf2fb0fd52e8915a56bcca5a0293678f13523beea59d34bcc85fdcd66d2d5cd16236471c3d72468ac6a56a

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\utils\userAgent.js
Filesize
384B

MD5
e9d765d650e24e62ddfb3778853b3bae

SHA1
91715fbebd91f791dadbc30c9aa3f96fbb881f04

SHA256
d2c16bcf522315a2b326547cfc9eff8b913e7aa203bafc4481ba1976a5c7dc62

SHA512
ffe6ce66b77d8437d385fa13b8533bb3081e0ccdd27cd5fe4fb3f146d25f75fb9e13d2dc7f98cc2dc73aa6f488dd554067b0978e16596e61fc1b29a72c3e54d9

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\utils\uuid.js
Filesize
1KB

MD5
89f3e8443b0ccea88e9a7c56a87515f2

SHA1
ff1070bbaa7594f5923969b4e286fddd9a6070ce

SHA256
8aac38ad564affe49c49c1abfea0bedbfe326862a9c05711432bcb1742b1b412

SHA512
231feee607f4680de9be232e1db28866aa0f1844376d4ee4685f8e14bcf3da6ea05da35b2bf7fb2b472fa4444125896b9d9c5dfd6aef4f4d96e2abeee2838f98

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\version.js
Filesize
187B

MD5
96f6cb9d724019da57a4e9bc392de1d1

SHA1
3fdee70ea94707af3862cb8ec75567c76d97f303

SHA256
5bf3c051c564a76d5a171b5d5210c30810d3bc3cf362a612acdddc9994d53876

SHA512
2b60550cd4c4a50fa1e6ed09fe0998dc7907d1b3c3dcefe487888a9123c557d5b29ec65283e6b2d1296eab1cef764523e0649956e86867a5d3c305600c504fe9

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\watchers\ConsoleWatcher.js
Filesize
1KB

MD5
95bad2f2fa139028a24cb49adde5848b

SHA1
b569855169595006d4cfa1c42916583412471894

SHA256
f983c7eb0ba840f5bb67a77b519d84f2dd2c750c3b9467ebf5ffbc9ceaae4daa

SHA512
9a04799cbdcaedaadc1dc7f34ca9f446713de136c792e6b5e160170f66c8d4eb16ea35b21a0162cd70c77d4354602de8006ccf805432864130bc17d25830859d

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\watchers\ExceptionWatcher.js
Filesize
809B

MD5
1454a71714f40c908b0b695537d8782b

SHA1
3ae292706faa701cd9e58c4445fed5bc3cc70d91

SHA256
88a52657057ceb3628ebfaabadf2e98fdf23063e76cfa2f7747a47cf83b63623

SHA512
e77b0746c35c239416fe71c5a518062c65e26efabace5c576df1fb0cdf52bbd62c7c8339fbc0ee2ba636f180c0eebb87fdec972b13e7868d3802ef1b3af127d3

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\watchers\NetworkWatcher.js
Filesize
2KB

MD5
8736aed741e086ec070e533982605c75

SHA1
f42bbee6a1d1ebc7c25573556491417d37eb5be2

SHA256
8b05968ee5353f631eee64da52b1260251081a50f77697851fdf2ce5cfd06ec7

SHA512
87680de3e9c84b904a9e561a4654197add1c0b413dae0be32bcde41f438886ced4c5bd74f4c51e02ad5960998c48eea64bdfb7c9864c328019a74801359afe12

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\dist\watchers\index.js
Filesize
307B

MD5
01e53212df44b225f094ee52418488b6

SHA1
6da51180979ca12cb1d0ac6abd528f9109ddccbd

SHA256
9a051f6be7d824c046485ed922819a5d1668ceb79fb9e160af79c06f0db238af

SHA512
80017f06e2a114acf615e5cacc85dff825b0a4bec6f98004ae57b53d4c6a4251e2312d1bf7a32e7736cce2f368a4cca868f7befdca7ee18005d27e3e7d046d4a

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\node_modules\trackjs-node\package.json
Filesize
1KB

MD5
db21ea5e31fb5870c4e98b6911021974

SHA1
2bdf768a27a94aabdf8052d30d382f7e60e7f6ac

SHA256
a6f80bf85cb20c4a39710fc75f1b3a4d4815926a534eb0a5d3d3aae0aa19cfb9

SHA512
587ceaa82770ff8b6da4661f565bd2c592487b5e4058150fcf58a89080e0f109f196423c10de95fe52f9d884d5195c412e73bfec8e972d73a6a9a832fb2b5847

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\resources\app\package.json
Filesize
278B

MD5
3e5b2138675a0bbda3af87ea91b6da4b

SHA1
c6deab513572481980b404102da9eddb609ed812

SHA256
8a029d6a95254c677eabb422ca2223338b817199b8af09f34accbd0e50620bb8

SHA512
4adb546ceae4f1e5f8742460113fdf69b4db2dfb3063852b4fe7ad422bcd89a6ac5fbe2027c05af3626726bf38b8194b321f5d3285db2d23ff9a94c3dafd5fbb

Download Submit
C:\Users\Admin\Desktop\Sixty.Four.v1.0\Sixty.Four.v1.0\v8_context_snapshot.bin
Filesize
627KB

MD5
aee8355acdb3c20763ec3654b9d2f912

SHA1
aa737b26f866f0156c6732f3da692cbe0ce422b0

SHA256
d345c9148103e7b2978281e4d5a2989d75a37ab1dfa93dc76914eabc2eaa1262

SHA512
5773ff43aec801baeaac6299ce654c640916a675775a7029e26d5bb6e2c9f95db83ab5320ef8ab44eae87fd9f31b7c5a10c00f92c61a1f6b78bbbfc17462200d

Download Submit
\??\pipe\LOCAL\crashpad_2900_QZFYNSXIZNRGBNZX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1000-1384-0x00007FFCE4940000-0x00007FFCE4950000-memory.dmp

Filesize
64KB

Download
memory/1000-1436-0x00007FFCE4940000-0x00007FFCE4950000-memory.dmp

Filesize
64KB

Download
memory/1000-1435-0x00007FFCE4940000-0x00007FFCE4950000-memory.dmp

Filesize
64KB

Download
memory/3536-1443-0x00007FFD23E20000-0x00007FFD23E21000-memory.dmp

Filesize
4KB

Download