hxxps://gamejolt[.]com/games/laceys-wardrobe-legacy/833466

Analysis

max time kernel
1397s
max time network
1163s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21-08-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamejolt.com/games/laceys-wardrobe-legacy/833466

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
2368	msedge.exe
2368	msedge.exe
888	msedge.exe
888	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe
1400	msedge.exe
6060	msedge.exe
6060	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5012	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5012	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
6124	Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
6124	Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
5280	Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
5280	Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
2364	Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
2364	Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 5112	2368	msedge.exe	81
PID 2368 wrote to memory of 5112	2368	msedge.exe	81
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 1804	2368	msedge.exe	82
PID 2368 wrote to memory of 4784	2368	msedge.exe	83
PID 2368 wrote to memory of 4784	2368	msedge.exe	83
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84
PID 2368 wrote to memory of 1604	2368	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gamejolt.com/games/laceys-wardrobe-legacy/833466
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7fffbb0f3cb8,0x7fffbb0f3cc8,0x7fffbb0f3cd8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,1025091150679188722,13744319166746865986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1072

C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Game & Extras\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
"C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Game & Extras\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6124

C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Game & Extras\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
"C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Game & Extras\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5280

C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Game & Extras\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe
"C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Game & Extras\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] 1.1\Lacey's Wardrobe Legacy - DEMO [CLASSIC MODE] v1.1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
92KB

MD5
a233b68dda657ff941b2a756bda095b3

SHA1
165d8e41f4d94e16263194732a63eaf6c009e0ef

SHA256
254ca222e20a2978be2e2ecdcfae5ff7c87033e524df24d7f1c666b425cdf936

SHA512
d81b378aeddf7e589e23dea119dbb6b5559f5d8bea55be6bfea31a9d418cdba0daa22743d621e74126e810b935231363fdbe1ac97c83d63461750f6315767f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
47KB

MD5
fb07398f35a727f11709e15e5be33252

SHA1
d029a56ce9d1c0b4da2ed2db8dbc7578ef7bebfc

SHA256
be2c5a347252334e8ebcb8a313b012c83bea3804501c587e9f4664bc40c96df1

SHA512
e42da22e2dfca518223de47e66adf59bf988c617f3d44328709a839c58130da8bd0ecdfcf7a3d4e93dfecd5863f79fb3d4d5427738c65d2575b8af189ddf9798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
1024KB

MD5
9c5d3e9466ca0a220e60f2b74e637216

SHA1
541a039be37ce1830db061621b0c9c5952cef6f4

SHA256
188253c07b3f6ee9b7aff61c7dc23afe29ad29e902491038dca525e4def15ed4

SHA512
d979a709fd1549336405314af7cbb492adfd68f0ddd44b8ceaffb61f3dc5caede6f1655b6b37b8ad20781d3cca315483636a2e21b3bbe177e002787f9e12324d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
474KB

MD5
816397c67e01a7f7d42a975b0ef46b86

SHA1
1cd0d987a688956956a29f01be732f666f3a8783

SHA256
eaa2bda87f997d3e8ae6cc9932aabad22056c8e4a76690df39e1ff15975a2d96

SHA512
ee985c4d396995e76f6af2f2e3aae051d00b7c2bce536e2cdf4b92c59ceeda812ffdb3834f34eaff36235c9d278c785f1e55ca18906cfed89e2738692d530fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ca745777fad712f_0

Filesize
135KB

MD5
f6704dffbc9813d24335690d947f5b44

SHA1
7d32e1b4e2e65d2ef3b65bbe50ebdfe9ee29f967

SHA256
b1fc5f76902b55ebe856f372c107946b073f29b3ac4cc49a66f266eeb07a1455

SHA512
8bae461aa6ea2b972f214187aa8507caf2678781f969797269eae62802a0275f78f80f94bb1bf8384808125ea238e55ec78b4156d92d71ddd908d798e55504eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c055bf0028d671b1_0

Filesize
279B

MD5
bb6a7e08966ad357bf16672993a0cd2e

SHA1
64c2e7af0c30e5039397ea97d143c234b8c8510d

SHA256
2176ac7b538be3177fd6216d17d332932e84ae987db5743ff5fafec87b9d22b4

SHA512
89e4bb6fd9a59512c61d3b92fe59c2dcdd463dc509ac231e1eaf0de541aaa90f95099a05003a035d93095cd822f91ef308912c6c14068c6d1fcd741e40f5be78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d0138cc9f56ce09f2968c8ace9b2b88b

SHA1
6669fa2487049e9d34722c975912b1198b453271

SHA256
ec74e5a1a6e8af77eaf73fc1de0ff3f673348dfabe0df842938ba123183f0cee

SHA512
f45f17374e39404f59e7e11b617a934c6d74007c9a011ac9c3c3b62c97ebf8e6a755f8411663bb2a3257697b40fc6e8bd5da6db18b8f1bb6168987708e371f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a75e07978da71066911c3bad4a1cb0d3

SHA1
fcf1879a7c391f4e6e4b452d647f19202aeba8d5

SHA256
afe071131954efa566a961a2badbe97b5146996a23e26100f4381d09bbc52985

SHA512
ac58fb356def7b8daa17b024a6af08ac55a349ebaeee564b9f25199165eb8f8c2b5692b090c52fddeedef0d2a6ff8a6e89040136c1e584ad1cdef058e834047b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5e244cfd7306727673590d2499b9d48e

SHA1
f84024c4ad2fdeca4949adc4fc60507f1d7376ff

SHA256
eed71b386f5bc57e05df37b4f9f7bc9897a39b409878952035bba5ef8013e62e

SHA512
24bb8959a0c671472d6d0a144d29f11102a3ba96093376c677199da32e723a960c33f0b22d4c683aecf7441ff556f110a4ae320b0abdeb71392c4f26aa9f8541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0509d00c912bba537a7df83d279271cb

SHA1
f4294882648e6cb173181d74ccdfb18bd070beae

SHA256
f832d6f65585159f5eff7374aceb362682fa54ee452fb0c01ed64d0a69bbf4ac

SHA512
a1dd6ecd303f321431aae5cf08c0fa17571534a2a205d3abfc6222539663e4ba9e7e9787cadac8c6f45f874299b5ef6549828124284b3fd41a0641ed7f6a6e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1967dc1dc46b2b98198941086ef75234

SHA1
dbc5f2e0847451f5f5a37adf6700c23931b75a94

SHA256
d410c1a52eb08b4d19beb11be3bb44f25c8450a8cf7791d0ac8a772cbd1dbf70

SHA512
657cb1de1d2a4a18b25ebd9e7eaf85ae08c13c137db8bff26146fce7acb9c83ad02dd409c26db88f6b0d57826815b8062263613a0b14415907acb10cd7a3bd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
55ccbe7fe400ddbcf1e7deebbf1ef26f

SHA1
222a8b9fe41c46590b3c73762608f921a41ccd3b

SHA256
a26f528101eca7c18c17cab9f5685aa27b4ef296da95c8d96844f6ba4b204d84

SHA512
10a3c1979d5edae0220dcb8c808efb74dcaed322291a2f921e9922abace00a78577539c7d36f26cc07c42fa22533e7680e3f51f53b7adfee42c142da94c21ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
33324f82147c08680c57d15af43b8962

SHA1
bc819e11f5e797eb692a05ae0c0cacb4e51d370a

SHA256
e137ae5e204501c4b44f5a85142943d4bf45fca96e548fdb1d1a7b1f179ae4c2

SHA512
3541321544866893edf66cc6031a469dd2c6cb44ca599db48edd91c46c98b3f1aef6f28daa491fa0bc23bb912cda5870914899090d117a02ffbe25e076f4c18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
ac5c93c3a8878f70b7053041d61a8faa

SHA1
cd4d64a308c21ecd19657c4c4a26db01be93ff5f

SHA256
bd300eec21661e29f2335d11655d0ff6d5f217bb93b38096d6352de22021cef9

SHA512
efef6c568599482dc9767953409e18c27da251bfc3c8d2e82ef9d880807e9139a3bf948c517a2b4c280c78f45d3140c3d85fdae920b6e319b69015e9dcedbca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c657c7ead91e44e83a80d80676680db7

SHA1
55bb58c7d8d1c121adec168af2f7e8acaf41f13d

SHA256
3b784cf01c9dddeb3ed5628a8e07bb017e7ac28ab3bd27bc4335c433a70ab7dc

SHA512
28ce2928f1ab8a6ffe79b5952d932ad190b943baa1bf1e8ff00070e1ac48a304987b8f1fb955bc49723e8eb8cabf0e18442553cc821df051d2cd19379eb1a8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
f10d328fb4f0a2b73fe706523bafad51

SHA1
5966b22b3e714848820925f740fb2237bb913efd

SHA256
db67a33b8cd1090214c49353987c5b82d8d45806e5b2462e236934acd4536d7b

SHA512
9efbb1c10f17c1b457871f6e368d8d6e30b6abbcb5727b01478f662b5df6faf570b0efca8ac76066fd62ef94c87ea2b750623fb688824d9f223a73199686d6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c3d65151f9a52e7ffdec84a785461a8

SHA1
e6e5d3eb5c1fbef892a6b5e8e49c1ccf53a79ae2

SHA256
0c0c9fe1afea215afadcad0baff068603c4b531309b3690bed40e0906359d2b1

SHA512
3b400e2607602a327f87d8d440f6641628bf602e3d894d5f989adecda40cc6f9a33f041e55df4917c676444e5ea9bf41fab197241f95b3008ba95ed07ac5b7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f29aec0a06e08b6767750ac357f39259

SHA1
1c99d0400916d9251d624528a366655adb0bd726

SHA256
ded971cfc9d356bb08eb01ab00b93bf37d7b48e52455d420095d51648911c955

SHA512
794ba7f4717d1c5ab023ac8fdc7e75353db4da1ed2f71b0b67c941ea5660f2842fe5b29640e6f337d810293af6fa17cb2ed4e17a4822005d93971df5628236e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
51f1af442c8ba79cbde0220cd302d529

SHA1
0ca2c7b8f15e079ec8e2b2aef460f7fae813e63d

SHA256
1a8bd3a6bd10e8559eb2ec5650cbb2b1b16a224045c06e591231330960c03274

SHA512
e0652919343c98efa478ef58d2bb0a69805478c2307935d4cc13f8e461ff703fb116d84231e4f11812b381273e5977efded1e48129bb95cd564638142205e74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
03c2d3a8a5cd0e0db3bcbde32d68ce62

SHA1
d218f2b66291fda39c8f5e4ecfee8c3d2abaa256

SHA256
0751f7835653480fcea72f67540a8b07a8b032255e2cc899d193c94ce60fb2d4

SHA512
513c6330a8c676c6a9fc98f3d164d908300bbece572208b58d39b7ab802b6f2dfc10b6708eef412da6ae55c55426fecd172176dfd6ef5ee38bcd9983e65b94f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1f404e6cc4827506f9143842dbce9a44

SHA1
cf6d11904735f6d678d4130b9d9a67b173fa59de

SHA256
b0c28769bbd826ed2b091cfc5c3f3f86c92a0a5b006d9298ee0b4d75bda8c561

SHA512
292d4988a35e6057554d3d533367d96c5d7bb8759d1c149cf5ab030944a7ac46a68ff638ca7733a7632f4efdd7a748bcc06962b2515282d8c1690e9c654a9ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fffb958821a1e30202e42e6df8cc654e

SHA1
3ab896ff6c86c1578ddc9f285809f05b6d2a841e

SHA256
fcb6bd20ba1d8b0c0d15310515126db685a40fd5b682ea6d5e7beefd9aa0e9e9

SHA512
7d146b3d7440c4e75598988993bdd684a57e50915c9b5da7d25d6f878c7d5eb3893cc284a01caf2bf19600039e490016b3786ee1418ce01e3b7b1aacfe097fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7a4f32a746cc152607c152e8fe4c2e23

SHA1
68e688c0ab71c571cc3adceb3e6afc952c07c9aa

SHA256
e329a0985daf0d19c89f0209349cd5bf1f7122246c276f7f91cae61d2f83260f

SHA512
e3a2ed9211a25697dc876d49fc5d264411b2bca04a3389522cf8de0a8b5794bb3918d6e5da61876db70e425db8b32eb92103a41cb1ab7f92aa8e98779b7859d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3bc1e19cbb04c2bae20584936be85ba

SHA1
7213a6a1f289c7897c682213f53697cdbfea5d70

SHA256
8a851549a1db851e7f270813be5f1446f7488f105c469957f3d77753bd269a69

SHA512
3b9177957b9d389d2492682ef7a848659e773a83d8573ad41bb359533c1bc6d00743576066e5def86a804a55532c77e647ac22c912fc2dd5977645a6bae0a031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
57bfead13df6639f04fd21a9fc915dc6

SHA1
6b5dd3cfc3323405e6ea6765e2cce2d2f11cdd9a

SHA256
4a4c7558d57734ddc3dcb898ec587f763c6c069d047548bf1019052c3697c0ae

SHA512
c863854c58f5d2a6dbc62472604900d85557e8551a47c0d2852d7e0f331230b274bf40ccf91ad7f53c0985ff52d794b293e69d32b360e35e3e811c648e2500c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cf89a62de8bf7fd71c4425dc4aebf86

SHA1
70783d42948c68a6f77ffd3d22acff51c563a97d

SHA256
a91a98ed623dc04ef8fec410f05a113eb36455199fe5bd0c7bfa00534d9a20d8

SHA512
482bdde2b579ecde2cd03558c0cd3a99938c5f0d01f1fd54262baebf2003c85c68a23e47ef624cc6119ace081c15f2f3a127107c7293582f3d97b7cc1fafc245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
52995267b2bcfb01b39993175665504c

SHA1
7c57f15c99d0da020ed0afd22e0360dcc54723c5

SHA256
80e130976daa2e53071a4207a2fca3f29bc61d83235f46ffd1935b7dddbca260

SHA512
4f2fbb90bd40e4b17681facb28c727eace01b073fb9b969d91337354b668cb45449ee53039da6edf7fef376395dc541063ef75c88163656e8d857e4add3794d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0379410833134f55d6e20524a6a43d8

SHA1
92e436dcb11c08369e1c7bbb19242cd25e8e318b

SHA256
993d1d3973e5174fef441e93f77975ec5388dc0d3d5d695bdbdb79a993b997f3

SHA512
509241bbd9e0bb5e4b60b28db0b13ae69618769462b6f648e00bee8a5bdc28a22e505f229e09d691caf7400c4db788250456aa01a77c009b3a98aa5eff9688e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7447840aaeb2608dcd90c0f0ef5b28cd

SHA1
0adbcda62bc045fbe734f021a71811397da7a6a8

SHA256
d396d58effa589c00fbb02b7fa0e9312405e65968767b757564d3fa89b2b67b2

SHA512
26b2e4ee4a9274e795d7178acb255e204295bddd5a7fd9e8c525d9f55daf8afb30b2987186f3d028ca96c31c171f1764a81654627165797ab02bd920a46c60e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c9a37318426c284ff75a9f55b85b31b2

SHA1
a1486e51dc038556396d21cacf44fc9b66f24e6e

SHA256
8142bf072c646f4999b8d198bde7ae5dd4a056a4b1de12cca8e8dfcc2d6c576e

SHA512
0e55bbfd2493868e296688ff7b51b6a1ce9e56ea75ae5b7968e1caa8e6270ff92076cc665bf62ae5f4f9cdb07a6043e74e07e8112262508f1c987fab14dc92ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b36d51e45c85e5a9bcbc6560b6242b85

SHA1
ee7868ed8136334d400c68f7a70971d529c9cd7a

SHA256
24900153f60ddfc6159557905423cc77af8c8d57f0be7043b6927ed9d5a21775

SHA512
a0f2cdc9f6703b54d7644ef4860d5e685c9bd6d621e2f9cb8f07b3e8d444e887133a8c4f7443dab820d0a59f72301d5e740b27612ecb064ff8e50ce58443d2de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
66d79908dd7c931bff24cc3011f3f015

SHA1
06111a0dc02c22b236c566e7324ba62837ce4c0a

SHA256
ad50017e97dd0ec584f5ca078788d8dfcb29a4ec68c64a6a754da4078f554977

SHA512
2ca1f593c0249c45ca8709e974793312a6787330b8e2ae7c9bfe42c63641ede25a26d3e5d04db6aae3f089dd0e7d55b2d9e1ffbf7e8eb83d92471e38533d8f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4e634de8e2bc9594ccf9d62f2afd12ce

SHA1
cee8e998cdba2f8b14ee51598553eebcdbe87cc4

SHA256
c1ca8cf901c223c2e567f0138fa8bdce9e93a350dc19e4c7489a059b4f01cbc5

SHA512
6cc50f6529b8b898dca56c6f854191406c9b495bdc5aed0d7de9c81c0a91b3fc539d764fe0061e0c4e7846c38d48f5ecfb08c9e274dbc10d839157e9298e3c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cf383acce847a46717025e2f33ca9ef

SHA1
b0bfc9526e0662286a643d378deb47b9ded13050

SHA256
fe09430cda9988143eeb7c033fa10375e951b66b28c4b127dfcd77b828f0a9e7

SHA512
89ac7a371c5ff2507b05fe85f1e3695c12fa3eaeebdb757beb0a844bc7283b00901588ebead70dea2d411274812f1665b53c9b0809aca0375c3135ff1de4b40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f86a.TMP

Filesize
539B

MD5
d13500d79d2eb1f17291d900fe400379

SHA1
d6c58dc6164203605cc89a0d4ace8224db002123

SHA256
f5d6a6f0cc721437fdba28a69859f8513ec46ecfd30881794dea453a9adfee53

SHA512
f60564b84e7a1840b706ad3893bde700bdc9ebe283dffee3928ff9a03c79e2a5f286deddbc63c895598163d788d5e835d5ba44412c17ca39e01f906ac4c550cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f53dfafeca827df04e399935f3f23d90

SHA1
8dc36f231c1bd34c596a0b3f57ad9fafaa88a3b4

SHA256
c795ea4802ce1de1813527f3a956912d48613e682e193183025721c47901f3b4

SHA512
5199053858ca0c872026ab8e445a97af49904844c6ff6fbfab8a1c12efc3a96f30cd265ff67d7bfb7820048dd89a36e4c6b4bd91656e04ec2b12db3c26d38ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1038e8ac25d73ffc84d42e5efa67f39a

SHA1
499ad60f732421dec7a285435da6823bb1de4950

SHA256
40987dd0700b4a7e9908aad86b394e36e12d3721f9d2a6f4d8bb1e94376fcfc4

SHA512
aa8af9d41f73ce533dae99503c81f4055d9ba5976c05f24df3e753abc195ecd6e1cd728bf4cfec415c87042c1783b453913855f307765e30b8d16f125dacf913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7462656dee8d4e2de08222944fc712a

SHA1
b8e001fd4c224bb8b43fc33e9ad3ca15cf686d1e

SHA256
42be706cb52a9f3517152d9bea2d8f5c18c3a39ab2624569e4d3805a3d685a42

SHA512
efe732e9dfcbc81a19762e57572309d2f45d7795093fce1c5da18bbd947e102fad13c5c4b9e24008350ddb34e887ab01744079ede36ac370534ed01ba45f4b20

Download Submit
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\Lacey's Wardrobe- Legacy [Classic Mode Only]\logs\godot.log

Filesize
623B

MD5
64e4cdefd603bc42c75adac938076853

SHA1
ff0e7c9a81a2aac9db7b140358eb96fff43d9ab5

SHA256
8e9282e8b853d414b567e6d63dc097cc5ccd439ded314fb5ccc50e6a85022933

SHA512
c57a33ee0fdd0c9c51d76312cdd0dc5aa42ea90a2f02d51ad0ddc3399f4b020c5c9da0686b1b630522ba11f36e93a3cee8af7c4d7e99037d30c8e67a7dd5201c

Download Submit
C:\Users\Admin\Downloads\lacey-s-wardrobe-legacy-demo-classic-mode-1.1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit