hxxps://gamejolt[.]com/games/disaster2dr/780541

Resubmissions

20/09/2024, 16:59

240920-vhlnhaxenp 3

25/08/2024, 13:33

240825-qt2fwaycnq 7

Analysis

max time kernel
629s
max time network
631s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamejolt.com/games/disaster2dr/780541

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
996	Sonicexe The Disaster 2D Remake.exe

Loads dropped DLL 1 IoCs

pid	Process
996	Sonicexe The Disaster 2D Remake.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
470	raw.githubusercontent.com
471	raw.githubusercontent.com
493	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 11 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	disasterlauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	disasterlauncher.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	disasterlauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	disasterlauncher.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	disasterlauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	disasterlauncher.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	disasterlauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	disasterlauncher.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
3884	msedge.exe
3884	msedge.exe
2292	identity_helper.exe
2292	identity_helper.exe
3412	msedge.exe
5632	msedge.exe
5632	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 33	3092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3092	AUDIODG.EXE
Token: SeDebugPrivilege	5532	taskmgr.exe
Token: SeSystemProfilePrivilege	5532	taskmgr.exe
Token: SeCreateGlobalPrivilege	5532	taskmgr.exe
Token: 33	5532	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5532	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe
5532	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5928	disasterlauncher.exe
3676	disasterlauncher.exe
996	Sonicexe The Disaster 2D Remake.exe
996	Sonicexe The Disaster 2D Remake.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 3200	3884	msedge.exe	84
PID 3884 wrote to memory of 3200	3884	msedge.exe	84
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 684	3884	msedge.exe	85
PID 3884 wrote to memory of 2784	3884	msedge.exe	86
PID 3884 wrote to memory of 2784	3884	msedge.exe	86
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87
PID 3884 wrote to memory of 756	3884	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gamejolt.com/games/disaster2dr/780541
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,939391927143175387,5110611657260374069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5916

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5532

C:\Users\Admin\Desktop\disasterlauncher.exe
"C:\Users\Admin\Desktop\disasterlauncher.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:5928

C:\Users\Admin\Desktop\disasterlauncher.exe
"C:\Users\Admin\Desktop\disasterlauncher.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:3676
- C:\Users\Admin\Desktop\game\Sonicexe The Disaster 2D Remake.exe
  "game/Sonicexe The Disaster 2D Remake.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
98KB

MD5
c782aeb45b5711d7e5a9ecd93c2923f1

SHA1
0da847390a32223daf713d0c4bba6814dd3d9016

SHA256
41b5ed3438918962ce22e6abb1513a8819c9a4a60c7f2ee6424474af58dc8a13

SHA512
63aa293b4d86a2a4d8a8bc355e11c4df12b966ac16e1daf86193387fcc8c5527fdc121bec013bd47f735a074bb69bba019a1bedafe2fb9f10e151352ca483f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

Filesize
252KB

MD5
deb04fe2a35d2981313f891baaa32654

SHA1
69e5aaef4a2f447878824d905832a08a9c596d83

SHA256
93dedb17602e315ba495c99be747f3d5717b4f49306c55326f4570b43c9bc1c8

SHA512
8c32d572a8f108079263b9ab5230467b454518b60932db7a2cc855a350130d93db5b8f2cc5c82a9b3011e572d80d67e23c777145fd45e6467b0b2caafe92378a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5114b2ecb6e560bad3c9cddba9f9753c

SHA1
2c9b8012d6cbf9fd848071c4cd828d4402065f32

SHA256
4e36824ef0d037e11f53d6dc5c78890c12fbbeecb0753ee9076e73e1d1d9ecd9

SHA512
1dee823cae99f38076804e497c286c0674437121b2198abab6f2c4c86bc899cc14cd7d773e92c9a51c9b304700cb26a6a03be15df0e959fe0b9df1e54e8e0fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7497082aa1e6f813befeba539ff7f43a

SHA1
d4f30dd309dc6c912e3bca2eaad8ded368299aa2

SHA256
3030fa7de4be2d0003985e32f1733641cbc913c89395cbcac30de67d33d56ce5

SHA512
0bf844fdf71e277b676c984963698f9a1a750f2c173cc0e67ad57c912c96fd27704425676fc8a7a73c1cc384f6d50cdb9207c6a487ef68d82cf69f2dfb29bbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ce2fa656157b8c70f6cd58acd3ec91c4

SHA1
0d2540f07f07e68482e3664916dc2dcfdc1608a6

SHA256
6ca3bef5ebe53c2b1601f1450f81e055cf78f4c1f651c35f4442b4c53ba7169e

SHA512
b8f61de8a17adf9746a1772a859815f75ed39ffa2e96b9e55e4be3e9d059a88ae07a24d9fd04f02991e610980acd89978911655a605a4d602add056f878352e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
369172552ee4512763894b426d6f5fa4

SHA1
699bfe06f60f29a2354c83d6d93f6a53716a6cf9

SHA256
4719a04dc69170abdca4c1ced95ba0b1a0bd058e10a7f8bdf48f0c8831ec1279

SHA512
c2e2d4fdc80e8a01dae5b6ee3d6ba84ec5fc43183194b52dca617c78fb5e4962020ffc5e0e2922b9d57aadf5a667b7c67fdabba72102d9ed102ee44ddfc1fd7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14324bf2ff1af3ee64c1963b4c8ced36

SHA1
d787059c1d57ae2bb784f96c70b3b56c12eb9dac

SHA256
18430bb28a5fa7267bee3110cf3d7f13e88b143a8620154f0f00a31f44c1d222

SHA512
d3371ab53c82f13b0b786b5cdcc0fb98c33173661b3453d0d00b82cad6d45cb315c042c8b396f696cb83aa3dbd61a19409405e949fe4100a493e3adee5bed940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
06f8341bbf832e36e72ec686541d28b3

SHA1
e8b8732bd1b98a9c56d787edef2302409ac37886

SHA256
02296a0e61a2f50a686391aa95e798371a0144c039a18737d04801acb792a241

SHA512
fd551df3b9be0ed47ce7bb8cab5d2e841909a165d4e5e7de64499dca8fb2248d227775e846ad97675b880ad1b653a838573e22b3e4dff232308186860e09d400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
da7a09f43e84d02e4c1e85e2140a0940

SHA1
2a67a95adb4d2fb0326eb46416684db7a88b697e

SHA256
11d4d4ee8d51d926ce72a077c7ca7b98e11557981cc8cf280de9ef74046268cf

SHA512
ae2dd6caf58eca78cb18fc360d410d0736780bc280d07d7daf7eeedde7032a22b8dbe823b222d4bf072936208bb2f7ab892096a589123ba39126e4274580d31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
7e1f85ab1b509b497833ba84727aa1c2

SHA1
09455ba2649fea9db4e43d07f596b4c5d06511b3

SHA256
d40580facaaec5156538ed2bdee42a9d27a9efd72a5b6d5a106a14ea53501b5e

SHA512
1996182db3b2605b16272f0989ab790e7180a77cd44ccba617ece9aebd467dba19d05bb74a429b7fbb7346c0f58f0bf57c7b9317036cd69d90cb8d2cb3a0619a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
2ea0fb8fb76c6c5650aaae4e571b3caa

SHA1
8b665acc8e66d1eee0f049001205a82269ece8f8

SHA256
1d643cf89ef871c9af39e0e10bf0b6743d1805ae6b0298bdde89f2de268cb26d

SHA512
2d9f9f1e561ef71a001a056b068ab705d935a00416c990e8583aa4bfe16cdd45f880fa4231d16d517b47196b7c9c0bb704c045f799673c81559b639d26b8d67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
775504d80027624f2191ba366c9a81ec

SHA1
3d1287fd4c676077bc6ed31216c0c932a5fb2277

SHA256
5bdce528cb6728139e472640becffdd2766b122f271816d9f071316f620e227f

SHA512
c7c064ab2aee967fd29e58ef6e65698229179149469c635bed670be0d5e7fedfa02ff28a9c51a496af639002488d3dd877c4e74e710dae8660e0a2a572d4b949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5223ba8b0f0ec3ac745058871f0aebc4

SHA1
0b651267081adb56bf6ee937d9532fe27acc23f1

SHA256
40b9ba2e7bd5b2488c3487fd06fd7d0d073ac6db3c102b933dc474db6456e1d4

SHA512
9a2ac133269b2a5f9087822ef0356ea5c692b0d6d2bd8155a37663741980a4d47cdd9f6b2c2008ffc6f8cbd7c22e396b5a9e836a7f2b693f9f724cdf5b72bc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
a866aa2edfc6a123ba232210ebee699d

SHA1
156dd61cc2f0bcede71aed6f42832a9926818b85

SHA256
aa239f2cc467d3ede812437e90b84bb5f7fce92dbe32df7605a0d446d8535439

SHA512
ab94498fb490b97f85f6267976f623b992ef36ca0950ece5ebf1d9470de40b207592d50a19d341059d6ce642d6e76ac597401664064b76427e13a2f44a7e3438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
42fe656fe5a971880287432d0c74173c

SHA1
7b0be6b80285686240dce074a7b7f823f580ed16

SHA256
26739a1f20c99731a9280f2e4e1316b9e29c574aefd223e15ca6115b3769068a

SHA512
fbe52fce8229c2795f30a640eb3a8ef7e0b905eb314fae9976a167ffb8c4b5f54ff10b6466fa84546474fac36f1838ac9d69262c2daba748c4fb04bcda6de854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f275bb345e44e1c91438ce834c1d38a

SHA1
0ac26b9992d94d44a327025f57025bb08cf826eb

SHA256
58515124e798ccae8e875cc5e6cbc0f6efb759922b4059d8e3e8ca7562fecb64

SHA512
136c5870bac525824b6cea0c272d0bea78cda9d633e97bc4c01af03c8478eecc7e86ae2ccccb8167b802a98cdabf4b7b925b30c994c1a8daa4028a561b7de000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71e8f6c379b4e7ec1d1557bf63b28018

SHA1
14c126a11efac83b3cc04fc8ad47b690712cdce8

SHA256
575c7902c647da5aed15f7d91bc72c8722f5e90142d1e0cd520535ca643ae395

SHA512
bf06bc390e01010d2cb34c9fc277cef10360a3f973aca2983a71b199f07635368779d12d9871b1ecb426484e890b6171bc142b63a509abd0aba430bc3eca2b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4317e8489425279162398de0f0a6941

SHA1
ac534446e91bb1e7e1c8ddcf158fb757c8547222

SHA256
b3f5a2a72629eb91c4f969132425250c843a91447a39d151d2360f4894e44813

SHA512
ecf8f336df6ce21d9e0f8c0d8b82834dc4ceac65357e4efb14b2a6864bfc9af3c2aeedccfae765d0490d8570758ed19659ebd50379a06dd6bf28f071240f023a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6909455563ba1f656401bbd76d0bef98

SHA1
3436c2dcf9e1fa75bd4719538addf43a5bc1abf1

SHA256
75da28ff8300fba05b1e663e6f099ec8a16fd2c8a257d6fa7e8be0fe1a2726a8

SHA512
67e31c7dcb319a41efd19fcb83ac0d5de4bd99a4d8443e2439ad33badc8df13bfdf336f94ab26ada681bda7a3a89934b0b620d206e5d9249391ed1db006aa097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
561b47fefabac47058a197c707e77aea

SHA1
c42e34705ca288b2e137ae4a9bef42cd115bd7e5

SHA256
a1251d0543153f8351870f43aac2da28dbe3e076783e14fba69ebb2e93a610ae

SHA512
7688147879309d5ff30f555b0735dd0720807ee9d1a930c819074429c0ea891a40bbfeaf1dc701e2a498293ff47e4d2f79c89a78d95b0ebd5d990a748c0968be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d2b99b4d51bdad0ba82c73d6f90ef68c

SHA1
b8b1f71fc09aaed965018359a7f68850e8ba4158

SHA256
65ced1e2d4007a305d269892698b7831870a21a57235c397f6128dc8bd323425

SHA512
7abdca507c422f07083e61583b94a0134a8519ebe43c625e36e74064d123df4d8b5933622851b10d6a6d88b7c3b39c87b2677169efafbd305f301b36fd9712a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b38095939c0fab862db7e41d154c30d1

SHA1
4894a695e20c67b2f4dca8f781ca2e49b16c03f4

SHA256
05e106a2eadcf4db99d4742a38c7e266c1bb902206c0b862862b7dd2dc77cac9

SHA512
94a7ce0978c82d24e902ce247c4057d223310c4cdeda6ffb53e5c814bfccfcfd000c1e78517ff8db8ff01f00bf3d6a16624c329277b4a77ece879e23d24d15a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d1ad1babee5cac25423d07e0ce67b724

SHA1
926384795bced4272d328c80cf9b91a8d07c793d

SHA256
8d55845209871c13c49d830dcd0898a24d39ed0f48395890cd14a7949ca553c6

SHA512
2917c2d7c7f67e7d3ec7ef564db55e07c56a55ff5113f4e1b4f51501c2e31080e1bb6da9b0ad05918e961534969fcf6f4a3f15be371a0bb346680dc5da04b014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3097e1ea372e54e57fb8838cbc1a2cad

SHA1
00763eb7a10343d32fc636a9ca02124c130b0296

SHA256
564ef533037ef0aa8ced8959eabd4946a2c2269fdfab303e41d54d2004bfb3ab

SHA512
c45f19927ebb19f7dcd0796d947332e87f9a9f57fdd7e6386fe124c362c789500630852425193a13788fa88f4c892f27f28edc41bf22edf4b0a2845a2550eb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d7a57faf30db18d247586b4ac3f3092d

SHA1
a685b28b8e68985df70a7430a62690b84810d8fc

SHA256
1b513822303ce58fb5e3820102bafad53fbccd986283319beeeecc4580ac2c4e

SHA512
7fdf76a815578e326db78442d4b8f0533ec45f6c3d1a14c4d5b11cdf67be49891288484f6a99e7ea4e5d095369d46babc73b29f75a810f8ac27bf32980fba70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ccb0351f0b1b738b0b428fd6320973a6

SHA1
97d36ee31cdb3587cf241b8d4cdf71dc62667f70

SHA256
90d4f74599cefe70c48025f7adb04ee71df99c855f5aac6c90c76c3cd61b443d

SHA512
1f30f6500bd69f07571fb52cda924e4710678fd5f315d80d171bc65126a57e9f586e68318720f26c19a1120fe3339ace930a48dc24fff6a21d31de7da4f6b522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b259827e4ae9448c9188c3caa8948d79

SHA1
23a38f2acb7d05c6b87fb86e442d75fdd5ec0259

SHA256
d3cff20946797faedda8b39896723fafd068e04acd592adc023e54382051a185

SHA512
255b98e35152702317bce0ae1f5292e3aae750f6df767a939b010a7ccee0f9522f7df399de95cb4e51efa943feb64fe14d17214fc1d14c0a7bdbd0f646c6a3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
48fc837fa421df5b72177c196af4b11e

SHA1
466d518a6c7bdb8976f6fc7cc776f2fa0d27e399

SHA256
771e441fa48b1e18328d06ff5b8bc1d5215861267df83dbc601efc484e0a1f28

SHA512
5d2b075ff0684b63abae243ae2076bf653f047d63f5dcfecfdde87ede55ee9af1639fa5e6c371fb86dcc255523413c8c06baa597fef31b3ca80af4e08dd01a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9c3fdeb1a99d962a1e7cf1a3005c5b2f

SHA1
e680582bac996303f1e5441cb3625e5dd1b30e03

SHA256
e866358389a909d1a7e5913539a51731797b01d9687fda1aa4966cdc6676418c

SHA512
f6486655386993b66c0fb49ca9f94ba470046f41e027feb4b13319b7dd3c67bf8dbe290876dcaffa39b353ccc47fd55a0e4917f35996ca505740d39ad9556745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c2b81fe6e732885780eedcf6dbeb9b1b

SHA1
d3fec2bcdf2bf8667e559e5067351265354ef64f

SHA256
ba3e0dadd2415c5de2e8e84bf23a865723dec2944bbdfed95731ae46d86be3a3

SHA512
dcdf2d84d324ca393c1f05d745385428e05cf68f95a22f14eeb1986e5eac7e963244e39f35dd7788b252278074e6589a07b19e83c2149cf1ea63b1f8a129152b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8dcdd10082209e6fe94b6a5448233b52

SHA1
9b86d412fc0b431831a59e79d662fd27c0323879

SHA256
3d3c6716bcac1c6aed2dc7ddfd6539045e8f74783b6cdfc37f651c2392aa058a

SHA512
0dccdc5883d1c4515e9ebf15ac164afc23e7377f960d0dbef3e992962e0764ae50b8f73650c8bf2bd4b31bae18a277b2835947f9c7acf527e06d7863c729750b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
12d52cb6cdb14507be911fc150d70884

SHA1
fca57060f3e322910ae34306b6fae2e7bc786975

SHA256
35476e7fdf5ef96358e725bc84b36e52f23d2a37bcfec65e083d866c323caa57

SHA512
2fc215af721b2734b14330dcb79472c062481682cdcceaf672ae54bc25430d0f60e1236a51829c22c92413e5d144582674b2b71b9450be5d40e42e7b8eaede17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
783ed588035a96790c93a888660a6633

SHA1
446a0ba2bf362b14f50dff58960e132d72cde54b

SHA256
66329b1edaabf20f026aa8fc22bb6991e8620889c9024beb7f2469ae9c0981fa

SHA512
6c724e7dda3aa6d9c67d3f8e6d5135bcbbb8cec03ce960990f5fd1aea2552391e3dfae20cd90561698e11d074694c307179d6680bafad09326954ebcc1ef67ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
0e660192928bc68b0da9a93be41a64c4

SHA1
0bc638fd308a4709c9d917ecedd13264330c64e9

SHA256
6727af575abdd1af2336eed2f1ab88c2e7929b6bfc0f097c53a253a618d356c6

SHA512
55392a15ece66fd4ce6cdd88bc8bcbcadbd0840142f2f0d79f5cde14cb208eff1cf649fa28eb37d209d34d472f50076f87a4ddd258648bbea592a7107d3f3005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589f0a.TMP

Filesize
539B

MD5
0f0d481f0ebe0ff142c2a81b8e3bb79e

SHA1
3bccbe7b6ad503db03a9035c1920cc9b24bda715

SHA256
31d54597514e43aa6723e7eec5dcdcf6e8ec0c2f258dffc687e455ff326960cd

SHA512
57f86a549e3aced507437253622d6af3a49d59ae22fe85ba775cf5c7433002a46321851e8884ea7cd832db7aa114fc8cf4fe130c0335c8e235804fad7b2144f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c824275308b587ced31845ca938d4e46

SHA1
1cce92ead699ff7c3c1eaadfd3a38836405ae717

SHA256
1e96c8608cb33ce0deabfe31a40d1e8650d44d354a9f4e66d1eb1131dafe50b0

SHA512
696a84d87eca519838e0f6ab081e499df21c34fda9d029d7a6c501da22c20054c92ef1927b2135b813bba82567cbf86b1983917b47d5075337a3db243993e157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a74047fd4548e6bc79e0c0f5c1329322

SHA1
5e94b337190d368f9b2370a075dfa04f1dc09e13

SHA256
5c4ccef261f032d083490a14d5a17e8aad0f928925f23f93147ea13dfbb9d1c9

SHA512
872ff5aec5cd27c3b55c51224818cd86f01b641b3170c2b08b7d66749e1e5bac8e60ac45d2ab183425d6d71cf82ef1651335ee8c397e1f7f1096c1fe8ccab4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
80e1112d402303705ff0abdbbec2d680

SHA1
d10bf9ae89ccb81dcb45068344de37b8aa4c023f

SHA256
23a5358fd3bf9010fd924370c2a47a2cce775b7dba543d21e2627456b485a968

SHA512
9aa00d2d00334f8864bf1719d90282452958437f7387f93bfcdc7ef452936827b64ccd188201de2d71cb691d734b1c56323129a6e35ea38654a2b2572aa54718

Download Submit
C:\Users\Admin\Desktop\game\Sonicexe The Disaster 2D Remake.exe

Filesize
11.6MB

MD5
86fc882cdf153981c7ee71fc59874d27

SHA1
d898f8ae82da6694f7aef970dec65fadb8f8c80e

SHA256
0c3cf5a5b27b029bfe12953fe3bcca29981ce9be34d8a3e208a3865106c7c067

SHA512
af4d9c31f16c59ac7ec6acf619c99e676a2c13100d3e7238283e1f6d68dc4789437cf661571595c3cc56ccec1d7134266ea0aba8510813a9710ed417995e5265

Download Submit
C:\Users\Admin\Desktop\game\disnet.dll

Filesize
35KB

MD5
43e6b797d495feecd1878494fc68af05

SHA1
6728d23ca1062f4b00b993dfa3ad85e8ae6f9162

SHA256
bf96633a717d980d744eb5cf151566ccd5e3a940eb9817d58cd81a87f2096a61

SHA512
ea525b6be5dd5d07b6bbcf2dc8dec655362c2c22ff8e32d5f73a6d17646201f7ebd5b07ed0d0d98d765e2d02f84db4f9edc93a4aa58c52e45f1fa808fbda5d23

Download Submit
C:\Users\Admin\Desktop\game\mus_logo.ogg

Filesize
139KB

MD5
df8cc6150fac7bc739712289ffeaa8a9

SHA1
ebf7454356301ced2d0673d3c8ca283edfa1ea03

SHA256
c37582ddba7910661e990c4de0f2bf2b954afe803eb9ed674b865beeb2dbc840

SHA512
9f489bbb026d782b698eddb5bbbc93ae62e042a78a3bae894de23d408f4f1db6011ab7e9c32d382537a0a07323883f483d83024880989dcc881848205febf2cb

Download Submit
C:\Users\Admin\Desktop\game\mus_menu.ogg

Filesize
1.3MB

MD5
975a3403ed9ab420029edd6c62e35a63

SHA1
ff7ff701811f21bdd4bf56a5c0ecad7d9fbfa890

SHA256
e6115c9f1d3dc88ba12ecf90a5cc40aa8dede106b1c79c81b444028ef615066b

SHA512
aff48f982bd19151d07e301d8840801057175dfc0911f330062631a07c20f79cf07ebc4f1b9218a9a479837dec4e24727ded30bc02bf2ed3a3e8693be9b2a4d3

Download Submit
C:\Users\Admin\Desktop\game\options.ini

Filesize
181B

MD5
752e4c0c04cd29b2cfd2df8afad68a84

SHA1
cc5af552cfc4c84d27e13fe5ca579a0b6a2b99a2

SHA256
a51f9fee1c6a57ddca60c8be51d3fad282ee4aada42a62c6c3137192a2044ab7

SHA512
a084c23977e917e7890e26b891e9c53522b45963e4f82b65fa27810361b601287af87c4ef107b0f1fed80f1b8c7a33513fb3a4237be041282e57c157538c6115

Download Submit
C:\Users\Admin\Downloads\disasterlauncherwindows.zip

Filesize
1.1MB

MD5
e32e2b46a2588574d83422788de44937

SHA1
9c0bf3cf21ed4749aa3937207736e31cbbd659ff

SHA256
ed1388f6c859cd81be0713934f549c7aaf9ae3210ea4d8203235de709dd1aa12

SHA512
518b0178e2c2e72b5f6bf2e4810d43e775dd57daa5518a5b2cf5441122b5a11667b92bb60546f1bcd04efc5ebe98b0393c525a1b9d587bdea722fee5808bbe1e

Download Submit
memory/5532-838-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-837-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-848-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-843-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-847-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-846-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-836-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-845-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-844-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download
memory/5532-842-0x000001F1EC4A0000-0x000001F1EC4A1000-memory.dmp

Filesize
4KB

Download