Malware Analysis Report

2024-12-07 16:24

Sample ID 241113-2jnyks1bme
Target https://gamejolt.com/games/GoodTimeTrio/382276
Tags
defense_evasion discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://gamejolt.com/games/GoodTimeTrio/382276 was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Modifies registry class

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 22:36

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 22:36

Reported

2024-11-13 22:57

Platform

win11-20241007-en

Max time kernel

974s

Max time network

1153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gamejolt.com/games/GoodTimeTrio/382276

Signatures

Downloads MZ/PE file

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Good Time Trio\is-N6LKF.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-FU1QU.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\locales\is-RSR82.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\nw_elf.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-B54RK.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\locales\is-H9919.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\swiftshader\is-EN6RF.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\swiftshader\libEGL.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\ffmpeg.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-SDFTI.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\node.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-E2NO8.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-2KCKC.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\libEGL.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-OB8VG.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-A062A.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-6DPVO.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-4NKCK.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-LA6I8.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-7QUB8.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\nw.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\swiftshader\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-1QMH5.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\swiftshader\is-JIAP8.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-63GV3.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-VGPUU.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-J087C.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-B6AUG.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-D594J.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\GTT.exe C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-RR822.tmp C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\setup-gtt-64bits.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\setup-gtt-64bits.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3973800497-2716210218-310192997-1000\{A550AB63-EDAD-41D9-8C97-D0C87E251F80} C:\Program Files\Good Time Trio\GTT.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\setup-gtt-64bits.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 44724.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2872 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 4328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 4328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2872 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gamejolt.com/games/GoodTimeTrio/382276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82c083cb8,0x7ff82c083cc8,0x7ff82c083cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4988 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004E4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,16494347429917737838,4427282292502264626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8

C:\Users\Admin\Downloads\setup-gtt-64bits.exe

"C:\Users\Admin\Downloads\setup-gtt-64bits.exe"

C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp

"C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp" /SL5="$70268,58896883,58368,C:\Users\Admin\Downloads\setup-gtt-64bits.exe"

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe"

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --annotation=plat=Win64 --annotation=prod=GoodTimeTrio-Undertale --annotation=ver=1.934 --initial-client-data=0x264,0x26c,0x270,0x268,0x274,0x7ff8289a7540,0x7ff8289a7550,0x7ff8289a7560

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=GoodTimeTrio-Undertale --annotation=ver=1.934 --initial-client-data=0x17c,0x180,0x184,0x174,0x188,0x7ff6c0ccd0c8,0x7ff6c0ccd0d8,0x7ff6c0ccd0e8

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=gpu-process --field-trial-handle=1684,2972511487074495799,12097495997614737469,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --disable-breakpad --start-stack-profiler --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --start-stack-profiler --service-request-channel-token=16697751474103197941 --mojo-platform-channel-handle=1752 /prefetch:2

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Program Files\Good Time Trio\gen" --no-zygote --field-trial-handle=1684,2972511487074495799,12097495997614737469,131072 --service-pipe-token=11678646036337151723 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=11678646036337151723 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=utility --field-trial-handle=1684,2972511487074495799,12097495997614737469,131072 --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --service-request-channel-token=4242776944699947570 --mojo-platform-channel-handle=3064 /prefetch:8

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=gpu-process --field-trial-handle=1684,2972511487074495799,12097495997614737469,131072 --disable-gpu-sandbox --use-gl=disabled --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --disable-breakpad --start-stack-profiler --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --start-stack-profiler --service-request-channel-token=5227361967659180057 --mojo-platform-channel-handle=3924 /prefetch:2

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=utility --field-trial-handle=1684,2972511487074495799,12097495997614737469,131072 --lang=en-US --no-sandbox --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw4076_30607" --service-request-channel-token=6317962564681750355 --mojo-platform-channel-handle=2148 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 gamejolt.com udp
US 104.18.5.160:443 gamejolt.com tcp
US 104.18.24.184:443 s.gjcdn.net tcp
US 104.18.24.184:443 s.gjcdn.net tcp
GB 142.250.200.42:443 firebase.googleapis.com tcp
GB 142.250.200.42:443 firebase.googleapis.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 184.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
FR 18.245.175.55:443 global.proper.io tcp
FR 18.245.175.55:443 global.proper.io tcp
FR 18.244.28.23:443 abcheck.proper.io tcp
FR 18.244.28.23:443 abcheck.proper.io tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 104.22.74.216:443 btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
FR 18.244.28.120:443 rules.quantcount.com tcp
GB 216.58.212.238:443 fundingchoicesmessages.google.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 216.58.212.238:443 fundingchoicesmessages.google.com udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 92.123.26.153:443 pxdrop.lijit.com tcp
US 130.211.23.194:443 api.btloader.com udp
FR 18.244.28.105:443 api.enthusiastgaming.net tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.77.2:443 i2.wp.com tcp
FR 18.164.52.94:443 vplayer.enthusiastgaming.com tcp
US 35.241.45.217:443 pghub.io tcp
FR 52.222.169.27:443 sb.scorecardresearch.com tcp
US 104.18.15.32:443 download.gamejolt.net tcp
US 104.18.15.32:443 download.gamejolt.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.18.5.160:80 gamejolt.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e11c77d0fa99af6b1b282a22dcb1cf4a
SHA1 2593a41a6a63143d837700d01aa27b1817d17a4d
SHA256 d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0
SHA512 c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

\??\pipe\LOCAL\crashpad_2872_TOSUWIQOKEOBGSTA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c0a1774f8079fe496e694f35dfdcf8bc
SHA1 da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3
SHA256 c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb
SHA512 60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec39efd21857fa221f0c195e70c847ec
SHA1 202213eb557ce651b89b036fde5dd6dcad13cdef
SHA256 80ca3771ec051cfc94c76fd6412b9dd3ebfdb4fadb1de7c8d6865d84686080de
SHA512 8f375d262135c4dc70f7543ba700693f5e579c9c6469d43b250a5433de87f0718c40ecc461d9d10a313ae28c6630c27b2ca64457d213b46ef8d4222a2ad5d8f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ffe86e9e4a6a84306506a0f9c6dc1296
SHA1 bffe1ee626c2896efa3f340a2082c9cd7a6e8ec0
SHA256 98e3fc5c384384bafff6ea5d9e37b2023d5c33ce065071cd097d9836660df096
SHA512 15c1df23529a5df5e0416aa508faa2452550c90ff84b012961f184665ddf42f42a2e5042bc07047ff904248dbe3de371045854a8136622f0d53c41f843962953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f71b3a970765ee26aea47bc104f4f28e
SHA1 7293cd8e0a4a27a1f2fb62afc8f674a8b6c77f97
SHA256 199dd6c23fe3b5ae388162a12d9595efa5ddca9e94451f46794b529509945b33
SHA512 05a99d41b61e4e7cd3743b139d18f2685839f440e2b6f9d135a88139d15f93daac4efc454324e6441905f0d8cb0a9a99fff8670f3b2bc8c5801b8e81c9b5bbdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5102d1d936508dda9afa789706ed9c6a
SHA1 44caa694705460223962cbc557b744a0c75d2efd
SHA256 a9532be9fab69c916071392f09dc1df9d84f350ba1c7009d817f79c7d1cc6754
SHA512 e6bac8d113cbd1f856caafdf09913c4901f6664fb2c1d575808b3487217339c2fe929fdb86d4741d2eb56cd2638763c4cb60fb3eab13ea4cb13db2a87d80e984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\08ba144f-9589-441c-834c-2841e10dc49a.tmp

MD5 37cc9c53de7f1417a1341bc0fee86df9
SHA1 db41a966df3891b23d3f4761158fd0344d05867c
SHA256 0b28c8c19367d01ea943576ee1677b1efece7f1ce2dbe1a0bdbc3b5b22452513
SHA512 089fe762dc87734e5f71e7e41009a22cf2b5354c62ac5a9e3bb950751234a7f3d2134fe69a4dacd9ec1c86256bc3e2cc3af02522284e042f9987535474612fc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e012f9f69006d1e7baa31903ec2ebc2c
SHA1 7412cc455bff0ad79fa8e281cbf686162b906d48
SHA256 d3df6c53dee40f04897ef552c703f3de3c8b39b3bafc33693c0a0fb729b38e73
SHA512 1b6daafa74608b302ade1566427baeb6c6545ec3e3e71ee8c537e3450f1f419e0247081158f3af1f5e021e8ab3848e083c0a49fd3705072738a78d9af3dcad8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582cb8.TMP

MD5 5243f398a383a9387a8a89754aa2338d
SHA1 2e222a20f8e22626ded049f9069c1cf5a1c8886e
SHA256 cf8c74f2c3bf9c885b17d80fa4aed55aec2025f12cdbc166d292b05cf48dfe2e
SHA512 7f153764c2973a9460d3fab66b76a8bf62742fe78500aa380ffe3279e33cf46b6a9f4fd1e4a5cb3375a9d77380c9162ff818fdcac225238dfa441b7aade42b3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a1929c26d6769ef437284c8864c827a0
SHA1 ef0cefd6ad3fbd96c2523255f31d0ff853017ded
SHA256 c19477d71eb6e3a10fbad4b9e5222fae454113460065e1f210178aca6ff11667
SHA512 54b4f572e8483d6dfd26ec4584b5337d6c46638798f418127deb0aa72f84c22192cf3f6fae2a34658697e19be18c784ae90add6de14708bdafad41f05c25aeae

C:\Users\Admin\Downloads\setup-gtt-64bits.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

memory/3732-286-0x0000000000400000-0x0000000000415000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-K677S.tmp\setup-gtt-64bits.tmp

MD5 1afbd25db5c9a90fe05309f7c4fbcf09
SHA1 baf330b5c249ca925b4ea19a52fe8b2c27e547fa
SHA256 3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c
SHA512 3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 87f5ddfa6bc7729f4999f46c3be132f7
SHA1 0447411052734c4d33979d57dc12917a547231af
SHA256 1dbec4678c58d74c39b84bb950d3b8582395a770ea9560b43e0202d9b501d83c
SHA512 1f4376d95b150f778570182fbdd10210eedf3e6031b7c6cd8fe248cd035a6dc5558956af438bf0134371a908cf212871eb4c218fbb7abd3488aabd8c860df323

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32276bccc7887f2c40d3e05c84287b58
SHA1 cec386a6be411f0ec055c91439ff4bfdf49ec43a
SHA256 27857bd203e2999739d958ec3981055080d5fafdffa45d66352f8bb0e9de299d
SHA512 a4609c5383e98a8206859d52403e6db654b807e1732b82e02ecf6b399532f37aa4cf2d7474a5d8543b9fe95b8c6627e881d47e3027c373899a97026b9230763b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dca7f9eff546cdb78468bcf99441f8ac
SHA1 50cf2b3f27b0d6159e4def6bc860294435f98e38
SHA256 466c6e716c231cc10671ab8cd8de28390bd83ceda9c7499b23e1656974316fc6
SHA512 4bf720613471870c4267b0f3864dc9e21ff9084e1ab4238fdedaa60fb9b3a89d1fa415f3c1cd88bdc2f59109abfbe50f64462ac3ddb79143b176fe5d5a170730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d5deb2cef412d9effdead6d4a871c66
SHA1 a54f515aab04bdd922e9776db7f1d81929d6450d
SHA256 d0aa8c8c2caaa81e71ed49e19a0bf25650f30ea4cfe077ee30f82d02549bb2b7
SHA512 9c4c77c8274fdbf041940aece1fddfe36bf8fa53b8db901effa7fae7b0092ae09e252f7a5a48bb7c47e4d6259b75a7eda274d044b1bb6d532a296966741c356a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7d42ecc36783cdc51198bfd5b6f0c3f3
SHA1 73b8f5dec82fa2ca7a5b2c2c8195b93dcfa38ac1
SHA256 abc513ea9fed3bb9603d147bffea47dc7031069fa5960387b6656f7a2f7b1531
SHA512 9a1e0a54083c7cb1169d485e1871136d6c47e12ca43532e4a82f474f7f50ca192568f47871e82a74e72fef978f9b9fdb46bec28ab272b319551080f76ce91325

memory/3732-423-0x0000000000400000-0x0000000000415000-memory.dmp

memory/2724-424-0x0000000000400000-0x00000000004BF000-memory.dmp

C:\Program Files\Good Time Trio\GTT.exe

MD5 3bb787dd429cc7955c0b9afd26c38ac7
SHA1 561173ac4623b12533a5fe03e972c39ff6d6cecb
SHA256 04d603fa003fffc3972b21edf1932aa07d74ef20246ba5fc1ba63ac8838413e0
SHA512 b2c10615296d315053d8f10d5c06904a1aab484e482a41556999c7515a51410fcdaac51725a8e4b977a57b9e5e73f3d68ccb56f89c6657083ab40ed511428016

C:\Program Files\Good Time Trio\nw_elf.dll

MD5 280840c61dd8d76ff795db37e63e1328
SHA1 9a44944f6dd280418a7b47ea28b377a712ebdd3e
SHA256 c7b53649d69d5b82289eff1ee99acbb45225a37a39dde1a51f43f852ce7074c3
SHA512 6048de620523f35aed3855025efc4e315359fa9a3037647c1eaa7502c059d4c2d0ab86dcc10a68f75a07b0a9bf5e8549aa4c14e01fc0b052eb1910a7aaf2d97f

C:\Program Files\Good Time Trio\ffmpeg.dll

MD5 255d0b61f88349ba589690e5133dd374
SHA1 027683b335ae1dd84b20be4684b000727f88fb84
SHA256 c5aaac60a832b992b107596403b89a3185981df4025b4b1b43c9acb1d044d214
SHA512 ee422e1d2259766f69519c631878ffb03ff087cd7d22892f713fe063a40ff0b008773e263efe4734e533c8fba0031ede1e30e735edb7f67ad8da21cf272c2ad1

C:\Program Files\Good Time Trio\package.nw

MD5 fb74331646ef02236a963ada82d603d9
SHA1 8e4678c8d3f7cb1f88dd00b0caaf71d8cc0d5192
SHA256 9b59c0c15ca5b9d2027685ff188aa4f96c480ea8d9f9092e38a3ebd2182ee1ad
SHA512 c2cb2167a77a2086e3c52b8d60349e84eadc4361d5871e3a3c042fd32ac9d7f47df7ca116f0dbe68cd3aea700af7c0d71d706f4d2ed8ddf66bc51c0962f8a489

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Crashpad\settings.dat

MD5 56e3414c4df52fdbf2e4257cd029d9dc
SHA1 d2409c5d8eb6a2f6cd2bee491f6f4fb4d911a9d7
SHA256 487c1722abb2285952df2af8d8e3c7ab3478ceb220df2d3aa3b0ca46ce79fc9e
SHA512 dfb17ca93520c88b62636e3bff4096c3369db07cfeba28de10a5794a17c215c0f8b55e1d1833e65ad416f64db4cd549fd6a7bc84eae29ccad470abc6593da7af

C:\Program Files\Good Time Trio\natives_blob.bin

MD5 ee8117cf109aa1e47599b6b6bbffc176
SHA1 5860d98d47084650ace3847b956686df01a32d14
SHA256 05620c1db015ddfbbc7dfe39afb14c250f20090a61d9aba8dcd55e6a1a649223
SHA512 49cecab0c2657e5c9811d90bc65bc8b9763bf51b033c27b6db159354911865729e62f47dcde8598c854d2d458296cddb0de76697687925892a94e9e45edd6730

C:\Program Files\Good Time Trio\v8_context_snapshot.bin

MD5 da8049aab4eb4ad8b35d9a5699d3166a
SHA1 92063f45b4db9be2d733dd7d4f68eedb938e7344
SHA256 9d85017ff3efe4b8a1cd1e01674810e9e158bc6773a24afcebb7426ffde1e662
SHA512 4d328ef947d392dd215b257d826669cf43e5c77e310ec11c46c96ad62f16e79c54116604a48dc103b0857ffaa5a52c209f48db7ec21b6598ccd1bf1bcdafbf22

C:\Program Files\Good Time Trio\icudtl.dat

MD5 59e21005a68ed37eb7019091301b2c6c
SHA1 0161c874d50f245238b8683381b3c39ced4873f7
SHA256 75b9d0e6c2ce9d8f8abd53c7198f614ab77af4912b39cb9a0ff272a7c2093b95
SHA512 40241f90bf4ef435a0449acfdec416c8a86c9db9219a532b27ec7dc265d731809dd1932f97b8695d425b4597d5c9c08149ea8bff8324a4a27077e4ed60cd881e

memory/2724-596-0x0000000000400000-0x00000000004BF000-memory.dmp

C:\Program Files\Good Time Trio\resources.pak

MD5 ef3d57cb0691f523a8b64959bf00c2b2
SHA1 13e586b9f7177d8493ff3dee53a60eda2c8e6a6d
SHA256 7d3bbf3358c50ea1e29d9589a14e35e2a30a23d45be9890fe75139a4415a5add
SHA512 fce17bf6618518972b2df4548f243ecbb2b69c28d8c4261cfcdfb42397ca205e55f2f6d59da5d2dfac4a3260bd85f957d683cada6b63e4b4ca29388da691574c

C:\Program Files\Good Time Trio\locales\en-US.pak

MD5 04401732451f77ad1987f25c8d1361be
SHA1 270fb5000804cfde8cf84ce6a6e9000e157f7ff0
SHA256 bc1a09ef4a2d3cd3a8e1cb5f53a3084d4784dd08af9bb77b7db192b50a33dbc2
SHA512 b0e824208681dc6975286df88a33acc4e70a10880ceaefb78cb75e660e8b4f7cad5d31e5ad7d3afbd22f54ef8ee9e0cac0488166ff6ede0bfba51f7ec2b85d41

memory/3732-601-0x0000000000400000-0x0000000000415000-memory.dmp

C:\Program Files\Good Time Trio\nw_200_percent.pak

MD5 ace858ac81bc85ab3bef4bd93c41b9de
SHA1 711057ad9d8b44fe4a73c3803f62cc0652b428d7
SHA256 21b218442314fcc8b2df115098b0f523bd60aab5a29c527049ce1715634679e6
SHA512 9832d1d49c50d2abd20f506a6cfdbcd1f68e7125813de1ef7984ee8f7dec0b09730873ef10c63aa20e4fdc7944d19533489060e13d8dcd7534626192e992ed3c

C:\Program Files\Good Time Trio\nw_100_percent.pak

MD5 e62e8d6498334fbb45307fb1c7e35f34
SHA1 6229403b9aa9639b0e9ad68e9e5fb81bef5707ac
SHA256 4b722dfbba1c29e0b266cda8b2c11c06b8767d6f5eaa4275aea7b8fc0cc44c90
SHA512 94ee92369be264e25b0a79b4759824ce7358fb6ae16d31cfec8ec2b143d3d24c1b777b436f00093722b52547b4ab2709623744e6b28caafcd85cf09dd65483a8

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\ShaderCache\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\nw4076_30607\package.json

MD5 cba53b649bb9439d11bc466258cf1b18
SHA1 6734330aedc3732e51743fa6d7e90d5d5de1b01d
SHA256 4d0bd4ee1d44227cde2abcb6ba08269ede289a6c59d55e542567d91b2ca27986
SHA512 b70a96a85491d12bd9d393cf024015943be55a882fecde762f72ce884eb2392a67a6c8dc236f165e666668450f26c6e4c3196d9482bb7238d791055cbfa7d1e4

C:\Program Files\Good Time Trio\libEGL.dll

MD5 ae45849eb409b4c6e1336f919215e830
SHA1 62f2769912980027e51186e3552aeba200608d3c
SHA256 3b8b07fed4151844b03da084025683d5af46bbc089f13749f3fa25cd2d6fccfb
SHA512 713bc3617aa686aa60e1e77ccd2ff6140b0b02661dd2990abbc43391c7970ee5c3528bcc2c841eca273118ade94ab901e65fd16462ae624b17c0a8f601adc053

C:\Program Files\Good Time Trio\libGLESv2.dll

MD5 a3e01573229c4582e9f5db79859b1346
SHA1 9677fa06b5ff31f623347c2c237e52668872b70c
SHA256 df4f6e2004ef0231a7b70af1236c8cacf2899ca61a50cc36ed964f7b46961c40
SHA512 5012582c96c14de36f8b48cd9d1bf278c49b4bfe5193bcbdc7ae5d7294bce02f47cf68776e94e116c00271d4f8d4872f7b67aae20590d5549844585e8b260635

C:\Program Files\Good Time Trio\d3dcompiler_47.dll

MD5 222d020bd33c90170a8296adc1b7036a
SHA1 612e6f443d927330b9b8ac13cc4a2a6b959cee48
SHA256 4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3
SHA512 ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

C:\Program Files\Good Time Trio\node.dll

MD5 da1013c2c19014c262d3205334522d7b
SHA1 7de0246fd20a1c4da55b70d6c5be8510489117f8
SHA256 954c0c9aedb45a408607b4f2f4921a5bd266066deced6b92855280008ea6cdd0
SHA512 2698735e059c49723d5a865990099107290d95816c896aa3c930b1a646603913b3f85964012f7310af9df1f31f00ad0d1ab7a78bfc98527b2f8d74fb314a27cb

C:\Users\Admin\AppData\Local\Temp\nw4076_30607\icon-128.png

MD5 1787ce002aa4980dd8dd756ad24c50fb
SHA1 d8219da9916d6892bb5130230e574dae8416d090
SHA256 0f6894d0a404e4d920b3248250c69b6bb61b2219dfb863871b484cbebafe9587
SHA512 f4bf8db7c9dbb2ff8ba4ad51482fee11d8f782e67f4e87df2caf309caad9b111e13c68c68597fa43a45644e86367ded851af73c1455a5a8942e11fbeef874861

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Cache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\e817c847-1f8d-461e-bae1-cddc6c69dfa0.tmp

MD5 9eab44d6793c8c5e5099c8bf1a84dc11
SHA1 82baba45be09e8ce708d708f691bea2bf49b701b
SHA256 d676db587a5800d90d4903c19bbf873e93d77f60991a7162a7cf77a582639335
SHA512 8147da8b62d15f2e61385581b832a31e17004175ae0b59dbbf5eb8dfe2b8830b8a6f96c0b6a8b23fea0ff5ec3cc2c1fd932fb1bf98d10bd880250ebdce20bf15

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Local State

MD5 cdb7bf9b5c714120f6175dffe2c9a4b3
SHA1 907c32d11cd56036905519220317d6e5a0439383
SHA256 18a196ddce11e9de41b58897b7772ff517cc7a2c15b2d67c5dd1b6159af40b70
SHA512 9989fb99be599627ffcfeccc1722918ef4872b9f54553377c5467e5c3041d3574ee36852c0eb062582c895326ff19d9edaee90e94b3a1ac894640ade4d5a1bcb

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Local State

MD5 b4ccc893e249f0dde3d43b1f81e770e2
SHA1 7a7067ec5e9498282b4fb63334ac01fc7bf66d04
SHA256 ef1f1e9bc98263026ab3f874cf2015a7aa25830fa40699f9ae1e6c64c1eda20c
SHA512 69731bd620e68ead378e5fb8f2ef498421f93ae8796488c5579a796f4c048d76a05b4a6e51766941fb19d0d093609c6c65ccba05e3faf3e7bdc9e12d23a3ab03

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\5e85136a-794c-4631-9951-343260ed3fd5.tmp

MD5 7c42de295a973f52614ee0ffe0f666d3
SHA1 c319378aa84ef17492cb84e1ff18e874b8d63e69
SHA256 fcf61cc4c7d60195993fbb9e0d05fa00a6dd9c0e8cb4fead66e3acc2cce12a10
SHA512 1ee554ff5a08b8d2ddaef41bd25f54c57225836c3469b9cf102397266578dad609db2bb6e9017960a780d00fa4a45764c5ca1abcb6177d3aaf60e23f6e8eb77a

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Preferences~RFe59b898.TMP

MD5 8490bb2bf5134ae23b6708c88bf24756
SHA1 638517d456269a3bd9f2b6210be3cef9520363fc
SHA256 17d238ff62ea9ab5ea2c6cd3c130fdc5c71afb0d1c4e60372001e2f0f488142e
SHA512 bac3eef48e21ef669ba0d6b3586bcfb53e7b6518a8cbcc552bb2edb06871b677358dc3b44ee06e380040b57911ea3b2606672e697eb15a78bebda21b6cd46f8d

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\747ce880-071c-4612-b35e-352129341b36.tmp

MD5 548c47690b2d3d97f1aacacbd7c97996
SHA1 829b9c75cb75075e0ec0bc22b5d2c8da594f90d5
SHA256 1769a3b0f19be8ae0b51e818869dfd297b0643f2242856c6d193d3f84dd76b8d
SHA512 54414b7d4562ac869575763cc210f5daa135067e399726defd973fb7fd0a118672046472aa1c6bb8f43f691c19dcccba73c75861271fa57196949e3ebd1ce0e9

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\cac2db1f-4399-4538-ac78-8154a98b9003.tmp

MD5 9803b39409561810c54fed10e356c07c
SHA1 3807554cc70b9e1732d1b086a67b729a51827108
SHA256 5453d54557037a30bf7a735e31bee990a28ea170e427b2f96ed957ee4407b390
SHA512 9bd6546b98f1b4c92a2cae780df2d4d93dabc2a7f2e12cf638652a2ed754779dd9ad7026dc7eb3025ce228dc43f07ea627a6dad226bf3d624484d96cc51cb958

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Secure Preferences~RFe59b898.TMP

MD5 77a7fc496fa1ad0e79697e824e04a7b2
SHA1 89a0f20671dc207a38e1876c25b9d1c17947e1f0
SHA256 1ec5293d208f0b962873f9b43bfca3fc6e6c33fc2a58a5636d43cd10fe52f6ae
SHA512 3e456bc6acfd592aced1e842806534ebb53deb358c217e01970f0d304cbf8a75ddf9096a51dc2fc9cc4b56195820c0cee7db62df333bf89e12faff996d44c3f5

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\8275d9a9-c2e9-4f3c-a6a6-938c4863bf13.tmp

MD5 cc5f41be086dcbbe7e6674b79ad46bea
SHA1 2b79e022208a9993edbb01be311a06cab98ac3a2
SHA256 15e026a3208397e2bff8bd6e1e2d8a860342b9866bd52e510881fabfd7081f3b
SHA512 9d6caeb4a2c802860190bd20661a0022e5ee4c30f8ad010dc8de1f22418be8a33ac82a5f65a1b2d438151d52e38eb0641066e7218b296d517e448123522bcb21

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 22:36

Reported

2024-11-13 22:57

Platform

win10ltsc2021-20241023-en

Max time kernel

1000s

Max time network

1155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gamejolt.com/games/GoodTimeTrio/382276

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation C:\Program Files\Good Time Trio\GTT.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Good Time Trio\GTT.exe C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-P8DGP.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-4V3AS.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-ITI0D.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\locales\is-B63DD.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-HBCPQ.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-1RJHJ.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-9DS8B.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\swiftshader\libEGL.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\node.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-PN1LT.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\nw_elf.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-QRQQH.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-D3L6T.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-QJN3L.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-KJDD2.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\nw.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\ffmpeg.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-7EM6I.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\locales\is-LGUHH.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\libEGL.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-TEIN7.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-IMR4S.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\swiftshader\is-J32O0.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-KQR38.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-3P64B.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File opened for modification C:\Program Files\Good Time Trio\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-GB88U.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\swiftshader\is-URA95.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\9635e95e-1b79-4179-b9ab-7e23876f47bb.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241113223710.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files\Good Time Trio\swiftshader\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-F5A1N.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
File created C:\Program Files\Good Time Trio\is-DFO50.tmp C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\setup-gtt-64bits.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-87863914-780023816-688321450-1000\{59393267-3CDB-49E0-BBA9-2985572717A9} C:\Program Files\Good Time Trio\GTT.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 399916.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Good Time Trio\GTT.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1224 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gamejolt.com/games/GoodTimeTrio/382276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff945ee46f8,0x7ff945ee4708,0x7ff945ee4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff734e85460,0x7ff734e85470,0x7ff734e85480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5496 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,10182180127016141803,18254030605439551768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8

C:\Users\Admin\Downloads\setup-gtt-64bits.exe

"C:\Users\Admin\Downloads\setup-gtt-64bits.exe"

C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp" /SL5="$502A6,58896883,58368,C:\Users\Admin\Downloads\setup-gtt-64bits.exe"

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe"

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --annotation=plat=Win64 --annotation=prod=GoodTimeTrio-Undertale --annotation=ver=1.934 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d4,0x7ff946727540,0x7ff946727550,0x7ff946727560

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=gpu-process --field-trial-handle=1696,13791124031464484159,987157082154214375,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --disable-breakpad --start-stack-profiler --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --start-stack-profiler --service-request-channel-token=13069449815818405656 --mojo-platform-channel-handle=1724 /prefetch:2

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Program Files\Good Time Trio\gen" --no-zygote --field-trial-handle=1696,13791124031464484159,987157082154214375,131072 --service-pipe-token=14482775236802473706 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=14482775236802473706 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=utility --field-trial-handle=1696,13791124031464484159,987157082154214375,131072 --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --service-request-channel-token=2936544350449226657 --mojo-platform-channel-handle=3260 /prefetch:8

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=gpu-process --field-trial-handle=1696,13791124031464484159,987157082154214375,131072 --disable-gpu-sandbox --use-gl=disabled --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --disable-breakpad --start-stack-profiler --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAAAAAAAIAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --start-stack-profiler --service-request-channel-token=2140317342746697864 --mojo-platform-channel-handle=4104 /prefetch:2

C:\Program Files\Good Time Trio\GTT.exe

"C:\Program Files\Good Time Trio\GTT.exe" --type=utility --field-trial-handle=1696,13791124031464484159,987157082154214375,131072 --lang=en-US --no-sandbox --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw448_22159" --service-request-channel-token=475563954849415770 --mojo-platform-channel-handle=2864 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 gamejolt.com udp
US 104.18.4.160:443 gamejolt.com tcp
US 8.8.8.8:53 s.gjcdn.net udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 160.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 104.18.25.184:443 s.gjcdn.net tcp
US 104.18.25.184:443 s.gjcdn.net tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 firebase.googleapis.com udp
GB 216.58.201.106:443 firebase.googleapis.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 184.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 m.gjcdn.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 global.proper.io udp
FR 18.245.175.55:443 global.proper.io tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 55.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
FR 18.245.175.55:443 global.proper.io tcp
US 8.8.8.8:53 abcheck.proper.io udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
FR 18.244.28.66:443 abcheck.proper.io tcp
FR 18.244.28.66:443 abcheck.proper.io tcp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 spellknight.com udp
US 104.18.24.111:443 spellknight.com tcp
DE 91.228.74.166:443 secure.quantserve.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 8.8.8.8:53 rules.quantcount.com udp
FR 18.164.52.51:443 static.adsafeprotected.com tcp
FR 18.164.52.51:443 static.adsafeprotected.com tcp
FR 18.244.28.120:443 rules.quantcount.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 216.58.212.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 104.18.24.111:443 spellknight.com tcp
GB 216.58.212.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 111.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 66.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 120.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 51.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 firebaselogging-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
GB 216.58.212.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 pxdrop.lijit.com udp
GB 92.123.26.160:443 pxdrop.lijit.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 160.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 api.enthusiastgaming.net udp
FR 18.244.28.60:443 api.enthusiastgaming.net tcp
US 8.8.8.8:53 vplayer.enthusiastgaming.com udp
FR 18.164.52.25:443 vplayer.enthusiastgaming.com tcp
US 8.8.8.8:53 pghub.io udp
US 35.241.45.217:443 pghub.io tcp
US 8.8.8.8:53 60.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 25.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
FR 52.222.169.76:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 217.45.241.35.in-addr.arpa udp
US 8.8.8.8:53 76.169.222.52.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 download.gamejolt.net udp
US 104.18.14.32:443 download.gamejolt.net tcp
US 104.18.14.32:443 download.gamejolt.net tcp
US 8.8.8.8:53 32.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 104.18.4.160:80 gamejolt.com tcp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6126b3cef466f7479c4f176528a9348
SHA1 87855913d0bfe2c4559dd3acb243d05c6d7e4908
SHA256 588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4
SHA512 ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

\??\pipe\LOCAL\crashpad_1224_BVJNLKILTRRRFXEZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6dda6e078b56bc17505e368f3e845302
SHA1 45fbd981fbbd4f961bf72f0ac76308fc18306cba
SHA256 591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15
SHA512 9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 90cc75707c7f427e9bbc8e0553500b46
SHA1 9034bdd7e7259406811ec8b5b7ce77317b6a2b7e
SHA256 f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb
SHA512 7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1017db9d57f409db1a08894dd91cce7d
SHA1 3b58c3e316db82d93ce789f2e39a9f5e66611252
SHA256 0fe655cbe07ad4b41049f777187feec76cfaac6540e098dc35cd5a3bfcd40d41
SHA512 da77575989abef4c4ed25e9b0fc0a192ff8ce79d1ab4c4440f6bd13ed8416804840c57c76fd9d38740fad85970fedda965f96eb768d08ff74c38f6551f763870

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 eaeec510198ee4dc004de3fc19303ccc
SHA1 51a90754380586756637080770854f3acf05f93a
SHA256 cf58e540c617642cc85cd56e576f62149fc883f5eeb938b7dd3ac874eb35631a
SHA512 d1abc245b6d4e91d7dca48dc9b0343a625bd20f3c2261a0605a64807deea4503a76f8b2e00c80fcf0bdb1f524526d420db988a492b5878cd4c5f15afee0490b4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4f1f20b1b748d08cadc3a5b942cf86a1
SHA1 79dd1937a89c4366693ae87099de84bcfea3c015
SHA256 00fbd6d636fe19eafd5af2aa80f467560a33e792281da594781d5ec1fd7311c9
SHA512 558f61fee8c2c60cad56c72d7c60f05864129d7839d4476a79eadc4adbc3efe0f3088ae85c30e6dfe4d2795b687b602303f88d75e2183604af026940ade1bc5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 948503c637121bf4f1603f509416c78a
SHA1 31c5ef6367854f2fcc19d6a485e48901f3a853f2
SHA256 e014f4abfdc1651ae0f46bf0a78c8743e771d33858ed25e1a89df228be8deef6
SHA512 7f7426535b8e8aaf9cc3c893f26c5dd87446fac75f6b4d3b226c3a69ddf00a3310187daa9a3c484009810ef5594d6f689b0b93f5ca342e24bd0252ba8b2cd721

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec1b7276eeb628acf554f14e553fe3fc
SHA1 bbc5573edcf07e8444a5aa00f05527218b235b83
SHA256 035c02f76f4b662a1578ba75d74d70dbde8fa334df3be28dd4d8dbd394724fd0
SHA512 602465ce6d52a0a60077261b2fcf7b98594bd8637bb3e8908bacf0b6e3e3ee5a64e2e3048cc867bcb1831819d57c5e4fb5b0cc0f32ee9071a1ccae0149b68044

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0d8c8c98295f59eade1d8c5b0527a5c2
SHA1 038269c6a2c432c6ecb5b236d08804502e29cde0
SHA256 9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721
SHA512 885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a85e7d870dc864af1aebb5bcffd9f054
SHA1 bf1af34fda515fbfc50080bc79c01e3f1a47e4c8
SHA256 8ae331613b64f5e8556bae5c43661bd0165e5ce75cc5b0ad9f8b42446d48e12b
SHA512 24e40aa13e6aa2f185b926ec5ef597857564391d518e9134aba8af2ae3d08cc5ab8ed14bac723a87ddb097698d85d4a5bd442b462128114fbcfe4ae7666f1bf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 899a34e60604168b76ff416b73baf949
SHA1 ddce7a2994a6da9e77ad892b45e3feb778c3b0ec
SHA256 d05c4078df183c13bb69a7d5252c8657296e9c6dcfd6c6a27046edaa37b2f80d
SHA512 9e70413156372e33c1af8bfa11b5dfd08913747cf6b0df40d94ef39070db385d6b37efbcfc3144503767719ac826b78185be8b49d635476d7b5a795fae9ec994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf0d3bc364dfdcc4175357072df68164
SHA1 4bcb7d7e9d713203f0d365373e93f942a3900db6
SHA256 33adef4b15c664ffbcaad16ca1ed59d1db73f7f4f2ca4c8ef736148c0ffa99a0
SHA512 c642f9a1ae73f9d77cd6a3398006ec972dd45165143f11461a8fdbca3142e3f8d30e996a1ef86a007a4a997c0504f14b68f8bcd8cfa522dd65b06be16cac1da0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e47566d9942bd82148a6171f795fcc2
SHA1 b16bc05505ca553a09e09966da6b282e8aacb95d
SHA256 2c6e7bbb87e8ed2c3c03ba8341caee0110f02f4d9b8bb1d149050b65995e68cc
SHA512 079a7f9f69df622cce00eecebf6e59514be7b64c02392aeea0bb9a7b524009c42ded964f06cd2b8269ad4edacfad55649974359dbb2c2b894ef74af5fe0bd601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58486e.TMP

MD5 aa5489fe9325043a0be89a19187397b9
SHA1 d30c2093c84e5644d94f734927f15058a7151e9d
SHA256 3f63e7627ef50cef3e98110daa516f3cd1470bd777f281b9f78bcbe52cba4375
SHA512 0284eb451e5ce53ad558fb3e3a915bb5f384fa7894e9708ea4843b0856861bc24d876037b443a7d8d5f8410b42e3f9c5b23a79de5c0964597636f222d5c04cd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 412d67a17c12f1c10c19b4b213946006
SHA1 3f9faa12329beec72e0dc83332df5c320398e646
SHA256 1a2e0523b3292b3ec100b555e223f10cc24ce86526905c130c43a771a3d4220a
SHA512 3a71be850a724347039eba83af9471ede30dbb3520ddad7e5004bcb450e07a99387ce0c23d18f77619f6a30353e19b4abe7e9e4e067512023f87b28e245a7cc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e04f48d4a266b644f5d2debdb57240b4
SHA1 ef69069949fb93ff280a4a7164f1674659d91ad4
SHA256 c7e62484b89a95dbf6d4d8fef1405fe0e44df88c673839d3a4654b22b4548d9f
SHA512 a9f22e9c8944184a685a566280ba70aa7ac671d0bb882075f8f1fbcae06b94cf7c4160e58202891406caec4ffd2c784ac13431f4e6c33188e274ada63d0768ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05f9d0e7d0aacaa35192942831e78edc
SHA1 8073672fdfeae90e4af8d11085fe1a8c0c8cb955
SHA256 9940443e602ce545183124929b4b024b4481d5378eec6745a915ecfff0610089
SHA512 213fcf4421e28bb9ef6001c588c4204ed57e324e778802bf5c40fab31ad301bc937b9d43d37136abf3bce3443dfe75623d714c035ae09e27f65d65507bb5ac42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a090.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/1416-474-0x0000000000400000-0x0000000000415000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-7BL15.tmp\setup-gtt-64bits.tmp

MD5 1afbd25db5c9a90fe05309f7c4fbcf09
SHA1 baf330b5c249ca925b4ea19a52fe8b2c27e547fa
SHA256 3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c
SHA512 3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

memory/1416-490-0x0000000000400000-0x0000000000415000-memory.dmp

memory/2420-491-0x0000000000400000-0x00000000004BF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f0aa77da1a93dfd0662a3527a10ea0f
SHA1 2bc32ee8187643ef5dd47ad859427874a8398f72
SHA256 8d9f2cb35660811af807c030f6f5366407f56542467f32426c0c63692b0a3873
SHA512 ed5e6fb14d9e172b0a2e6d19040cc7557466fe57a4078f54d8ef292cb3e30b0e4fa670240d83b6603725942ccc76b53f5b7ea3deee2fd86878f6bdc6f364a6e7

C:\Program Files\Good Time Trio\GTT.exe

MD5 3bb787dd429cc7955c0b9afd26c38ac7
SHA1 561173ac4623b12533a5fe03e972c39ff6d6cecb
SHA256 04d603fa003fffc3972b21edf1932aa07d74ef20246ba5fc1ba63ac8838413e0
SHA512 b2c10615296d315053d8f10d5c06904a1aab484e482a41556999c7515a51410fcdaac51725a8e4b977a57b9e5e73f3d68ccb56f89c6657083ab40ed511428016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1d455a207ccea7c24f3400c3b2876b9
SHA1 aeca6d026904df3cf9407df0f8a0980750189b2e
SHA256 586d91e100bb6623dc830189e3d5d8e2ab9b0d9efee671139915a49356b63171
SHA512 a0162f94c6137ad10852bb0e8724d1ee4ffdfbe9d0d086fec0ad4034f3f74aa1a080c0bafc67cc45fce7beb0ef550c2f524824f1023e8a3a0d9c2195f7004f47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f383c98d02d01772e5d4367b03989cfd
SHA1 06baae5356af7e44e14ffff01276e884eba2b9ff
SHA256 c404d181a705a3298363025f72439626b5859534bb3a7923015c9b66ffede133
SHA512 c0b3ab8ccc6a87839848b3552dc4ba97f9590f2461c583480ac952069379ba6f6f12479b8aea4246301697b1344884dad38d9b68e1ce6046c9d70b8c5a5291ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 28ed0a553c113d5c3d7de1b87ba5384b
SHA1 a4c152b7043dff726443fa42c8d74e9b1a83a338
SHA256 b61f2b8466083fbadbf19c52126f6cb4b733e55db8a1c49d522a99b57697ec40
SHA512 3efc347bc970d65710696e3c5fa85142ec7ad37753767ed7636d6fb16b31e2e1a931b0ce7f12102592d8e29eac38c835f4eb5ed544e157c2b43c72858057bc8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 2464e28bb7edb3ba97df3fe99bf91aa1
SHA1 b821a98aeba56e766ac9959ebb19c21da5c9e89a
SHA256 2089285b83ab60f7fdb776e3b1a610e4e938f46d6266be0bcf25b2141079e927
SHA512 0e131ab7efe8324a7172b39a9af6c6e80b5a847faea4a7af94cc53c01de3413535b236009017b33ecc569cf88186e1703beae85a2dc2e37e66e2defcbf407eeb

C:\Program Files\Good Time Trio\nw_elf.dll

MD5 280840c61dd8d76ff795db37e63e1328
SHA1 9a44944f6dd280418a7b47ea28b377a712ebdd3e
SHA256 c7b53649d69d5b82289eff1ee99acbb45225a37a39dde1a51f43f852ce7074c3
SHA512 6048de620523f35aed3855025efc4e315359fa9a3037647c1eaa7502c059d4c2d0ab86dcc10a68f75a07b0a9bf5e8549aa4c14e01fc0b052eb1910a7aaf2d97f

C:\Program Files\Good Time Trio\ffmpeg.dll

MD5 255d0b61f88349ba589690e5133dd374
SHA1 027683b335ae1dd84b20be4684b000727f88fb84
SHA256 c5aaac60a832b992b107596403b89a3185981df4025b4b1b43c9acb1d044d214
SHA512 ee422e1d2259766f69519c631878ffb03ff087cd7d22892f713fe063a40ff0b008773e263efe4734e533c8fba0031ede1e30e735edb7f67ad8da21cf272c2ad1

C:\Program Files\Good Time Trio\package.nw

MD5 fb74331646ef02236a963ada82d603d9
SHA1 8e4678c8d3f7cb1f88dd00b0caaf71d8cc0d5192
SHA256 9b59c0c15ca5b9d2027685ff188aa4f96c480ea8d9f9092e38a3ebd2182ee1ad
SHA512 c2cb2167a77a2086e3c52b8d60349e84eadc4361d5871e3a3c042fd32ac9d7f47df7ca116f0dbe68cd3aea700af7c0d71d706f4d2ed8ddf66bc51c0962f8a489

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Crashpad\settings.dat

MD5 e9772ed7ff2dea55c21ec700636f89d0
SHA1 273c720b4eb8f9599cec904b55b766de50e9988c
SHA256 6ec807a8c409d3ab1cfebb48abd058f2d15fa6eb405e4f97bab4e8d8a1fd9e8d
SHA512 b47e68c8b3b73234cc079a4f4551700798b0868c283da8d3388de80a6d220b83ae6017bf2c070a77c85e6896b022a388b1233c67497d91bc7e30f2c57e642e49

C:\Program Files\Good Time Trio\natives_blob.bin

MD5 ee8117cf109aa1e47599b6b6bbffc176
SHA1 5860d98d47084650ace3847b956686df01a32d14
SHA256 05620c1db015ddfbbc7dfe39afb14c250f20090a61d9aba8dcd55e6a1a649223
SHA512 49cecab0c2657e5c9811d90bc65bc8b9763bf51b033c27b6db159354911865729e62f47dcde8598c854d2d458296cddb0de76697687925892a94e9e45edd6730

memory/2420-821-0x0000000000400000-0x00000000004BF000-memory.dmp

C:\Program Files\Good Time Trio\v8_context_snapshot.bin

MD5 da8049aab4eb4ad8b35d9a5699d3166a
SHA1 92063f45b4db9be2d733dd7d4f68eedb938e7344
SHA256 9d85017ff3efe4b8a1cd1e01674810e9e158bc6773a24afcebb7426ffde1e662
SHA512 4d328ef947d392dd215b257d826669cf43e5c77e310ec11c46c96ad62f16e79c54116604a48dc103b0857ffaa5a52c209f48db7ec21b6598ccd1bf1bcdafbf22

C:\Program Files\Good Time Trio\icudtl.dat

MD5 59e21005a68ed37eb7019091301b2c6c
SHA1 0161c874d50f245238b8683381b3c39ced4873f7
SHA256 75b9d0e6c2ce9d8f8abd53c7198f614ab77af4912b39cb9a0ff272a7c2093b95
SHA512 40241f90bf4ef435a0449acfdec416c8a86c9db9219a532b27ec7dc265d731809dd1932f97b8695d425b4597d5c9c08149ea8bff8324a4a27077e4ed60cd881e

C:\Program Files\Good Time Trio\resources.pak

MD5 ef3d57cb0691f523a8b64959bf00c2b2
SHA1 13e586b9f7177d8493ff3dee53a60eda2c8e6a6d
SHA256 7d3bbf3358c50ea1e29d9589a14e35e2a30a23d45be9890fe75139a4415a5add
SHA512 fce17bf6618518972b2df4548f243ecbb2b69c28d8c4261cfcdfb42397ca205e55f2f6d59da5d2dfac4a3260bd85f957d683cada6b63e4b4ca29388da691574c

C:\Program Files\Good Time Trio\locales\en-US.pak

MD5 04401732451f77ad1987f25c8d1361be
SHA1 270fb5000804cfde8cf84ce6a6e9000e157f7ff0
SHA256 bc1a09ef4a2d3cd3a8e1cb5f53a3084d4784dd08af9bb77b7db192b50a33dbc2
SHA512 b0e824208681dc6975286df88a33acc4e70a10880ceaefb78cb75e660e8b4f7cad5d31e5ad7d3afbd22f54ef8ee9e0cac0488166ff6ede0bfba51f7ec2b85d41

C:\Program Files\Good Time Trio\nw_200_percent.pak

MD5 ace858ac81bc85ab3bef4bd93c41b9de
SHA1 711057ad9d8b44fe4a73c3803f62cc0652b428d7
SHA256 21b218442314fcc8b2df115098b0f523bd60aab5a29c527049ce1715634679e6
SHA512 9832d1d49c50d2abd20f506a6cfdbcd1f68e7125813de1ef7984ee8f7dec0b09730873ef10c63aa20e4fdc7944d19533489060e13d8dcd7534626192e992ed3c

C:\Program Files\Good Time Trio\nw_100_percent.pak

MD5 e62e8d6498334fbb45307fb1c7e35f34
SHA1 6229403b9aa9639b0e9ad68e9e5fb81bef5707ac
SHA256 4b722dfbba1c29e0b266cda8b2c11c06b8767d6f5eaa4275aea7b8fc0cc44c90
SHA512 94ee92369be264e25b0a79b4759824ce7358fb6ae16d31cfec8ec2b143d3d24c1b777b436f00093722b52547b4ab2709623744e6b28caafcd85cf09dd65483a8

memory/2420-826-0x0000000000400000-0x00000000004BF000-memory.dmp

memory/1416-827-0x0000000000400000-0x0000000000415000-memory.dmp

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\ShaderCache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Program Files\Good Time Trio\libEGL.dll

MD5 ae45849eb409b4c6e1336f919215e830
SHA1 62f2769912980027e51186e3552aeba200608d3c
SHA256 3b8b07fed4151844b03da084025683d5af46bbc089f13749f3fa25cd2d6fccfb
SHA512 713bc3617aa686aa60e1e77ccd2ff6140b0b02661dd2990abbc43391c7970ee5c3528bcc2c841eca273118ade94ab901e65fd16462ae624b17c0a8f601adc053

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Program Files\Good Time Trio\libGLESv2.dll

MD5 a3e01573229c4582e9f5db79859b1346
SHA1 9677fa06b5ff31f623347c2c237e52668872b70c
SHA256 df4f6e2004ef0231a7b70af1236c8cacf2899ca61a50cc36ed964f7b46961c40
SHA512 5012582c96c14de36f8b48cd9d1bf278c49b4bfe5193bcbdc7ae5d7294bce02f47cf68776e94e116c00271d4f8d4872f7b67aae20590d5549844585e8b260635

C:\Program Files\Good Time Trio\d3dcompiler_47.dll

MD5 222d020bd33c90170a8296adc1b7036a
SHA1 612e6f443d927330b9b8ac13cc4a2a6b959cee48
SHA256 4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3
SHA512 ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

C:\Users\Admin\AppData\Local\Temp\nw448_22159\package.json

MD5 cba53b649bb9439d11bc466258cf1b18
SHA1 6734330aedc3732e51743fa6d7e90d5d5de1b01d
SHA256 4d0bd4ee1d44227cde2abcb6ba08269ede289a6c59d55e542567d91b2ca27986
SHA512 b70a96a85491d12bd9d393cf024015943be55a882fecde762f72ce884eb2392a67a6c8dc236f165e666668450f26c6e4c3196d9482bb7238d791055cbfa7d1e4

C:\Program Files\Good Time Trio\node.dll

MD5 da1013c2c19014c262d3205334522d7b
SHA1 7de0246fd20a1c4da55b70d6c5be8510489117f8
SHA256 954c0c9aedb45a408607b4f2f4921a5bd266066deced6b92855280008ea6cdd0
SHA512 2698735e059c49723d5a865990099107290d95816c896aa3c930b1a646603913b3f85964012f7310af9df1f31f00ad0d1ab7a78bfc98527b2f8d74fb314a27cb

C:\Users\Admin\AppData\Local\Temp\nw448_22159\icon-128.png

MD5 1787ce002aa4980dd8dd756ad24c50fb
SHA1 d8219da9916d6892bb5130230e574dae8416d090
SHA256 0f6894d0a404e4d920b3248250c69b6bb61b2219dfb863871b484cbebafe9587
SHA512 f4bf8db7c9dbb2ff8ba4ad51482fee11d8f782e67f4e87df2caf309caad9b111e13c68c68597fa43a45644e86367ded851af73c1455a5a8942e11fbeef874861

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\43a47cb0-581a-44fc-9fde-ffac78c9b011.tmp

MD5 f8c3e54d28fae69eac81cd8d3b74aa9f
SHA1 2d468c995ad52e749b2e00e0c7dfb6d0b1dc2f1e
SHA256 0bdb16dc52d3ab8c62166f1d2b683baf8a7623e471e6748d14714ef5fb07ef67
SHA512 2c2bce166096e3b03b1650d6abbbe5f10cdd0fc42cd56f0f9e5cb7f5a3c8cbf25fce718fd0a734dfc6dd9188771ebb9783140c41b0c3086aa468053279b3187c

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Local State~RFe596121.TMP

MD5 0858c2fd9646d85ef32fb6f9f901c190
SHA1 77be8803b16e0fcad19c9580854f7677425828fb
SHA256 143f6b3c82d2942315699b5eb5999d01d348c8f25b69023a13a61ffc2700d59a
SHA512 e0519910d286b7a1983ca609095b3f6542c7310b9a067643b836d9dc75106db8273e863c7f7347d4980a1535e687ddd96ac43632541875736aee856eee071f4a

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\e6e994a8-b32e-4052-9528-b1b7d179484f.tmp

MD5 d97404c69a8aa46319037b6cf06d44bc
SHA1 9dda6c2564ed42d22d7ac058a548f8b720c5542f
SHA256 5e1d2832084be22af901788f4d0ed2ea9a2ac099ea4b3439592604dd07e495ff
SHA512 e6e131ddf33d7897084936f748b5ae81222ea90fc1318d7f521d84dfaf03a5f8d9340e2202ccc26c3665896199df82a31f6c94ebf9dd4ead873891c9e6e5ea60

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Secure Preferences~RFe59d75b.TMP

MD5 bceaad66eb0c7aaa2d2beb818e241edd
SHA1 44ffa501dcd77c5e1d59bb43b88ac951f6d43053
SHA256 b72af422af9f886cd1a417a810f0316cb243b357aca48848b0e457a354f58391
SHA512 b66ec0dcfe4bde9854162137bc1aead664d4445b90eaf5181251274a114b4b9a3a4343b05682db0bb0e222ff87e794d2607270a47699419f5b5c7b7b2827a880

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\Preferences~RFe59d76b.TMP

MD5 74b7d9a7abd7278972f8e6f4b6213b99
SHA1 dd0c8749f9628de04c6836a0cef6c03ca8c57964
SHA256 c85012ae4524c87a15b398d08bf7e80148b04cbbf9ec84af8481df6afcd53672
SHA512 4b59ee92295dd5e86757f354200e494f759771bd43de9542023167f4f9cecf0e9978f87cefbe2de61a96862bf4cc103a2599c06b1a2cdbfb5bea921de1ec74eb

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\81f6fa30-af5f-4e2c-adef-13657f9320fc.tmp

MD5 5d9b9fd8d8d5594c9192ba5c352b1f5c
SHA1 d279c355a1941bbd4f0596933d379a48382a2375
SHA256 6e509f7c682cdcb7cff976ec8554ffe80754abd193588fec0c2c7fa0fbe43c14
SHA512 bef4e6daa83ff8e9a9eb3c7758d5e9917a0e8b51c0b9c95a29638e617b2919703dadb7d762cec244fd538e9d5cd928f2aa2d72f0cb942803c1b73dc8239cb44d

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\fbd54198-a962-4fa9-9cf7-d902435610f8.tmp

MD5 9f0577f42cc247dc7c1c30647f65fcef
SHA1 5770f24ee334dc9592b55837f02d982a5fe74d45
SHA256 d49741e026d1cae07c4b099a4df7824db16c31925b2dd190ff90a5d90cf93ef2
SHA512 685343fb3484f684d662f01cd3870cff9e4bfbee356fbc87fcbcbb8c0d1ad7b512aa77e1d538eeb832150f378209064bc329d5c0d6747c6d8c68b4276c2f9077

C:\Users\Admin\AppData\Local\GoodTimeTrio-Undertale\User Data\Default\89b21dbd-3b00-4312-8676-fdb832b733e5.tmp

MD5 0ec150e18c24b3837e21ecbdcb47fcb8
SHA1 44a7661ba93fcb6525a85534da4fa68daf5b69ca
SHA256 6c1d68bb3b7603d71d9260bb9652e5689ec9f86413b9124be927d2a9c9b2774e
SHA512 af45553efdb83f19d5ced59c092304a404d148323d60c7fde519cf86385a416a781a0c5aa114c56fee7a6a6e724eacbf73326ed616d9d705867d442d7b4fb940