hxxps://drive[.]google[.]com/file/d/1Nk1PIkJl_K0ag0k2uGfjTFROEWrxGUPB/view?pli=1

Analysis

max time kernel
122s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Nk1PIkJl_K0ag0k2uGfjTFROEWrxGUPB/view?pli=1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1796	PsychEngine.exe

Loads dropped DLL 3 IoCs

pid	Process
1796	PsychEngine.exe
1796	PsychEngine.exe
1796	PsychEngine.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
12	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205	PsychEngine.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\URL Protocol	PsychEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\DefaultIcon	PsychEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\shell\open\command	PsychEngine.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\shell\open\command\ = "C:\\Users\\Admin\\Downloads\\Vs Undertale\\Vs Undertale\\PsychEngine.exe"	PsychEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\ = "URL:Run game 863222024192262205 protocol"	PsychEngine.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\Vs Undertale\\Vs Undertale\\PsychEngine.exe"	PsychEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\shell	PsychEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\discord-863222024192262205\shell\open	PsychEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
4212	msedge.exe
4212	msedge.exe
628	identity_helper.exe
628	identity_helper.exe
5376	msedge.exe
5376	msedge.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	5840	7zG.exe
Token: 35	5840	7zG.exe
Token: SeSecurityPrivilege	5840	7zG.exe
Token: SeSecurityPrivilege	5840	7zG.exe
Token: 33	380	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	380	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
5516	OpenWith.exe
1796	PsychEngine.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 3208	4212	msedge.exe	82
PID 4212 wrote to memory of 3208	4212	msedge.exe	82
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 3596	4212	msedge.exe	83
PID 4212 wrote to memory of 2288	4212	msedge.exe	84
PID 4212 wrote to memory of 2288	4212	msedge.exe	84
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85
PID 4212 wrote to memory of 4536	4212	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1Nk1PIkJl_K0ag0k2uGfjTFROEWrxGUPB/view?pli=1
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb504b46f8,0x7ffb504b4708,0x7ffb504b4718
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16527800463337795241,10071859189954806009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5788

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Vs Undertale\" -ad -an -ai#7zMap28337:86:7zEvent31349
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5840

C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\PsychEngine.exe
"C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\PsychEngine.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f56ea2d29107ce6a204112504e1e0a92

SHA1
1fd6e0ba8764e8bc1640105285e463645edfadab

SHA256
b489de543ec88f7bac52c9bb61956f8fb5288e19a6496ba74cddf9d8d555de84

SHA512
6b37c0256ecd98c19577f895a8595ec8325ce837d62df3df40d373a28c2a8cf485009db0fb0c20c26eecd2d158d3053274bfc436d9a6c14617d134f961f3c8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
91b1065f762f9fa7abac31764efaf3a8

SHA1
7100659bf734b056dfc2fa7005516ec8ab3d6910

SHA256
dcdc0c83533e07be1418d474612d961756f9a7484fe0433d159cb68b23642518

SHA512
e8686840e753ef3752df45084d3745380a36e3fcba0c010f8b6f34d19a5a1fb97c5c0fd611827dc32c33f991a455342e0fb917882aef6b6d55dc90308aa305be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb2448589b8b8a6631988d0bebdba57f

SHA1
f357cfd6703ef889f609aeb5307c95913c0c570f

SHA256
bce8d3d244f1971bd5ae5a16ef8bcedcc142ff558f485910e7270db94f5b308b

SHA512
3de8ee648eb917226918ca8895f4908cb5778abfeeb15a6f507dfabbde49a27c56a11b3f3acc428b0d727d01587082a8c6334a050f120305f96364ec8e25568f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9520948f47483311e5bb533c5e73fb48

SHA1
1460c0f0676050da4b35934f566ee79df47dd47a

SHA256
6a69c782b07d23bff9fe557007d1cf5ebc3ec26e3f0d6565d56327cffe1d69bf

SHA512
9622b0939eb53b3c54a5dde2019d6069f4b146c326df88c159aa0b0f97e38bee7a8d766eab2511efe5a7d4e80a92d96a9e7d4d38aff3806d10a96dbc8d10d3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02d7b268e5222a8afa6f766b63fdc16a

SHA1
25e5555d050f11e89c42632d02f2a155ca827bdc

SHA256
b79ae7afa7cbfc54b683f89c3efeb9707425f810a0a7e4f20cfa4246e9d46ff6

SHA512
c5262763d43221e7a44c82a2c09519ee0bc056ce21ff46dbb6c25cec6ff9746061687262c7b573f2257ada8576b326630a959db1f470b63883b68038a95bd3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f40ae4c9b6147b8c87dcebfa64952b50

SHA1
80795fc4369261d1e4ac62bba9fbea7f6d5f4d7b

SHA256
35ed1a7a732a3d774b5b4f85a8c7e9020fbf23742c16e112d01cb395f512ff2d

SHA512
42f158843229a9c6ae178dd53a3c061a1bd87f348431316dcf94303b7d4d4a2c1784f668892ef4e35066939842a175c8c0e07c707d39546fe3313a1d64ea2e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
716c8aac6ab517dde802907949af9d5c

SHA1
e5f3612b1be7bcf45f7d608f0e32c1f12b1eb331

SHA256
8cb26ad91723b69404d47ff7d0995a0725d366e3d86f0a1a2d00ab76043b0913

SHA512
1f45367fa3a00ba6fa971a079fcc65f3d65f0aed55da56286cd712099632c4b2db3e383bb5685d161bbaf7604b996826ac7fee5ce167af3f9ada6da68e6d4e6b

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\PsychEngine.exe

Filesize
16.1MB

MD5
25a7b136626d431b640b4cc8202eaec1

SHA1
03f68b325a3a9283754de162d2a7e53e9452dee1

SHA256
4c33abb3643707ab4dc4a1f32f79dc17c2dcf6e129d7ad4af652a2c33fef8b66

SHA512
5696384ebf6a19ac30966bff0b367fb55efd85f4baada662a3ccb30353e9bcfb55021e7c7c959dc33ef09deeb8a23f20d3ae749b5528f1b12900840babcda252

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\data\introText.txt

Filesize
2KB

MD5
6698299de2b94439a2ee440e8e9f04ec

SHA1
2fc21fa7cb8a73401a342692d6c2dfc2919a54d6

SHA256
63c19283e69b37e6251fd3e5dc5c9b7c15939a8fd91a55f3ed86e0bf1e857abb

SHA512
5dd3c6ec55568dd9c3a97bc4250368d747d7d19d88600a0d1caf9e7030761b490ffa697a50cf5c0fe8b721a77aebebecdf804b60fdf580c4c4201c4177bf5bce

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\alphabet.png

Filesize
173KB

MD5
57a9c1935f0d1f838cc7f01af70054cd

SHA1
549623e30a970b9cd034dde50aa8f013f92d7478

SHA256
7442360b98bb1745ecaa6d0cac01a83194a36189efb7c902275c1098f591ef35

SHA512
5cd824324f7bac7ba41fbfd7a4133cb3ca21875ff58e750db99ee0a08338b6e9f52c9f881afb678b776bb31bd836a999b345be0e11c56887c4040e4ace55aefc

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\alphabet.xml

Filesize
51KB

MD5
2a85b82933e7724b774b70955324cf66

SHA1
34371097bf3197b2288cd00e70a3adc90bc3bbae

SHA256
1beb599a498848fd04a3986c57a9daed9b083d8489562d7dbfb64ef5bd1055f4

SHA512
4f16170560f218bc35873c40b9b495d1e201fc301bb1b91725d289829cc681e38b1dad93387722863eb218250be0b8444b260b10712484586d8f0546651d4107

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\gfDanceTitle.json

Filesize
139B

MD5
8c992003f2d39e3ef6db32a1b3e7fd2b

SHA1
233a87d144746b94f9ed5b05d0d494810ec5f7cc

SHA256
ab44f04577ccf9df1b8ca987649fe987327bd10c7614efc0b52b3c7c201f7038

SHA512
a51e9263644c6b23996d8c819230232270102c9cefa2917072170af0333842ea2a4b059d0a18a587854e120df8c4a79e93ca649cbee6eaa19da2c0716f5c285b

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\gfDanceTitle.png

Filesize
1.2MB

MD5
c434264db80a564b047962d5a338aef6

SHA1
1e751028277c88ad1043d25ac705a7b54f0a0a32

SHA256
f1c16d23c7e7f7da30ba260a36c5211806c0bbceb507cdb759690ed9ef81c44e

SHA512
6f062a89077d755f2f237a6f02652e2a41f51f2992d7e93b1d935c56c8d20f5ab62e4008de086dc9a6d1c9364891008d1f7feec3187f59111f340b4e66391305

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\gfDanceTitle.xml

Filesize
4KB

MD5
01b4c8c75a443e7e5a65d0e0943385c4

SHA1
07cf489f60785b5fdc61625c2cdec341d177bf60

SHA256
9dd40b3c56baa272a1651f05a67e5195a02f0df905eb31c73cc4125c393fb9b7

SHA512
62413244de9b9d5b8d83322e8601e5b2a5f3156f6bc477fd01531cf4e476aac1002313e204e735d9c97fc8dd8fa233098ec166a75ce9ab6f6da32774fdf10fd4

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\logo.png

Filesize
84KB

MD5
16a54b1bc159f868ef10d8ffbb336559

SHA1
f78e63e3abdff67a4f3958e49c57f27c45aa40ff

SHA256
344f7bf2cc5190e02292554a562fdadc329d7513fc43d49804ddbc95ff97dbcf

SHA512
e2450cdd7c7e7ed7c5e7fe893309aa19c71125d0c8406b9d545a2599c9fe6e918bb8bdd296ffe506e1c0571028356533fcb813269e69d536edad99d2013beea2

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\logoBumpin.png

Filesize
65KB

MD5
618edd26c79ee6f46bd60125edb72640

SHA1
d1132351cc4284f5d14e051d4e5151682a52f6c1

SHA256
43c922eeb817609ba2f652ad8864322e6268f02278c2f31c02792fb25028ad72

SHA512
a97601c7a5bdcd7e8630b1911a376558cf689685b918f5cb2651aa492c17141ecebbe48986ccc8f1cc8bbe82f1adf57efb6fd23601ccc6339e4b64b253aa8075

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\logoBumpin.xml

Filesize
2KB

MD5
06bf76ae51bad8df8c789fc3f35dbf36

SHA1
38dfc3c6db3c8f31f72011e714acd4b48879f1aa

SHA256
01e499b4b32843f5d493243848f8f4165816fcf18db0a7832f02266cbbd07488

SHA512
e05353a8608eac81d2b628d3558c08fc9ad44df0725913db08d08bedab9d2dc8b085902f74a2c24866f8bf1757669c82cfd61241461c34b45365ad54ee239dd2

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_awards.png

Filesize
5KB

MD5
b4e8b5806b96d65274e27b86b3440445

SHA1
501544feefe8bbbe34930acd677020576dd4dc20

SHA256
2dae2218eb41e56b9287e74dbabf5c20a6d09a384a0128bfdcc9df337a1fe921

SHA512
51dc61bc3eaf845ce9ffe9f3023987e15768b060c817cbae35590fffb0ce0dd66a0b36564bdf7c2b8623ba6bcb54da5dcfd30057dee6e555af7b5096ad34a23d

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_awards.xml

Filesize
1KB

MD5
6ef7971d41007047bbd639c68911d649

SHA1
389483e22aebf55d91d2cd1d7856a05ff21107c8

SHA256
b2373a8de148800228820cf5d1c9f4deb17bb0cd295ca26307b4c288a7663179

SHA512
59d7b3f1f1b9db709ebeb905404f5b9cb1e719f203201c795156f35e280b50fb1d097cd696b98d1fff12ef6a4c5c8e76aee35ee6b09bdafebcb09491b64acd54

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_credits.png

Filesize
6KB

MD5
f76b1f091410649e4d64c6b98391f0a3

SHA1
d6b642c272ad1e7dbd8ef325a32c2c0bb91947e8

SHA256
a1b047d653a6f8c990324e2e3e09507f4d0074e67310631b107ad903dbce100e

SHA512
ae9d18096d110454e62cff68312887d6807ef26e8a2c30949d9b9c4591f70f28a64cb396d7bc7470b70ae206bd39f801de8b8fa2e18abc490dc993b77259f037

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_credits.xml

Filesize
1KB

MD5
c0ce9d3bbe9dc4937832639503bbc18e

SHA1
66e1bc3d148d6ae152e981b5900b63fcbc53b50f

SHA256
602374844c52b3bc4183c20e273e5572d6315d52de6c334aa7f0d4c15de55e3c

SHA512
b8bad1eb1a1a33caef78c54394521854fbbfac26ff1e085fcc069a16aacf366e56cd3c279b8bfc15c2dda854626aeb053f1e4ce03714ce41967df37c1638c810

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_donate.png

Filesize
5KB

MD5
47fbbae90a860e4134f9bdf0224b6bdb

SHA1
762fa3d118ab51ed1f541064c96f6bfcd0c944c8

SHA256
d2ef04f21d00d9928ced14288f6895e49689952b37e4a1a763df2f6952e98463

SHA512
32b1e1b1ab20771064b5d0f89eeccdc8eb417a7a794abe230ca49a261934bc1dae1480e6402b0eccb972be072e91dd9e824a36703920476515f142d7c7a2caaf

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_donate.xml

Filesize
1KB

MD5
fcca695c1af5ab40c8cc5493c0114db9

SHA1
8dc2b6138a334d289581d7fd1bb6e609a6e47892

SHA256
9e9dedf9928d5abd062a519eb16b64bbf1036459e63a370a634c55bb000f61eb

SHA512
e8838611195eb2c9ab661441b95a977e358dbb2e261edd272a2a162c09cabb2b8441e54437f9bbd69309d1984174f4a19d3c174465c6671ce571bf3afec5bdf9

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_freeplay.png

Filesize
5KB

MD5
334640e550c86a5acbaa0e931a7b2bec

SHA1
69460b5b3fc248cdb4e7e4306bc6a1b2e2b8f8fa

SHA256
da461ab6848ebee7768862bead940361ad3afaa5c782e78991765a33820ad772

SHA512
b20281dbf3384dd93b40b3a3d57eb0b66beef5daf8593f0be4e64bfb60656c3e281de75d6eb3008bf04e4c2e201fe31bb0511b50cdb5e3ab2576e168a8338763

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_freeplay.xml

Filesize
1KB

MD5
eb6aa9e533182fd53585e016f37ce79c

SHA1
553830def82f91dc6ad89115bcd7b566ca2dda10

SHA256
b5fd17bf202193b976551316d2fa50ced1bbf11444a21961b798d41b072519be

SHA512
500f319c0a8567973b3eb8b82d80abf31f87b079ccba47f01a1ebdcd87db462b8802888ab2215638dfb03fd5e0e0bfc7c07d962a80dfe418c12ff9f68c381c42

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_mods.png

Filesize
5KB

MD5
c5a39e6d340a895b0f369c07aaba883b

SHA1
fde492c762c4f6630bf2c69ead0bb9417a3989bb

SHA256
7faa8318b0e566765c22900dfe8fecfc7e5517787e21c440392bafe3c41c54c2

SHA512
f0ef4b264da4c90b8b2181231cbe7b25a2142ecafcc9f55832f72ad93aa789eb639284840b994cac460bf24edd6f6975221e559dfb6152b6a92b107161b94d42

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_mods.xml

Filesize
1KB

MD5
fc7a91575138577a8fc21b9b68aa5e45

SHA1
7b048c4ec3f8060cec4edfe618bbb155543d47b0

SHA256
b666467264d00cc30d1aea455a716ce17e1892eee3c68c8351ee80267c2adeaa

SHA512
b9360ddc37ed0e3c63c27c8780012cc544ff85a3e93ca8bc42654058a468eb4af18ee5d144c86a80f1f8404a5cd5d838905248c0cf18336f15d86b0a10f4e91b

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_options.png

Filesize
5KB

MD5
234ef2425a3259251d18383516bccde8

SHA1
0470a49a1c616c6c3bf3da4f5654f85c0130e321

SHA256
2f435bd9ee44a2e3ecb224c91ef7f83c3e0e812e6be1ff26eade2a144e50ea9b

SHA512
6c3200324eb69003c07a4e73ce5fe99f691a12416bc54f02093fc8046ac4268446a1ec4d2ffa17485e31059a6dfac09d1649b90d2c2ddd95b21c0235b3958836

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_options.xml

Filesize
1KB

MD5
58bb69784625d6b8c5cfc69ffafc797d

SHA1
547e651992ef47e8307455812719fd46c1de3131

SHA256
1ac2a773949bf7572d7536d7fc93168b7b5deea382d79c8cbae928ae7534f603

SHA512
83a3454a1a8690031fa026c188bf67afbf54e7ba7254b02716917a7420329b99bb895eea0cb19dd9a54bd28ce725e08ad0d55e0fc18d61667968f726c905c194

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_story_mode.png

Filesize
6KB

MD5
2c8b04e4e54710b06eac07681fc20f14

SHA1
f04c64d0f14f09cb4eac2dcab51b7b78b7d6a8a3

SHA256
075aa1fbd2c7edc6882bf4a5d3d6f4518da0feaf97a4c0eb8c47f4920384e8e2

SHA512
ca785baba003041ddf8b012d29f135363b2225ecfb7ac8f36fbe36150c66ee2125b29613883e02d23ab5a14f9e5b07080baf16bd7c1126b7a547bf16e3613fb2

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\mainmenu\menu_story_mode.xml

Filesize
1KB

MD5
ebc318480ce4d87eebb0c1ba95f238f9

SHA1
29be0f61fafc1d6bd9bcccf7cec6fbc9e1fe2fb3

SHA256
a3d6f1f87c5b060bb5629792da57db4182ac2baebf4fb0bae564fec94727b12a

SHA512
4489a5fb4cea3ed8cd93cd6bb2c55595b2a750ebeb4d1903e31441528ec1d03cdf61b99b77750a67cae35b563ff0093801aaa9a33efea4f475ce65d22d634128

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\menuBG.png

Filesize
5KB

MD5
d1d30ee6a196b5b777a4a09e0a3a8ff3

SHA1
5910ce6c46bf07166c630f4720bea051a1f24584

SHA256
49dcc5dc77db54e70e366ecbe45d6d5861c584bb79d7de0c448f3d6aa32380d3

SHA512
6ef2ad7bd2b453b3a0bb039d7d00eaa143e7bf5611c1f7a80e642f79ba4c24ac580f073d4fab3b604b17187664c7a213a494c6d0174a152854ce3cdb7febbbef

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\menuDesat.png

Filesize
5KB

MD5
d29304451af7e53e7e0f0588d9f5f62f

SHA1
49697d0ddddecf439b7f2ec8d6347c74d427a8af

SHA256
53825a113b5eff77c577404fee4f4e0a1572547b7b65215083d1436918a91a1f

SHA512
cc58a8b564221df9c248a710ed1c2f57bc6e649c3dd5c570d19ceb7439ea6dfb10fd1d7c9de051767b0562fb34068c36fae5ec5b27ef80fcaaa5d5ec55f6d34a

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\newgrounds_logo.png

Filesize
56KB

MD5
e8c40bf7ff7d8c4b11db68f825ffab93

SHA1
5ac8796a357406e8803ed1e55acfd1a37d3d6477

SHA256
6e8ed7a240bb95d62ad55241e9b350eeb58b21e4de63e08538840071cc950e63

SHA512
93349e29d83cd280197eeb13038917e628083f4857b424e072f1c6a34b4d87acedf8cd7acef494a36f3892a09ec73e597a520826f61f55141e32c3418287764a

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\titleEnter.png

Filesize
1.3MB

MD5
aafea168da4c47e305a0e9b47add0b67

SHA1
13d726d05aaf8dc21dcc7a251d68f67832c870dd

SHA256
085688ce8e96ee36c65668923aaf61651acf506c9cc6f3735d63079ff817e5c3

SHA512
1fbddbc661fb841efc2ed65c766bb1f804fc263d3d80e4a9c4636cd5a21e3d80061f89096015ddf02d7eb649bad236979f31249a5f4cb5fd1a7fef6543077588

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\images\titleEnter.xml

Filesize
4KB

MD5
547d7269f657043359844852cf46a229

SHA1
eec89a5a25ba9753e4ff2822e20892f3ea9f850c

SHA256
0ba42e49f0842747eba8c761a7dfbb09151be007f9d75b6e2d4997ad1ff12137

SHA512
6b78e2ab8db2d9d421ad22a471f3c9a0549eba3d0652aeffec7fd6257aa8221c9e2332ed46e6eb26c2a9078b9cd922351fb10a7d8eed55833ba3b54e0ad31252

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\sounds\confirmMenu.ogg

Filesize
144KB

MD5
f501fd89143d88290380741e24599c0e

SHA1
a999b3ac96a42fad5c7ff1eca11723ead526beaf

SHA256
a4dc607c584c79bbb2e0a07aa413fa79aa349e094ee226c59464bd2177c80202

SHA512
5de4f87cfefb26b85fffe01e0718268ae5de2c0266ce0cbc41ae0841dc15b5ddba4e7dffa142f83119473790543041738ccbc73cf1c8c5d9956477726c9e778c

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\assets\sounds\scrollMenu.ogg

Filesize
14KB

MD5
13fc626d163f5015ea19874c7b329d74

SHA1
81c06da16a858f81d783532ca365f2dbead255c2

SHA256
eb5c01217c778a58f80f799807de453258102504f7d2ea1b89c515db98dbe226

SHA512
74871d0fbbafdd23228af09a4052bb134699f06cb82d23e95bc78eb6ac991f4de2369e8795e5bc30186acf83aec2e679f592ca21d31a4fec2bf141737fe03e7d

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\libvlc.dll

Filesize
116KB

MD5
1aedf215a622eb7b789cdb4902198a71

SHA1
6a8262d663f0a9b7c91cbc70125b6def9aae364e

SHA256
b3718fdade3db2871373b8bc8cd7d876576891a159a9b71fd0ef75bb886a8f2e

SHA512
990d80fcc8cfa6963f4cb9e0697673c4ef7a4def57b466a8955d0a7631aae8af11194d8b81dd02a1486faecb8e2ce1e5470c2b42b7e701cfd369b4895e41cda8

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\libvlccore.dll

Filesize
2.3MB

MD5
ac339261be9024fe5608ef7af9c62269

SHA1
7a70e5a38001b910a1ab0ca43b2a0ec01026eb35

SHA256
f6e848e456917185a58f91eb0b2de116744ba5d8f06deb6c94cd367e42e275ba

SHA512
8ede2696a8397843dc4e4a99a780929b10bce7839f41568e37ea6e5261b846c1e71828f28cfc50538958ff47c57e31cf49de88386287346b0b4106e6d25e3e80

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\lime.ndll

Filesize
7.6MB

MD5
be84895583793267a175cb47de5e35c4

SHA1
128f39acd08e56f846b2149750410df1337ca3bc

SHA256
acccec9e231efb545cd8d7f94c4655c0c4950a9cf8d208f822f2b9112b2f5368

SHA512
6248af44c90a10f70818d552fb4d1285c38afdd6e037d9add099975235abed021877174994fedee6043c5bfac88b086685e014ed0f47b7ed1b91d8a8692801a7

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\default.json

Filesize
34KB

MD5
9db6efee959a42d9d4c62a07c72408f8

SHA1
dd7442a90f2b12d140422a4667799512af7026a7

SHA256
471cfc13da37b12874aba2b7e1033f11272eef112a4bc120bab07cc06e12d426

SHA512
ddbf35ebbecf45909bc3fe3105faf7ee8b8357a5b4ec8cf04ca5b64deac0a45d39f2e35fc0c462dafb4624a6ada2a0c9ffa77d7d943a4dddd94b0da3bbd3a306

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\shared.json

Filesize
9KB

MD5
31e6fba0ff4d39471874add10d12baa1

SHA1
c4cce09346e45729ab4dfd1e73524613fdfec20b

SHA256
303048e304f91a2f96f23f57a7d4aea220aac07c9894352cefe0ab812a606bc3

SHA512
244fbae11cca1573ee36d29ae13d177e9bdb368108916e593629a6b9cc5b7cd952f00d23dacf58afa9cd938084f1df5a5cb038e0b7b7855ec1d89c893a25ee3f

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\songs.json

Filesize
2KB

MD5
e809aedcba5e3883ad5ad10d51534a24

SHA1
ab55212a04b56178e04e3fc35d5f441d24f02fe0

SHA256
0c3276fa346defc938dd006e7c5b43d57629a36dbc290f641638517c1577868d

SHA512
14e8745107a14cc4d75bbedcac3537521b801875bccc16b4492d395d09bae3575581bd149ffbaa195591a4e9601102ca5d4783000145dab500ec8fb076987a9c

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\videos.json

Filesize
178B

MD5
e0d8076a36a8567be9095f014a442767

SHA1
ec88746da37b16d2068f4c6eaef02d114c7a744a

SHA256
12293b882da686d722e29fd59b20b698aa4a2d3fcedb6539a1ba6c7cb457bacc

SHA512
8cfc0483d842878983d076de8430f03d8043e3bd87cf7c020003d07312e88f4df88a737f7442b1602e7f85a75e84b2d9f819e64717eb47ea4ef01a58ce7eac2d

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\week2.json

Filesize
517B

MD5
6baf94a78f39d17708e603337dc790d9

SHA1
8e084462c09b920a9d1dc7d8dc6398f84d501cb5

SHA256
506c32bb519c850bf016d9c22796e7c2c46e0c9e917f8a28267c5310cdc91a80

SHA512
f3dfc1dc59d46b8ccc2668f49760b8e2668fe83c6984a682d77e019dc1e41a7fca5f69e3e692f4bc9beae6f2fef031c40b91daab7d48302140e5a36db98ec570

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\week3.json

Filesize
940B

MD5
8e01bc9c71b2d4eb1487484d67a7b5b1

SHA1
a784eb80facad0fb04b90beb8b664ad67718aa87

SHA256
5d9a60baf3366cdcc19415a694f740c8c7e90e31addf6da4a240562d3965fcd1

SHA512
192141753f0d09759809637e84619f5c0c243bc2cca1fb2239ba59a5a3c58be2650c1fdf844dc3c535de439cc6ca62d0f7204e50f839cb07bf492b39ebaf6165

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\week4.json

Filesize
1KB

MD5
4a64878ec8c47be7cb01820c63a789a7

SHA1
131c9254760a6c889ff3316396bc8b63a7e215d3

SHA256
387183deebab4aa9ffb50d3562fc49daa935d2ce812b82e9b01384767c6406b5

SHA512
8dcce093573160179a169a736a73522eff9ada612582aeda3f7b1f2605f922d86cf1a1936ea705a0ed98e935047574f8ece2a74349fa367ecd5a1e847715e751

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\week5.json

Filesize
1KB

MD5
f4bec0b9a56fb70920e5961691ab418f

SHA1
e50729a5b51d82039e07fddad3d4e3ba57547711

SHA256
ed1636235ddc5b9c990a533270e7121bdcb5ccc97a4ce76a13ad7a8dfd73d3ff

SHA512
513767ef35bfbb7c42bee593470d8a1ce106bd09618d0ea2cfaa54d5297f52066c667747986f921bad3c5766b2a2e96c4e855e6a95fe21682aa0698f01357f9e

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\manifest\week6.json

Filesize
2KB

MD5
f873a257b17805d2eb5b1d73ca34e6f0

SHA1
b7edbdb3cef3d6316f9c0841b502f1ceb34a71c9

SHA256
edcd6803116a7f1a9a45cb94c04e61d92ef0eb9d9037acfbefd4077fe97c09e0

SHA512
9ebf1cd937ee56dc9d5a88bbf9121bdc12252461f36b63843cc6001d3d71f9ee06b1518d48da09cd6c94c00e780290eaffac459cfa4fe25b7004a15d5077fc8f

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\mods\data\dog\dog.json

Filesize
13KB

MD5
df5b609a45af861945d7592b245a7b50

SHA1
e661ecee9d96d9a6d50057a59af8a09730b3e336

SHA256
d0657f2bd75c860375389652a4a05df1556edc8b57e92646e1c46046a916fc7d

SHA512
8045b76d711b1ac98e72eb210647833698b18f5bc7a85a18faff8e0d53b24fe69751d8863cde05de0e171c693fe92e961497a6c92760145000c2bf4777b2334f

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\mods\images\BOMBNOTE_assets.xml

Filesize
1KB

MD5
3adc10a0f04dbc959ffb642e63dea0e3

SHA1
5c3d809baa542f97e89f39f579d9c3c327671e5a

SHA256
1f4d9c291201f9dcc64066a40d0472bd079c2732279b54ca9d2762adb696931d

SHA512
9199a0d564ad1a118315680be673bfb9c5622b86707fd8125273fd17e65d5a924fb8e4b87da13a5933662658da1eeb4a61dffef6d9cc7a52a26f26fc702390ff

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\mods\images\JevilNoteSplashes.xml

Filesize
4KB

MD5
784fe0574d18395c5ac1ace77fba3065

SHA1
7507e608db72fefb74a10fe9bd3ccf43d33eef97

SHA256
4fac72bad75ef45c2e5a5c69e88681f49b9e7bb65c85ce2f3c24b230e69de69a

SHA512
9b677327350d9d62dcbc69529cbc99c05aba55d67cdf738674b59aae701af5f05e88b3d5b917bebcf21aa99cbf7fae1b250fd7ee8e3263df3caca664ebbfd4d2

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\mods\images\amongus.png

Filesize
27KB

MD5
e6549e169e70f9e14dd6ded97b1c592a

SHA1
71cdff40f82e4a537895358faa433481671dbd10

SHA256
2aba325ba2168521122992de59c116a8be2567b92d09dc92d85cffec4b586233

SHA512
5424d750edff865c8d4abe644be0fc405de45d31118e25efbce1a16caea88174c5c3f544f0abc7639f82e28a70ad5e8bbf80b4a2a91d891581e3982669ca7191

Download Submit
C:\Users\Admin\Downloads\Vs Undertale\Vs Undertale\mods\music\freakyMenu.ogg

Filesize
1.5MB

MD5
b02f87e88c6be76c3690ebaa899fb997

SHA1
c4b41b79d8294427defb63f220b4cb547b0e1aa7

SHA256
8e833b9eb0b7832d7c58a229683bb5f05aa7fabd77b11a5884f495436d8b5254

SHA512
c22a9a47aca94842d240dce19f8628b69b52fbd4bb4d174818b0024b9cd9a640edf66b9360a8e7094940d26beb319685759272aef9e60c7538cbe736ba9e81fc

Download Submit
memory/1796-1862-0x000000005D960000-0x000000005D988000-memory.dmp

Filesize
160KB

Download
memory/1796-1863-0x000000005D700000-0x000000005D95C000-memory.dmp

Filesize
2.4MB

Download
memory/1796-1891-0x00007FF60D7D0000-0x00007FF60D7E0000-memory.dmp

Filesize
64KB

Download