hxxps://drive[.]google[.]com/file/d/1LKDnuLAMqT9VvBE0jQDj29lYNYKNtfJK/view

Analysis

max time kernel
300s
max time network
256s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30/01/2025, 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1LKDnuLAMqT9VvBE0jQDj29lYNYKNtfJK/view

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000\Control Panel\International\Geo\Nation	GameMaker-Studio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000\Control Panel\International\Geo\Nation	GameMaker-Studio.exe

Executes dropped EXE 4 IoCs

pid	Process
3932	GMStudio-Installer-1.4.9999.exe
1716	GameMaker-Studio.exe
1468	GameMaker-Studio.exe
4912	5piceIDE.exe

Loads dropped DLL 20 IoCs

pid	Process
3932	GMStudio-Installer-1.4.9999.exe
3932	GMStudio-Installer-1.4.9999.exe
3932	GMStudio-Installer-1.4.9999.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	GameMaker-Studio.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	GameMaker-Studio.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	GameMaker-Studio.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	GameMaker-Studio.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2924	4912	WerFault.exe	112

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameMaker-Studio.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5piceIDE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GMStudio-Installer-1.4.9999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameMaker-Studio.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	5piceIDE.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	5piceIDE.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	5piceIDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\5piceIDE.exe = "8888"	5piceIDE.exe

Modifies registry class 41 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmzfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell\open	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmz\ = "gmzfile"	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmxfile\Shell\open	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmzfile	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\URL Protocol	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell\open\command	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell\open\command	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\.gmz\ = "gmzfile"	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmzfile\Shell	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\ = "URL:GameMakerStudio Protocol"	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmz	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell\open	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\.gmx	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmxfile\ = "GameMaker File"	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmzfile\ = "GameMaker File"	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmzfile\Shell\open\command	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\DefaultIcon\ = "C:\\Users\\Admin\\GameMaker-Studio 1.4\\GameMaker-Studio.exe,1"	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell\open\command	GameMaker-Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\.gmz	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\ = "GameMaker File"	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmxfile\Shell\open\command	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmxfile\Shell	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\.gmx\ = "gmxfile"	5piceIDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmxfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\DefaultIcon	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmx\ = "gmxfile"	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GameMaker-Studio\\5piceIDE.exe\" \"%1\""	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmxfile	5piceIDE.exe
Key created	\REGISTRY\USER\S-1-5-21-2206060733-4028293381-3488472159-1000_Classes\gmzfile\Shell\open	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell\open	GameMaker-Studio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmstudio\Shell\open\command\ = "\"C:\\Users\\Admin\\GameMaker-Studio 1.4\\GameMaker-Studio.exe\" \"%1\""	GameMaker-Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmzfile\Shell	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gmx	5piceIDE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\ = "GameMaker File"	5piceIDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gmxfile\Shell	5piceIDE.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	GameMaker-Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	GameMaker-Studio.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 71.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
404	msedge.exe
404	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
4352	msedge.exe
4352	msedge.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
1716	GameMaker-Studio.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1716	GameMaker-Studio.exe
Token: SeDebugPrivilege	1468	GameMaker-Studio.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
1468	GameMaker-Studio.exe
1468	GameMaker-Studio.exe
1468	GameMaker-Studio.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
1468	GameMaker-Studio.exe
1468	GameMaker-Studio.exe
1468	GameMaker-Studio.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe
4912	5piceIDE.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3044	404	msedge.exe	83
PID 404 wrote to memory of 3044	404	msedge.exe	83
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 4452	404	msedge.exe	84
PID 404 wrote to memory of 1936	404	msedge.exe	85
PID 404 wrote to memory of 1936	404	msedge.exe	85
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86
PID 404 wrote to memory of 4320	404	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1LKDnuLAMqT9VvBE0jQDj29lYNYKNtfJK/view
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fffd2b046f8,0x7fffd2b04708,0x7fffd2b04718
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3092 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Users\Admin\Downloads\GMStudio-Installer-1.4.9999.exe
  "C:\Users\Admin\Downloads\GMStudio-Installer-1.4.9999.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3932
- - C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe
    "C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1716
  - - C:\Users\Admin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe
      "C:\Users\Admin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe" --YYOriginalFilename="C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1468
    - - C:\Users\Admin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe
        
        "C:\Users\Admin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:4912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 3008
        6⤵
        Program crash
        
        PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3899007028562843255,15691627293083178881,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4912 -ip 4912
1⤵
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

Filesize
834B

MD5
5cb16e48b582bf86a4b396fcbc235981

SHA1
3e7cbf189fbbff1efb9b04c398ceb902e816f15b

SHA256
ba479af493eeefdf7de4c86890f5d87886bc0bc92522d39dd09eb21f85cf23f9

SHA512
55210eb21fd974bb189063d4e377c37b2cf1c2e0d7ec056dee48f8619cfe04a7a8c1ba329abcfa7edb4785fac08375df4c8261e98dc3a8294f0f4fc29cf61eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_5DFB3078CD1987F399C9BEE0BBA16DB3

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4

Filesize
92KB

MD5
e78c983c9341a88132227d8dbaa93079

SHA1
5d3cb7f5ee66cab410156347ceb6c23697251830

SHA256
affd586fb1d019313a45f67ef7760b2275b6863f52c0ebd5830897ac8c7072ea

SHA512
b6e27e35eb1c7d895c65b887df888419097f93a08d87e9a7b276ab88608b887390e6d4d3b828fd644349cf80c1fb788f89423e650978d6db759748dcb161e396

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

Filesize
180B

MD5
d35d82085f0126102ac219b75e31ebcf

SHA1
987bab43f2c9d43945debd659f26558b769b9b68

SHA256
a240e95e1f7e29375a136011017072b90dccc86cf75ff2bd91927cd834e8c835

SHA512
2d2f982bb02ab1a33f7a8ac5e2883b1e029d2712e37cc08c8ef0e650b34e3ba4d96742cfecb8b97834e2e2de9e4d2e2357e3e341035f12be871e08db45d6d294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
1a8080cb0737bda1e0b8f1d759f21ea5

SHA1
8d8d3db25f91db984fee11e7fb8d5ffdd9e1dd26

SHA256
8da50b0fbd8411f943338eebf13217d7b1938525aa49107ae1501ea66a5d22f9

SHA512
0b7eb7dc4db77729f0cc8f2c8dc01dd621c9d8d3a37afc3216a3d2c845b2638c5b272a32e083b34f8f563d0c5967585d4cbcbb276f968383dfafecd41a6db293

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_5DFB3078CD1987F399C9BEE0BBA16DB3

Filesize
402B

MD5
7698383a3a394f1016126bc089f26b24

SHA1
f6585585435184a9da1eee0a43c725c7abf881b0

SHA256
8416098be9a836001335ad71e720d5092c1d259bf6efd667166091b87ca09694

SHA512
9475e524b7fa5ce8118dedf25716b0a5b7b2d36ab97521628ad7314c3af198c8e157dddeb0174d5c006d490143960e58c728bebd10ec4b64317ebb63bddf268d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4

Filesize
170B

MD5
c796708b079c5bf56631801bf70617db

SHA1
addc282a8ffdda921abab0444506e23cf4af70e2

SHA256
dd6014aecf9d5d03e16647cc34fa8d2ae78c4725350142bb62b39e6f0aa8e27a

SHA512
635c77ac4c0e66d8073ac2bfd395a98c5c07d779a929c617335633517f2906c58d17f13fdeb66bd92a90b9a9e1214904db56cbcd49e8c4f00651a2277e6b98ca

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Trace.log

Filesize
524B

MD5
faa7f622970ae93d13d7bf1d60eb5835

SHA1
1fb870f7b3322b00956cb47a16e13dd8675c33b9

SHA256
842d2f034731254e755f79465f44816e394c1869b25dfafd9497bfd08a62c908

SHA512
e4b9e8e02519e08d2a6e8415a2ca38f6c92da754faa3d40c54951176a30d772be7505e619a3fba7b1fa6004290b135cb7c1ee9f838447ff8c940f6794d98cf27

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Trace.log

Filesize
4KB

MD5
84b9f1895466947f061d8fd0897b01ce

SHA1
4445a9e9d921fb81888de1ddd4cda82c74a86204

SHA256
e353f67dfaaaf46804744da13d2387edce022b9f73ecd52b3dbabd08ef15ee6e

SHA512
1cc1222afd724a957c5be232251d00568754a09c26e19aa7a9f9185fa657a4db9e9effc20441691c1a231756cf013bdeacb601b0c492838331330f56fd65b0bd

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Trace.log

Filesize
219KB

MD5
cccd4d6e297697280f91e9786de62b0a

SHA1
dc6ee6088dbe023743606972eae755e5a5aff51e

SHA256
9a310865d3f92024081c3f801e829acd8e458b27c1151e144a9ea0594a16a4b7

SHA512
0a7c399e1ec625394736640a073f68a2f91f499e5e108ce65d224bfc81dd22c2a9a2d4a2fd3be75d7a2b0200627da2761a6ca174fdb20941c8cefc0caf0d91f8

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\UpgradeZip\install.yyreceipt

Filesize
41B

MD5
cba89ae40b9f7efc38daed7c2e498e69

SHA1
724c4a839cd1573d59960d4126f6be17cedb7543

SHA256
f12c27fee72345b4a85fe4f30f9bb40f23c3033cf51e0109d95326eef085dc07

SHA512
b5479c836a53a2b53d7612a1be4d19c566fbc6cc77852c2f7ca2b9f93fe7739020fb8147eec6dc9dd290edbff50ab3ef8ab819c21efbf4b94502f3e902a678be

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\Configs\Default\windows\Runner_finish.bmp

Filesize
150KB

MD5
2d015346a56c8d68d53f9ee63bb577d2

SHA1
9f19560a08e5bec7fbe3a82361c366372b195e3a

SHA256
68dd967e1bae586bea54cbab55cd5dcdca1b51ac0338455c1e7d836bddeb83d9

SHA512
d4b5328e046a2b32ff1df6ee96d333ea10adc5063313e87446b1acdb14a144160715f3f7cf2b9649d64ad9c7e4be8fcbd0e32abbec6769282dca8fce4a931287

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\Licenses\YoYo_License.txt

Filesize
39KB

MD5
7011b8c168975f00743bccb46b4045cf

SHA1
9c626f2cbaf8e45a6900452e26cf703673f01381

SHA256
77633354a5c4765097941250f2257a74312c5b75f1943a2dc3b1cfa2e9a4299e

SHA512
c888ff7bf89ea2e71678e2bd8bed19cb1ed8d996b3c2d0b1501cd329f193735d8d6c4695a6bdd8ad030d4063d999986f525d68317d084e457ccdcb1fc4154fab

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\Upgrade\skins\GMGreen.col

Filesize
615B

MD5
f91b660f798d67be637bacd72e81994e

SHA1
407d2c890482c064d885cb5b6452f88b8b35dea8

SHA256
1c69e55ba1a5a1be2fe00ef85775ee4525f6ccabe0ad132bbe4253d74c285c46

SHA512
5b2d1900119b0b1f7b0004fa2cb504002831d7386a43de0414b7dcf68f4db34876360b013b6d5e3b18f2f3a74ee63ef07d47df1d994a2fbb79355305fac9b23b

Download Submit
C:\Users\Admin\AppData\Local\GameMaker-Studio\install.yyreceipt

Filesize
44B

MD5
85ef717579231d1508716588154606ab

SHA1
d0b2a5a879162ca0167365c4b2b81e35763ea9bb

SHA256
ec2c7d213b15a93663216c7a594a72425dbc01278ea39b37dbcc7cb1be7c75f3

SHA512
1e04c3b5d7c9d7c7d43112c44bada551b8d3363c4b40d6d9d5d36dbed1bb396d4dea4463c3ef05f5179d98d8b3f5cd19e156efd6d96b2fdf650b95667c3087c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\GameMaker-Studio.exe.log

Filesize
698B

MD5
429d35d475d90e99c93aaf5a86108d16

SHA1
6eeee0cbd36d8e4b04d28bd23b1a6d843c3d1776

SHA256
8fc82a0a31002a1e879804e272931cbfa340d491942c7df5aca2052fc1502fc2

SHA512
f40fc43602daa45a36c3709e3bf030f996e28f727035b4377ddb4f43ffc9432ee9b13f67ec2026bc264638b05dff871a9af29e9fb592211afc6a23dd9f4a1fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\954fa3f1-5b32-4e1c-80b3-0d3a3ea279ad.tmp

Filesize
10KB

MD5
e4995386f91c53d80826c818a09a1752

SHA1
36318995a8fd28efd088fb9c765a239c97457208

SHA256
d938f65e5dcd2b4bffa7de682d605241a4c7793fec68ffcaddca0e6dfd854372

SHA512
954ee192efe00ef96d90d5c9cdf38221885777d908f985f6015392011fef11e1595246d480da71dab332f514b3a60b55d14f7fc4913831cb781268f294c52221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7aa0be13c8d914912341bac39e064869

SHA1
55d20143756d1c85a67d7172682542739d1d1939

SHA256
31f51a011ab2fdcee551b41cee5371b4c3b5be991d2d83700036c062cc41dd9e

SHA512
6693457f475f0ddb71129b0c9e0d4939ca47b732133f6eae8f829286b2a27dc90f17767e7ec413eaf8e30ed2c13645716848a29af0c2fb0f695be1114aeb99c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e57c8765c761e81d8b2a66ad751c72fd

SHA1
a02cf94a953583424570fc1ea6a9b06445ee8f31

SHA256
42173d7943ffb77164ac008310d6a0554db627f4b7b192517a5dd26bbd90fba5

SHA512
6e15e91335b0fb8f542f3177d4fd0508293dda7d60fb2cb5e432192bb696e32cc17cf309448e2a58812bede1568e56899f4c0feb2d7e001fe03846f86a7f0d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dce0b2ea9f7e54ac75fb58ebee996a5f

SHA1
ca43f4eed9459a884395b65025badaeeb589c0b9

SHA256
e97c0172a0f8b161b04080646cd52b426b2b13aecfff6beaba7897f273bee212

SHA512
caf00b50e78416ee9a9c89c552e4132ddf3eb666a8974e26625885e641e86d0ad105f90089467e0c196f72c892b0dc1b389c52be42256b75e35b84ff65e5994c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf155460de300609c91cfb1f64e6305c

SHA1
281975190611546e77671414b828a1e329de97c6

SHA256
c3908e44af41e05885c4187386e819896882ee394fb5ecb04fcdeed73268845b

SHA512
769624acf1c9f771c864cc06775a967c3d5d3b31c0dc825868f33e3d576e7c9a8fc6a1426095da215cec86049fd44510ce2ee3f82d772fb80731a1eecc92b615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0808e0a276013a54ade6f322a8a1c3c4

SHA1
0b8aaa13793214682a93ec2e57e3d5a6420d82bd

SHA256
2b95ce07eafb484cb17c811bf08e8b8dc88b97ee1a600d66ed63bd9a0ce719fc

SHA512
cf7724d997a36720f39ef4b17d6dccf720598344a9d5cd9844155b7cc9e078d675f28da5ed94c2d05fa0a3ca275135c1088bd45d9c66776ba71af62f7da61db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f4b6bb6263678ca2fff7a19b6ce5410a

SHA1
18bf1d1412143f49cf99595de2f9d8357bbeace7

SHA256
ce83769098ad3b490aa57ff64335ea85768b0e9799897ef8919e71e65f74b528

SHA512
7a3fffcb926e0204fb1aba1857e52b7af3821f2eedc5bb087f7ed4e01e7a9f6d9e2986c6c6df9ba3133fd50c27b4b448aba4043350a3f8a0f26fd077e408e6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15b9926b9bba3f19ffb033af0ca49551

SHA1
b9e6dcd65af47d15e17d0fb564c5dc86b72ae763

SHA256
538f2b52d572867ff7ce1dac640dd002832b4f18f9a7b1afb755fcb3e8617c7f

SHA512
e00d3f582797230639636073583c771b83a9ec07588c943ba086bd7f78342481389e8f8d8a1d49de96e9c750b2bf1e77c4a1709f42221e71ee7ba2c81c7cc5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e799e31233de907a43623946b1717562

SHA1
81b2b30fdd3a2b3b305a4bf46ff223425f55bc58

SHA256
019e1cc62f8d7f24bc435519f0ac1979dad392a74c7b89c5e0085dcfdf386ddb

SHA512
1bc7b657547bf28427c0ed9f0b0f5f0c3d5591cb5c13f4ca41a86b9cd0913dad8e14cf8ef31f01bb364a848b07685fb9b34391822900f0af05589770055ffac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9cc4eff171af015fd93e269ced51262

SHA1
7085d08a2ca081ff12926d892dcb884272713f00

SHA256
d07193683c4595f2b73dc908fac9c6925dedeb829de75973586afb688edad6e7

SHA512
b6ec1f9d418fa09365e3becc9b3b82abb1c6fc21843be053c4bb39310c441643b8eed475263f32a811776627ff7df4c1d98f2e90a73fc1331bc6f72837dab043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd34e9eff05afb1bddf5fcd34998ab2c

SHA1
a144735fa5161f143dcffe8bfa48fcb0f68dcb1e

SHA256
45499bbb86ea36f4cae4e06c292b1a191cae7f47a6d4aea19a13cdb2caddc55b

SHA512
022b2dbd1dcd19e988497f7a5693c50e0da7d6c6349bb0425b43325cf7a0a961b28114ff88659288e229fce10a54691b43df7460a110c90d5bdf6c01af79adb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
64408354e71c8264df3a538878c38b44

SHA1
7b3e10b9a40323167f8a4f9ab8a2a1c9143c3d46

SHA256
102fce3255edb96139fc78389e2c006ba7b7730f2baa47cdf2bd64a7b7517f51

SHA512
09c9f949c89df940b003bc5b1bc55904a66120e093fe3bd9789f3a772371cb92c71b05de707a3a78ad207478c35de23b15eb521b8173eae93a1278f20c469dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f9090783935c656a3242b3380ce8f2e2

SHA1
426c8596f38740749a2cdd7699f5195c72c5dc40

SHA256
5b00ae88048db5619d3bcfe9db0d95e9f642a77b9dc631d06067f5a10e9cea77

SHA512
f6027c5b1e4dc7f3cfd3b7e9924722a3215725610680230a219dd7adc8403af4b941a1771093f320fdcfaa8d32e3bafa51d7adeedf4b017f7eb30e6747ee83a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
75d91964f5cd0352e1ef533e2584912d

SHA1
06a588c724c103f80dd40fdc61d1a24215d17ee6

SHA256
48298fed91922c04033b3f06ff24b10e1648044219633edc1f0f2f98422fb523

SHA512
fcf612d1a37fdce0d63acfe8e1b92e1939f61594d513d3a88aa5b659af9f5a0cd88f639c61937d473cfb48f5f3d562a435c68a3bbcc0d204bdc8190f58e5b49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF7.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdF7.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe

Filesize
11.9MB

MD5
a6c57528291c5af59c2c6fa7fa549acc

SHA1
a44f415a8efdef7681f0eb5974eddf293a85e48e

SHA256
9b669896a30452d9c2470a9d39282a00f4bd94966004c186d7ec07d970fc0b4f

SHA512
7d0b1b37db31f30b75b7520ab3b2ec7319ae7c8301fdeebdb16ed56ac0a9ba4b468cf12ac195a92d35d8a7fd0ed12c95e840efc6b44af01b8e04d8953590d51c

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\TraceIDE.log

Filesize
347B

MD5
7a850ed3814b99dfb427e38cf7605001

SHA1
a7fb01c43835bcff4bc7b4935762889710c1ce9d

SHA256
ebaea73ac1b9202986ab12512f7949d1115f265ff290b6cc8b2439a31fce354d

SHA512
e257d8668d6ad47f875427277f926b5894d6ac52b789b8c9536dafb108b521d01f6132f08ff5d21b756dfc13883226cfbb73d4611ffda112907ed287cda1d35b

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\d3dcompiler_43.dll

Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\d3dx9_43.dll

Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\libEGL.dll

Filesize
127KB

MD5
d7fda8cbc6d6f180579fcecc926e7759

SHA1
d8cc3f5abf2e667482bcb0f9e8bd3466fd3c86dd

SHA256
186f539808065afb69accd50301409f7a6afcedf2263b41ff9b6e86e9be87714

SHA512
a78417f39334c4fdcbe7f0e40b90946bbfa2e01620a12569c3da6e0287c13db3a95e57fb30811cd5594fdb673ec1aa2ca6a7e62741d5401d2a80451fcddd484d

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\libGLESv2.dll

Filesize
719KB

MD5
cc0726abf3f81c41d6bc911347deaa71

SHA1
09ad6a49ed1fe6dea85e59c7d7560388a7285c12

SHA256
7a439200e79644af7e9dc11ad7f8f3cbb78e732d8bd75e0427064858c57e36ce

SHA512
a2bd31105a91190b1620fec10f366607e8cf3e3d9c269669935ff6eca6c3b90445a5dcdc69c97b60714e1e78fa578fc63b56ad31d6d9d7c12e9efff6e521de7d

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\libcef.dll

Filesize
23.8MB

MD5
e9610e3e8ec4043767601f5f16c6d4ec

SHA1
a07330f91b4b2b4abad140c03ecce48b0a1467b4

SHA256
820f4a243a52f1d1eac9c4457df0b85de46380b3d8897570fa9ae1cd2dc9e7b5

SHA512
7849cfcde78717346d977ecdb917b4a36663962fc801e3199738385ee0a25208f7db0fa1615c89e6aae12fc4bb96da760ff56046f8deec900c716312c800b405

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\libeay32.dll

Filesize
1.1MB

MD5
97117aa4caf33479a8d930cdf20ebf54

SHA1
36391f910d03f25d4ccd068c8fbe76cfd019374e

SHA256
ad9c6709ecbf81350dcf96246c6738f58898c47df32bd3f877ab0a1fa60729c8

SHA512
4dc8cf13376e3f50e7e1328812cbf779fdf9c5fadfd8024aca1452af2cab5345675f4ec5b68d01aa4d1136be966cbfe0053356c6f8c34671bdeda36d7d6410fb

Download Submit
C:\Users\Admin\AppData\Roaming\GameMaker-Studio\ssleay32.dll

Filesize
264KB

MD5
a72887ab04ff5bb2fec3e4405d2b351b

SHA1
16fad2397427e407cbf51af1c3cd1cbbfcd0fc40

SHA256
a23652f9761abf79ca8231794c6027f42d705e3403bd7c599e3b769ac0da835b

SHA512
b3c8947b1387ba24e6c05ef0a6eece0d102294c2dc6d17be6230096e74b46ccce3a3618b581a9213994f43dae2101a379d6f81f32c1301d30df5673a4bbe7536

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\BouncyCastle.Crypto.dll

Filesize
1.3MB

MD5
5e6059ee14e76390ccb31d89e62a7e93

SHA1
2eddb55f9ae9b678518df38a39498722863f1a58

SHA256
326ac49dfc0d6bd22cfd8be5356ed9ab2bfaf0c5fd2b3deb9f195e990c8d3ac8

SHA512
96ceb0139ce725c80e3819dc55e7360d8a4623e2bcd519ef4f032e745e99c64c7da6b106cdd96bd1b970612518ac00cbd56d99de3547d85097dcee768c10dc09

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe

Filesize
220KB

MD5
4268872a2af0ef504071225a7d6777c4

SHA1
217fdb9b4d2d58e4b0ed41f9cb9aa4addefa53f9

SHA256
6f2a9e75886600b20c34139da064d31b0b13a6eb6fcf3352b7bba33e72a3cb48

SHA512
d21048c1f42dfa2e48810be73df9826fd363be85fd8221b140236bf3796e87eaa9a792cfb9dfb532e66b039f0314925eb24cf7f7ed3b569ade68c7ff518c1c6d

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\GameMaker-Studio.exe.config

Filesize
2KB

MD5
f0b64a65ca4a5c35d830fc1d09710025

SHA1
9a032805fba3903f2ac06b3f900cd0b7f75d7c8a

SHA256
606b976708ace6298f4ca3b3858e4222a123de8c6fccade412d34f37911a7c5b

SHA512
e7cdb89226d43c5d4cfe5984daa8b922bb479c686794045160da0c7807520da49dba2fa1428ef8f355b66a9282a4b39bd53775216ac229535079aad19faf65b7

Download Submit
C:\Users\Admin\GameMaker-Studio 1.4\ICSharpCode.SharpZipLib.dll

Filesize
200KB

MD5
32feb4c79fc0e4a2abb7bf3e1c739f6b

SHA1
4e2bc39b46d345cb43cdf413306096e000229a66

SHA256
329283d9a4d467d1362c3f941f9889c97f09834307a500b5e8b1cd11a78794e0

SHA512
ec05986b0749241e71b99b79dbcacb8aa5c81bf374a2c7fd0e4a6747ec74c545b849608ac6ae79201fa9bf97f1667a31559a5996a4c323fdc4a0ae366dabd16e

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new

Filesize
980B

MD5
99cace94ea9e896a901e472bdcceacba

SHA1
098a329c49959f0ab20fd921d5a5f77cc4f9b4b5

SHA256
c9992a3ecf038d1735ad1f8e1ec35f3f9bd077953306474a6b946c61f1637548

SHA512
057e9b1d5a3d2e8713baa6d52b0635bfef7d959228932bb13ab66e4c359f42d9491b1b3e8bb5a62b92fcd2b00c9f11abbc765c0dd811f2d9123576547ee31a05

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch

Filesize
436B

MD5
dbe52369dfdc826a960f8d9e7530fd80

SHA1
78b9f51c067140e49aa794ac1e6836293bc4fff9

SHA256
1928063a9cb40a8fd90358068a4328d389fd4fc08931d9077fede2dcf784f4b6

SHA512
18fc6014c8430cca659f0b9bef0db4d9f6e343b15cfeb72c6f6dab14f7216147b5894656236abec87fd6f3080b4ef5d108f74d36fa3a80ece919e158a7fa5c9e

Download Submit
memory/4912-4949-0x000000000C500000-0x000000000C501000-memory.dmp

Filesize
4KB

Download
memory/4912-5003-0x0000000000400000-0x0000000001095000-memory.dmp

Filesize
12.6MB

Download
memory/4912-5002-0x0000000000400000-0x0000000001095000-memory.dmp

Filesize
12.6MB

Download
memory/4912-5000-0x000000000B7F0000-0x000000000B836000-memory.dmp

Filesize
280KB

Download
memory/4912-4950-0x000000000C600000-0x000000000C601000-memory.dmp

Filesize
4KB

Download
memory/4912-4951-0x000000002FE00000-0x000000002FE01000-memory.dmp

Filesize
4KB

Download
memory/4912-4952-0x000000000D700000-0x000000000D701000-memory.dmp

Filesize
4KB

Download
memory/4912-4953-0x000000000E900000-0x000000000E901000-memory.dmp

Filesize
4KB

Download
memory/4912-4954-0x000000001D400000-0x000000001D401000-memory.dmp

Filesize
4KB

Download