lumma | hxxps://cdn[.]discordapp[.]com/attachments/1087849368675176460/1088103716277723146/Setup[.]rar

Resubmissions

31-03-2023 16:23

230331-tvwhssbe96 7

31-03-2023 16:02

230331-tgr88abd27 6

22-03-2023 22:10

230322-13r9nsbf79 10

Analysis

max time kernel
190s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar

Score

10^/10

lumma spyware stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Drops startup file 3 IoCs

Processes:

Cursed.exeCursed.exeCursed.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	Cursed.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	Cursed.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	Cursed.exe

Executes dropped EXE 14 IoCs

Processes:

Setup.exeCursed.exeSetup.exeCursed.exeCursed.exeCursed.exeCursed.exeCursed.exeCursed.exeCursed.exeSetup.exeCursed.exeCursed.exeCursed.exe

pid	process
2800	Setup.exe
3112	Cursed.exe
1312	Setup.exe
3444	Cursed.exe
6004	Cursed.exe
1368	Cursed.exe
4260	Cursed.exe
1656	Cursed.exe
3340	Cursed.exe
5556	Cursed.exe
5820	Setup.exe
2424	Cursed.exe
5332	Cursed.exe
5336	Cursed.exe

Loads dropped DLL 38 IoCs

Processes:

Setup.exeCursed.exeSetup.exeCursed.exeCursed.exeCursed.exeCursed.exeCursed.exeCursed.exeCursed.exeSetup.exeCursed.exeCursed.exeCursed.exe

pid	process
2800	Setup.exe
2800	Setup.exe
2800	Setup.exe
3112	Cursed.exe
3112	Cursed.exe
1312	Setup.exe
1312	Setup.exe
3112	Cursed.exe
3444	Cursed.exe
6004	Cursed.exe
1368	Cursed.exe
4260	Cursed.exe
1312	Setup.exe
1312	Setup.exe
1656	Cursed.exe
1656	Cursed.exe
1656	Cursed.exe
3340	Cursed.exe
3340	Cursed.exe
3340	Cursed.exe
3340	Cursed.exe
3340	Cursed.exe
3340	Cursed.exe
5556	Cursed.exe
5820	Setup.exe
5820	Setup.exe
5820	Setup.exe
5820	Setup.exe
2424	Cursed.exe
2424	Cursed.exe
2424	Cursed.exe
5332	Cursed.exe
5332	Cursed.exe
5332	Cursed.exe
5332	Cursed.exe
5332	Cursed.exe
5332	Cursed.exe
5336	Cursed.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ff8427c5-b82d-47d8-a318-799a41ea6318.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230322221117.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Enumerates processes with tasklist 1 TTPs 6 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid process

5432 tasklist.exe
4552 tasklist.exe
4452 tasklist.exe
2528 tasklist.exe
3988 tasklist.exe
5160 tasklist.exe

pid	process
5432	tasklist.exe
4552	tasklist.exe
4452	tasklist.exe
2528	tasklist.exe
3988	tasklist.exe
5160	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5692 taskkill.exe

pid	process
5692	taskkill.exe

Modifies registry class 4 IoCs

Processes:

powershell.exemsedge.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

powershell.exemsedge.exemsedge.exemsedge.exeidentity_helper.exeCursed.exeCursed.exeCursed.exe

pid	process
2000	powershell.exe
2000	powershell.exe
3788	msedge.exe
3788	msedge.exe
4992	msedge.exe
4992	msedge.exe
2144	msedge.exe
2144	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
3112	Cursed.exe
3112	Cursed.exe
3112	Cursed.exe
3112	Cursed.exe
3112	Cursed.exe
3112	Cursed.exe
1656	Cursed.exe
1656	Cursed.exe
1656	Cursed.exe
1656	Cursed.exe
1656	Cursed.exe
1656	Cursed.exe
2424	Cursed.exe
2424	Cursed.exe
2424	Cursed.exe
2424	Cursed.exe
2424	Cursed.exe
2424	Cursed.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4992 msedge.exe
4992 msedge.exe
4992 msedge.exe
4992 msedge.exe
4992 msedge.exe
4992 msedge.exe
4992 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exe7zG.exeSetup.exetasklist.exeSetup.exetaskkill.exeCursed.exetasklist.exetasklist.exe

description	pid	process
Token: SeDebugPrivilege	2000	powershell.exe
Token: SeRestorePrivilege	3548	7zG.exe
Token: 35	3548	7zG.exe
Token: SeSecurityPrivilege	3548	7zG.exe
Token: SeSecurityPrivilege	3548	7zG.exe
Token: SeSecurityPrivilege	2800	Setup.exe
Token: SeDebugPrivilege	4452	tasklist.exe
Token: SeSecurityPrivilege	1312	Setup.exe
Token: SeDebugPrivilege	5692	taskkill.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeDebugPrivilege	2528	tasklist.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeSecurityPrivilege	1312	Setup.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe
Token: SeDebugPrivilege	3988	tasklist.exe
Token: SeShutdownPrivilege	3112	Cursed.exe
Token: SeCreatePagefilePrivilege	3112	Cursed.exe

Suspicious use of FindShellTrayWindow 21 IoCs

Processes:

msedge.exe7zG.exe

pid	process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
3548	7zG.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

5692 OpenWith.exe

pid	process
5692	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4992 wrote to memory of 1488	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 1488	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 2856	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 3788	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 3788	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe
PID 4992 wrote to memory of 4772	4992	msedge.exe	msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://cdn.discordapp.com/attachments/1087849368675176460/1088103716277723146/Setup.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffbd3bd46f8,0x7ffbd3bd4708,0x7ffbd3bd4718
2⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
2⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
2⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
2⤵
PID:2000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5868 /prefetch:8
2⤵
PID:780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff672ee5460,0x7ff672ee5470,0x7ff672ee5480
3⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2394139591633354130,11488779118357790615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:5000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6020

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Setup\" -spe -an -ai#7zMap13675:72:7zEvent24153
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3548

C:\Users\Admin\Downloads\Setup\Setup.exe
"C:\Users\Admin\Downloads\Setup\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2800

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3112

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:4364

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
3⤵
PID:1048

C:\Windows\SysWOW64\taskkill.exe
taskkill /IM msedge.exe /F
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5692

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 --field-trial-handle=2068,i,18303195970309174134,2600081324479404605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3444

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1424 --field-trial-handle=2068,i,18303195970309174134,2600081324479404605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:5992

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2528

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=2068,i,18303195970309174134,2600081324479404605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1368

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1120 --field-trial-handle=2068,i,18303195970309174134,2600081324479404605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4260

C:\Users\Admin\Downloads\Setup\Setup.exe
"C:\Users\Admin\Downloads\Setup\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1312

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1656

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=2024,i,1949476791591184304,13993930673460967250,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3340

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2280 --field-trial-handle=2024,i,1949476791591184304,13993930673460967250,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5556

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:456

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
PID:5160

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3988

C:\Users\Admin\Downloads\Setup\Setup.exe
"C:\Users\Admin\Downloads\Setup\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5820

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2424

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:488

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
PID:5432

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 --field-trial-handle=2036,i,4470912488490755242,11115251226325581526,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5332

C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
"C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2268 --field-trial-handle=2036,i,4470912488490755242,11115251226325581526,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5336

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:1532

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
PID:4552

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Process Discovery

T1057

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data.bby
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies.bby
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.bby
Filesize
92KB

MD5
367544a2a5551a41c869eb1b0b5871c3

SHA1
9051340b95090c07deda0a1df3a9c0b9233f5054

SHA256
eb0e2b2ee04cab66e2f7930ea82a5f1b42469ac50e063a8492f9c585f90bc542

SHA512
6d1275291530cb8b9944db296c4aed376765015ad6bbf51f4475a347776c99dbb2e748d0c331d89c9e6118adf641ed10e390c8ccb8ae4de4811c858d195cc34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies.bby
Filesize
20KB

MD5
e6da13bb255b237ea1b3eaccded74de0

SHA1
ddd835bd2814ac54c0d89551c7943d1b45b11f74

SHA256
68c506d0a6181dfe72be12b8e9345140a2df2ad429882945f029fa957ea670c2

SHA512
e730907c76891d320b348fdc986c43124da71923953c9222f875978da3818f7c1fbd480d3ee1d35eba0eadfdca44e1e660b2a88206d12422d0c541a89fe6e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data.bby
Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
2dd1bc85f4e2a10c0bd3351936bad7ca

SHA1
555760c21572145b1ab5abb18f336a040bb01b27

SHA256
309da13ce7002b61b1718604641c758a8794d3906553b4cdbe244e9c0e0e9f2a

SHA512
9d36d730bc5240890653513b796e489b1212b0441da0577b267775dd456846157cdf984b6d8b015a476cdd26e7e99e559eb0f90aa703d0f10a08f6a773209dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
307B

MD5
d1799ba52064e26cb863d4ae9a492493

SHA1
54e00864f787f2ee9841d18dd58e1c3af6129240

SHA256
4e29a7e115aafadf7094901572adb363cbf6cb4f5549a3bf4a4a9464e876ccd7

SHA512
bda103a4800e81185ce0bfc0f1c66082ec30ab16b00ba13c0f328bb24f8fea2471fb38287212cc25399d7952c64e1b621624be7a45dd3b1c1b89c24d97ba0729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
2c6c479949e52712c2f7ed7a0bef7e93

SHA1
b49bb8375917d7cfcf61f04b35861746516986cf

SHA256
3e80e0a068fd97b55552d7496133c85581fdc11cd9a8dc887dcad2cdf14388de

SHA512
a7d3517bb26c346d04b7401fb52b9cd48b6f198b05b32c7376208a04111c663bdc593cdd11ba6a1a3c67857931420f4b345f14b420835a3b30aa50efeca0312d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c8682c34a751852e86c2a91f5c684e0f

SHA1
f203754821035b928bce6b8c450405b4e8bd5492

SHA256
b6c7ecdaac5ee7a0977c4bf1ab2beafa58b5a875302f6537702207f0ca0effa3

SHA512
bcec99b17951ce216495acfb1de3e667e45eeb7ca5f05a86658c07fbb73ca72ccb5acbf992bd6ad6c55c84ac016868b1e4807c9d2efda04b5f5555bc1076584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a670c2baa298d028c099c363cac5e804

SHA1
2b6a54147327cea7498692d483e1ad766b60c0cf

SHA256
7313fe9839b2afce747c3661f8942314abf4764968d124490349451058c107f6

SHA512
10029cecc1c1804d8d917238d8163e8c428f4d6b3a644d6c399186d332d815c625ba0f3a97524ed20b2d71a366721e44c4eaa411be84593541e743a7287630f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data.bby
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce5a9aa8-3616-4166-bd75-46da74cc96f9.tmp
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
e8d03951ff7fedefc805d8e327a0e03c

SHA1
9a60b9b4102e597bfc86521a2019c88b2182606d

SHA256
1c1b3718e5b5de52c70fb9fe36956d3e0eca6ca0a193b39cbebe517bb5c5b78d

SHA512
04e3ae0932ff5e39025d345e1222d1837ce1fd9a941f3f9ea43e58015b7de42d119ca6d86b5be50c1627676bc1ffc2ba0c156acf0f8be23b0bf1a28a49916e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
02722d84dddffc0a0a5da5b1005677f1

SHA1
8b416c4a5fc7ff43f6e089e632b68bdaed04c772

SHA256
9effe1df2224eb12cc795170d5c07402c8c14b16e44ead02ed232b54d3085e06

SHA512
6df050fe5c493a898f0788fa8b89dbc7ca810cd1d0575dffdfd3346bfe179d308b0a77970683a4819ddfa3aec307135bc1297e4ea5be31ef9668db670fa4a927

Download Submit
C:\Users\Admin\AppData\Local\Temp\0054dc7e-56c6-47d5-94a0-506164d2c1cd.tmp.node
Filesize
500KB

MD5
e1442f26c6b952a40b5fedded24bfbce

SHA1
f87aa6ab732893b3167b075872ccfded928e3903

SHA256
8001a2ecdd6c6b2fce7ac7971b2b0582400d96f713fa02efe8c3543de484f3cd

SHA512
e60d1cf9bc4bd73afb5921f44d49561d9c6611855cdb2f74a8083ee6b5125c8d0456f5636389e7659149c61254c975883b4915c442af85c30bb1b66014a1c15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
Filesize
124.3MB

MD5
c13d0c0e58eaa915bc7128395e4a3710

SHA1
2e783ae8969fc2b005a6c53b05a592f675bea501

SHA256
31fe90af4a89357a0ceb1be02ecc047c761752df1c7f9d8cd9b8552e4321cfd5

SHA512
a5e31669705be689457d6645cfe85f34063186773f077c5507e279358a33f82ed40336167c01daad63e07175abe0356857712a92f47f0029a6eb6331a3536f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\Cursed.exe
Filesize
124.3MB

MD5
c13d0c0e58eaa915bc7128395e4a3710

SHA1
2e783ae8969fc2b005a6c53b05a592f675bea501

SHA256
31fe90af4a89357a0ceb1be02ecc047c761752df1c7f9d8cd9b8552e4321cfd5

SHA512
a5e31669705be689457d6645cfe85f34063186773f077c5507e279358a33f82ed40336167c01daad63e07175abe0356857712a92f47f0029a6eb6331a3536f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\LICENSE.electron.txt
Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\LICENSES.chromium.html
Filesize
5.1MB

MD5
f0882b4f2a11c1f0c524388c3307aad7

SHA1
c8952b4076167de1374d0c1f62b1fde8fe69f4ae

SHA256
1b8b8e268755376e95aaddd0a6881f6f4a4b96787af1b2db158e51958410da5f

SHA512
1e5cd07637e213d3f77f8a6204b5bb9a6e16c343790dda4ed677b081e8600de912165bb3436dacf56ea2e5145e888f5964deda4ee4b7dd3516ae2cab42e2fa0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\libEGL.dll
Filesize
364KB

MD5
596c3217f870d63a9feb190305b45790

SHA1
a65bdf045c38e2580f724e1cc4e460c46a0ea9fc

SHA256
1679ccf85c0fab467a3d12dc63248eb4d34e7345d6e6399740ffc7f78e4e927b

SHA512
1aae19270de9cc0768543ae0f691da4ea6c7d350d54f8accc02f5eb94e03f6b1671f8aa31f9370b9758827ad42870c9e264c3fea65e2074717ab24f9c0872d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\libGLESv2.dll
Filesize
6.1MB

MD5
1baf13b30d409e0df85ac538d8883e3f

SHA1
e61c3231a330e806edebd04520b827b43820a268

SHA256
4a51e8a30804dd766dd01da3d574caeca459542f9aed255eca2bcc8e2ed9b893

SHA512
67fe5baa4948cacb2925710f68de3f7a226a9c26150d84b1a78d9d8d6aa097ae3055a557c4354eb545a314d9112702dec60c20fde2de5a4a025dce74f54e0bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\af.pak
Filesize
125KB

MD5
46f982ccd1b8a98de5f4f9f1e8f19fe5

SHA1
13165653f2336037d4fb42a05a90251d2a4bc5cf

SHA256
9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf

SHA512
2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\am.pak
Filesize
202KB

MD5
15b05881e1927eda0e41b86698ce12da

SHA1
d629f23b8a11700b410d25f3dc439c8c353b0953

SHA256
4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd

SHA512
6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\ar.pak
Filesize
207KB

MD5
1b55e90455877384795185791bc692c2

SHA1
3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46

SHA256
ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df

SHA512
bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\bg.pak
Filesize
226KB

MD5
470dde3136a8da5752fcde269d4b6b43

SHA1
85196012cc0df090650244f7b55e51728c68806b

SHA256
cd6701f8b682b6d677ae2010abfb4bfd19555bb42847e2ffddc54e203d50b373

SHA512
b39397c8a3a081e61dd52ebbc0a4cc2ac33f9427c1ea9215995cd8915d705f30d2d3290742155890a61fc3819b6076c1ae41d278171517622ad35fc6f430702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\bn.pak
Filesize
291KB

MD5
be160a93d35402ed4f4404f2b1d05d95

SHA1
52db7af673b6e5318e6663751938dbbce4f6280e

SHA256
a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287

SHA512
c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\ca.pak
Filesize
140KB

MD5
8fc109e240399b85168725bf46d0e512

SHA1
c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5

SHA256
799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62

SHA512
84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\cs.pak
Filesize
143KB

MD5
df23addc3559428776232b1769bf505e

SHA1
04c45a59b1c7dce4cfabbac1982a0c701f93eed0

SHA256
c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0

SHA512
fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\da.pak
Filesize
130KB

MD5
875c8eaa5f2a5da2d36783024bff40c7

SHA1
d0cba9cfbb669bbb8117eee8eccf654d37c3d099

SHA256
6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5

SHA512
6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\de.pak
Filesize
139KB

MD5
5e7ea3ab0717b7fc84ef76915c3bfb21

SHA1
549cb0f459f47fc93b2e8c7eb423fd318c4a9982

SHA256
6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403

SHA512
976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\el.pak
Filesize
249KB

MD5
7dca85c1719f09ec9b823d3dd33f855e

SHA1
4812cb8d5d5081fcc79dbde686964d364bc1627e

SHA256
82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c

SHA512
8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\en-GB.pak
Filesize
115KB

MD5
db946e28e8cd67fc45a317a2d22943d3

SHA1
0e096f66915f75d06f2ec20eae20f78ad6b235e7

SHA256
7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe

SHA512
b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\en-US.pak
Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\es-419.pak
Filesize
139KB

MD5
d25865c02378b768ef5072eccd8b3bf0

SHA1
548dbe6e90ece914d4b79c88b26285efc97ed70c

SHA256
e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0

SHA512
817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\es.pak
Filesize
140KB

MD5
b1c6b6b7a04c5fb7747c962e3886b560

SHA1
70553b72b9c382c0b25fa10fe2c967efbcfcb125

SHA256
e4db8f397cd85fc5575670b3cacfc0c69e4bf07ef54a210e7ae852d2916f1736

SHA512
7fcd9ae80791de19df8644424ffdf1feb299f18a38a5d5bc546e8fd3d20d3ced6f565981c3c03026bc5400fe0806dfa3af3064e7a70e18061f5d5fe6d6bde8d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\et.pak
Filesize
126KB

MD5
339133a26a28ae136171145ba38d9075

SHA1
60c40c6c52effb96a3eb85d30fadc4e0a65518a6

SHA256
f2f66a74b2606565365319511d3c40b6accdde43a0af976f8b6ac12e2d92ec9f

SHA512
d7dd2a1c51a7144f1fe25336460d62622c2503aa64658063edcb95f50d97d65d538ce4e8ae986af25f6f7882f6f6578bfb367c201e22da2abdd149c0bb4194c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\fa.pak
Filesize
199KB

MD5
a67bfd62dcf0ab4edd5df98a5bb26a72

SHA1
5def04429a9d7b3a2d6cac61829f803a8aa9ef3b

SHA256
890ca9da16efc1efcc97ee406f9efa6a8d288f19a2192f89204bdc467e2868d3

SHA512
3419c6bed5fc96e82f9b1f688609b2d2190003b527d95699e071576c25730934fbed3437fdde870fc836bdc5e690362cae1e612b7ff779c22b853baf3cfcaabf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\fi.pak
Filesize
129KB

MD5
aceed6757e21991632b063a7fe99c63c

SHA1
491b4aa5eaeb93e662f720c721736e892b9117e5

SHA256
370164e61142d8609d176ec0cc650540c526156009070563f456bcdb104e9c0f

SHA512
664c369e74930a61a8c9ccee37321c6610ffdeba8e4e8a5d4f9444d530097b0f4556e7b369dfd55323fe7df70b517c84ae9d62a89c1984a8cf56bae92d3e0455

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\fil.pak
Filesize
144KB

MD5
cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856

SHA1
c3b5900a38354ea00b63622bb9044ffb4788723b

SHA256
945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e

SHA512
6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\fr.pak
Filesize
149KB

MD5
bc286000070c9a918a8e674f19a74e12

SHA1
41221bb668e41c13fbf5f110e7f2c6d900cdffd1

SHA256
d641d9d73262ca65a613ee0395204435d6830316dd551f8992407ae77ead4b64

SHA512
553dc84ffd09dd969802fc339ab20f6af3c36442c1ea23e4199519f2c5fb50be79874ae455ce5ff44511a3adcedae7f3030d13e0ecf2b456233d5f4ff186a5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\gu.pak
Filesize
282KB

MD5
af5cc703c77e1a4b27233deb73c6ace8

SHA1
ea92dce379ec9405fd84274566d363ce302d7f1d

SHA256
cd761009ecbd4736b24383f020da05d2e6b9396c67a7ec1f4ac1966943cf9eab

SHA512
dd379cbab7a6fdce05b0ff34d339c2f3320f83f76d8e1fb7ebf20edcfebe541ae454490eeb83d8edc069aaf3db52d6b7de6d701672a13e75dfe59840e8f2c5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\he.pak
Filesize
174KB

MD5
b2f893d17e118cd03055b55b0923206b

SHA1
99b6358438a3eaffae38dcf6a215d8c5f9bfdc26

SHA256
f6d1e2a269783f27b85c2db2ce9286f581ec2e16586ecac476ab5735cd8ae12f

SHA512
34fa1c4bce2f9e2c5c7b494a829f5b492b40e8f4f0bc586f564755de703b5765d81795c67e19a27d2f21d297ce3b7e5058a126118afe6911cc429fc58d67f13e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\hi.pak
Filesize
292KB

MD5
9697c9ecfa893db09d046e4feb8f1260

SHA1
db08fecfc31d278b3f74c85f98c34dc78b75f4fd

SHA256
de4b369e012831a5ced3ae02e34fd34374348b016274c99911a294de3f9bee5b

SHA512
ec9b87003853640c5f3c477f389dbd16bf1d75269c3fbd8620db43942ba7e323a3198fbbb16d27c10bbae40fd047cfdad170659b9ef26488928a24ee535885d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\hr.pak
Filesize
137KB

MD5
209efaa890532ddbb1673852e42ded7e

SHA1
8e9a3e643183d4cbdfad9fd2a116e749b5313a95

SHA256
3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40

SHA512
5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\hu.pak
Filesize
149KB

MD5
7317adfcba87621963e9cb2f44600e2f

SHA1
0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4

SHA256
6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f

SHA512
e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\id.pak
Filesize
124KB

MD5
f6d153fa3087dab3fcef255b5afe8538

SHA1
99f123a133d3ce1a70349a7d1948a8d57981e1c4

SHA256
fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7

SHA512
c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\it.pak
Filesize
138KB

MD5
23d70fc1cc74275719c4f882400150e1

SHA1
e8235d0bd4dbfbd708deb80139f0acb1cc0fbdef

SHA256
75b37965b88933ba32119ebdd13cb98c54300b1e1e312080947eed6a94fc70b0

SHA512
ca9a6fc273d5b0b656e902fb87f8792de604a3b6ce598dc577d08541ce9f35256849b1503f15edbe5d1e1d5785cffc38ed12650d1d026aa23b5ce6f9c3ac4cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\ja.pak
Filesize
164KB

MD5
781fec59b38a21dc663f3a482732196b

SHA1
1b660ba0bd9aaf67c5fe49a372687facd6d264ea

SHA256
3849f8b48b034fe6319112eff77b7c9f6a8d7b20cf7bc8400528a0a8458677da

SHA512
f2c3a6d8c23f72db8e70ec8cd87793eb103b58bdd3976e99f42867c33a6688a41c79eadcdf25c6ae01fd20920affd43f228a5134af28f83ee50fe02819665e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\kn.pak
Filesize
319KB

MD5
66867a2133ef0c73f385af7d5d2eed91

SHA1
8ca6e7e6d679255c2c151d38cf70a5f25cce059f

SHA256
407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35

SHA512
482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\locales\ko.pak
Filesize
138KB

MD5
27705557eb4977c33bc69f27c2ee9f96

SHA1
b0297538c4e68515b8f65d44371cb8f4cdbc489f

SHA256
de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc

SHA512
53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\resources\app.asar
Filesize
39.5MB

MD5
17c8a4e00b7d7db879f3599a7a9fa29b

SHA1
1b8824d579c58963a9d9aee043ff1b9c1c8066ae

SHA256
c6305fc95f9f5e39d67519d96ab272df468d9362de0145b5caf42a4a8581b1a0

SHA512
ca2c987aa421a6046b7660759e1a98b78bb64c9267d9a69241b3c01e941a48a0f0cd0e2d2baf60229378d8648c35364afc45f715ded80d86aa484a9ed1fd1a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NLCYtILPnJGv6F5rChl0lFetUG\v8_context_snapshot.bin
Filesize
596KB

MD5
5d9b4473dd8705940bbb4a4036e395d0

SHA1
af35aa3374200dd2b9102f6767e53413e4e09e20

SHA256
ca2245da2a4aa7e4c9dcbf810c90048f73a9a96f6432f7895f3e6fe0c21e48f1

SHA512
bcc78b845a2aac96e46162c6a81dd1a914a6e8ed6d9753f648ae125958042a76ab49f1fefc8615891a1e007f0d0b63980517953ee088e29d46ba9d258f130192

Download Submit
C:\Users\Admin\AppData\Local\Temp\976c2615-7346-4e9a-8b0e-91f90bce5e1d.tmp.node
Filesize
2.1MB

MD5
3bc107cac5de2a16c41af09753c17d8a

SHA1
3fc350965383a1850263322b163ea9e7db84aa18

SHA256
2fedc6242d32e83c3959ac2bc6d2d69f2ffbbf537fd9354a5fed31bf3ae75546

SHA512
a688118157fdcf0177b6667217c64c3dccad99c9a909d0aba3ef39861f773b96e30769c34af5a3853333f4c30fb3b1658b713e345677a0b7c46cf835a51a5d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y1l3wmxf.g0r.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\a396357d-4aa9-4536-b3e3-a06384a635e4.tmp.node
Filesize
500KB

MD5
e1442f26c6b952a40b5fedded24bfbce

SHA1
f87aa6ab732893b3167b075872ccfded928e3903

SHA256
8001a2ecdd6c6b2fce7ac7971b2b0582400d96f713fa02efe8c3543de484f3cd

SHA512
e60d1cf9bc4bd73afb5921f44d49561d9c6611855cdb2f74a8083ee6b5125c8d0456f5636389e7659149c61254c975883b4915c442af85c30bb1b66014a1c15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\Cursed.exe
Filesize
124.3MB

MD5
c13d0c0e58eaa915bc7128395e4a3710

SHA1
2e783ae8969fc2b005a6c53b05a592f675bea501

SHA256
31fe90af4a89357a0ceb1be02ecc047c761752df1c7f9d8cd9b8552e4321cfd5

SHA512
a5e31669705be689457d6645cfe85f34063186773f077c5507e279358a33f82ed40336167c01daad63e07175abe0356857712a92f47f0029a6eb6331a3536f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\LICENSE.electron.txt
Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\LICENSES.chromium.html
Filesize
5.1MB

MD5
f0882b4f2a11c1f0c524388c3307aad7

SHA1
c8952b4076167de1374d0c1f62b1fde8fe69f4ae

SHA256
1b8b8e268755376e95aaddd0a6881f6f4a4b96787af1b2db158e51958410da5f

SHA512
1e5cd07637e213d3f77f8a6204b5bb9a6e16c343790dda4ed677b081e8600de912165bb3436dacf56ea2e5145e888f5964deda4ee4b7dd3516ae2cab42e2fa0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\libEGL.dll
Filesize
364KB

MD5
596c3217f870d63a9feb190305b45790

SHA1
a65bdf045c38e2580f724e1cc4e460c46a0ea9fc

SHA256
1679ccf85c0fab467a3d12dc63248eb4d34e7345d6e6399740ffc7f78e4e927b

SHA512
1aae19270de9cc0768543ae0f691da4ea6c7d350d54f8accc02f5eb94e03f6b1671f8aa31f9370b9758827ad42870c9e264c3fea65e2074717ab24f9c0872d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\libGLESv2.dll
Filesize
6.1MB

MD5
1baf13b30d409e0df85ac538d8883e3f

SHA1
e61c3231a330e806edebd04520b827b43820a268

SHA256
4a51e8a30804dd766dd01da3d574caeca459542f9aed255eca2bcc8e2ed9b893

SHA512
67fe5baa4948cacb2925710f68de3f7a226a9c26150d84b1a78d9d8d6aa097ae3055a557c4354eb545a314d9112702dec60c20fde2de5a4a025dce74f54e0bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\af.pak
Filesize
125KB

MD5
46f982ccd1b8a98de5f4f9f1e8f19fe5

SHA1
13165653f2336037d4fb42a05a90251d2a4bc5cf

SHA256
9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf

SHA512
2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\am.pak
Filesize
202KB

MD5
15b05881e1927eda0e41b86698ce12da

SHA1
d629f23b8a11700b410d25f3dc439c8c353b0953

SHA256
4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd

SHA512
6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ar.pak
Filesize
207KB

MD5
1b55e90455877384795185791bc692c2

SHA1
3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46

SHA256
ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df

SHA512
bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\bg.pak
Filesize
226KB

MD5
470dde3136a8da5752fcde269d4b6b43

SHA1
85196012cc0df090650244f7b55e51728c68806b

SHA256
cd6701f8b682b6d677ae2010abfb4bfd19555bb42847e2ffddc54e203d50b373

SHA512
b39397c8a3a081e61dd52ebbc0a4cc2ac33f9427c1ea9215995cd8915d705f30d2d3290742155890a61fc3819b6076c1ae41d278171517622ad35fc6f430702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\bn.pak
Filesize
291KB

MD5
be160a93d35402ed4f4404f2b1d05d95

SHA1
52db7af673b6e5318e6663751938dbbce4f6280e

SHA256
a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287

SHA512
c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ca.pak
Filesize
140KB

MD5
8fc109e240399b85168725bf46d0e512

SHA1
c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5

SHA256
799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62

SHA512
84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\cs.pak
Filesize
143KB

MD5
df23addc3559428776232b1769bf505e

SHA1
04c45a59b1c7dce4cfabbac1982a0c701f93eed0

SHA256
c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0

SHA512
fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\da.pak
Filesize
130KB

MD5
875c8eaa5f2a5da2d36783024bff40c7

SHA1
d0cba9cfbb669bbb8117eee8eccf654d37c3d099

SHA256
6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5

SHA512
6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\de.pak
Filesize
139KB

MD5
5e7ea3ab0717b7fc84ef76915c3bfb21

SHA1
549cb0f459f47fc93b2e8c7eb423fd318c4a9982

SHA256
6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403

SHA512
976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\el.pak
Filesize
249KB

MD5
7dca85c1719f09ec9b823d3dd33f855e

SHA1
4812cb8d5d5081fcc79dbde686964d364bc1627e

SHA256
82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c

SHA512
8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\en-GB.pak
Filesize
115KB

MD5
db946e28e8cd67fc45a317a2d22943d3

SHA1
0e096f66915f75d06f2ec20eae20f78ad6b235e7

SHA256
7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe

SHA512
b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\en-US.pak
Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\es-419.pak
Filesize
139KB

MD5
d25865c02378b768ef5072eccd8b3bf0

SHA1
548dbe6e90ece914d4b79c88b26285efc97ed70c

SHA256
e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0

SHA512
817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\es.pak
Filesize
140KB

MD5
b1c6b6b7a04c5fb7747c962e3886b560

SHA1
70553b72b9c382c0b25fa10fe2c967efbcfcb125

SHA256
e4db8f397cd85fc5575670b3cacfc0c69e4bf07ef54a210e7ae852d2916f1736

SHA512
7fcd9ae80791de19df8644424ffdf1feb299f18a38a5d5bc546e8fd3d20d3ced6f565981c3c03026bc5400fe0806dfa3af3064e7a70e18061f5d5fe6d6bde8d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\et.pak
Filesize
126KB

MD5
339133a26a28ae136171145ba38d9075

SHA1
60c40c6c52effb96a3eb85d30fadc4e0a65518a6

SHA256
f2f66a74b2606565365319511d3c40b6accdde43a0af976f8b6ac12e2d92ec9f

SHA512
d7dd2a1c51a7144f1fe25336460d62622c2503aa64658063edcb95f50d97d65d538ce4e8ae986af25f6f7882f6f6578bfb367c201e22da2abdd149c0bb4194c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\fa.pak
Filesize
199KB

MD5
a67bfd62dcf0ab4edd5df98a5bb26a72

SHA1
5def04429a9d7b3a2d6cac61829f803a8aa9ef3b

SHA256
890ca9da16efc1efcc97ee406f9efa6a8d288f19a2192f89204bdc467e2868d3

SHA512
3419c6bed5fc96e82f9b1f688609b2d2190003b527d95699e071576c25730934fbed3437fdde870fc836bdc5e690362cae1e612b7ff779c22b853baf3cfcaabf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\fi.pak
Filesize
129KB

MD5
aceed6757e21991632b063a7fe99c63c

SHA1
491b4aa5eaeb93e662f720c721736e892b9117e5

SHA256
370164e61142d8609d176ec0cc650540c526156009070563f456bcdb104e9c0f

SHA512
664c369e74930a61a8c9ccee37321c6610ffdeba8e4e8a5d4f9444d530097b0f4556e7b369dfd55323fe7df70b517c84ae9d62a89c1984a8cf56bae92d3e0455

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\fil.pak
Filesize
144KB

MD5
cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856

SHA1
c3b5900a38354ea00b63622bb9044ffb4788723b

SHA256
945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e

SHA512
6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\fr.pak
Filesize
149KB

MD5
bc286000070c9a918a8e674f19a74e12

SHA1
41221bb668e41c13fbf5f110e7f2c6d900cdffd1

SHA256
d641d9d73262ca65a613ee0395204435d6830316dd551f8992407ae77ead4b64

SHA512
553dc84ffd09dd969802fc339ab20f6af3c36442c1ea23e4199519f2c5fb50be79874ae455ce5ff44511a3adcedae7f3030d13e0ecf2b456233d5f4ff186a5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\gu.pak
Filesize
282KB

MD5
af5cc703c77e1a4b27233deb73c6ace8

SHA1
ea92dce379ec9405fd84274566d363ce302d7f1d

SHA256
cd761009ecbd4736b24383f020da05d2e6b9396c67a7ec1f4ac1966943cf9eab

SHA512
dd379cbab7a6fdce05b0ff34d339c2f3320f83f76d8e1fb7ebf20edcfebe541ae454490eeb83d8edc069aaf3db52d6b7de6d701672a13e75dfe59840e8f2c5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\he.pak
Filesize
174KB

MD5
b2f893d17e118cd03055b55b0923206b

SHA1
99b6358438a3eaffae38dcf6a215d8c5f9bfdc26

SHA256
f6d1e2a269783f27b85c2db2ce9286f581ec2e16586ecac476ab5735cd8ae12f

SHA512
34fa1c4bce2f9e2c5c7b494a829f5b492b40e8f4f0bc586f564755de703b5765d81795c67e19a27d2f21d297ce3b7e5058a126118afe6911cc429fc58d67f13e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\hi.pak
Filesize
292KB

MD5
9697c9ecfa893db09d046e4feb8f1260

SHA1
db08fecfc31d278b3f74c85f98c34dc78b75f4fd

SHA256
de4b369e012831a5ced3ae02e34fd34374348b016274c99911a294de3f9bee5b

SHA512
ec9b87003853640c5f3c477f389dbd16bf1d75269c3fbd8620db43942ba7e323a3198fbbb16d27c10bbae40fd047cfdad170659b9ef26488928a24ee535885d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\hr.pak
Filesize
137KB

MD5
209efaa890532ddbb1673852e42ded7e

SHA1
8e9a3e643183d4cbdfad9fd2a116e749b5313a95

SHA256
3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40

SHA512
5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\hu.pak
Filesize
149KB

MD5
7317adfcba87621963e9cb2f44600e2f

SHA1
0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4

SHA256
6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f

SHA512
e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\id.pak
Filesize
124KB

MD5
f6d153fa3087dab3fcef255b5afe8538

SHA1
99f123a133d3ce1a70349a7d1948a8d57981e1c4

SHA256
fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7

SHA512
c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\it.pak
Filesize
138KB

MD5
23d70fc1cc74275719c4f882400150e1

SHA1
e8235d0bd4dbfbd708deb80139f0acb1cc0fbdef

SHA256
75b37965b88933ba32119ebdd13cb98c54300b1e1e312080947eed6a94fc70b0

SHA512
ca9a6fc273d5b0b656e902fb87f8792de604a3b6ce598dc577d08541ce9f35256849b1503f15edbe5d1e1d5785cffc38ed12650d1d026aa23b5ce6f9c3ac4cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ja.pak
Filesize
164KB

MD5
781fec59b38a21dc663f3a482732196b

SHA1
1b660ba0bd9aaf67c5fe49a372687facd6d264ea

SHA256
3849f8b48b034fe6319112eff77b7c9f6a8d7b20cf7bc8400528a0a8458677da

SHA512
f2c3a6d8c23f72db8e70ec8cd87793eb103b58bdd3976e99f42867c33a6688a41c79eadcdf25c6ae01fd20920affd43f228a5134af28f83ee50fe02819665e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\kn.pak
Filesize
319KB

MD5
66867a2133ef0c73f385af7d5d2eed91

SHA1
8ca6e7e6d679255c2c151d38cf70a5f25cce059f

SHA256
407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35

SHA512
482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ko.pak
Filesize
138KB

MD5
27705557eb4977c33bc69f27c2ee9f96

SHA1
b0297538c4e68515b8f65d44371cb8f4cdbc489f

SHA256
de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc

SHA512
53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\lt.pak
Filesize
151KB

MD5
a3e29f4a3ca6f2058a6f464e49f914b6

SHA1
3fc632eaccf91e86b365d444e7acba6f9302aa5c

SHA256
ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47

SHA512
eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\lv.pak
Filesize
149KB

MD5
28eeee40b2722e1cc42905c70367fbdb

SHA1
fd82465b1522d314b295207934a7641b3d257d66

SHA256
026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684

SHA512
a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ml.pak
Filesize
337KB

MD5
a7f6cdc17eddc1550260489d478ec093

SHA1
3308eb8f7d1958fe6b9f94602599cdc56460aa89

SHA256
01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577

SHA512
42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\mr.pak
Filesize
277KB

MD5
be22080b1e45301c313d92d825a7a9ed

SHA1
84c9370a4845ddfa1eab8ae334c1f4cc02ffaba6

SHA256
c09d274406a36f90c75a1daf018c5373d697c42bbc20771a827f62ebe08dab57

SHA512
9558690ae7ac41984553aea1e0133778301ee12e0dd6e16f5dc0380619b82a7a8d37cbe0ef59efcd53c05987ed6fdeb869dee8fe2224fda8880d473e932c2f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ms.pak
Filesize
128KB

MD5
bff5ea1dbedfab0da766909c2b0beed3

SHA1
9ab6989c47ab4cea0d620fe70bba5c1e15a58a51

SHA256
6240e885116732ae850542cab40c80950bf83171c17a84bf02d7df9b1a2a98a4

SHA512
8bc32f7bade04932b51a2bc4e8d5d609d379a157accca63e43977a19f2604e87ba754bf545651a1237c74e05577f36d85e53d20fa1da41e7967e8ef8a657464d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\nb.pak
Filesize
126KB

MD5
2f31dbf3f36906c58b68f7f88c433257

SHA1
55552671f81a9b24ef05d16249bcf5135d5a98c9

SHA256
ca435b5ca91a253129bde2155592d9c3876005c4ca4389e4ecf97adab9a6de4a

SHA512
079ea4f01582e9ab05e2c63850b654ab84ce3b8bb72390899dfe662e2c4138b82f869829fad3ee645546dd8e27c749d2ef20a0d5bc94db174a59c6e0d43ea27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\nl.pak
Filesize
131KB

MD5
1e5b9d923d5f8cef49c913badd2784ba

SHA1
6e42a558a7207b2cee2452263eb661843fe74d0d

SHA256
7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e

SHA512
e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\pl.pak
Filesize
144KB

MD5
bc72c8e2426765839539a3b8340fe19e

SHA1
630bd0e844e673454477b819c808b7e18bebe0db

SHA256
6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755

SHA512
a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\pt-BR.pak
Filesize
137KB

MD5
54efb4172a7110a567ad87f67cfcd551

SHA1
ea8eac6f2328b8a1b27249fced7c16154060dcf3

SHA256
c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742

SHA512
ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\pt-PT.pak
Filesize
138KB

MD5
f7a822e3dedaa3df046c3172613e275d

SHA1
14c21d2cc296197a9a618f21dc103f0d6749b77f

SHA256
e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e

SHA512
0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ro.pak
Filesize
141KB

MD5
5f6af740e111066ba5245a7fb58c3d38

SHA1
bb09d9f89ec6e1db0a45cd15f84930dc34011b16

SHA256
b9fee8754a5307751f197d1968dd02e163dba30f09a36c72f88b63b4ee5bcd26

SHA512
d2c74477bfa01e8b5b51fbb4393368dc967be362833cc2ac61fc989f41896f17b957d10c0e03b442fba1f3d6059637f355dd6e537e6e00c382eaacfc1b5d64e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ru.pak
Filesize
225KB

MD5
822750ab24d9ef1a54f3d987eee1acb5

SHA1
dc99948cfd029cc9d98c10e487625832db8f1855

SHA256
3906f069e6e2a3a0235826e9382624e7a4cfba309f00bbd0963ff0c9f2c179fa

SHA512
b0d9521e088c80470e5d15e310bf7e3e27b16464c5349f2bd6f29a78e7fdc7da36b3b1bee68e4496585b0e2f20098fa6b0b3360c4b43f2ed9718d292755f5be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\sk.pak
Filesize
146KB

MD5
7cedcf98e68f4001cc13f2b761571681

SHA1
fba32c46564452fee5697777b6d3c60d69589528

SHA256
e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb

SHA512
c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\sl.pak
Filesize
139KB

MD5
c08d0d08fd48822c603a27aaad4e9557

SHA1
8b7d616ef86bd955cbdf68197cdf748aaf99240a

SHA256
ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65

SHA512
480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\sr.pak
Filesize
213KB

MD5
7cfb6dd166594df07bccb7c08774a667

SHA1
1c06a8adb81c357909ade0307a67a122c94c0cb7

SHA256
c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d

SHA512
92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\sv.pak
Filesize
127KB

MD5
b4d3ab3791e862711986bb585c1676fc

SHA1
2123c8879a70728657e72415d7056aac4a1527e2

SHA256
080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66

SHA512
b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\sw.pak
Filesize
133KB

MD5
a5f4010de863114025b898d78036b336

SHA1
0fa93fee8f60d1bf2fec4e01c5306404e831e94c

SHA256
8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30

SHA512
7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ta.pak
Filesize
335KB

MD5
ab1ece31afe29124d183b3826c7ef291

SHA1
e707a983f039310b867bf4b502165f1f512b9818

SHA256
5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22

SHA512
6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\te.pak
Filesize
312KB

MD5
11c4c1ef8708db1f742333e71e312831

SHA1
ef432cf1d5df168039cb3d1b5f4d34bab76cd475

SHA256
9889b8d2e5f5fc5ed199831954af7b05028ec7a68f448b19ba74d91b97c223d6

SHA512
27c73d81271612bb2e4925d2091db9119859080484f5fa17536291c06bacdffadb1962ce56d0979d4f1f49add14990d73c5bafea45ce48141a36a2e55ade756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\th.pak
Filesize
265KB

MD5
5abd2a1b2749449a0cbba60e32393f4f

SHA1
31097bf4728f752508482c298710cffecfb78d60

SHA256
c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780

SHA512
094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\tr.pak
Filesize
135KB

MD5
08b737a1b8ecb81c8ef4d7b8f6b5f503

SHA1
99d2cdbb720f114051627acbb79475ccc57ce6a6

SHA256
84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8

SHA512
142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\uk.pak
Filesize
227KB

MD5
8162ec467ac9a8dac71d22c630a3e6a3

SHA1
4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a

SHA256
d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f

SHA512
e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\ur.pak
Filesize
199KB

MD5
30ce113bc3c466751bdf8d50cc568ff8

SHA1
d0b434b8f196a320995f49845d64054dcaedb97f

SHA256
34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41

SHA512
a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\vi.pak
Filesize
161KB

MD5
247e8cfc494fd37d086db9a747991abc

SHA1
bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92

SHA256
4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3

SHA512
852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\zh-CN.pak
Filesize
116KB

MD5
7507e95fbb433aa97dd9c2e3c2e08d0b

SHA1
f61227f2173ceece432289b099285d4a9322e2ef

SHA256
bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1

SHA512
f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\locales\zh-TW.pak
Filesize
115KB

MD5
96620581f25ac84ddd4b9d0cd29b0749

SHA1
6413faf7b2e31755674f27de8cdab0788488526c

SHA256
2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988

SHA512
7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\resources.pak
Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\resources\app.asar
Filesize
39.5MB

MD5
17c8a4e00b7d7db879f3599a7a9fa29b

SHA1
1b8824d579c58963a9d9aee043ff1b9c1c8066ae

SHA256
c6305fc95f9f5e39d67519d96ab272df468d9362de0145b5caf42a4a8581b1a0

SHA512
ca2c987aa421a6046b7660759e1a98b78bb64c9267d9a69241b3c01e941a48a0f0cd0e2d2baf60229378d8648c35364afc45f715ded80d86aa484a9ed1fd1a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\resources\elevate.exe
Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\snapshot_blob.bin
Filesize
281KB

MD5
52304e76978a13b8d7fd46771cbfea84

SHA1
a1af053116b9cd1018fa3c145785eb3c030f709f

SHA256
bb3acfe786e2efd17ad5f5957f06e4ba3d656aac65dcab1b9a2ddaae877bc824

SHA512
d1face9a819fe54500435dd55dc051337229de4f1c10713457b6a7847eb71b4713c2a50f260c35576cc41fef7606a3b6b33407962c91224c389ed0b97ed8b3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\v8_context_snapshot.bin
Filesize
596KB

MD5
5d9b4473dd8705940bbb4a4036e395d0

SHA1
af35aa3374200dd2b9102f6767e53413e4e09e20

SHA256
ca2245da2a4aa7e4c9dcbf810c90048f73a9a96f6432f7895f3e6fe0c21e48f1

SHA512
bcc78b845a2aac96e46162c6a81dd1a914a6e8ed6d9753f648ae125958042a76ab49f1fefc8615891a1e007f0d0b63980517953ee088e29d46ba9d258f130192

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\vk_swiftshader.dll
Filesize
4.0MB

MD5
f6f3a64471f6a9738456259d09e617c4

SHA1
47cf0831fa4fb561c045e38f5edb5aa45a01324a

SHA256
0e7950569c56123708e5f9b934c3d2abfe787c3e275af3fab9fb0517329783be

SHA512
7eb35f7283475471e8e8ba77fb276bb7348c4c5b2ee552edf3b23f94b3eeb92d54ed09c8930faa059733532a33861e3af5f261e36e288237b611864e7b272118

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\7z-out\vulkan-1.dll
Filesize
743KB

MD5
eafcefd44884880bb202cfac8f2576ad

SHA1
9936e5fed1328e72d34a8a6239101f1264290879

SHA256
1e7851e7828d9b99745fdb9f13793147df3248a6550ae81af99177c168aad5b2

SHA512
c7745839afbe953f030e54cec75db50ccd1277ce59c7c3cf05004b15d1476ae0ef27bb7de7be3c7beccc2946c43c422a48adba82d47dddc7fa58a9db6ed1325a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslED30.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\app-32.7z
Filesize
56.0MB

MD5
0284f5c1a2dfcb83e80678f82e50b0c5

SHA1
a79f9a739be5677ab29f34975e3b378707f422f3

SHA256
27ead2d1d28e47daca29b7ce2c7b6d41bea8931856f47da2d3641399dae4d1b1

SHA512
8efff6816169d702993098ae7be97ace872ea5e12d7b81e267dde142ad3eeae9c3c52fc6f1b2c31be12b989c0800f3a66cabc375412bbe7498c6b66dd3c5cbcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
4f871b5b3f40aa4716b3fc4c2adebec3

SHA1
73bd28ed300b04d10d8e9a6ebed2fc78d26f50bc

SHA256
10baa9a6830e7cace1c11924a7c3d5facae82e32601cf20a03b9361bf612a802

SHA512
71311c569c8d6c79cef3a989a31646097610358e568ce33e7c6d35a4d66c09f2473401057db0734632ca670951f2329bb2ada9e2805321f1ab600157e0e11e51

Download Submit
C:\Users\Admin\Downloads\Setup.rar
Filesize
56.5MB

MD5
6305b5402391d1088f8086d21a24c241

SHA1
3eeac2dee953119bbe45eecd07c97833e97c9346

SHA256
90b0950960b30715a9f9c78ff507858c14655f55bd33ce76ff4e63d0a1eabb43

SHA512
3a40cbb093847f5372af9484bb8e9d74309e00ab556d1ad27df88da5d8482f34ffab1a12b25bc7a3b073dfe41c0fdd8fcb4251486b0ab211fb28402043aadc62

Download Submit
C:\Users\Admin\Downloads\Setup.rar
Filesize
56.5MB

MD5
6305b5402391d1088f8086d21a24c241

SHA1
3eeac2dee953119bbe45eecd07c97833e97c9346

SHA256
90b0950960b30715a9f9c78ff507858c14655f55bd33ce76ff4e63d0a1eabb43

SHA512
3a40cbb093847f5372af9484bb8e9d74309e00ab556d1ad27df88da5d8482f34ffab1a12b25bc7a3b073dfe41c0fdd8fcb4251486b0ab211fb28402043aadc62

Download Submit
C:\Users\Admin\Downloads\Setup\Setup.exe
Filesize
56.5MB

MD5
e1b0653393170d747aeb19bf8272c6c2

SHA1
f9c6bdad9909324e0ed1d64f36212f011e7717e6

SHA256
4a088011e8944795b6f08e057d96fd171bc39dc39aec293c9abe88956af6688f

SHA512
09f88fc077427759272a7d5c7befdf46246ea884ad07ab7475681527fb6749f9a6224aaa55c40125646a902044a46f11f0e866e588fef7c860448bdce373fce4

Download Submit
C:\Users\Admin\Downloads\Setup\Setup.exe
Filesize
56.5MB

MD5
e1b0653393170d747aeb19bf8272c6c2

SHA1
f9c6bdad9909324e0ed1d64f36212f011e7717e6

SHA256
4a088011e8944795b6f08e057d96fd171bc39dc39aec293c9abe88956af6688f

SHA512
09f88fc077427759272a7d5c7befdf46246ea884ad07ab7475681527fb6749f9a6224aaa55c40125646a902044a46f11f0e866e588fef7c860448bdce373fce4

Download Submit
C:\Users\Admin\Downloads\Setup\Setup.exe
Filesize
56.5MB

MD5
e1b0653393170d747aeb19bf8272c6c2

SHA1
f9c6bdad9909324e0ed1d64f36212f011e7717e6

SHA256
4a088011e8944795b6f08e057d96fd171bc39dc39aec293c9abe88956af6688f

SHA512
09f88fc077427759272a7d5c7befdf46246ea884ad07ab7475681527fb6749f9a6224aaa55c40125646a902044a46f11f0e866e588fef7c860448bdce373fce4

Download Submit
\??\pipe\LOCAL\crashpad_4992_OPICODJDSFXNYGFR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2000-145-0x00000254E8E50000-0x00000254E8E60000-memory.dmp

Filesize
64KB

Download
memory/2000-144-0x00000254E8E50000-0x00000254E8E60000-memory.dmp

Filesize
64KB

Download
memory/2000-143-0x00000254E8E50000-0x00000254E8E60000-memory.dmp

Filesize
64KB

Download
memory/2000-142-0x00000254E8D70000-0x00000254E8D92000-memory.dmp

Filesize
136KB

Download