d99bf38cb207b2d5824898f2a9f2a15cc18635380087b4800e8b3e14594a7376

Analysis

max time kernel
255s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2023 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

My Logo.txt
Size

810B
MD5

49e17e34956aa9f53d0b0f6c60676227
SHA1

69ad883d69792b67fa9e227bb22c011f20c6b645
SHA256

d99bf38cb207b2d5824898f2a9f2a15cc18635380087b4800e8b3e14594a7376
SHA512

bdcc1563be6a7328aa75722425fcd0c8e0812c9ca04e619ae089a7c464e2d6979dfb1b92d7af85e404b894e3462347911cd8563e7e8032e3275970f2e1c8df25

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3748	CeleryApp.exe
4928	CeleryApp.exe
756	CeleryApp.exe
2316	CeleryApp.exe
804	CeleryApp.exe

Loads dropped DLL 55 IoCs

pid	Process
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
3748	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
4928	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
756	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
2316	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe
804	CeleryApp.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
4920	3748	WerFault.exe	128
4108	4928	WerFault.exe	132
4816	756	WerFault.exe	135
2108	2316	WerFault.exe	138
1048	804	WerFault.exe	141

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133285340917003790"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3744	taskmgr.exe
3744	taskmgr.exe
2664	chrome.exe
2664	chrome.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3744	taskmgr.exe
Token: SeSystemProfilePrivilege	3744	taskmgr.exe
Token: SeCreateGlobalPrivilege	3744	taskmgr.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: 33	3744	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3744	taskmgr.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe
Token: SeCreatePagefilePrivilege	2664	chrome.exe
Token: SeShutdownPrivilege	2664	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe
3744	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2980	2664	chrome.exe	90
PID 2664 wrote to memory of 2980	2664	chrome.exe	90
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 2440	2664	chrome.exe	93
PID 2664 wrote to memory of 1756	2664	chrome.exe	94
PID 2664 wrote to memory of 1756	2664	chrome.exe	94
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95
PID 2664 wrote to memory of 3000	2664	chrome.exe	95

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\My Logo.txt"
1⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a3a39758,0x7ff9a3a39768,0x7ff9a3a39778
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4624 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5248 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4444 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5488 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4904 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1856,i,7094324379502852721,2583245247667967411,131072 /prefetch:8
  2⤵
  PID:4684

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1220

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap24401:72:7zEvent26831
1⤵
PID:1000

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\release\" -spe -an -ai#7zMap6030:72:7zEvent25396
1⤵
PID:3352

C:\Users\Admin\Desktop\release\CeleryApp.exe
"C:\Users\Admin\Desktop\release\CeleryApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 1548
  2⤵
  - Program crash
  PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3748 -ip 3748
1⤵
PID:1164

C:\Users\Admin\Desktop\release\CeleryApp.exe
"C:\Users\Admin\Desktop\release\CeleryApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 1516
  2⤵
  - Program crash
  PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4928 -ip 4928
1⤵
PID:412

C:\Users\Admin\Desktop\release\CeleryApp.exe
"C:\Users\Admin\Desktop\release\CeleryApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 1516
  2⤵
  - Program crash
  PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 756 -ip 756
1⤵
PID:2752

C:\Users\Admin\Desktop\release\CeleryApp.exe
"C:\Users\Admin\Desktop\release\CeleryApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 1516
  2⤵
  - Program crash
  PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2316 -ip 2316
1⤵
PID:3212

C:\Users\Admin\Desktop\release\CeleryApp.exe
"C:\Users\Admin\Desktop\release\CeleryApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 1524
  2⤵
  - Program crash
  PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 804 -ip 804
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ff957a4890133308b59363173a62ecab

SHA1
17b2ff409051bcf393ac6748849c251c540ca9dd

SHA256
ba437a4933832a76757096ec737334035dfe1c68e8c8dfc3c0001ef676da5050

SHA512
b1b05209555f0f551523aee4062bc881c7fee4fdb59c8952f48590a98618da6d061bb96840668d511a26a906fc71946d8e271e26c622e32c111c82574fbf8e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
a88a55574b3895935530d59a35a4c4e4

SHA1
8bf825576c2873121f5e26c372b70c65de5bc723

SHA256
f067e40fca7cd3f6600b0db3af9cdc0979a98a686ea16040621cdd8f560d35f5

SHA512
1c936eb9b7ee9df4c8fd2f187c0734c37497259e3c596b9ffe42d6a2f1b6db8deac003d6d4ebdf4a4263efd1ba7a08825a073eec454214eac2264f23797491b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aa4f3a74cb9a3d088ea71fecdafca497

SHA1
2abba1dbba6a023d02660ab512f3fae3d2682f69

SHA256
545ecbd1250820ad434ebffe204f7c6e42af47bb68b5c1a32cd9e5dcd5f8bac4

SHA512
712422ca04ad40fcfd6d72b594f78ec145c156e720bf04d8fdfd30cd388f3d285a2062c7e52cb578ee02e3424e420366909dc9f50057b755789b37aa534595a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a5b184a1e2853b3f1603bfb9bb7739b

SHA1
8c02f71841d56d68b28341bd4a5a4811cf15bd91

SHA256
86f6431b84cf8228c4cd7a559a4f56751f7752221ecb5b8bc79f6d8bb1bf9e17

SHA512
07e901ddd199842e50a81d2956f47017772b7483ed3a528aa00839dd9e91f76be7eae7dc1adb1dcf597619a30be2528457a9660beb393a017c202cd5389897b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
359366b16d286b2085d31b218d0526ed

SHA1
d111f4ebfbc343db57a75739d8b191aa373dee2b

SHA256
ff299eeb47909d3f22c044e0d18fefb220c48ab1fb2dd94b3feea32327a095fc

SHA512
aeb4d223a395373062458d44eec3cf0ec1210adc456d31c13a6b2572d0b8e4cc0ad2855ce13319ed5367f1aa96ef9cf7f39aa1718c190652132638c665d06ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
124cfcffa0559782499016226c8c13b0

SHA1
eb632387a74bf542d1dbebd7fb21d9d9c916ceae

SHA256
f6f9ec6ae54d0408bb1e2901874659880f3a276d2ccc8b96c57cbd78c669b3e5

SHA512
23a7aca281deb782a537a4c3949c34d17f1414d3aea29a726859a244125055bfe2159e5c5099cbb761b22b4f495aa116a41cfa264dbe1fd7678a99f28c028c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bdcded23e141c9c92ba1d1e4855727d

SHA1
0646908c1fcc5a1f81aebe101fd0d1793ede2da1

SHA256
b336fe695b55f4cc4ccecf26434e9dd5007224460f5be7c6297317e7438f40c7

SHA512
1050eea5e37ed0caa8efec8f4a4e6cc64cc49b22b9b5c55ef7688b35623a0cf15c6487fe0e9423e2edcde6a43625fbcf5126057eb56ff8c9063ad3734218438f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e1a1b4ef60d931e06cde4cded13c9ed3

SHA1
9d26d828fe296f3f5e42f537cf406de54d838c0c

SHA256
cad4b935b9610e4b6521268b82b9690b93402cf3b85e8bfb67ab0ae61b30a8b0

SHA512
225bb09117fcc599274469414c1d71c83ac6cb8bce9c3a5a4d47841bcb57428b3af0b1f4d2ac05fbc875964162cba7f9ef679905a06394d9e82d2c04ec9241a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
217eef5644b0e9e97f0d370f3e01bfe3

SHA1
b5d2f7cc1e293654a9fab6bfa539f4991033b349

SHA256
b57ad9f73ba76eaae8d496f7784d767cf4bb707e9110ce9d5e8029245b74b765

SHA512
431c0327b22b71d456a27597a7326d3c4ef2b9040a44628a1275a2495369f33c598bbacff19aae963331092c2cd8fe49995758849bb89c0f0cb736252dffd59a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
772ea191fec646a624c8f0b5da7db7b0

SHA1
18c2b903f2336c623d4660ce44808527989f49ee

SHA256
3cb3591c04653b23ba2a7a569b091bdd72f57bc766e7c5f9fe52c08fdce343b2

SHA512
995806195ab4897b643dff950f287fd28dc500e7b3450641e919804bd1233474a103aa0d9ea0819a5c570a72d7a18be4bd7a87a1e215642be77f381d50fe9633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
ac0cdb72179d34b0b79d6b5ed8403286

SHA1
fd9382159cc293e3eccbd2c83177229896c43215

SHA256
37d9cf470fb7b1a642d1de9e6641fe41c259506eb633a76256c4136e087f9ef7

SHA512
e59c11686b6d5f709c197a99a1e712f334cc625b9ad5e4fd3c6f8b2ae603ac8f85d87320a5f3a5857109ddfb31ba4e59850e6551489d7e41d1ba791bc9355a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\BetterFolderBrowser.dll

Filesize
12KB

MD5
fff67e7d52b58a11d456a1d5cd2ba294

SHA1
6dea84a0a060c39c93b1e3f404270c039d3dbfdd

SHA256
5334c9c4eb567a89e4644df868d7fb6e242a3ea422b2ce9283843970ec756372

SHA512
fc8cc5fbc624559e03e70c48bd4e6e4595b1784fdf2c258b33ddb3410bdd93dcf26f3b5db4e4d0d8f133e8df93fe95ab93a703efa92a0a4133f57f48ebd6ea74

Download Submit
C:\Users\Admin\Desktop\BetterFolderBrowser.xml

Filesize
15KB

MD5
29a297bcd05bf0a970869ec75f9794b7

SHA1
090f9868d21b2f36c11f75d08d6ebdf28bcef059

SHA256
96f0967cbbf9be567e3dfdf5fef669591133ff7868cf19914f3026efd4580a96

SHA512
e9160376dff6b40c89b4ddb3ab61de1afc165a09b51b1c4c4c659fedf2e57ed08d4b37f3b0b01dc6196314c88ac1112d095960addbeca64be2da3399d17b45e0

Download Submit
C:\Users\Admin\Desktop\CeleryApp.exe

Filesize
8.7MB

MD5
47232e6133a9000e1c67cc3d853eaf3a

SHA1
f74cd70254e45f0063979723774221c02fe1bd05

SHA256
8af04cf5ad9ac8bf61c3f0e7b00173cd4d4b61432a350faa0495af00dbc919bc

SHA512
a726e802f0b4702ffbf8d008985c181625408e62d4d0eac8754978b74a7712975a8fb14fac9d1ad9f8d0712109646283e0e86b41dc715595070a4a34ccbb9436

Download Submit
C:\Users\Admin\Desktop\CeleryLogo.ico

Filesize
4KB

MD5
3246befa41923904f2963da9b19c2dd7

SHA1
fdfec504286148eb258e87298df30fac0e1cb606

SHA256
eabe2efbb4f11ff62c0fd16f8aa5e932a52d8f0603226b8b8320e00335bda70b

SHA512
7e234fb730c67e233cac775feb793376fcd9a9548025867ffbf9420398fccc72287bc39162cdacfba6b43613fa54695a1c0b8a14b45f6a381959d3e4cb728185

Download Submit
C:\Users\Admin\Desktop\CeleryLogo.png

Filesize
14KB

MD5
bac9347d28295cb29b8be12e770fadec

SHA1
b2c6c46fea41e95e983dde4c4a215ea9ed2f447c

SHA256
bdaaba382b0884c9e3416fd5d0d3d6024e3a8f8ecc89e218aa36bc914ebe9114

SHA512
2726fe9f8d6b406aac086ac0c38c613413d648f0501fcaf14a9d97d8804e0089ac38f7c53b5077c287ddcd71043c4b2fb9fd8266c27bb0b51bccdcf7f9e495fc

Download Submit
C:\Users\Admin\Desktop\Costura.dll

Filesize
4KB

MD5
501981c7fc457d59238eb99780efb615

SHA1
f1f25c01f6acf33bdd62c4f82d3ef078e76f0906

SHA256
41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3

SHA512
5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8

Download Submit
C:\Users\Admin\Desktop\Costura.xml

Filesize
671B

MD5
fd011713c0a2dbc1d90507a54e9c7b3b

SHA1
edd14b69941c44e8914f23cda1fddf9ee617c5db

SHA256
22026564fc951d60816c6689dd4b1825f07fb3c8c4495041b52056f397468297

SHA512
8b7504f19f0b304d9d513d8138aa92aa6421a26c505f7ec7e9cd39d867d9cbd57ee1063a4b5e770234834d2351a6343537e9898135b4f9f603e43cda4a3f9c93

Download Submit
C:\Users\Admin\Desktop\Dragablz.dll

Filesize
233KB

MD5
5a9583a7bed76b2e94091f9b74716f68

SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e

SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

Download Submit
C:\Users\Admin\Desktop\Dragablz.xml

Filesize
46KB

MD5
8b1698bf1b9c2d46c516b1343fc567b4

SHA1
003674b60adb9c4baacd4074c346329d1acac159

SHA256
28a94777a099c5d9507fc5ac93b96a0280024d472e2411a503b3132d4cd8bb8b

SHA512
dcd4c55051eb321cd8e128f592f0e4f842dd0c3909be19b55f34c08a694759ac3d49943fe6c07abc7cce2cd281e20a3912c594e79f377ff44e6769664cd30c4e

Download Submit
C:\Users\Admin\Desktop\MaterialDesignColors.dll

Filesize
295KB

MD5
d2207fccbdd6caa91c43776559ce401f

SHA1
4f78f282a238b21ad1f995f154d624865d08a38a

SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

Download Submit
C:\Users\Admin\Desktop\MaterialDesignExtensions.dll

Filesize
349KB

MD5
6da7ae89f1eac96f143dc5200031d8b8

SHA1
d9dc3936bc9a288a727cb2295c3d05899adcc9c8

SHA256
c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a

SHA512
3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94

Download Submit
C:\Users\Admin\Desktop\MaterialDesignExtensions.xml

Filesize
279KB

MD5
411509d67c09b53f0a68f77e71380aab

SHA1
7f0406b871baa2afd0613ba3f9024a336967721a

SHA256
159b6883973ac3b205201e717510b49bbc118e70c2bf71950a1835b96224d6b4

SHA512
cde5a83e51a793ec17c8f579620a17522ab5a11c743d2a35df03898537783def0b277a95e2ebb41bbdb867cbb50eedbc4a4da0cb4145a944ec56202045d33bec

Download Submit
C:\Users\Admin\Desktop\MaterialDesignThemes.Wpf.dll

Filesize
9.1MB

MD5
dd614b113b0fd72554a55eda5dbfcc10

SHA1
0144a3f8c52dd932bfaca7d7f147f694b5511551

SHA256
f2cb7b4de690abc21780bbab0f0b39273b6538ab04ef47fbe099126a43b62864

SHA512
974eaf9906a798c723436b9ab1abae282757596c350e48a6697d84c1bdd50715415d3a70c9a081d4b996f3abbbdc4b26d3c3f9139f8b685cb54bf01376512c51

Download Submit
C:\Users\Admin\Desktop\MaterialDesignThemes.Wpf.xml

Filesize
112KB

MD5
4b12c9c0dca54364840413933f94f821

SHA1
a73a4de5ebbca1698f4a69fb324d5f39d7433c2b

SHA256
131a32a7718f973702f5b5ac46ef9dfd23e6190b8f96d34e2b15b17976b0e798

SHA512
066793bc394997c360d44fb7e9c0f445c45792545bc55ff09b0ceda73e24fe26b0682193efecbd37b690e5d58032b726d77c0a5dbc8d93af8b528afdd880b60a

Download Submit
C:\Users\Admin\Desktop\Microsoft.Web.WebView2.Core.dll

Filesize
445KB

MD5
c4b4a5f4f28d47239eb4e37cb3cc8046

SHA1
ed86941cf065f91758d536d8e13cc2542cc38922

SHA256
c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1

SHA512
440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645

Download Submit
C:\Users\Admin\Desktop\Microsoft.Web.WebView2.Core.xml

Filesize
479KB

MD5
eb8c58e9a9f7131a9d73ed6ab18c0d78

SHA1
17294196311668f9a367b79ec0920e0886689f13

SHA256
d42869585b35b8cb4a01fe34d6e463b1b36616c5e04f3f5021b10951592efcbd

SHA512
c8136d570328439ec5f68741756a173ea0126cef5684408cac06f5846b3c1f6a0496e984c23236197948c49169549f37e0a3a62b4a2d17e19ea89165cfa75109

Download Submit
C:\Users\Admin\Desktop\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
e6f424ee6036ee7d58283780b705be8c

SHA1
c17fc397711fb2e0c400007620c76e70c956dd9c

SHA256
c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a

SHA512
1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f

Download Submit
C:\Users\Admin\Desktop\Microsoft.Web.WebView2.WinForms.xml

Filesize
40KB

MD5
5995eb7f5558e398226ed7f854891069

SHA1
1d01d4d04d0f2865cc733b041fcadd1358b29352

SHA256
2c1f84f5fac22208d9ee66bd0fd0fb6b965b48c7d43e2ecae481a94ace2dae35

SHA512
13c3b602796e7a702f42bc75b91555bbdd35185b4da74fc6a66dd153d48ccce857833f45f5cf83819b061175d96422974e79e351dd55b449b706ce27127bb195

Download Submit
C:\Users\Admin\Desktop\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
0241e0a42b292e0c9b585470c613ec78

SHA1
74e4ab7e37bff177a394617923baddfcf087c0e1

SHA256
15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a

SHA512
bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0

Download Submit
C:\Users\Admin\Desktop\Microsoft.Web.WebView2.Wpf.xml

Filesize
85KB

MD5
1200d0ecb747ed71b82644e2c320ded6

SHA1
5a59d4b108b8c3c8c7c412d17be53c76ea8a2b24

SHA256
f6d675076f7e92f66e0d4619e58e3351b53806b08fe796012f307860c893799a

SHA512
1cdd2662a3dd062201fa9b4d90cd4c6f5c3e40cfa50e52dab58abfb75f7eafc8896da3208d20c906a4c4f3137fbe99962da701db420fa8a3aaed244ed7905eec

Download Submit
C:\Users\Admin\Desktop\Microsoft.Xaml.Behaviors.dll

Filesize
141KB

MD5
ec5a1abee150abe698689211b07cd1ec

SHA1
affc3cb47da8fe76986d271cdc3e7ea345cc04e5

SHA256
b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54

SHA512
a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f

Download Submit
C:\Users\Admin\Desktop\Microsoft.Xaml.Behaviors.xml

Filesize
135KB

MD5
ec1c40e521980ac8449c5224dac01efa

SHA1
5df073c11caadd66f7c8a2d7d86279f43ddb5fab

SHA256
14c91398c21f2bbb0f8104bf30c63aa6d5aa414df88054787fa5feb1da95a767

SHA512
a739eb00a0aec2cc4c760a841589ca7ac3d29f841baa7649bcd4c07d5b771888d2e9ec1263ebae79642b437d84f3f2a3245f993156606f398299e2512ca01454

Download Submit
C:\Users\Admin\Desktop\System.Diagnostics.DiagnosticSource.dll

Filesize
34KB

MD5
8d9df432109f1cfdd86723b5f171e3d7

SHA1
85dc92edd4b0049ed9049e075c4def8a3d64e43b

SHA256
d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540

SHA512
5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf

Download Submit
C:\Users\Admin\Desktop\System.Diagnostics.DiagnosticSource.xml

Filesize
28KB

MD5
5e91fe301415aced2f304f136a8ebd82

SHA1
31d457e46227f16286f7b52b728208de8970abbf

SHA256
1784132ae3698467a0985b2507d63bdcf19a7970afe3a39d86e36c018c98b29d

SHA512
6f99fccc2e35e4ba8d2054d4cb5787bb48ba4364d5181d59825400e6ed9f6a1318197810b3b908e726173ccfd4f23a1871417045174e160c7073c7adca831add

Download Submit
C:\Users\Admin\Desktop\appversion.txt

Filesize
5B

MD5
9349cf9bb9dfb4151b6ae52ba1b527a5

SHA1
eb60cf686ff68bad1bcc9f828b2acbd962909550

SHA256
600a4ae834e97b644816cc4196376a195e6d269ea0611fe146ba97c0a9ff591a

SHA512
899a4953c9758ebebb4ed37e5f7bc64f2cc42da6a3b95755f4014cdfef7f705b902d393201f6a3e44fcff7305741bb5ef49c5115a3fe9419d1c51a4f4d7df879

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\base\browser\ui\iconLabel\iconHoverDelegate.js

Filesize
368B

MD5
dff5cd240217dc0e722c27be242db91d

SHA1
244d1e7b3a10bb26e52ad9019e0e20f8bb3a72aa

SHA256
151caa77914089aa02273bb851f4b9a198eaab38da7eb9e4bdd7af8075c2dc57

SHA512
e6033e28f65f29ec3a7fc2e367bb6dd2909e38e5e5ccd267fe920e82c25de00c3cf5593db022dc1664ec00652882d5093121f2686788ee3eb60d0b2d87fef6d5

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\language\json\_deps\vscode-languageserver-textdocument\lib\esm\main.js

Filesize
10KB

MD5
722df93c13e5a9e4b3a42c515d6281e3

SHA1
e046b8875a0373f38e8135f6500bc9deb9b1cc34

SHA256
bb9e7de4f27538b132cd593302a62f8a42f433e1b0e04a1edb4472a97d6ddf46

SHA512
6e1db81e7286e7762cce5c281c1ddab227ab374c5c33ff45a5031275592a84fd47547b6ad496f302bbca0bbdc01ed899ff8ed87f22bb8b88973a257e345b70ac

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\language\json\_deps\vscode-languageserver-types\main.js

Filesize
66KB

MD5
f80215fcc9a89ba7be3bc0b32cacb094

SHA1
8449846cc76fc770a31e310882454f5d6beae342

SHA256
1adcb7cc0756472bc16ace850f3f5b6d5746ea4af2d75ad0785b967dd07bf9f1

SHA512
7187397ff691dfe558c00a8393d4d3d86b7ab8fdbed8b40ecd43c8ba3af40f8ceab0f78d001cc892ea0d5b5a36be4a559715a4385b39a6db1ce473b2883513b0

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\language\json\_deps\vscode-uri\index.js

Filesize
11KB

MD5
db7069b3b398babf3a2a97e7f7c3aa65

SHA1
2208bc3bb4548247d672cbd3368dbb992ce6d312

SHA256
15fce1bc78e59f11f36c62e31b6db98d10cf5810fcb8fceeecf9cbdd2ac9742d

SHA512
326716687bed34d862a71df1c7259988de21ef78af8829d2253f099988818200477df7e13f97fa78671d426a856feaa651d1c8350f7edac5d59ec9bc13f354d3

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\language\json\fillers\monaco-editor-core.d.ts

Filesize
37B

MD5
604924c7fd140e65f677cff5c06ea77e

SHA1
60adb20bf4cac895df6b31a4da98a4d2267ca3e6

SHA256
87b3728d7af0f6c25f9cdbedfbc093f5e46a24371910199a638a1a13e3444668

SHA512
34affd619893b93ebfeb0d19daf6c4768b0e3de7d4d8272058cd41608ef9a1f5ceb5951b0b8a7732dd4e3e020d51bda9c9509eed4a3a5705d3a1ad396d610af1

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\language\json\fillers\monaco-editor-core.js

Filesize
404B

MD5
40fc593844c4ee88ff8e87481824dda0

SHA1
c2d8bed92d90e685576812d7c62ac2db28af2185

SHA256
a27649c652a7abcefe0b54567eb64f1cdf9be521bab22cfb71718e816b160375

SHA512
0457cf90d188e803401555e57a24647e592830ddad9e9e73d64a89889ec6b40eb15d2330ba507c6bad2faceb6c14bb643b4557db1e68896354aa6a19a99ae357

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\language\json\fillers\vscode-nls.js

Filesize
1KB

MD5
1e2ca4b54776b992ed920a66940bca7a

SHA1
86ed5c8360d31c4763c05184fa4e7cc46cfa9354

SHA256
539191b86cffb8607fc04d0369756281f63bcb884cbe6ea729a668edf4018059

SHA512
fb249812b6587078d8a715d4c684af62db0ed05f6d80afb3374fe1f1e0a0a11b2c2551fcb738f3383b88152f95ca889c7c81543da7575d8d8b161d5c9ffea07b

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\esm\vs\platform\telemetry\common\gdprTypings.js

Filesize
12B

MD5
5c7f99e3d4eaae821996a487acc6a5e2

SHA1
9ff99e6a0a31241fe503c3c76a340bedfe2902b7

SHA256
f761c91419d0a89422a0004ef1a92929dd4d2d5e5c16758654d8b0467d1998c6

SHA512
9247b46a096ad45b486e4b83bb880a7d4e0da7731e3e64b8ba41513a0632932d3bfcf132b2d20e81e363c2595aa9a38d486111dc6365c0f014c1af25ec0be839

Download Submit
C:\Users\Admin\Desktop\bin\Monaco\package\min\vs\base\browser\ui\codicons\codicon\codicon.ttf

Filesize
63KB

MD5
b13daaad214ef227a36fefd95d924380

SHA1
95791fc8733a4bae907859b1a46bd1115f90c983

SHA256
774c4acc42f27289850537e2b6e9b85f67fde54145f6f41876dc4f65b45a4a20

SHA512
ad05613494a490e01504a30e34d7fb5bc2e535d70b5e5d5154a81ad1acaa51c0e368a6fae6aaa0a42faaae63f7e751a98748a7c291056100b7ad687ff6ae687d

Download Submit
C:\Users\Admin\Desktop\release.zip

Filesize
26.1MB

MD5
f21e610ccf8593f58c562b89cb17c9ba

SHA1
8f8ae1d4b61fad97151a39943cc5e6a44ab3396d

SHA256
15f1edfaf0ccac0f2ae5c67483efade833772dadbb9f3751a363cb4938265672

SHA512
66bda964b281212f6999128d2c9621bf1ad88902658fa960d9ad863ec9a31bc91e134fed9897431bce4ba8b9ca297581594f78632045bd5d42b5ca0bf5e7f870

Download Submit
C:\Users\Admin\Desktop\release\CeleryApp.exe

Filesize
8.7MB

MD5
47232e6133a9000e1c67cc3d853eaf3a

SHA1
f74cd70254e45f0063979723774221c02fe1bd05

SHA256
8af04cf5ad9ac8bf61c3f0e7b00173cd4d4b61432a350faa0495af00dbc919bc

SHA512
a726e802f0b4702ffbf8d008985c181625408e62d4d0eac8754978b74a7712975a8fb14fac9d1ad9f8d0712109646283e0e86b41dc715595070a4a34ccbb9436

Download Submit
C:\Users\Admin\Desktop\release\CeleryApp.exe

Filesize
8.7MB

MD5
47232e6133a9000e1c67cc3d853eaf3a

SHA1
f74cd70254e45f0063979723774221c02fe1bd05

SHA256
8af04cf5ad9ac8bf61c3f0e7b00173cd4d4b61432a350faa0495af00dbc919bc

SHA512
a726e802f0b4702ffbf8d008985c181625408e62d4d0eac8754978b74a7712975a8fb14fac9d1ad9f8d0712109646283e0e86b41dc715595070a4a34ccbb9436

Download Submit
C:\Users\Admin\Desktop\release\Dragablz.dll

Filesize
233KB

MD5
5a9583a7bed76b2e94091f9b74716f68

SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e

SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

Download Submit
C:\Users\Admin\Desktop\release\Dragablz.dll

Filesize
233KB

MD5
5a9583a7bed76b2e94091f9b74716f68

SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e

SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

Download Submit
C:\Users\Admin\Desktop\release\Dragablz.dll

Filesize
233KB

MD5
5a9583a7bed76b2e94091f9b74716f68

SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e

SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

Download Submit
C:\Users\Admin\Desktop\release\MaterialDesignColors.dll

Filesize
295KB

MD5
d2207fccbdd6caa91c43776559ce401f

SHA1
4f78f282a238b21ad1f995f154d624865d08a38a

SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

Download Submit
C:\Users\Admin\Desktop\release\MaterialDesignColors.dll

Filesize
295KB

MD5
d2207fccbdd6caa91c43776559ce401f

SHA1
4f78f282a238b21ad1f995f154d624865d08a38a

SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

Download Submit
C:\Users\Admin\Desktop\release\MaterialDesignColors.dll

Filesize
295KB

MD5
d2207fccbdd6caa91c43776559ce401f

SHA1
4f78f282a238b21ad1f995f154d624865d08a38a

SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

Download Submit
C:\Users\Admin\Desktop\release\MaterialDesignThemes.Wpf.dll

Filesize
9.1MB

MD5
dd614b113b0fd72554a55eda5dbfcc10

SHA1
0144a3f8c52dd932bfaca7d7f147f694b5511551

SHA256
f2cb7b4de690abc21780bbab0f0b39273b6538ab04ef47fbe099126a43b62864

SHA512
974eaf9906a798c723436b9ab1abae282757596c350e48a6697d84c1bdd50715415d3a70c9a081d4b996f3abbbdc4b26d3c3f9139f8b685cb54bf01376512c51

Download Submit
C:\Users\Admin\Desktop\release\MaterialDesignThemes.Wpf.dll

Filesize
9.1MB

MD5
dd614b113b0fd72554a55eda5dbfcc10

SHA1
0144a3f8c52dd932bfaca7d7f147f694b5511551

SHA256
f2cb7b4de690abc21780bbab0f0b39273b6538ab04ef47fbe099126a43b62864

SHA512
974eaf9906a798c723436b9ab1abae282757596c350e48a6697d84c1bdd50715415d3a70c9a081d4b996f3abbbdc4b26d3c3f9139f8b685cb54bf01376512c51

Download Submit
C:\Users\Admin\Desktop\release\bin\Monaco\package\dev\vs\basic-languages\javascript\javascript.js

Filesize
13KB

MD5
61f445610736ab362318c9e67d6dfa57

SHA1
68bdf4e8524b5c3a32e697eede57d48f31bc1ae5

SHA256
dbc4bb6129368973d3c9670632a86e84d2d153d2256f86e2ce6e3a79124b488a

SHA512
2ee998612cfa7fe561862ca3f914dc05415d43f49a6f559aa2b934388459c06ae9c614d3a46cbce87ad5347c9898df651aa2d1eecbdf12fe30462e52551126bb

Download Submit
C:\Users\Admin\Desktop\release\bin\Monaco\package\min\vs\basic-languages\javascript\javascript.js

Filesize
6KB

MD5
18a480d51d3cb05dcb8ff30d89b9ab49

SHA1
5b47db1c2bc35efdf8cb9a3e92aacd88a6600e94

SHA256
8283dd76edc1b2df7493df0b3b6bedfe5187b6ebf1242cf311d4616bb37d7924

SHA512
fdf49672738899ecbd66043a3e2677a372b4d39046a1eea62d1046ede32cc7beddad0ccc0167058fa37f580bcc0acdcd7417fd13a96b1651a48832baf4cee939

Download Submit
memory/756-5219-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/804-5222-0x0000000006030000-0x0000000006040000-memory.dmp

Filesize
64KB

Download
memory/804-5223-0x0000000006030000-0x0000000006040000-memory.dmp

Filesize
64KB

Download
memory/2316-5220-0x0000000006480000-0x0000000006490000-memory.dmp

Filesize
64KB

Download
memory/2316-5221-0x0000000006480000-0x0000000006490000-memory.dmp

Filesize
64KB

Download
memory/3744-149-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-150-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-152-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-154-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-142-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-143-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-153-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-144-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-148-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3744-151-0x0000023222C20000-0x0000023222C21000-memory.dmp

Filesize
4KB

Download
memory/3748-5212-0x00000000064A0000-0x0000000006514000-memory.dmp

Filesize
464KB

Download
memory/3748-5216-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/3748-5211-0x0000000006400000-0x0000000006492000-memory.dmp

Filesize
584KB

Download
memory/3748-5197-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/3748-5213-0x0000000006270000-0x0000000006278000-memory.dmp

Filesize
32KB

Download
memory/3748-5214-0x0000000006FB0000-0x0000000006FE8000-memory.dmp

Filesize
224KB

Download
memory/3748-5215-0x0000000006290000-0x000000000629E000-memory.dmp

Filesize
56KB

Download
memory/3748-5210-0x0000000006200000-0x000000000620E000-memory.dmp

Filesize
56KB

Download
memory/3748-5201-0x0000000005900000-0x0000000005940000-memory.dmp

Filesize
256KB

Download
memory/3748-5196-0x00000000006C0000-0x0000000000F7C000-memory.dmp

Filesize
8.7MB

Download
memory/3748-5209-0x00000000062A0000-0x000000000635A000-memory.dmp

Filesize
744KB

Download
memory/3748-5208-0x0000000006690000-0x0000000006FAE000-memory.dmp

Filesize
9.1MB

Download
memory/3748-5205-0x0000000005D20000-0x0000000005D70000-memory.dmp

Filesize
320KB

Download
memory/4928-5218-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/4928-5217-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download