hxxps://files[.]project-cataclysm[.]ru/files/launcher/ProjectCataclysmInstaller[.]exe

Resubmissions

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://files.project-cataclysm.ru/files/launcher/ProjectCataclysmInstaller.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5056	ProjectCataclysmInstaller.exe
1088	ProjectCataclysmInstaller.tmp
4844	launcher_wrapper.exe
1784	javaw.exe
4328	java.exe
4664	java.exe

Loads dropped DLL 64 IoCs

pid	Process
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
1784	javaw.exe
4328	java.exe
4328	java.exe
4328	java.exe
4328	java.exe
4328	java.exe
4328	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3588	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\G:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\N:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\P:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\Q:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\V:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\W:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\H:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\K:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\S:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\U:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\Y:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\E:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\I:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\J:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\L:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\M:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\T:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\X:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\B:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\O:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\R:	ProjectCataclysmInstaller.tmp
File opened (read-only)	\??\Z:	ProjectCataclysmInstaller.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\decora_sse.dll	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\jli.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-ECA1A.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-ETHJB.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-6JMKE.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\fonts\is-MUS6P.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-53VKC.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-9OPIA.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-06P79.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-QTJ3U.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-4U6LD.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\deploy\is-BR6T3.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\deploy.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\deploy\is-CSGTV.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\deploy\is-5IGOI.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\deploy\is-RVP9L.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\java-rmi.exe	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\client\res\textures4.rvmp	java.exe
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\JAWTAccessBridge-32.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-1NQBJ.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\ext\is-9U4GE.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\ext\is-J56AK.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-heap-l1-1-0.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-9AL98.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-2EIP7.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\fonts\is-ST6V9.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-4MD0R.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-3TS8D.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-S1KIG.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\session	java.exe
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\jawt.dll	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\jp2launcher.exe	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-FSRN6.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-0SG39.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-E7982.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-12FA7.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\logs\launcher-0.log	javaw.exe
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\ktab.exe	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-RQU40.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-J42VH.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-localization-l1-2-0.dll	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-crt-utility-l1-1-0.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-0BJKK.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-GU52I.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\fonts\is-34M31.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\launcher_update.jar	javaw.exe
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\management\is-T0HIK.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-debug-l1-1-0.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-3NP46.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-CFQMV.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-29RDQ.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\launcher.jar	java.exe
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-crt-time-l1-1-0.dll	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\plugin2\npjp2.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\is-RMHVM.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\w2k_lsa_auth.dll	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\is-2JB7D.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-G2N7U.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-RNM7U.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-F1DNM.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-P6G78.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\is-810QC.tmp	ProjectCataclysmInstaller.tmp
File created	C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\deploy\is-2M9TV.tmp	ProjectCataclysmInstaller.tmp
File opened for modification	C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\sunmscapi.dll	ProjectCataclysmInstaller.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 68834.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
4116	msedge.exe
4116	msedge.exe
4812	identity_helper.exe
4812	identity_helper.exe
1344	msedge.exe
1344	msedge.exe
1088	ProjectCataclysmInstaller.tmp
1088	ProjectCataclysmInstaller.tmp
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1088	ProjectCataclysmInstaller.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1784	javaw.exe
4664	java.exe
4664	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3364	4116	msedge.exe	83
PID 4116 wrote to memory of 3364	4116	msedge.exe	83
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 2720	4116	msedge.exe	84
PID 4116 wrote to memory of 1924	4116	msedge.exe	85
PID 4116 wrote to memory of 1924	4116	msedge.exe	85
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86
PID 4116 wrote to memory of 1904	4116	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.project-cataclysm.ru/files/launcher/ProjectCataclysmInstaller.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1b9846f8,0x7fff1b984708,0x7fff1b984718
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Users\Admin\Downloads\ProjectCataclysmInstaller.exe
  "C:\Users\Admin\Downloads\ProjectCataclysmInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:5056
- - C:\Users\Admin\AppData\Local\Temp\is-276S0.tmp\ProjectCataclysmInstaller.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-276S0.tmp\ProjectCataclysmInstaller.tmp" /SL5="$E0062,54329856,884736,C:\Users\Admin\Downloads\ProjectCataclysmInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1088
  - - C:\Program Files (x86)\Project Cataclysm\launcher\launcher_wrapper.exe
      "C:\Program Files (x86)\Project Cataclysm\launcher\launcher_wrapper.exe"
      4⤵
      Executes dropped EXE
      PID:4844
    - - C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\javaw.exe
        
        "C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\javaw.exe" -Xmx256m -jar "C:\Program Files (x86)\Project Cataclysm\launcher\launcher_wrapper.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Windows\SysWOW64\icacls.exe
        
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        6⤵
        Modifies file permissions
        
        PID:3588
      - C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\java.exe
        
        java\bin\java -Xmx256m -jar "C:\Program Files (x86)\Project Cataclysm\launcher\launcher_update.jar"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        
        PID:4328
        
        C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\java.exe
        
        java\bin\java -Xmx256m -jar "C:\Program Files (x86)\Project Cataclysm\launcher\launcher.jar" --restarted
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of SetWindowsHookEx
        
        PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15249834804530520104,9612332594680253328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
a47a7084d4ed2fb6b9181075f91729a0

SHA1
b58e9474a3e7ff023c3a181a3912e7884e8e1a7d

SHA256
9490c5938112242cadc2c676f82b60fdcc7e5f56caa7aa2d2ba3a6ed358683d4

SHA512
0b5fe71b2e3cd7ffd836a0bf49f44818a59ca3cdb1934c6402dac1cb132aaea0b540624537f2c2b1e99922e551990d7b27f29f9b9a87e6e1ce5d4f6ba7e7d63b

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
19KB

MD5
72f8626388893a536d0ee370acc9e456

SHA1
66cf9103fd285fc34ff018eef98c3bef0fdcba96

SHA256
5c9d7085295dae9a9b2d3a9c66d99d0061d0ba14f218b95e95e8b01bb7204c87

SHA512
7253b85867977cb8823bbff120f2fbdff2d499862a58b6b7d8bde083e7e07260294411ebf84cae4ce98963501d5ce7656f00dd0249fef7413cad727697e75477

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
19KB

MD5
5bf7aafd1e8ab7b806dba539a0b33474

SHA1
53a476277856de2ef21db9a4f56930f77e69d45f

SHA256
d9100e99b2b915623294e18377d162afe9fd354bf0c4a7208f1270721714a553

SHA512
369733aa72d84579c17de3094b5396ff9c760b84f161b36be814512a7dd10c61ddb63bbf889fcf6875311a665efb545d8da4e08fc232030cbd3cf4b607da45c6

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
19KB

MD5
a960e117840acb5ff1d2dcfbbe574e21

SHA1
46747ee4f408e063cf88c86a685412c08ae78473

SHA256
5695695176a80a3e7f9eac80bb3d92df1a5592be42b939b14087a3a6ae6efadf

SHA512
5bfbb2e49c9825b31a5d63e09e58dc7e05d8b5e49530753b879971531a398ec46f7a0fe3ef5ef605f396f7440a650e26bf2b6d933324c95410608ff48d13f3b9

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
22KB

MD5
50fee042cee2a4aaba502d2f5087ae70

SHA1
347c3a75d19b784223296f19da64aded95056c3a

SHA256
656d1b11a6242142b9b289445fbe7617ad9b5f6fcf47ad6983ff09194c867bbc

SHA512
d2e4f9f13996a6d11cad2f5c2db74a155cc86db70820b33ec2cfe86882955ab96f79fde57901b3880d74775700c3bcabff7b270207a57959f948fa3e50e188d5

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
045e4617b49e817007d8a88652af7734

SHA1
305026109a1eabf49bf7ae6a233a4a11e2a22580

SHA256
fd387d4e358e3755db38a618066fb72cd03b17b54d058dbe3dab82065519edc7

SHA512
7e21cf4982ce6f4aa52f0281eae101287a850152c70577b456876356201e12983c9d211d04e05d2c81f80a56bc11ab54eaefa7e492e3910af21af14ff10962cc

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
adfc5bebc4a2c52023f47a1e548b0cc9

SHA1
a2562ef8534b1448409adfa6c5d7e283ad005a70

SHA256
7de5743f68d9bd6cff0fb8021c22d4069e2e993d97735db0ef65756ff915f39c

SHA512
89665104bd17f9020a871215f03acd40294302e933e503ad22b208ec7c96dddcf5f7b1ae1aa2c3d83fbd608d525d36ff2f7ee86762e44e441153124da352a278

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
19KB

MD5
1f6a4f144e52a23767cc74fe2f796ff0

SHA1
646f55fcf4cc0654f9e01e66fb20e463c1ac9c86

SHA256
634924290057ae9c0e4599d2c70656916be24bd594ab1904c0be7a8ea91ddc7c

SHA512
0e52078ad12bc9bf1d74d5ec98a547cf3db508532098bfefb8bbba8f4f7305bae2365dac50e9c010642c6a9bbbbeb3660c6fc658b00e8370cd3647c65ab7d403

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
19KB

MD5
7001bee6d2b9189081f4b558050fe106

SHA1
561dd7a7c58fd2599ff8694beaa908d2e3aaf68e

SHA256
6bbbc652ac07511af4126a4a820661eafaa3903c6a6993e2f5c0cdff541ae195

SHA512
301bb940359732dd2e263f6327df11a3c24f95c8d6396a0e2731b1b9d8179de196cc54baf2ab29e6175c66192db5d6e0513ba01655bc81af94ac29b02f2e560c

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
19KB

MD5
109032959967f8cb078d72e397238509

SHA1
bd80538edb47f8620d78ae8ba6127e5748ae5889

SHA256
c05208903446e2bd528f726af1287be05243dd6cd1e42359440f9303fb7790be

SHA512
b2825341a8ffdfd1317c24a418ea581b513cd4e6628a989ae11e19b51083b29b5a7588bffbce21ded5127910b2d486d3e1436e6504595015218f6c84d98990a9

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
20KB

MD5
146e9998951e897a4f7f5a97baefa823

SHA1
0b822d157e4a0a21e1192bdd1d559219ac73f913

SHA256
ac011f904f8aa7c9a2577d959f7e430cda544ca13a1b3818c69d8514d079399a

SHA512
3deecb532e24790405054de1c63aa5937ecbced0791aa209b0fd1b0d4e68735a38a96dd86167ca3b1c340da0c2f8d2a6d33b2e34845ddbfd539941856c22ba5c

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
2a3da8e1cd09aca0fc13be43848c7695

SHA1
72380005fde41e6c6b37db5a46cdb0efc3d6cb08

SHA256
c3f671d3b41fffa444a33f79c0e65df7ca01e56598e4b2f90e7af18c77b97652

SHA512
e4b659aa290a6c256799a76890c296e702316094b132b9bc4b393dc6bff7640b7e62de0f05097932291db411dfb871533f7473cc6c55805f69d75562aae6dc44

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-memory-l1-1-0.dll

Filesize
19KB

MD5
163d64f0558d8d93b86acd1055ef2ca8

SHA1
5727ffb8ca641cb2b9daba4fd8341528dd1b7c30

SHA256
94af705ccfd2e10d65a06451226ace0e13eaa1fe5af9b3f7ab81d96ed0775c4b

SHA512
74862f8cf84f6d56ff45ae135d685b181c8dc9eb6b0bd20bc5f3c25e656f60a014c89f71a7e5f381ab06b3515454ce836a75fbbe7d2b1c7770656d144ed555c6

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
19KB

MD5
1922b0a9ab3cbb0f4a93c0df1e812996

SHA1
c3bb5c4682dd0cd16d828ee96e6cd02c047d8f44

SHA256
89c930d2e4482799f4f0f040b994c457310912ed1bbf2a4b61e58cc98f31f0d5

SHA512
10464a4027a62815a29dd888e870186f3c3ed809080784465eb5577051b42ae3064949c4fe8f4abe846b1253562436eda4514ebcdc8fc9d73a7d68f0fa8646d5

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\client\jvm.dll

Filesize
3.7MB

MD5
f33ab22b80da942f9b3558a2935320dd

SHA1
bbc72eec472e527e12bf3b8edb5b8cf58e1a28f6

SHA256
cfb19bf36ae66cec283d6ece43ab78163c5ba587624ff0329393eab68b85c439

SHA512
d4b955ba0c4437a4de3af076067934cd02a6a273317881a2024e2088ab2455c886e1a96167ab345172bf748d1207140e4bec997c2f2c3c776814a0bacf87a6c6

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\java.dll

Filesize
124KB

MD5
10656f8395f3512a3c6a4e17ffa1a761

SHA1
a79e8a21bbc602c7f59dbb5b46c8a0f7111cd5f2

SHA256
068b177ce02adc90614a4b390551844b9b098c200bee4ba33f1d8d67e9bb296c

SHA512
7621a47bade78940a149d6a123c9b8314cc206f20498664c8f353b8e8085a573a0e97bddb917fe5e75975e237f2b26d6fbf9f345500468ef9f38f8de052e55da

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\javaw.exe

Filesize
188KB

MD5
dbee13294a7de40843411e8d19fe0d03

SHA1
b888224b43cf59aa8fcf4819bc4e2cb521cc17c7

SHA256
f97c6ff5cccae69e72a44cfb9404e59e02434ae953c87fdbf79bca9796a25e13

SHA512
18021c4b4ef5d222415182ce3158f4205c74893b8fdf7b5a3e47ce22917b1995a2455dba78981bbaf8a3fdfc9c95d96d9343e2bc387406333a28f1f23e506216

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\msvcr100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\verify.dll

Filesize
39KB

MD5
b448e216f9505e6339669fb654f21536

SHA1
8cfdbbe4c69b479cb80898210c2b5d5d2a78c74e

SHA256
212aad513c5ab53abcf955002227e274cd7d2245de6adecab1e6239d4ebdb53d

SHA512
47b65585b9dc19dc191e51bbb2f292911fb8e6d018cde946bfb8586fca32be993de6208237cf8dbaa5a7cf78a61560bdc49adb5da9b4b69fc2f96d774aa07ba3

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\bin\zip.dll

Filesize
70KB

MD5
17d07c2e77945e98a56991a2806c8973

SHA1
9e8bbb214d8c8474c94261bf03044c5b4715a3b5

SHA256
9be65e7dcfbe0dd37cff32fc9fa150b4e10d7f033a1f8d3c06cb80e7ecfaa402

SHA512
e966e6f6ae6193b536c05e12091e95fd1603daf909c1ff75fbec2b2d59c5afbc2dde34cbee090b099755eb1fda29bbcbe9629b3117eafd74236377a174ea1488

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\ext\jfxrt.jar

Filesize
17.4MB

MD5
c9be1f9d4c13d15f8e5226d99f81c9f4

SHA1
a1307944cb5e62d184aff7fb69e41944d71edefb

SHA256
0a03ff5f00794f909a14c83543143c9da198ae5e8e8f0f5abc673bfcaedf34a3

SHA512
b4883c684179ae03623d44b6d4c03df06e83067ae64c659118ab4cd4f2484dada6f00a118e0550787b4cdc8522f1517dbecf5a13838157994598a60fcb1b720b

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\ext\meta-index

Filesize
1KB

MD5
77abe2551c7a5931b70f78962ac5a3c7

SHA1
a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc

SHA256
c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4

SHA512
9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\i386\jvm.cfg

Filesize
623B

MD5
9aef14a90600cd453c4e472ba83c441f

SHA1
10c53c9fe9970d41a84cb45c883ea6c386482199

SHA256
9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1

SHA512
481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\images\cursors\is-US0VQ.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\java\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files (x86)\Project Cataclysm\launcher\launcher_wrapper.exe

Filesize
6.0MB

MD5
671edf47c008e505c99264fb8ad6560c

SHA1
43c3e6ed187f485b570a9c1ebe029409a03945df

SHA256
cf4b5088b11f561242b72c8718b3d366f23362244d0516fd2bba8c73c03dd543

SHA512
47270564014558a8b6f12f49989c93f404ab0caa3e06a863cb8b903af06a85bd183be894c80524dd8bbcc89c40cb7be440ac737daf1a7b16db561578631f8a11

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\fe645b32f17aae8f.timestamp

Filesize
71B

MD5
6451f03f62d438e88fc4b4dcba7ed8bb

SHA1
489047fa9e6f6e4c891c3209eb4425ef66dee8bc

SHA256
2fa5292200964f52378d0fe57579f59e1f36150bb5dc467c1574125468e88131

SHA512
d9a6e3d26a4e7310421c37da72db2e808bd470938e2b584d57794a3de783f5c04cdbb2fc9ab400479c3a49af3b0000e7858a0ee1feff15d1fb2af52abbc6e84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3063880f19a7f404c3a87b66be5e85b7

SHA1
4db9f850a95cb39627aecdea0b53092048f39a13

SHA256
88b2f0ecee438178d7b4a0119761dbd548416908542ce219de19e863c89273d0

SHA512
189a2f89f12953aa577f2c5218ceabb96772cf24b6bfdebd2e33db77481361e0386c8308ebf3502f30f0bd277ecb5c96b82ee0cafd604b6bf3bc8c0d214f1083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bd6ef26cca47cb19e3dc57d1c676a9c

SHA1
cba664d9104783f5008ed0ee6ffa8b205e427d66

SHA256
1631d5be4bb4d2e2daee4509a016652419f206b27104130d1159586bde33463d

SHA512
105a83351fbc68ea34af8667f65ed7a6ebad8a3a7b326d41a2e921d232040f7e1cf55b1f16afda94a68e8d1cb4ef95f37662f6983360e6f2d23681e1bf9cb11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9dbde111cd2b2fe3190b6575614a5198

SHA1
5bd2387b30d9f373b7a945f21b3f9a292d294ea2

SHA256
9979c9aad7ee4202f05f0d99e27d3f908dd044fb20216e1a73e32fa9f2ae2d10

SHA512
b60ec7e921bd44d7cbd9b81b560f4c411cd984d1f035cf203d56115e9547712ef7bdc55ce4dfe13705672c2e728e6631023d21fa64cfe4f26398626e06369487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8563d0939d74cf6e7434559f38f92e02

SHA1
371c5ac2390d00266b135d3412bc2e3d367b5c5a

SHA256
84ff0816b4f55f94de733cafd09f2ba7ebcc6c2970c6e9b6e91ef4d197035011

SHA512
fb5a177b849577b2a8e1f45fa68c5d957ee69074186af60734af86f47905a2be2eca8a259c18d6525db1281fe8c730a13c68e58be5d406fa0868229392334d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF1925140544775463494.tmp

Filesize
164KB

MD5
8a36205bd9b83e03af0591a004bc97f4

SHA1
56c5c0d38bde4c1f1549dda43db37b09c608aad3

SHA256
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

SHA512
e96b43b0ca3fd7775d75a702f44cd1b0dfd325e1db317f7cba84efdf572571fe7594068f9132a937251aab8bd1f68783213677d4953aca197195fbe5db1f90d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF964302821291413043.tmp

Filesize
163KB

MD5
b8e42971dec8d49207a8c8e2b919a6ac

SHA1
62442a18a9fe9457c1afeabf683d263a691b7798

SHA256
ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7

SHA512
3bd40ac788d44626fd640ec67ef04ab0364816b5e8c831f2077bff8805cfe6890ca29274b476f933f6e96ddaa16f4e2f3f66c616dff7cd88cdcaff7dae8ca5e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-276S0.tmp\ProjectCataclysmInstaller.tmp

Filesize
3.1MB

MD5
0006098259d366bd777ba27dde8455f1

SHA1
c77705c8c78e418207a0b0bb8a9f29395b6577cb

SHA256
886036df373dd49159e1e4cdd36c12570f12577a200beb12880cb2034d847c18

SHA512
cbd44696fa7d2bf6d0318a9d63b670dc7f777b1e539ce8ab16aa5343a31da4c6102c00e8338a46b41c56ffe2df973bc35d4afb12e9456bae2b618d8d418ecdb1

Download Submit
memory/1088-142-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1088-122-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1088-688-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1784-749-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-810-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-720-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-728-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-746-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-840-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-778-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-814-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-792-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-794-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1784-793-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/4328-873-0x00000000012C0000-0x00000000012C1000-memory.dmp

Filesize
4KB

Download
memory/4328-913-0x00000000012C0000-0x00000000012C1000-memory.dmp

Filesize
4KB

Download
memory/4328-881-0x00000000012C0000-0x00000000012C1000-memory.dmp

Filesize
4KB

Download
memory/4664-985-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4664-946-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4664-954-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4664-991-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4664-996-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4664-1000-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4844-640-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/5056-121-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/5056-717-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/5056-97-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download