hxxps://cdn[.]discordapp[.]com/attachments/1260230312953122898/1263494260859338902/Release[.]zip?ex=669bc1ba&is=669a703a&hm=39f16d3f745693a775ba2ae75f6b7b2d57e0ec159bbc4cc8e0b7776ee53d0d1f&

Analysis

max time kernel
106s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1260230312953122898/1263494260859338902/Release.zip?ex=669bc1ba&is=669a703a&hm=39f16d3f745693a775ba2ae75f6b7b2d57e0ec159bbc4cc8e0b7776ee53d0d1f&

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	CeleryLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	CeleryLauncher.exe

Executes dropped EXE 8 IoCs

pid	Process
5852	CeleryInject.exe
6040	CeleryLauncher.exe
4884	CeleryApp.exe
1104	CeleryInject.exe
5012	CeleryApp.exe
4476	CeleryLauncher.exe
5188	CeleryApp.exe
5360	CeleryInject.exe

Loads dropped DLL 3 IoCs

pid	Process
4884	CeleryApp.exe
5012	CeleryApp.exe
5188	CeleryApp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
1376	msedge.exe
1376	msedge.exe
528	identity_helper.exe
528	identity_helper.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2084	7zG.exe
Token: 35	2084	7zG.exe
Token: SeSecurityPrivilege	2084	7zG.exe
Token: SeSecurityPrivilege	2084	7zG.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
2084	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6040	CeleryLauncher.exe
4476	CeleryLauncher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 4632	1376	msedge.exe	85
PID 1376 wrote to memory of 4632	1376	msedge.exe	85
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4308	1376	msedge.exe	86
PID 1376 wrote to memory of 4484	1376	msedge.exe	87
PID 1376 wrote to memory of 4484	1376	msedge.exe	87
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88
PID 1376 wrote to memory of 3888	1376	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1260230312953122898/1263494260859338902/Release.zip?ex=669bc1ba&is=669a703a&hm=39f16d3f745693a775ba2ae75f6b7b2d57e0ec159bbc4cc8e0b7776ee53d0d1f&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0fae46f8,0x7fff0fae4708,0x7fff0fae4718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,12114886998322031308,15052699009514707670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4092

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Release\" -ad -an -ai#7zMap2620:72:7zEvent21323
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2084

C:\Users\Admin\Desktop\Release\CeleryInject.exe
"C:\Users\Admin\Desktop\Release\CeleryInject.exe"
1⤵
- Executes dropped EXE
PID:5852

C:\Users\Admin\Desktop\Release\CeleryLauncher.exe
"C:\Users\Admin\Desktop\Release\CeleryLauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6040
- C:\Users\Admin\Desktop\Release\CeleryApp.exe
  "C:\Users\Admin\Desktop\Release\CeleryApp.exe" launcher_ran
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4884

C:\Users\Admin\Desktop\Release\CeleryInject.exe
"C:\Users\Admin\Desktop\Release\CeleryInject.exe"
1⤵
- Executes dropped EXE
PID:1104

C:\Users\Admin\Desktop\Release\CeleryApp.exe
"C:\Users\Admin\Desktop\Release\CeleryApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5012

C:\Users\Admin\Desktop\Release\CeleryLauncher.exe
"C:\Users\Admin\Desktop\Release\CeleryLauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4476
- C:\Users\Admin\Desktop\Release\CeleryApp.exe
  "C:\Users\Admin\Desktop\Release\CeleryApp.exe" launcher_ran
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5188

C:\Users\Admin\Desktop\Release\CeleryInject.exe
"C:\Users\Admin\Desktop\Release\CeleryInject.exe"
1⤵
- Executes dropped EXE
PID:5360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b7fa2eaa30ee127bdca69ce6a6c8f050

SHA1
3b89ad64d7776278e232eb4fe9667ec12b2cc02c

SHA256
510d58c6fd00d5d4cbefdf45b25a803b69a62a8ccedb15c0c584f3b99fe60444

SHA512
114762b62bf5c86582a11ac3a574eb2e0f18885e169f5f4b44c6fbb73c30c74f5297c0e75c5bb3ef629f42cb1c2df849ce3eb72de0e34575f2a56740b4ab6d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf3057c436ea1b1feba74b922f7d81c9

SHA1
a043a67eccfebcad2d5819067ec978cea8afe1b9

SHA256
2a178b63483e7f7449f1191cbd985694743a4faccffe2f0159f74c82fad87c83

SHA512
b97ac5044c1b47f49796101f4e92ba9d3718cdec6eb76e983bf022780cbb61b688a971af2290187a6f54e6484d70cb0bb338913feb2d7c6cb0601594ffbd55af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d79ef0539196d949ea6a97c1d229a840

SHA1
f54e51b6ed101a819138dc05225d7642e15dc422

SHA256
ace638b57b58822b208d94da460eef5ddd127573a0a6eb5067917c848ecde456

SHA512
ad632fa933a555722bdb417d52e4da329a39b6ab3f1f81a3557ab2a75b1bd4238dc3d87180fb7b35d45dc425c099d8793dafa8deeae5779cc8c71dea104a5b92

Download Submit
C:\Users\Admin\Desktop\Release\CeleryApp.exe

Filesize
8.8MB

MD5
999ee3c367154388ce366a42842c8a68

SHA1
ceca7faf5760106000b1ee730a3b91b20991bc5f

SHA256
c991bb07471f01e780c8bcda35bb0ae88b09f871b142405660cebbe92b2d282e

SHA512
30e2b80041e498fb45e0c8e3fbcde05aaf2f94634e5650f1b4ec1cf6d80abe08eee243e8feb1f07e762163c971a1e8aa9217b080d490d723541629891247a384

Download Submit
C:\Users\Admin\Desktop\Release\CeleryInject.exe

Filesize
4.7MB

MD5
4810fb121d424e94695596263b9f4ec2

SHA1
1c3437802a42af994cce26da86c2bb469b10c465

SHA256
be16d898471078acd841a86372da09c1c98ab249777a0657965173c0bb2d238a

SHA512
1f1d54221f617861a80eedece748d95ecd99485e928ace9051d58e76e639137d53c774a6fff3f894250c2eae63e96160d3800113fdade0662fc5d8cfdad3bd19

Download Submit
C:\Users\Admin\Desktop\Release\CeleryLauncher.dll

Filesize
51KB

MD5
87ad71b12d262377c4e8865d1c5921dd

SHA1
756ad527bf669469242c847e7f30b973e3f58285

SHA256
3c7ef7edfe1ea1ba3f30f2acd85d7d12caf1b859359a2a4e1cd640407db93113

SHA512
2dd47d750c54d4a8550295ce6fa6f77e563f1db01d2b36b72040d01bd75b6af58dae4988f08ab3f7fcee9f94b1d244131d338854ddac8345e66e5f2fc3832a08

Download Submit
C:\Users\Admin\Desktop\Release\CeleryLauncher.exe

Filesize
152KB

MD5
cf488af27bf33e6df70358c57b0482cb

SHA1
0c4d2d2879f03dc2aec495a3c677f3b0c4503389

SHA256
15d7cd393c0486477c48371920ac061b07cd41a418fa6c183746634e1a39157e

SHA512
f588f0bee7ab6479a1f29f25efab65aae6b1d52449d29c972e4797616a66d88c4edf97f67341b1347f3a54ba587cd96440960ae49ee4da42e95cd436c6af02db

Download Submit
C:\Users\Admin\Desktop\Release\CeleryLauncher.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\Desktop\Release\CeleryLogo.ico

Filesize
4KB

MD5
3246befa41923904f2963da9b19c2dd7

SHA1
fdfec504286148eb258e87298df30fac0e1cb606

SHA256
eabe2efbb4f11ff62c0fd16f8aa5e932a52d8f0603226b8b8320e00335bda70b

SHA512
7e234fb730c67e233cac775feb793376fcd9a9548025867ffbf9420398fccc72287bc39162cdacfba6b43613fa54695a1c0b8a14b45f6a381959d3e4cb728185

Download Submit
C:\Users\Admin\Desktop\Release\Dragablz.dll

Filesize
233KB

MD5
5a9583a7bed76b2e94091f9b74716f68

SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e

SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

Download Submit
C:\Users\Admin\Desktop\Release\MaterialDesignColors.dll

Filesize
295KB

MD5
d2207fccbdd6caa91c43776559ce401f

SHA1
4f78f282a238b21ad1f995f154d624865d08a38a

SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

Download Submit
C:\Users\Admin\Desktop\Release\Microsoft.Web.WebView2.Core.dll

Filesize
445KB

MD5
c4b4a5f4f28d47239eb4e37cb3cc8046

SHA1
ed86941cf065f91758d536d8e13cc2542cc38922

SHA256
c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1

SHA512
440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645

Download Submit
C:\Users\Admin\Desktop\Release\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
0241e0a42b292e0c9b585470c613ec78

SHA1
74e4ab7e37bff177a394617923baddfcf087c0e1

SHA256
15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a

SHA512
bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\base\browser\ui\iconLabel\iconHoverDelegate.js

Filesize
368B

MD5
dff5cd240217dc0e722c27be242db91d

SHA1
244d1e7b3a10bb26e52ad9019e0e20f8bb3a72aa

SHA256
151caa77914089aa02273bb851f4b9a198eaab38da7eb9e4bdd7af8075c2dc57

SHA512
e6033e28f65f29ec3a7fc2e367bb6dd2909e38e5e5ccd267fe920e82c25de00c3cf5593db022dc1664ec00652882d5093121f2686788ee3eb60d0b2d87fef6d5

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\language\json\_deps\vscode-languageserver-textdocument\lib\esm\main.js

Filesize
10KB

MD5
722df93c13e5a9e4b3a42c515d6281e3

SHA1
e046b8875a0373f38e8135f6500bc9deb9b1cc34

SHA256
bb9e7de4f27538b132cd593302a62f8a42f433e1b0e04a1edb4472a97d6ddf46

SHA512
6e1db81e7286e7762cce5c281c1ddab227ab374c5c33ff45a5031275592a84fd47547b6ad496f302bbca0bbdc01ed899ff8ed87f22bb8b88973a257e345b70ac

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\language\json\_deps\vscode-languageserver-types\main.js

Filesize
66KB

MD5
f80215fcc9a89ba7be3bc0b32cacb094

SHA1
8449846cc76fc770a31e310882454f5d6beae342

SHA256
1adcb7cc0756472bc16ace850f3f5b6d5746ea4af2d75ad0785b967dd07bf9f1

SHA512
7187397ff691dfe558c00a8393d4d3d86b7ab8fdbed8b40ecd43c8ba3af40f8ceab0f78d001cc892ea0d5b5a36be4a559715a4385b39a6db1ce473b2883513b0

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\language\json\_deps\vscode-uri\index.js

Filesize
11KB

MD5
db7069b3b398babf3a2a97e7f7c3aa65

SHA1
2208bc3bb4548247d672cbd3368dbb992ce6d312

SHA256
15fce1bc78e59f11f36c62e31b6db98d10cf5810fcb8fceeecf9cbdd2ac9742d

SHA512
326716687bed34d862a71df1c7259988de21ef78af8829d2253f099988818200477df7e13f97fa78671d426a856feaa651d1c8350f7edac5d59ec9bc13f354d3

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\language\json\fillers\monaco-editor-core.d.ts

Filesize
37B

MD5
604924c7fd140e65f677cff5c06ea77e

SHA1
60adb20bf4cac895df6b31a4da98a4d2267ca3e6

SHA256
87b3728d7af0f6c25f9cdbedfbc093f5e46a24371910199a638a1a13e3444668

SHA512
34affd619893b93ebfeb0d19daf6c4768b0e3de7d4d8272058cd41608ef9a1f5ceb5951b0b8a7732dd4e3e020d51bda9c9509eed4a3a5705d3a1ad396d610af1

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\language\json\fillers\monaco-editor-core.js

Filesize
404B

MD5
40fc593844c4ee88ff8e87481824dda0

SHA1
c2d8bed92d90e685576812d7c62ac2db28af2185

SHA256
a27649c652a7abcefe0b54567eb64f1cdf9be521bab22cfb71718e816b160375

SHA512
0457cf90d188e803401555e57a24647e592830ddad9e9e73d64a89889ec6b40eb15d2330ba507c6bad2faceb6c14bb643b4557db1e68896354aa6a19a99ae357

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\language\json\fillers\vscode-nls.js

Filesize
1KB

MD5
1e2ca4b54776b992ed920a66940bca7a

SHA1
86ed5c8360d31c4763c05184fa4e7cc46cfa9354

SHA256
539191b86cffb8607fc04d0369756281f63bcb884cbe6ea729a668edf4018059

SHA512
fb249812b6587078d8a715d4c684af62db0ed05f6d80afb3374fe1f1e0a0a11b2c2551fcb738f3383b88152f95ca889c7c81543da7575d8d8b161d5c9ffea07b

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\esm\vs\platform\telemetry\common\gdprTypings.js

Filesize
12B

MD5
5c7f99e3d4eaae821996a487acc6a5e2

SHA1
9ff99e6a0a31241fe503c3c76a340bedfe2902b7

SHA256
f761c91419d0a89422a0004ef1a92929dd4d2d5e5c16758654d8b0467d1998c6

SHA512
9247b46a096ad45b486e4b83bb880a7d4e0da7731e3e64b8ba41513a0632932d3bfcf132b2d20e81e363c2595aa9a38d486111dc6365c0f014c1af25ec0be839

Download Submit
C:\Users\Admin\Desktop\Release\bin\Monaco\package\min\vs\base\browser\ui\codicons\codicon\codicon.ttf

Filesize
63KB

MD5
b13daaad214ef227a36fefd95d924380

SHA1
95791fc8733a4bae907859b1a46bd1115f90c983

SHA256
774c4acc42f27289850537e2b6e9b85f67fde54145f6f41876dc4f65b45a4a20

SHA512
ad05613494a490e01504a30e34d7fb5bc2e535d70b5e5d5154a81ad1acaa51c0e368a6fae6aaa0a42faaae63f7e751a98748a7c291056100b7ad687ff6ae687d

Download Submit
C:\Users\Admin\Desktop\Release\runtimes\win-x64\native\WebView2Loader.dll

Filesize
156KB

MD5
b1cc3d7d194abc6908801cd0334a6c70

SHA1
5f3c72eafab090095a08f17f026415cbfefa8349

SHA256
1b23ff90ac64223bcb21b14a107079c7bb4ad0697ed841a0c0485c7d0fe0a175

SHA512
ed351fe2efe92df52ba79f4239297ea20f8f4a061c413d81f35b29bc8b5db95500c4f5a631439a0abc1d5753b616297fa69aa04ee96f807f78cc0c3f69d9c85d

Download Submit
C:\Users\Admin\Desktop\Release\settings

Filesize
65B

MD5
086bb083756e230b9451741a2b977636

SHA1
3dac45c483668977b5884d3588865215703a1925

SHA256
a6d3d93074267c7c701f92ac0899710228ce9f323ced8780432c6c25aae832c0

SHA512
695937fc323bb64f9576f5d77db45a68e0d0839a629720fc61f878d79a3db9a70d772ba0e0e3aafea7200e38f445d3b54ea0ff392489768074dead9fae359cba

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 356074.crdownload

Filesize
24.3MB

MD5
6c38c3623985fea5c2525db00dbfdb3e

SHA1
549f1aa61f4d6aba6c88ca29b62585e0f1396331

SHA256
45b058bb01dcbf5a181c3e5e0f2ac372897408f3cf8929e34f8a8a7197942753

SHA512
b5e95b36767cc3062dad2e0a123bf7cf7138b9f1ee6daea0f1693f1e2c1f3723e0ed207297deba184073e73506eaf3ff9b655214662481208ded6e87b5d2d160

Download Submit
memory/4884-2504-0x000001F875030000-0x000001F87594E000-memory.dmp

Filesize
9.1MB

Download
memory/4884-2505-0x000001F875C00000-0x000001F875CBA000-memory.dmp

Filesize
744KB

Download
memory/4884-2501-0x000001F85C610000-0x000001F85C650000-memory.dmp

Filesize
256KB

Download
memory/4884-2507-0x000001F85ADE0000-0x000001F85ADEE000-memory.dmp

Filesize
56KB

Download
memory/4884-2503-0x000001F874FE0000-0x000001F875030000-memory.dmp

Filesize
320KB

Download
memory/4884-2509-0x000001F875CC0000-0x000001F875D34000-memory.dmp

Filesize
464KB

Download
memory/4884-2499-0x000001F85A120000-0x000001F85A9E8000-memory.dmp

Filesize
8.8MB

Download
memory/4884-2512-0x000001F874FB0000-0x000001F874FB8000-memory.dmp

Filesize
32KB

Download
memory/4884-2513-0x000001F876080000-0x000001F8760B8000-memory.dmp

Filesize
224KB

Download
memory/4884-2514-0x000001F874FC0000-0x000001F874FCE000-memory.dmp

Filesize
56KB

Download