hxxp://clusee[.]com

Analysis

max time kernel
328s
max time network
331s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
20/07/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://clusee.com

Score

8^/10

defense_evasion discovery execution persistence privilege_escalation spyware stealer

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
2880	powershell.exe
2932	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
2140	CluseeSetup.exe
1448	Clusee.exe
2936	Clusee.exe
3676	Clusee.exe
3172	Clusee.exe
3176	Clusee.exe
4808	MicrosoftRuntimeComponentsX86.exe
912	UpdateMO.exe

Loads dropped DLL 16 IoCs

pid	Process
2140	CluseeSetup.exe
2140	CluseeSetup.exe
2140	CluseeSetup.exe
2140	CluseeSetup.exe
2140	CluseeSetup.exe
2140	CluseeSetup.exe
2140	CluseeSetup.exe
1448	Clusee.exe
2936	Clusee.exe
3676	Clusee.exe
3676	Clusee.exe
3676	Clusee.exe
3676	Clusee.exe
3172	Clusee.exe
3676	Clusee.exe
3176	Clusee.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Software\Microsoft\Windows\CurrentVersion\Run\Path = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UpdateMO.exe"	UpdateMO.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	MicrosoftRuntimeComponentsX86.exe

Looks up external IP address via web service 6 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
63	api.db-ip.com
65	api.ipify.org
79	api.db-ip.com
16	api.ipify.org
54	api.ipify.org
55	api.ipify.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Clusee.exe

Hide Artifacts: Ignore Process Interrupts 1 TTPs 1 IoCs

Command interpreters often include specific commands/flags that ignore errors and other hangups.

defense_evasion

Ignore Process Interrupts

T1564.011

pid	Process
2932	powershell.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
900	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Clusee.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Clusee.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Clusee.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Clusee.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Clusee.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Clusee.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Clusee.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 10 IoCs

evasion

pid	Process
3948	taskkill.exe
4072	taskkill.exe
3184	taskkill.exe
2152	taskkill.exe
1920	taskkill.exe
1872	taskkill.exe
328	taskkill.exe
3896	taskkill.exe
3188	taskkill.exe
2172	taskkill.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "109"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 895807.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CluseeSetup.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\clusee-updater\installer.exe\:SmartScreen:$DATA	CluseeSetup.exe
File created	C:\Users\Admin\AppData\Local\clusee-updater\installer.exe\:Zone.Identifier:$DATA	CluseeSetup.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
3404	msedge.exe
3404	msedge.exe
3528	identity_helper.exe
3528	identity_helper.exe
3772	msedge.exe
3772	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
2468	msedge.exe
2468	msedge.exe
2140	CluseeSetup.exe
2140	CluseeSetup.exe
1448	Clusee.exe
1448	Clusee.exe
1448	Clusee.exe
1448	Clusee.exe
1448	Clusee.exe
1448	Clusee.exe
2932	powershell.exe
2932	powershell.exe
2932	powershell.exe
2880	powershell.exe
2880	powershell.exe
2880	powershell.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe
4808	MicrosoftRuntimeComponentsX86.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2140	CluseeSetup.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeDebugPrivilege	2932	powershell.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeShutdownPrivilege	1448	Clusee.exe
Token: SeCreatePagefilePrivilege	1448	Clusee.exe
Token: SeIncreaseQuotaPrivilege	3412	wmic.exe
Token: SeSecurityPrivilege	3412	wmic.exe
Token: SeTakeOwnershipPrivilege	3412	wmic.exe
Token: SeLoadDriverPrivilege	3412	wmic.exe
Token: SeSystemProfilePrivilege	3412	wmic.exe
Token: SeSystemtimePrivilege	3412	wmic.exe
Token: SeProfSingleProcessPrivilege	3412	wmic.exe
Token: SeIncBasePriorityPrivilege	3412	wmic.exe
Token: SeCreatePagefilePrivilege	3412	wmic.exe
Token: SeBackupPrivilege	3412	wmic.exe
Token: SeRestorePrivilege	3412	wmic.exe
Token: SeShutdownPrivilege	3412	wmic.exe
Token: SeDebugPrivilege	3412	wmic.exe
Token: SeSystemEnvironmentPrivilege	3412	wmic.exe
Token: SeRemoteShutdownPrivilege	3412	wmic.exe
Token: SeUndockPrivilege	3412	wmic.exe
Token: SeManageVolumePrivilege	3412	wmic.exe
Token: 33	3412	wmic.exe
Token: 34	3412	wmic.exe
Token: 35	3412	wmic.exe
Token: 36	3412	wmic.exe
Token: SeDebugPrivilege	2880	powershell.exe
Token: SeIncreaseQuotaPrivilege	3412	wmic.exe
Token: SeSecurityPrivilege	3412	wmic.exe
Token: SeTakeOwnershipPrivilege	3412	wmic.exe
Token: SeLoadDriverPrivilege	3412	wmic.exe
Token: SeSystemProfilePrivilege	3412	wmic.exe
Token: SeSystemtimePrivilege	3412	wmic.exe
Token: SeProfSingleProcessPrivilege	3412	wmic.exe
Token: SeIncBasePriorityPrivilege	3412	wmic.exe
Token: SeCreatePagefilePrivilege	3412	wmic.exe
Token: SeBackupPrivilege	3412	wmic.exe
Token: SeRestorePrivilege	3412	wmic.exe
Token: SeShutdownPrivilege	3412	wmic.exe
Token: SeDebugPrivilege	3412	wmic.exe
Token: SeSystemEnvironmentPrivilege	3412	wmic.exe
Token: SeRemoteShutdownPrivilege	3412	wmic.exe
Token: SeUndockPrivilege	3412	wmic.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1848	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 364	3404	msedge.exe	82
PID 3404 wrote to memory of 364	3404	msedge.exe	82
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4080	3404	msedge.exe	83
PID 3404 wrote to memory of 4828	3404	msedge.exe	84
PID 3404 wrote to memory of 4828	3404	msedge.exe	84
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85
PID 3404 wrote to memory of 1388	3404	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://clusee.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcec3c3cb8,0x7ffcec3c3cc8,0x7ffcec3c3cd8
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,9732046226935552153,13877821568419118764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1052 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Users\Admin\Downloads\CluseeSetup.exe
  "C:\Users\Admin\Downloads\CluseeSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
1⤵
PID:2556

C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe
"C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1448
- C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe
  C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Clusee /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Clusee\Crashpad --url=https://f.a.k/e --annotation=_productName=Clusee --annotation=_version=1.0.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.3.3 --initial-client-data=0x514,0x51c,0x520,0x4f0,0x524,0x7ff6c2674688,0x7ff6c2674694,0x7ff6c26746a0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2936
- C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe
  "C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Clusee" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,11927743013079605731,5854360389238766959,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3676
- C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe
  "C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Clusee" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2116 --field-trial-handle=1916,i,11927743013079605731,5854360389238766959,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3172
- C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe
  "C:\Users\Admin\AppData\Local\Programs\Clusee\Clusee.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Clusee" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --app-user-model-id=com.clusee --app-path="C:\Users\Admin\AppData\Local\Programs\Clusee\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2444 --field-trial-handle=1916,i,11927743013079605731,5854360389238766959,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  PID:660
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:3412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  PID:2304
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:4812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Start-Process "C:\Users\Admin\AppData\Local\Temp\temp003241243xEqLg\MicrosoftRuntimeComponentsX86.exe" -Verb runAs -ErrorAction SilentlyContinue"
  2⤵
  - Access Token Manipulation: Create Process with Token
  PID:900
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Start-Process "C:\Users\Admin\AppData\Local\Temp\temp003241243xEqLg\MicrosoftRuntimeComponentsX86.exe" -Verb runAs -ErrorAction SilentlyContinue
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Hide Artifacts: Ignore Process Interrupts
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\temp003241243xEqLg\MicrosoftRuntimeComponentsX86.exe
      "C:\Users\Admin\AppData\Local\Temp\temp003241243xEqLg\MicrosoftRuntimeComponentsX86.exe"
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      PID:4808
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\UpdateMO.exe' -Verb RunAs -WindowStyle hidden -ErrorAction SilentlyContinue"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\UpdateMO.exe
        
        "C:\Users\Admin\AppData\Local\Temp\UpdateMO.exe"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:912
    - - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" csproduct get UUID
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3412
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 364 /F
        5⤵
        Kills process with taskkill
        
        PID:1920
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 3404 /F
        5⤵
        Kills process with taskkill
        
        PID:1872
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 3168 /F
        5⤵
        Kills process with taskkill
        
        PID:3948
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 4472 /F
        5⤵
        Kills process with taskkill
        
        PID:328
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 1388 /F
        5⤵
        Kills process with taskkill
        
        PID:4072
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 4828 /F
        5⤵
        Kills process with taskkill
        
        PID:3184
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 1564 /F
        5⤵
        Kills process with taskkill
        
        PID:3896
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 4620 /F
        5⤵
        Kills process with taskkill
        
        PID:2152
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 4532 /F
        5⤵
        Kills process with taskkill
        
        PID:3188
    - - C:\Windows\system32\taskkill.exe
        
        "taskkill.exe" /PID 4080 /F
        5⤵
        Kills process with taskkill
        
        PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  PID:4484
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:1748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  PID:1392
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:4804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  PID:4224
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:2972

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e5855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Hide Artifacts

T1564

Ignore Process Interrupts

T1564.011

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
88dc70c361a22feac57b031dd9c1f02f

SHA1
a9b4732260c2a323750022a73480f229ce25d46d

SHA256
43244c0820ec5074e654ecd149fa744f51b2c1522e90285567713dae64b62f59

SHA512
19c0532741ebc9751390e6c5ca593a81493652f25c74c8cab29a8b5b1f1efef8d511254a04f50b0c4a20724bae10d96d52af7a76b0c85ddc5f020d4cac41100c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
52f126c737ee41390754cb449970201e

SHA1
f5d8904ed5c0ca5f7ad3dd4f9f194f04a21beeda

SHA256
997e785abdf7810371569aeec9a9df4363b9a808804a0e8c9ee5ef90c4a80840

SHA512
2243f85277d6af3e74046ebb45785bb86336137584e6efcbda9f06099d7443921a7a984e3162633d11a4f016d4ff5056d25281fce637bf13b3cf103fcedbec14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
3b33f01dd941553fa06cd962a9f4774d

SHA1
1230d2f21437346cbcc77dc7b3d35c895f26e668

SHA256
6f454259bc32657bfae5d402a92412144a6667756db5d63c6c90f6651f33a6d2

SHA512
9e162e1f7ba4b16ab045f00dc031dc9ea47671b120e274bed2f8792f9959c4656a8203fd6a78ef66535db1f0410cb3a4edc5e020956ec1217964e87387ee7da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
15703146ffcc5337fefef73f33d5783b

SHA1
97fd33c25f549340ea0c0b4cf2052774de40f490

SHA256
60ad089c708f130b8cf0756d4aecb56036e89bc9c2cc9a805673999a9a6171e8

SHA512
c41fc71ba06689bae4722ab32c1afbb01cc2f7e54efab64f27205318f5cc8929514721f169771c65771ceab20e2bc151e7a83e2c87860aeb9e9e1afda8cf9737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbdb38ec48839c8e011331c07d682580

SHA1
238de9c968caf85ae45ab16d5bdc679a95dceb42

SHA256
68b3ebc93844265144fe2c57e1d1d32ad439cca1f3a9108c26b9657a5928be8d

SHA512
c78c9e0ec2d53ca41e4f10d3b3d10e3ba0ec54934d50050d2f184ef69ddad5e72fe7b194e87d058d2fc599add53550f4ace8bf4cc33a091e819ead4962648e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19d97d62d5ad101e7451bb5ac4c71663

SHA1
2908a039c48b328201ee63d24bbb739f2a33dd94

SHA256
8c4d382d98b72f1254c65bf463dade965f8a334615ac71b3f62f37b20e14bc7e

SHA512
2205a8edc097a6eba077e7cb186034cb5ff7ff85517f6945cee616f4e07004ac0052cb35a82a01a5f8c7cf34c6b95ded97222e34ecd0c47467a2de34f12ef989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional Data-wal

Filesize
4KB

MD5
f6bfb264eeb65534dbd9688be763065b

SHA1
dd4c1bb03d131140d09f1d1451d4806f0e75a833

SHA256
5b10cab68b72487e0d480fdf344089f8a4ce946256e4673cba9f05a6e90f3dd6

SHA512
873adb3197d350874d1ba000a18dc3754bc388c8635fc6a59568ca97c8d41b8dcc89c7dd43502f2f7afeae546b937426034e975fc70d62488c2d3057cf6e36f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3435bcc8593fb4ac8d84dc5735ee4bba

SHA1
e6a2e2c36096b7d7517278b5f36dd0dbbbe9906f

SHA256
a1190a341db915d3079854244f9c0ac40d558c5d412a7228378cd371a7363790

SHA512
7d1acfd4a1beccb423a842875ef40573deb2ef4ce16acbba6b1dcb2c3406ce4a63f515fea87cd1e0f8fe1ca20fef5d1e809d0d807bfe6a47bdace924f9ca07a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad2b0733516f4575ce52ca58d2f14d9c

SHA1
40f24c47354b63b9c07940d42c582716dfda8907

SHA256
d8e846af29a0fc212442c62f14e591ee60d47c668ce9624622150777df716f48

SHA512
47043d782cc622188befa41dd3962c4d5580ff0e6c50efb993d89d3c3905b359bed38e7e45ae4367dbc1eac11593a01b49cf599fff34d706c3eb3b474b7ae1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
d8b9a260789a22d72263ef3bb119108c

SHA1
376a9bd48726f422679f2cd65003442c0b6f6dd5

SHA256
d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc

SHA512
550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clusee\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\6FEA0AB5-4973-4E45-9235-ED26833E968B_FVB347KP_sc.png

Filesize
525KB

MD5
9a7dfd666082085f9a76a1bd0ee32ef9

SHA1
6d4e6ff9736a7366f0b8685ff432cbef90009fb1

SHA256
05e8cc396d8c9d985c488158f2e4831e69007f5bc25758e482163e13047b59b2

SHA512
b85e80bfd5c5e7087084c5598fdde3a065b90e2ad36e4014299f73e26c693368ff55f376fbfa11ce7d8748a48c798ee86b400c40f6cea43518473849e3b3a75b

Download Submit
C:\Users\Admin\AppData\Local\Temp\UpdateMO.exe

Filesize
42.6MB

MD5
2675a403a514f2cb216140fbd6132bcc

SHA1
6ca1be92070775964b0fa827ac6f81ec2559623c

SHA256
7a074dd09573b5b73a30bc5c9f3873d80ce09c4615ba4a8a21dee4d0e6589f85

SHA512
6241435ac7ed9f2ff1ebe6e9eeeb95c036879541252ea7b092ea9e6d91dd1bf9471bc0eb6c9c605c52428d674e869472379d86a43b568f9e4408f3f58ad1b8ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bs0iouta.yhh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\LICENSES.chromium.html

Filesize
8.7MB

MD5
1ca87d8ee3ce9e9682547c4d9c9cb581

SHA1
d25b5b82c0b225719cc4ee318f776169b7f9af7a

SHA256
000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d

SHA512
ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
fa145097e0274da929aacd68c31338ab

SHA1
a999806ef0c15593100e21bc8632d7b1806bac47

SHA256
c8476ee68088d72b9fab25703093df19237d14387016b77f472e10c99c9415ed

SHA512
d4898eed2ea09cb9b1810d783558ee7bf284701734437fbd9e1035138216e1ddbddd77d588a0b722adc5c5fd4a245871537bfb9b168910fc2bffbd6cb78c3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
5db499ae909083620e47eeea1623b2af

SHA1
bc23303d6885b8f5c3fb84b3fecdf1a678e94a25

SHA256
7bee4e33d89e5a4f2b3bc74d632f7c773ae9a399b6b2ba6d29b1192e25695a8b

SHA512
d656bfa6d59c495d85eee872b372f7fba24f89101c38de1de904ece0d9ffa6eb93de81fdf674efa5ef724ea73188b908b8ad32cfee03c656accb835683929311

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\libGLESv2.dll

Filesize
7.4MB

MD5
57c23aa2c39f11528e56a48ea1824036

SHA1
d4fbf180266eb210f8d83360cbbd3804249c60b8

SHA256
ee039e42a4948e9f26ece8515f3c699014fa7803ae597cd3427fa1548962f9af

SHA512
77487060b824cc70b30b30b144b8f174fd08ca6a298fd8c8f45d8417b90b7914a0d135edab39d6a5b2b883d49e9386da382a9ce5c52dc07ecd147f49118efa63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\af.pak

Filesize
464KB

MD5
862a2262d0e36414abbae1d9df0c7335

SHA1
605438a96645b9771a6550a649cddbb216a3a5b1

SHA256
57670eae6d1871e648ad6148125ee82d08575bec5b323459fc14c3831570774a

SHA512
a789a4cad72106a5c64d27709b129c4ae6284076f147b7c3fcb808b557a3468b4efe3ede28033f981335d5eab986532c0497ddd6ed24b76189fe49366692ee73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\am.pak

Filesize
756KB

MD5
4eaa15771058480f5c574730c6bf4090

SHA1
2b0322aae5a0927935062ea89bd8bd129fa77961

SHA256
b05dcb8136751aee5eced680a5bad935e386bfce657dd283d3ec00ee722fd740

SHA512
b67e7dd24eadc91d4cd920f8864cfb23a9c67b2cecd54ec97e01705636604ce504dc417d6af1c53f374b58eddf71a12bb82248bd8fd68307161d4833342681a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ar.pak

Filesize
829KB

MD5
2b2dfafb0d258c1d2b58e51ae1ee9ab5

SHA1
2a538491ff4023d29bdf2a053447c6016138d9f2

SHA256
ea49bc2ceb6b185030eaa0ee0155feca90e632390417299113b02fbe365ff731

SHA512
6b629ed83edfea1b1ff3c379009332e413c420de651a24160fae859e1e0948fbebab99c9da714df6dfad3b9e472dece7bee95815ceca428183f4ac0bd6d42ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\bg.pak

Filesize
861KB

MD5
0e8005b17ac49f50fb60f116f822840d

SHA1
f2486da277de22e5741356f8e73e60b7a7492510

SHA256
50e4f6b9c387adf4baba3377c61d99326cc3987928d8d60b88d1ac29352820ea

SHA512
5df18bbeabd56e70d4c5a80dee5b7ce48259000665941634937e556e3b3a1c6403aa45c410f6f755607549c9dd35d722987b447c50efca51228ffeca4628756d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
c8173f0cc63ca9e02c07abec94892b53

SHA1
2688b199cc40bb2082247fa451eac1304608e48b

SHA256
e6adcfb4f3b3bccd4a27edadc168b503c36551cd6b27fb24043efeb21f691ce5

SHA512
3d2317430722dc15c5d938fa55235af1caa03dcff7a574b44d37d89e7cf2c94dd2e84518b3eeca4a5a8dbec1b99d94aed97429aaf55c63998002d50ce9cb5019

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ca.pak

Filesize
524KB

MD5
d193a3ac614f64f4754c9df5cf00e880

SHA1
0da0f7c1a4048074f6fe9d70704aa93ff75e42f9

SHA256
4ecfa3785ab52564e0bd7dda04d59a30163561588a04f3bd1b1b71de051d2c53

SHA512
e85d18951f9a1a86514d577f9b19a4b3727523c15b4ccdd17217f6fdf69a0e774a36874108a05de1be3dcee1720b0cb19eced2d3283f57f41f5f9c5e233e1c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\cs.pak

Filesize
539KB

MD5
70f320d38d249b48091786bd81343afc

SHA1
367decdcdad33369250af741b45bdc2ca3b41ab3

SHA256
1c9448ea3aefce1a7e1491e73af91af772d8b22d538676a2beab690558e668fa

SHA512
02b08ed9261fd021e367995551defaf4b4f54c357409a362f4d2470423644913375cac444f62153ec2963a84880a30a36f827dbfacdd76a6222838c276cf5082

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\da.pak

Filesize
487KB

MD5
0e4207e2cf5741a8968617df9174a681

SHA1
bf9b7558141ad30bbc921992e48d48cd6d6ab475

SHA256
438d2b1fd396c2108ca3902f69eeb372219edd5d95fe70970d8ee9e64556c9a4

SHA512
4ed8368013912c408f7e5f7b4f6f1748834e5506307b92f4b669c557efd27363a55b4e2918eb7707e798878c9492b765f24ab9c90e843f54e8641c4646bc72da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\de.pak

Filesize
521KB

MD5
141045fc1f94f93e82db06db4f7321c8

SHA1
d63d226c531a710359cb65f4e6aa190f593b4d54

SHA256
47253e2fcf0e4691f29b3ebbe8f888a97b28d6aeaf73ab000857a6b8d0907ff3

SHA512
85c27fdc9a2cb9310bfbb05d0bcd668eb2156a37765d8fb59496739f6f1eae12afcbaadf5eea8f2db2ad8c8a0602f83500bff9cb71a429174a80bee16ec10118

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\el.pak

Filesize
944KB

MD5
16bcd10bc81dd8a5b3ad76c90cfb9614

SHA1
240395860971fb9205d28602d4d4995007ee5c75

SHA256
6a06d1d6b566214f7c3b693052beec488f7aae5ceeca26781a5d66fade39388b

SHA512
353a26b21848f4dd30b3aa1f4196b23571e177893ec6912db4570493664ed987e688fd66c04e509ecc58233476ebe59453260bc3569136f275fcd681ae54a174

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\en-GB.pak

Filesize
424KB

MD5
a1aa885be976f3c27a413389ea88f05f

SHA1
4c7940540d81bee00e68883f0e141c1473020297

SHA256
4e4d71f24f5eea6892b961fcda014fc74914c1340366f9c62f0535e9b94ae846

SHA512
8b6d67e09fbe7a2152a71532a82c1e301d56cdde34b83a9f17d9f471e258b255d5b2d4a0c39f38581da3a31cec24fb403156a8e493560d7206e1ec3db7e68b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\es-419.pak

Filesize
515KB

MD5
088de6d12071ea5cf8d4a618ed45e7d5

SHA1
f12a76d18b84b17906f5f8cfc78cbb370b026b09

SHA256
d1019c780e836e0c30fe01928d23ecdd0ca04ed8ee886adb3428e3683e4ed6ea

SHA512
8da7326cf99cce53d7ccbec0c177ff9cf6dc0009431d6c89b3e8f0475bbcd0dac4c888460b535c1070ced62f1bf1c614bb0fbe9c5583e66c42f30d6e025ed7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\es.pak

Filesize
515KB

MD5
d584992a0670c5771147c01266d17362

SHA1
d6e70e43585564d520e4b1777fac0b1e7bc6ed37

SHA256
f6a01c26bc18dcf701e1d4b6ff76602f14c4bb9adf9dd176c9107d5aedb4503f

SHA512
39db436a05955a3ad3b54ace4f2f0e8a313797d3ae8eda9cf1cab6f2ea1edba0a82c30f3b589b8c5399ed06e9fcf4ce9059d3d5a07472f05ab1f0819e42d5b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\et.pak

Filesize
468KB

MD5
e7ea23d6304d5d600d884f4e3b3cb2d7

SHA1
99fbef7eb1bde7df398cce9faf6c7c357769334a

SHA256
292eb18ec61502b0e952b447f73a66143c56dd95f170981945e5aab53a6b32b3

SHA512
23dfa1161d11faf440241b1f48f2ddbc8ec086a8e18da351734656551f0f54fe4c94b490c0d3ecc378a3de7f7713a1626a7a6c21da2500b9597b44fd08197d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\fa.pak

Filesize
767KB

MD5
e2bee9eeeac231de237100fae0aa77c7

SHA1
5e5eeb59656e2f8f4f62bc618966d38cc06a385b

SHA256
7a856070430e3cfad15b96b153b1cb483cca9a1b9a43453df3707b09c748a3f2

SHA512
5593c4a48e679f0f6283c3bca69838f581b6f928cc7170737778458393b6b85fab0e6ca390bc5da840f4b79de9e638015bf341c1a95e8f99770886f5354ecff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\fi.pak

Filesize
478KB

MD5
a9fc339d49ea069bd81380ae1fa0ef11

SHA1
5f376072f38e94e252d72c5660d8120a41d73469

SHA256
e6454458dfbe150112c37f8b02f8c72c593af22e8be16980ebc854ad113fb763

SHA512
3bee6723485a9eae4aa9bfd4e7fb490ce7a0aa12cbe41443b8bd28a26fe552cd31f4a1487bd98c6bc7774df1ea16b1de94ed0f52af59baf9e17b3db815404c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\fil.pak

Filesize
541KB

MD5
cbb431da002cc8b3be6e9fe546cd9543

SHA1
19fbf2715098fc9f8faba1ac3b805e6680bbcca4

SHA256
ab107369d45e105a4cb4f2f6bc8da2a8c1b6c65d5e94a7ab3e703e619c083dae

SHA512
3cabbfd021e5814587dad266c4f5c9f624e9d9278f22658dafd65ff2ad2bdc5f6df8a8672614b296cea826819211e12f8e77f183007c0a79075e2f0980b99911

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\fr.pak

Filesize
559KB

MD5
59e1e573153a209c56ae3bcb390b898f

SHA1
45f8a5469651c032c453b14bd68c85cdd6c75fc2

SHA256
976622fb851378f57f81423e5625e40d0753d7a5e34caed2c39e4b130a3427b8

SHA512
91f1b88ffb9f3362fbab7d607a68c4ca65e6b89fef7de0c986067ef7fd013c0ce35bce328ff3546cb7aafc296993e46a908ac506bb6a141088cfbc5ead948ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
a9e6d8e291ffec28551fccf4d1b06896

SHA1
adc9784433fbf2ee89bcfe05baea21beb1820570

SHA256
716ea0433e19edb5113dc8a25ae67c2587bc17c7fb63a93ac473bdcef8f72d34

SHA512
3a60002dc6a9008cac78bbc050fc36d1053bfbd21ecf4d0579b2780985d4e7a7aec94483d8b0b8dd7a899b8435d54a27bba68917a23945431183eda021722697

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\he.pak

Filesize
672KB

MD5
ec16b50e6575cd6863df282847cac3b0

SHA1
a59e089951c3a5dcfac165774c68651055b829e0

SHA256
c3955c97b6998f1806f8871fd3137f6f504bdd091f8bd1ff5ab8cd089474ae8e

SHA512
3c640430e3391be156aab26f6057e966348dff50ea946a02db947e2316d3a915c29f329faa26725a90af4d06ead7c7fc28cfa7573033b2b9546fd8e4d2bb7ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\hi.pak

Filesize
1.1MB

MD5
18bdd1d8d1d5c6a5fb2678abaa1ef6a9

SHA1
e40602e86e758a518ec70bb6a9cfa23107955301

SHA256
1f49622ec6682c90e03fc42c319074565cf9d3532a2a4e3798e2f6cc159b2e8a

SHA512
c859118e7c1be0642ba9bb1112a98a8fa7114a00711f578971a55aab7254b1ee9bb3899c852b79a002596f29e02f487267aca7033e38cbfd14c90b2989b9595e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\hr.pak

Filesize
521KB

MD5
d80178f9df2b72a24a7dc58b5aa13229

SHA1
cda864bbfc6935cb4e3e30a6eaeabbab5264d01d

SHA256
e442d083c32d752d1ef2225d84a4f1a91efab768e86fc63a7ed22c10fbf7e520

SHA512
c08380fc0c415a529a035e6e9c0eebc719766c656a3d9e3a782f21b4fef320688e1d11de8c3a5d0e59a102c9fbadcc960478a17c534500e137f4cb0e697ec9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\hu.pak

Filesize
561KB

MD5
0b62fc2b60b8a92dc506550339766139

SHA1
abf0b1ae99ae40d87f86ee04bdba467674fc1039

SHA256
6ca150d0fc35492bafb411bbc520f3b34da6399969fa9685ae74201623882560

SHA512
aab6058e2f41282ac5a9394cdcd503efdeb6b9eb8b9a64cc1215e31a806e60a34966b6823f91a97bfb81656d91ccfef3a226165811e6f4208fa436e1d04c1242

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\id.pak

Filesize
462KB

MD5
6a406a9adb5c25e35c6838828ef30c17

SHA1
2a1ea1dcb75217ace04254644845cd038df6a980

SHA256
af63384cf7d1d39e57decd823dff7538ab2b1e7e36e9ac61238477f7889d1d46

SHA512
ac7afa288b768a730027db0780b0f7c9f42ef990e4e22751ef1dc85e4841579a6e252293fb04d61b0cb591ccaa5c74d37bbd380afa15308c80ea32070019a361

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\it.pak

Filesize
509KB

MD5
e0e5580e8882f0eae4b5b21e6c7828d4

SHA1
51e32e51458b5839112ed9dcaf500403c45ac1cd

SHA256
a7f555e7e797e1de1a66cfca8c7b709b0e542ca62e7de96e034701fcef316d0c

SHA512
1a2a4948a5538158e6dab7ca7b3b780ec7a66a0aadb889fd451e07b32336ea08b88b5d57759e335fa967f3b4bb1282e952b97e496d798758159c70eed2e5acb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ja.pak

Filesize
622KB

MD5
dfd5ab27c326a1e1f87943a3079a2af2

SHA1
3aaa73a6668e1249e4d51c8fa8e0c6868fde9da6

SHA256
8260f4c9500b64d541386a8515fd0c9ddef82e3f044951b7b51a33ad81c1128f

SHA512
d701674fb6e19bcdf297b19a9fe3b81c7f446019a8c2fd3e90e19294765b1e8ad4f0e40e4bac65b2db313a4f83eb050b5871ee4d74f9ea372208b7abd76c524f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\kn.pak

Filesize
1.2MB

MD5
59e6642f09ce97cfa4a4173413a1b036

SHA1
777a96a4aefbe138f26c8697e66633452285eb2c

SHA256
58d16195170f76e40e18ee0ac2e10e1b73bcfd083821158927a7d67a51bcbc42

SHA512
66deb67a4ce1914f5f27bb6423e5be62e05d0a36320accbe653572a437ce033ed5d26858a62d8c57476b34e1718d580f34ab44a3886d8d22d17f642d70f0138e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ko.pak

Filesize
526KB

MD5
cd2310448ba6689cc73d0b2e6dd2791f

SHA1
7827179d3fb98a5abc2ad38e20d942b83b397235

SHA256
cba6b7633cce796407821264e176a6266f80c1799ade16bf16893d68144236c6

SHA512
c3069bab640ae43856330bb8b3a0e0a4ca058a68a0fc03b8efc0ce1dc2b517f11380fbc641221e29b4a527d685ece72107fb83cdb9b539390eaf6a30c21bf36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\lt.pak

Filesize
564KB

MD5
edb2c872a4fec5367cbe68035ef0ecc7

SHA1
b4d42bcc83c98dda1ea2ef962d097f6fb3d25c71

SHA256
1bd385b780f3d13d41f8cf782a322e37be889aee273ffde3d8959e0ebcaabd0b

SHA512
dd801a1aac2242e3f532e968b4c9639a2c8bf3eccc17470d9aa8bd6730ae4be3e7276fb782c7908bb6f87d3ade20a40c644b9db5d2201d96d91fd95ebdf429c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\lv.pak

Filesize
564KB

MD5
393c296fabe0c4c64a7d6b576d7d2cf7

SHA1
16c0605e5829cde9738e1cd3344a59b74fa1f819

SHA256
91642c04de64f88a5c49b4eeaf5d627554e60d56fc40e7cd58cd2601b0d3dbf2

SHA512
067cccb059d4526c104880a26ebf04c7e2498c49c5641abdc91785e859bc0be1475ec58cae9ad1eb076f26fb9215ac246155e123baa13c06a05e4f22a002c2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
b690b0f01954735e1bcea9c2fb2ac4e4

SHA1
8d98860e202b15a712822322058e80a06c471bb8

SHA256
83d187cd70048f4129fa65ba148c74a04a47ee1f14218e7c85b36fe83e87b5e3

SHA512
786f08019a0917d0b3f29aa2d1885db6a6f995990fd8faaf41a9630f8347b4d210a844cc6690a41b4af37d60e11f41fd2675df1a01bab5915e20cd9bc69b4541

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\mr.pak

Filesize
1.0MB

MD5
f26bc5673e02a93212220d71cf1bbac2

SHA1
8d0ab40fc2b35b75f99538951acfbf6a348c73a3

SHA256
0877f2e75e0b9f5e709f0a0bf7cc793a02ff5bbb28bd6a8b6b6012760c1bbff3

SHA512
9f3a629dfa116cd92892d120f0fdecc5f57043dad232311bdc8c218ae9317f49e655b8b8dc8399639231f2321013190a667d22b6b2735bbcbc375c438dce9aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ms.pak

Filesize
484KB

MD5
d22cfc1b78320157685839f14253fa1d

SHA1
0cfcb5c176d708e26bbca2427be611ce6609eb93

SHA256
c7b56e9ca2f75b4414c13144ff4deee1459c2a7cde79730d863ab234cd4c2f8b

SHA512
2eed40c50a63e362dfe2f172d16e4545f5b19c673e71db674bb004e4e6a4cf793ed4a44ee80d86b05aaa6cc4356c207476afdedc2b35017421ea9b9fa6ebc81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\nb.pak

Filesize
471KB

MD5
bf9bfdfab1479bb52254329d7aa229ff

SHA1
cd9ff35321731b839ea6e5f31f5de0bfb475666b

SHA256
96747543d9b2dbfb4482d4c24d7818d366545b2476633ad4fec8cc958ab760d3

SHA512
ba8e62d0a87c532ff46f2129724dd2f1bfdebd99c2606e0b9608cd07841776faeca15d04ec6241020c232d4c07809d718f40cf4ad9231d6a8996d55973486629

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\nl.pak

Filesize
484KB

MD5
b525894276852be4ab42ab7044fa164f

SHA1
d3d035522265718def8125f5c4a1d3e74832dc2a

SHA256
c7a18764ca908ec7f66c48cae2be06fef95213d7a5580b45f9bacee474456167

SHA512
36b11f1df92df27b007fd640b589c6b7b30cd889bc297635bdaa40bfcb4332ff20911edfd23ce74c1c8963dd658f77bf4b9af50d3c281717f58eb23a598783bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\pl.pak

Filesize
543KB

MD5
7b5d41611b92b24ec8b36b66feb11f9a

SHA1
3d6c36f404c29d59a24970585931860453f5c88a

SHA256
69e16e41f5fe7fa18557b938874f20cda6879f3cc616ead9a815c1381fe94158

SHA512
16ba52cc799132e4525d220ed595d3969d4cecf163ccea6b62fe2211003b0cc44090c4d384e9cc4e32800181b7f7e0810da5a0d2c908f4625ff8382cfa3c177e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\pt-BR.pak

Filesize
510KB

MD5
8dabbceb430a6bc190ee344541fa8e2b

SHA1
44c7da04bac8c9ee67c8d6a0eeb491cf7ffd2479

SHA256
6d54f87f6c8b5e01bd0da9a961236344e95e85c3dc55fc92a34542777d6f6275

SHA512
4d36d527f1769501d1fce208738028d5ba142716a6243798212d5a2403dc5c950dcb3399e571cf3a11b1f35d845a6ba6798c38074d0ed66c894b1c18ab800159

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\pt-PT.pak

Filesize
512KB

MD5
4816d83e54beaa2f94c671d56361c04e

SHA1
5cae66c0b7079d778ac87ad48777afd85b172d2f

SHA256
a903ca2a8e52f987e23d040de7403b58d925a6c39668d3bc0822fb2aadd34cb1

SHA512
0d3a39e1205ce9366818cb51d38db035b80448dc1e2d2d6bbd7d5df693641582043b45b4a78bbf2334159616187dc85a51e623bb6878b1498d9bc7acd2a6ffab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ro.pak

Filesize
531KB

MD5
938e62fca60d7b54e9c54cdd1f745f06

SHA1
5a61a1ef3ae855ff436c5d7f45b6ec271a5228aa

SHA256
82e69f505222125ea62f8e90d8030d82a1bd49871192cb4274a8fd9d0e03d577

SHA512
d3f43881fc951c961cfb34babaa6eba2aa9175865dc07542dc529ab1c11d15703c03a7e8193c004b004d13f0a0672bccb2fcdd1cd88f32add159c337281d6d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ru.pak

Filesize
872KB

MD5
9ef6fd52dec5613f9e80204a84c7f2ba

SHA1
fbb8c9db815126fca3c62c810432a71b6965f2aa

SHA256
d0068b9ddf8a9e6a5b1186bd0e00ed9f09224ed56ba7e653e2d54158d938c6f2

SHA512
0fb442ef86f75ca2cf58a677bd25ffb7c420f98250fac7f5f25e2272d4e7dc505a5f3eb3665b62bec189496154b05a1462b6f17a0e9aeafc1517b71e2d813953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\sk.pak

Filesize
548KB

MD5
fd001b1b02597bbf16baf3f0baf3c6e4

SHA1
e4c703fc115e02833fe08caab1e62775b5812473

SHA256
f9cd222838721a618c23c8f6493bc9699c795c0063998f1a8d506b4b7a297cdc

SHA512
0ee991da6b8ba1bcc3cc27abc645af43bb93edddbf182496aafeeb401d71ae10716335ee0197f1987c21b3abb441aaac968b9a76e75ae77fcba4cc48847f5b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\sl.pak

Filesize
526KB

MD5
ff14d5f9484350396780bea7f3bc64ec

SHA1
de097f12b70b552824de69141d6ee1969275eca4

SHA256
b174c4c49654f7d65d223568c700bfaace74238447ae63171787236ce2aab00e

SHA512
011bcc3980d21e0900d1da334a28b72623b22b527a4fc3d96a8f78fb055dc87cd1433a63d8b4414a0a86cf2ded5833a395214910b17433a0545e04d1ce4875b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\sr.pak

Filesize
811KB

MD5
5d70a218b7dcccab0406fa9239ef800b

SHA1
cd231758f84a0d56545d0a234a58757a18a58d0c

SHA256
a2bc6b064ff1f7b15707f61bd76ddd9d889bd982c4182e9e74272d39c6235c85

SHA512
ef6f71e0d9782b5ed6706d9226c1a7fb5a4323b8dc8de25737c7dcca87d04c16b545372127670de312079be993823f565de1aaaf5ad833bec5baa0856c19b0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\sv.pak

Filesize
473KB

MD5
a813b566c9e630910e6ca946defb7202

SHA1
2e25d2479715a572c096ce19b8dfd7a6da5339eb

SHA256
48a71912e4843b03358fede7176b2e57ced83d3a1344a92b989886374dbded62

SHA512
b348404135e147cef93c246c826107f9df170b294e9d0cbf576d2812d0ff3d2b7794ab5aba55cf729fcf7135a495d2ff591db62fa61e2998290ff02538a0e48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\sw.pak

Filesize
498KB

MD5
9808a9df2da0844b1ce1a2a4213c48d0

SHA1
541f24f006ddb3361ff1e5015f097ab799120fc4

SHA256
1949953d638f266ce74d84c020174c074780166b880e7c2ec38bc6047bbb8ecc

SHA512
66b256e02ce11ea0273cc5bfa78e56faf8b250208d1e868bf4af77cbefd1c891708573d63873a5d02436f884544a6550176afcd3a8220cd35d64b88987e94404

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
d50aa6815b63aff8c443622cb8bfd849

SHA1
fd247855e6e428109e7bf2e0018580cc6e0663c8

SHA256
6348cc2d385b9808fdf1b815914dbfb26f552da4d10f85b2613a5e6e9f95b8fa

SHA512
620e2f9ab9998c68d667e32ad9bbfa2569f7a60fbc2a67d7492c6c215af2a1037708e38b4ed7932074d29a140581fe0ffedddb362133a941966044b98eaa50db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
d262c33a8c2b4949dff36cc1980e5f05

SHA1
e1ad725c388c4a1a386b4ab6170601863c943c29

SHA256
09ab1ac2b69f868539d4f2e59dfea8c3c2f418a5455777e4c91d13c5ee55ab4c

SHA512
0202f6ac32878926422d542ea96b0bcf8b168f8ec6b928121c368711856fd5f4781a24b15851cdb5892246b355d0dd37504d4599b24e9fe8a723b8dfbfeed29b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\th.pak

Filesize
1003KB

MD5
a4d1594635d26330ace7054bc025b76d

SHA1
bc4874a6a3b1d1886f05858ef2f653ab3520451c

SHA256
f06a45f0395c3e42e42c46de2c19a2a104661b47be6f9ee97f8c68b05706ef1e

SHA512
731485b139ba0ed80dac5e582ec36f53a805a867ad33551741b805e851a9d2356fb1894232395d4fdb200defc988bcf6d51e58834b542c398c1012e389953a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\tr.pak

Filesize
509KB

MD5
193f0c0a8218f05657e2590ea4ee6004

SHA1
dd3ffd7f67f72de879903a231271c20aee56f695

SHA256
676d46d19d1673eeff4f5e908aec3b53a6273c440e69e7d655ced6c70531cb9a

SHA512
28606d710d44c9a82c2849fa5ef989bac1afab53cdea99a825f80aa41dbd38a9ad6f0f44935f45439922ca2bdddc89c61f8ffcb999aa13fa45558551d5216e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\uk.pak

Filesize
870KB

MD5
83e5f0092b6d72403b60fe0e1e228331

SHA1
989ed480b7ef55dfc9ccfbef1a5b9b0e104693d8

SHA256
29d68d90512ee9952635c7e074d5ab210531d93ae24c11a8f91bca20b685e9a2

SHA512
9895928ee516db7d4395b2788135a814031b9ba45e3a837e633bc253b08d6f380e4078d4d3fd51ae37502a39ff45a0166969fb62365e890f4960a51040b20941

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\ur.pak

Filesize
761KB

MD5
29403f3d5c8f6ae2a768de2fbe8b368e

SHA1
da83015565980ea1a24f5493be6311f06427269e

SHA256
2520ba8471c840aa075075524c4ad2bde10f43fa7a1b623aa14555180ecd30ef

SHA512
a0709280adec39633ca19daf9f8bac6c17a999101246778a63cd9e172dbea2f281b20ce197290c4af6c7601ee7956da42f17e31461a1bd8b8a4bce3c36dc87b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\vi.pak

Filesize
602KB

MD5
e088be14dded779f50feabc4906d5ae7

SHA1
0eeca2c7ea82a03b6373c84adf1a890f29e18b05

SHA256
25aeee59775ae38b21a091107022312fc228f96dbea906042bf3626b7cf86b98

SHA512
af9d1e415a6d06c28df9abaae1f337bf4dd3e323dfd5560df5fb35d01c6801b9145072ee85ab4c524c489fb6cdea956ce327b8c4f6820197d76fc2f33171ca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\zh-CN.pak

Filesize
435KB

MD5
d1145f2dcb13c5ba797df5a0792553c8

SHA1
e8d9604300d6413fc896d252a0261be2dfdebfbd

SHA256
6a9a1f5b7674da36f20cb76af7e3e75e9e56873539e8a3b32895ebba439af83a

SHA512
f54adffc7d40866fd53dbb238687116d46354f79580877b5d4d93840494e604deaeaeb7e825f6a00d020f3c58d1fb9df8af667feb64c86f243ecab57765623e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\locales\zh-TW.pak

Filesize
430KB

MD5
1eb532e97b84db33a50055bbd7d36200

SHA1
7aaf0560a16a9754059871a000d237964f3ab0c8

SHA256
6a43c8fac5a0ce7c7a21b30ac7bc2167488e17c81c76c00f0b92b49e9e46e469

SHA512
c946d82bd6ced6e61b35acaf7ace1a61f226c4891caaeeeec9ce4a3ab45e6f43c35dbb388d6d5fa925ed020d7d10f951fa2048269d0585ad3b723f5ad8f4eabc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
0e69910860463d5045ec257234bd8dd4

SHA1
33c923c33129d1dccf0bb2dcbe8af983a7000444

SHA256
1d241f5d4403a6e802e898c61e4753f8508ae4dda8fcb7750558ec1ecade52c6

SHA512
f6bb7c7b51bb202877739801498522095637caf8a03e2e1f2c6319fede3d3ca656f552061e171ec5e35e176c267fe278c326805d760add1371590bed58e12375

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\app-update.yml

Filesize
87B

MD5
fdeec0aa9f97f133e16f40589e9948b8

SHA1
53548b04a43fde239071ba6727c171561f100106

SHA256
7eae571d9702c2139bb795f8f4792ca399d44106022afa50a14ae852b293d61f

SHA512
9020b1e684ddbb9c4c7755d67b4e9ea9d28d35dd53db32ccc966c2c8b9704c70117839247452483d3fdb4d4486793d20374468e4031a933097b3f364fd94efd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\app.asar

Filesize
49.7MB

MD5
fa797f1dffea1e7337f840ff4408afda

SHA1
823fede1e4fd5a37f3c58242b1b5db8ca0a1aeec

SHA256
205f877ce31726095e217203b88a83b0101d7d476201e0c87d3a5013ac5443df

SHA512
120af462abb588a280d9ea32269c10c4cfa620fb8d92aa59213435b59e698b74b1728e4a10b16c9293ca0cfd5a20bbb2999338a9fcd239cdbc89d95e175a5e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\app.asar.unpacked\resources\favicon.ico

Filesize
11KB

MD5
f5ac3f0c5c49da87c78de4c2771baddf

SHA1
9cffd4d6ebf3d8135f041813fe1e653b50f62279

SHA256
b0a56fcaa91fb5436e64f2f35f918effe0c6a4e85aab1ee1942e31aba48ad55e

SHA512
4c1f753e7e006837d381bcab3e2aa939ed183845447152d1d1873732370d132c85ce3e410e86a2714d65da0a559d4fc1a4a137a269bb88a11f74bcdb9e2c768b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\app.asar.unpacked\resources\icon.png

Filesize
35KB

MD5
a2cf889708d9c4959c6808b4584848e4

SHA1
9b95116c7bb7f367985ff873ca690713b3f68746

SHA256
4363016ccf3541c84ae6a1eee83f507fb2b775aa89b9d6c8163875640267f9e9

SHA512
2f388a8ca8b74338fc7af7ce4e817f2f7517cf49ce55bfa26a44ea73ec0cfbce189c259d577b2e5e66e3af465936df021359fee1bb2b10c95c58f0712e76f542

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\app.asar.unpacked\resources\logo.svg

Filesize
7KB

MD5
9cef80399fdb41bd6717397a98800e62

SHA1
fe0928a8e8b73a5ebdd758aef36c9f575f3c5980

SHA256
f156acb49b74c7eedd669f9c025882eb6330526a97b566fa7eef8205fe331953

SHA512
0c56d38aa67954897b2a3931ba89b73af2434118c41586cb77490b0760e4b99ed71ca5722a713361ff41803c5990436a1fb53e50da751b1ff0d4520e958fcc09

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\app.asar.unpacked\resources\person.png

Filesize
33KB

MD5
48ff33300006fd1722cd9854879e738a

SHA1
f397956f7d8a89dfa6815b20700306ec0367f9f2

SHA256
34ecb7b51f126d459e1c5a5288920dbedcc211419df3ef75da45fa8fce87e28e

SHA512
817cabf4220b3bea38ab3c37357667363aa28c0dbe34ef66a07705b51481d832485982c89f8fddfa3abdf8b6b6ef812333e314dd8416f8963086609bf9746965

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\snapshot_blob.bin

Filesize
270KB

MD5
d20922aefcad14dc658a3c6fd5ff6529

SHA1
75ce20814bdbe71cfa6fab03556c1711e78ca706

SHA256
b6bea91727efb8c88e7c059856553d3a47abd883e60dd60efc01b04dc6eec621

SHA512
dbd63a9f01feb3c389c11b55d720b5d689558626041fb1dd27ded2be602e5e2a8d210f785fde025d7b9959f81de3df7fef06981269b58be564df05aec190dd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\v8_context_snapshot.bin

Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
583b1d71cd7b847ba02d734c508cd92f

SHA1
d63966aeafa951d51967620c606e9b97399699c4

SHA256
680ea3717671c896d516517ff322976ab708f18862135be4216a27ad57353dcc

SHA512
cbb0659ccac9344ed9bb151443a30c106711fa1b15234e6f1225ef28a679c6b3f0a24a6ca1d9baff46155c39ff4e08e3ac96e1da32d665be9a5728956012f193

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\7z-out\vulkan-1.dll

Filesize
925KB

MD5
47af18d68dc7cf271f0a92707f783f64

SHA1
64594e92a1cd7042cf6367b1843abed210db3d78

SHA256
d5df2f59cc8b32abd6178250e7d1370a7f37270cc727449e21778080b5e29cd2

SHA512
2e8fefeccc25e5fcb448fd874f99b8d1466a8148ffe80e1f6ac2105d18bb93e529681ff0ba38e515f52ed4df9ac091fee0782afe5e093fd83c3045a60409fc10

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv1872.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\CluseeSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2932-1197-0x00000235F1610000-0x00000235F1632000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads