7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
Size

78.2MB
MD5

0e27614e97ca6478de9fd6e7587437ed
SHA1

705dd819137d07e5e8ca98a08bd070844db2fcfb
SHA256

7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e
SHA512

eaadc4518a8e2aaee42ed3882d18521972cc553d906e7cccd97cde542cc8355434050783789455c1f69929eab6dafefc3adccff046eaa133436a017e338d5596
SSDEEP

1572864:1LgNzwtkFlWo6FUT9EFL0ofl+xiJP5pG7P0AvXPbNi:1LgNU7+KL0ul+3P0Axi

Score

7^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

TETR.IO.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation TETR.IO.exe
Executes dropped EXE 4 IoCs

Processes:

TETR.IO.exeTETR.IO.exeTETR.IO.exeTETR.IO.exe

pid process

4216 TETR.IO.exe
2244 TETR.IO.exe
2520 TETR.IO.exe
5052 TETR.IO.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	TETR.IO.exe

pid	process
4216	TETR.IO.exe
2244	TETR.IO.exe
2520	TETR.IO.exe
5052	TETR.IO.exe

Loads dropped DLL 12 IoCs

Processes:

7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exeTETR.IO.exeTETR.IO.exeTETR.IO.exeTETR.IO.exe

pid	process
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
4216	TETR.IO.exe
4216	TETR.IO.exe
2244	TETR.IO.exe
2520	TETR.IO.exe
5052	TETR.IO.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates processes with tasklist 1 TTPs 1 IoCs
discovery

Process Discovery
T1057

Processes:

tasklist.exe

pid process

1984 tasklist.exe

pid	process
1984	tasklist.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid	process
4620	powershell.exe
3200	powershell.exe
528	powershell.exe
4796	powershell.exe
3204	powershell.exe
1388	powershell.exe
3748	powershell.exe
4032	powershell.exe
4812	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.execmd.exefind.exetasklist.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Modifies registry class 7 IoCs

Processes:

TETR.IO.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio\shell	TETR.IO.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio\shell\open	TETR.IO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\tetrio-desktop\\TETR.IO.exe\" \"%1\""	TETR.IO.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio	TETR.IO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio\URL Protocol	TETR.IO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio\ = "URL:tetrio"	TETR.IO.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\tetrio\shell\open\command	TETR.IO.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exetasklist.exe

pid	process
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
1984	tasklist.exe
1984	tasklist.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

tasklist.exe7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe

description	pid	process
Token: SeDebugPrivilege	1984	tasklist.exe
Token: SeSecurityPrivilege	220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.execmd.exeTETR.IO.execmd.exe

description	pid	process	target process
PID 220 wrote to memory of 3236	220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe	cmd.exe
PID 220 wrote to memory of 3236	220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe	cmd.exe
PID 220 wrote to memory of 3236	220	7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe	cmd.exe
PID 3236 wrote to memory of 1984	3236	cmd.exe	tasklist.exe
PID 3236 wrote to memory of 1984	3236	cmd.exe	tasklist.exe
PID 3236 wrote to memory of 1984	3236	cmd.exe	tasklist.exe
PID 3236 wrote to memory of 4336	3236	cmd.exe	find.exe
PID 3236 wrote to memory of 4336	3236	cmd.exe	find.exe
PID 3236 wrote to memory of 4336	3236	cmd.exe	find.exe
PID 4216 wrote to memory of 1884	4216	TETR.IO.exe	cmd.exe
PID 4216 wrote to memory of 1884	4216	TETR.IO.exe	cmd.exe
PID 1884 wrote to memory of 1064	1884	cmd.exe	chcp.com
PID 1884 wrote to memory of 1064	1884	cmd.exe	chcp.com
PID 4216 wrote to memory of 4812	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4812	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 3204	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 3204	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4796	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4796	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 528	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 528	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 3200	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 3200	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 1388	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 1388	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4620	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4620	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 3748	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 3748	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4032	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 4032	4216	TETR.IO.exe	powershell.exe
PID 4216 wrote to memory of 2244	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 2244	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 2520	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 2520	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe
PID 4216 wrote to memory of 5052	4216	TETR.IO.exe	TETR.IO.exe

C:\Users\Admin\AppData\Local\Temp\7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe
"C:\Users\Admin\AppData\Local\Temp\7ba60c548a30dfd291328ea52c96c5aa5f3eb1beeb71f195802842b645d27a8e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq TETR.IO.exe" | %SYSTEMROOT%\System32\find.exe "TETR.IO.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3236
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq TETR.IO.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1984
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "TETR.IO.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4336

C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
"C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:1064
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4812
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3204
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4796
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3200
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1388
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4620
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3748
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4032
- C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
  "C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe" --type=gpu-process --disable-gpu-sandbox --disable-gpu-vsync --disable-gpu-vsync --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1940 --field-trial-handle=1944,i,14232425557551120865,17814425017111083755,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2244
- C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
  "C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --mojo-platform-channel-handle=2260 --field-trial-handle=1944,i,14232425557551120865,17814425017111083755,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2520
- C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
  "C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2496 --field-trial-handle=1944,i,14232425557551120865,17814425017111083755,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5052
- C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
  "C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --app-user-model-id=sh.osk.tetrio-client --app-path="C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\resources\app.asar" --enable-sandbox --disable-blink-features=PreloadMediaEngagementData,AutoplayIgnoreWebAudio,MediaEngagementBypassAutoplayPolicies --autoplay-policy=no-user-gesture-required --disable-frame-rate-limit --force-color-profile=srgb --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1944,i,14232425557551120865,17814425017111083755,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  PID:5344
- C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
  "C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --mojo-platform-channel-handle=1208 --field-trial-handle=1944,i,14232425557551120865,17814425017111083755,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  PID:636
- C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe
  "C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\TETR.IO.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --disable-gpu-sandbox --disable-gpu-vsync --disable-gpu-vsync --user-data-dir="C:\Users\Admin\AppData\Roaming\tetrio-desktop" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1272 --field-trial-handle=1944,i,14232425557551120865,17814425017111083755,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  PID:6056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc 0x30c
1⤵
PID:5496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
5c3cc3c6ae2c1e0b92b502859ce79d0c

SHA1
bde46d0f91ad780ce5cba924f8d9f4c175c5b83d

SHA256
5a48860ad5bdf15d7a241aa16124163ec48adc0f0af758e43561ac07e4f163b2

SHA512
269b79931df92c30741c9a42a013cb24935887272ed8077653f0b6525793da52c5004c70329d8e0e7b2776fc1aba6e32da5dadf237ae42f7398fdf35a930663e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
a26df49623eff12a70a93f649776dab7

SHA1
efb53bd0df3ac34bd119adf8788127ad57e53803

SHA256
4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

SHA512
e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
7a1e03fe1039bf494d77070f2c583626

SHA1
bb6b31d644873fea13cb3c37e6225670b5682c8b

SHA256
53bb6e31c2534c61d2bb23c0ef4d9550c1b9361610bd01ef1816a97297147ed2

SHA512
e45c36ab8a4ba0c84783b2ddb2c26a9ab66cd5d26f1f0999b1288656288b1f8f33922a92c05641e6dfad03fac708525a1a37815d8ce1088ed0c72217e2f82827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
28c65370f12e84b734af87ad491ea257

SHA1
402d3a8203115f1365d48fa72daf0a56e14d8a08

SHA256
4ea873fb3d77a2f8eefae82c943f621f16723516e181bde133568f8f0c91290c

SHA512
56eb34162b0a39da4aaf66aad35ef355a7709982b5060792e3b4849c36650725176e927815537ec58e7ddf0fb1763066b203d6b7f9d1b3dd2c8bc091c0c850cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\ffmpeg.dll

Filesize
512KB

MD5
416a20a41c14b60923349fbcaa884031

SHA1
21221282f9f860853f8f210516f54193620bf18c

SHA256
07ff3351c89fb76989e10bba4e3c5ff0d5f3a1eb580750e89830eb175951ccdf

SHA512
6e330018970aa1b40738307d2470775c38f54add349d2d1c634546569f11ef4da771267d6403a7fc35c1302916709286954d8cfa2d47f8c3b1142e20469b8cc1

Download Submit
C:\Users\Admin\AppData\Local\Programs\tetrio-desktop\locales\bn.pak

Filesize
1.1MB

MD5
d179d38e8b9f7e60a943e2fc9f9471ad

SHA1
8d109081959d194c82b89fb25a514a65233435a7

SHA256
a45279ccc13390e0d93cfe1e33a7f276a5d9e97f6aefa6b6e14ecc4289703bda

SHA512
fa6f3e45f40e1e48f191e4a65f5d15dabd7058af4537eea3e34998dc67dd250b00e52d1f07b10a73a67a15aada4523e50f40160d98a5f37ef4684a30ff338468

Download Submit
C:\Users\Admin\AppData\Local\Temp\14cc63de-1ba4-41fb-b98a-7f0329640ff1.tmp.node

Filesize
95KB

MD5
e9dd3524a69d66b498da49581e72b70b

SHA1
b6ade7129a96d3be63d01da67f3917451b4eb999

SHA256
7aca2ed3da7e033d1a4251f7a92b774bbd8b794734ae8bac750d86dbaf62385f

SHA512
154c11f4d78f160c76f5610e3efde82eaea5159fb7eefb0e8bd5da129a0fecccfceeceb4102488ba36d881733f808959c57cf85dd150232d1f493f08d3d2a929

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b30d1yzq.lmx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\LICENSES.chromium.html

Filesize
8.7MB

MD5
bd0ced1bc275f592b03bafac4b301a93

SHA1
68776b7d9139588c71fbc51fe15243c9835acb67

SHA256
ad35e72893910d6f6ed20f4916457417af05b94ab5204c435c35f66a058d156b

SHA512
5052ae32dae0705cc29ea170bcc5210b48e4af91d4ecec380cb4a57ce1c56bc1d834fc2d96e2a0f5f640fcac8cafe4a4fdd0542f26ca430d76aa8b9212ba77aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\af.pak

Filesize
478KB

MD5
9554e414159d76754147d7e185056094

SHA1
e0fb0c95cef8e8d1ebeb11a6e2ea03b9067d799e

SHA256
f402c0d8494c9a2fceedcd7845ddf43b62e7d01ddb1d9c8e132efea83b724824

SHA512
9e8b41f69605d7bd426243e49b0f22347b211f7d13038ee6350d86d06cc7274bb2ef1918e27548802a5437903a653d86fce85338fa97f8c9642c0e74ed59ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\am.pak

Filesize
776KB

MD5
92ffe73f193d41c5a90303955b2da67f

SHA1
1d4136d8bb752da2834ebf0f4f62de56efefd78f

SHA256
325dd137903fc0d9e5010a62a314d9c6984ff82afbdff2254f7c48bd03dda06a

SHA512
6c4f0aac10276ab84ec4e63ec9ad0e20a1b3ce9d2368ec966cc6471600c3d28df8f9e501b4843bafa5bcf2aab57242559ba430d58853180ea653afbc8f468e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ar.pak

Filesize
851KB

MD5
7608398c66cd0b55396f7250b3c8747c

SHA1
7e8417dfc7055fb9ecbe7cfc97a8aba0bd5a0e13

SHA256
3bb407fa588fb801ab241e8dda018461b54010a38648c3acc1e3550c0dfbd75a

SHA512
5dd757e4f114782eab9ab8cadbfe3179ded594285b3d0f7f6fa5ca50d80d866e7c8ff6a1f44deba8bdf09c04106de635c1da22597c008023b1fdf1cc747b6f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\bg.pak

Filesize
885KB

MD5
c80a2008d9f61c182430a728a6e059af

SHA1
2f2aa33573156d9939e3fc81f8d81de4aac21e61

SHA256
5947f567ce1f4ab945dc6dab1599422d412f4417b9097905150d669122e43f7d

SHA512
016ce835b6bac4d5b38d72c0b3adf4d6b4e0ac04677d70c53e5938acd28b12220d2878bca7875471d008b779ea6ab4972a9875b44304e867d0bb5e4318c0edc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ca.pak

Filesize
538KB

MD5
bd846046383d64073da6eb192f5cddb1

SHA1
6dd4bfb982101ecafc14eb35834caa1fe5b1e3f5

SHA256
1dca9a7fcd850aecd48288999b436ff7e70cd4a96f47b40319759a800fb8eefa

SHA512
521ddf6e8fb444b911212501825392562af14cfb5b31a80707fdeffb13c8afb04852b0e3f7e3363a1c3a37c5c35bb1cbe84b458e14e30b5e8d8cb00a6a349ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\cs.pak

Filesize
555KB

MD5
926b4d7f540ce0b1912e5fb6383dabb7

SHA1
a7adbc83ef38092a90d964d61359a6caa1253090

SHA256
2964edcdcb27b2edf73515615501d8af28ad94b5dd31d2794f2624808c74de38

SHA512
bf6160e46eebf16d6b6f05d330068fa226118457ff03277b59ed4e1a6d2d28b212155cae2f48c34adfa81d20ff71e4206f25052257559f4768323b342dd16278

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\da.pak

Filesize
501KB

MD5
c54edb2260d2b907049cdd4772d5313b

SHA1
a12f623e6310b667a9c38b4c9143920d08564377

SHA256
318a9ec9e9fbe35d5d8cb9b719ecfbe1ecba9d8f246876c949c082107b439ddb

SHA512
4eef045080fecaf55bf2cca7d72d039b7d7a7b28021b649becee320a3a8c0753f4e0e5f869a188813e746bad05fd08c726b5c25f40ef9555967fafd93f7f6989

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\de.pak

Filesize
536KB

MD5
5a252c49719970b8fb33fbc8ec98971a

SHA1
931834866af36a9e25582a1f631a8cbc965a8e84

SHA256
d5746f48800efbff7db9d1bb8d6e5a5102eb7d79ae136e0485fd427be1ca63a1

SHA512
d4e6ab68d0b1a564b886c8bbe60e7bf67c3f71e6fc70ed5bfbb63a974f72afce62e03559f29f46a424908c256e990ff6cebeab8fddfbd79f6deca997cf7117cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\el.pak

Filesize
971KB

MD5
35ba1b364ecfff6486daed2a33cc6431

SHA1
b894b392d400fde4d35bc3b4edc130853cda340b

SHA256
c0434492be64b08f9ad00bc7cff65314822406dfb0c591fea0df6af9b6fc89c5

SHA512
5f5d2cf1d5c8158c62fe310338bfb1c9683ea2f43726c9f02fe6d2c29482e3211fd3d61a30dc0cf738549dc7047dfce0dbac36b9d22dfffb558f118fdbb3d856

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\en-GB.pak

Filesize
436KB

MD5
a44922cb4cd8816b9ce3d018dba9e6a0

SHA1
2ed3a8bd4a11bb89d3699f583372ad7aecc46ddd

SHA256
e0df967ffdf872f0a9589a0d74d68a742fa9b956add7a6736b82aebd9e8f02d3

SHA512
461b04a170c562382f6c1022f881db9f6928a36c962a2e3aeabee62dd4c46e08b59ef33a2d1d26af21dcc47d00b0c51e10b43f14dcd627f84104ab4f31a9e526

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\es-419.pak

Filesize
530KB

MD5
763f8c8ce092a3d64bbebddf4169e108

SHA1
89f2834c1b4e3f84870af29650bda6fe360350f5

SHA256
0c816f00b15d59809d30b6611aa455ea1bf8b022d2f887137f1c9d7a5600d5d9

SHA512
8401cec52e80a5136543473b317f0e2d920008c83b9667605cd0deb9fa5f933deeda0aa475b436520001c6a7c91118a4d9b11e28a9f4b31271662780e678dc06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\es.pak

Filesize
530KB

MD5
f6f452e9fe45b56b489b2e99c99848d7

SHA1
c64384626ea966d3a24dfd4d6c2f42c1cc082d2f

SHA256
54f85551269c8b5f3985a09d313fdc04c4595e5058163cf147ede049b8faa605

SHA512
f3c50308531f9654ff394cbdfdcc6029c60dc6659fe60e0326b4855a31f3eedc86f3df82a96a9e7691d12c7a69079c4abe2722f599aae29f48b291fb5a39a3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\et.pak

Filesize
481KB

MD5
97918bb7b36900705b1a53b7851db6b3

SHA1
f8cca656478c6e15baa8f344dda2704087f54776

SHA256
8021814965878c4913d1f9f9d226da49cc2a37746d976f3b84aad7fe096fd14f

SHA512
6daa8f56c231cfd7dfc17bb5d5c56afca9490f953f22c92365a1f88e995c3a1705de98a725177001bb449070c860fd1c843ee0a499c6dd8321f2e6f4cf914da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\fa.pak

Filesize
789KB

MD5
04f629bc5fa6d761f1d7b5dc28a6b97e

SHA1
d80f74a2b6508bae49b8344809062b48dc2b2dc5

SHA256
9b5334e4883a716c5616c859889aacd7b179b30ac65e5657198eb4e877700f81

SHA512
ea412096170ae29b33f3d54f17fb9f2f5a41035df56e2af9596ec7c15422277943c5c651df6b3a232aca4e979946732bec496da03b3e47e0d4629675751a4c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\fi.pak

Filesize
492KB

MD5
3acdfec7edd4d3eb473f0deb32713c14

SHA1
41fdd4af5f9fa78f4f81d3996ecafd69587f05ef

SHA256
4bf099ac8a76449bf597caf005790f5c02efd533b9a329c5fdc460d38f77607e

SHA512
b167caf1e5ff38b0c80f891715866a7754e9bf3f1479aa1faa3cf3e8ae7fe9b71a87109239750f71855330b6d20704b43e814f188672aa52a5dc6912297f1997

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\fil.pak

Filesize
556KB

MD5
89a63085d14b1b80f259e166e6ffe56d

SHA1
d1326c879a6ad203489226f7c5be08c897be71ac

SHA256
00b8cfe6131499a8a67a51dd8560a965a2abb863d52635dd3931df0479c3f5ee

SHA512
ab48fc4bc604648b4cc010a530fbcc5138b9d0a0f09398d2a69b6219799a43a052722c47dba96c9d001b4f6ddd491683c0a871c19ac2abc12843e68f9d4c2cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\fr.pak

Filesize
574KB

MD5
6708a286a0529ba7bed9840d53035be8

SHA1
af289ed518d9d90c75b69a870615e3f475c5d0e4

SHA256
7169684ff44f342b98648839b8963916f7323115dead332c2471baed6264b80e

SHA512
b329798fd85eac1505d0af5cb827ba11a5850eb926be39b414c40b5fdb56432db5f3dbc45237510bd4d1174c1cd62f623c6cc8ab10eb0ca51dea5d5487f0b0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
ba34657d3f5ebe61b36a807c4a053d72

SHA1
163875c4ef39e3473d9d5aec4b6273f34a90a02d

SHA256
8c762963cca8eef2cbd39bd7bcd8b809f3b57a75353e687743894add9c19440f

SHA512
cb1c4adc59c3e99f819645ae84e3e6b601b340e05ae2182c0b1568bbbcd3eabf7bf09ef34e5d0757530997d0734dc52dd744b8b0edbb3702a3c06e29ba7f0c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\he.pak

Filesize
691KB

MD5
c47322869b458a1cd231f3dc385f80fb

SHA1
4155444dcb69c5b64711139cadb32a6df95ce3ae

SHA256
9e5544340da0e0aa28298e68765716a3960a28e50d86146b5324fd70fd756b41

SHA512
ca4664a9acbdd5896c6a0921e09d99f1a7ce3d7a80338c1a4310ad499a5a2cbb60ca074a02fcff128789da0a4cf82d3869f83836ae3ae3171085e58d6155fb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
6d3ce5a6049eda31ecbc55a9d3abb163

SHA1
100afed265c77a20f6636a0ab48c8a723e30b087

SHA256
8dae029a489f1bd7530650a9cb1be1f03741e1d7018503feb3c78759da8af531

SHA512
3668952ea707da9ee8fd3753c04d5dfbed97685b76dcc75dcf8d6a3699a832c3ff0db9cd40810f6ea9364f2b7aff4b1cd68980c74b59808fcb4900a36d933bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\hr.pak

Filesize
535KB

MD5
2f7462a076c14f2c2733a41dcc5ecf1b

SHA1
c453dbf62d1cfe85adb64ae374b6a79cff2ef97f

SHA256
6dcc7d5d771475874471b78ee84db0230341f8634f4b38a9cb90c37226d70b00

SHA512
f1df750b779c908547a38b49bae0ed8734fe37cd96d3502186926e6cbd657c248c528cf9944353dfd26695ab384f17f22f0bec251e65a20906da4d67852cc516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\hu.pak

Filesize
576KB

MD5
f55e37076460b2e8b5ed0f414618d256

SHA1
b313287de6197f1bf9f9770e3d2c99e70c4d8179

SHA256
61854ab102bc57a7ad7b85a4fa008c3f071306838ba1a0491f68c19153decd49

SHA512
e8121a064a3209878f24c33e9c20c810c56aa15476909de1ce076c80ef635e69a60ac655b7714a116951de5b99bb690827edafddcd5e6b00ee6310807d78ce58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\id.pak

Filesize
475KB

MD5
260d34aaada70c9d491bfbedcf5ca8d1

SHA1
5fa83a3e53e6aa9eede9fa34a84eb55ee8493314

SHA256
64a8a25717ffae1855114d84b02223ad5b3963c1c6a21c826636146726d0a8a2

SHA512
a19ec6fae22689a8f851c1a782eb748ee9f38dfad89f05291c01a6070b24a8a02fac4bb4a441421f411966e8bc08e996900871d498efa307ac1793191710ebd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\it.pak

Filesize
523KB

MD5
cfb2ddc4caafd038db00c1e7378d316e

SHA1
2573f32a41735efde916f0a73b415ca689c0dd36

SHA256
9395bf9a547561df6cd20d8e076452369cb72184f215448d1acd802dccf3a47d

SHA512
8a02ca980a8de8af8b179d610ff25557f81f67bfb5a9f82511641ec87b378a2ab7214d5ec681797acba1a865bd726cb9c5f609647ae6ee71a393b7e16fc06f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ja.pak

Filesize
639KB

MD5
d84e12cecf6e4355933ed68816f090f6

SHA1
eb35ef52f341442dd887d43a52af7f02926d5288

SHA256
8de18410e38f4036367113bd4ed253a4957709d87e0aeb11134742bc89e16d62

SHA512
9dbe703493acb7b48ee1dbc4458ce0b9d757419e3fbf01379bc8dcbd22cc30a99348f7cb96840c19e873d6d97bb4d1a3baa4fcd6e0d332480273020a6e13a375

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
a4cce1cfe646eb2c268493603dcb358b

SHA1
aa19ee1cdf8776d07bf35614ff063aed5a798ef8

SHA256
01250aec7310bb59e0e847382325f940ea2cdab00369c1c7efe2f340d01ff806

SHA512
cecb7794a288e879324e74e7522bee61a43072ab58a289b686f1d48d98fe9a0d29a5505b8c891fe411b823c3d8366d6c1cffbcc1deffa6c7d3a04339a769dbc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ko.pak

Filesize
540KB

MD5
c21dde26f43530135ef37323b00dc1fd

SHA1
a118e9713b155bd2999f04c3075f2e1bb05bffaa

SHA256
ff88b56be0614232947bfb07e6beb88327a18ebec98cece17caa9b7cd8e6dd24

SHA512
0db144f03992c41c3703719e985183a6ec988265e5a629d09bf683d9b208656d605565d6b5597cead909c814f25ce200739e65b1327172afe10d395a5018206c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\lt.pak

Filesize
580KB

MD5
93a0a8181e8c251a2375645a552293d6

SHA1
57faf2e9f965a49d5294cf9759b9b50d87c2ad1d

SHA256
f87b2baacdde69b2b24dc7859d47bad0844cf4d275072812aaf4eedb10318450

SHA512
51e1ff74442cfd51fd2fe218755335ed99e4850c8266425b8d55aa0abde2712ab765ff909d6ee620268ade9d7b51a93be659d6a52143da2abf4ec309bbe9f2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\lv.pak

Filesize
579KB

MD5
07405dc51eddde72e367737c093c20db

SHA1
c66b8eccf167060c43b3c53631fc0c95b3afe05d

SHA256
dbc860a35ad08e4f502b8784ca1548110d3c7334478f6c392db42f52cb3074f2

SHA512
98f276fc137d6592cdbc1c804dd59983e290409bf7908137627ab114ab485e332f568d28c60a35d1dcb3d9753c2d1740065c654396af5f56f0dd5e1dfcffcf71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
70c0c80fdfc006be0ff502e0e6115b2b

SHA1
43f96be4652ecbd22677b18ffe2260b79bcca19c

SHA256
878e268428ec7aa51105c921740931c545d4ba6a274b367c52675c90741d23bf

SHA512
c463c5d91b3cae6b2c70ef6b7e3758bacecbe76088d813e2632bde7939c1fb28bad3cccf914a14861b8611a490ea74ef2d8d10e7336b203d12cee9904e8f9423

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
fcaca3a4264563461b42b16d8fde4b02

SHA1
af37d4e73588d4a6d3d52f2dba67414393c9b168

SHA256
362df1aa112a0a521617c0496087b3547a242eb79a5416b8414c5798f31e187d

SHA512
9114dc4e7da2affdcee5c86b1f1f78e47279c31d0f76c8deb1eac545e0268b9592463bbe1a4b433ff4fcab1ad4a596655b775608515bf7455fda550d3bf47b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ms.pak

Filesize
498KB

MD5
578dcc1aef901d00a57f2698a6e15826

SHA1
4dca370c3b22f9f54a62d31166a84848336a8fea

SHA256
e5e77421c5fca5b1eaef96fbf33c345c63119015986163cb43d65075df6265d0

SHA512
073aecedf4132faef7e896e6840bb6297e866a06fd65a7490f0a61179013f27b6592a4fb2be91cb5e139c77f6db7695bf60e5788154e51c9ab7889f6e7040a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\nb.pak

Filesize
483KB

MD5
c2c49ebaebc448cfeb7933ce2cbd6ca6

SHA1
c3efca0fee40a3daf7d69768d7659de60b3e2c4f

SHA256
67d997fff8a24eaa030eadede7f5345fff5e954e96bc8f36d399839bed998774

SHA512
c500bc1097ed9077742c5708bd55dc4215c45f751522131b8203d7ae802d278ffc3a9ef607325bbea5b650d594dde0d74e7fa4502e1a0f905534c32fa1521bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\nl.pak

Filesize
499KB

MD5
9229e4ded3219c948747a4dc9a6a5e32

SHA1
9147b2f2ac3837588aa3b71eb4a255d29cab0e74

SHA256
d88b02d74e01b9350d3ac9c48fe08333ca9c68e3e3824d64fae86c5b8b531feb

SHA512
8a81cefd9fa718b18de87555cb2d5c8e87ed14921fd3a0247b47988a1f3896d63b16dbf86fbf103097c73181473c37393c0f4e9e0a07d95d847aebcad526e8e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\pl.pak

Filesize
557KB

MD5
ab94060826404cc09d5fed31f63cec05

SHA1
20d1cea9d2e60b9bbd4fddb38a652856a3561008

SHA256
03258ecf731487231cc7eab8f6cb96e92b7ede4cc5b63c3def6ba08e0f16da10

SHA512
a9ec28912bdd2b8b1e1b3fc4d5c76139253ee4ada8f0d562ecd611d7366b0cdc97c379c5ae93c9db69eb045d8834cd0e1e0ba84813ac0071b5a2bf6cea81173e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\pt-BR.pak

Filesize
524KB

MD5
f18cae95b8bb6760d370b435235c5629

SHA1
eb62bc4249ea8e5688c67aa65bfa2b628fd5e1d8

SHA256
952234ef1d2792204f4e65cc814e9fc6dc007610668ceffb980c74fc0167ba0b

SHA512
218e9e4e59c875fe7931f16e6df877f67b8466a5e8a5565a1cab0f091b40b0652eefcf205536f5f4b8697966aa201092c26249142dcd8b40e055529e23ef7819

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\pt-PT.pak

Filesize
527KB

MD5
4aa908b531adedb0ee795704ab72e248

SHA1
2ea9f4a7e561e70b06b675b3fe35ccb0f2a12fca

SHA256
72ca754dcb34c54b72087ab7fd5a4a3fa03e09cd1ced906d99d6525c7a19ee9c

SHA512
7d4a1add737136acfc7ed7848b0ee54646d5c8aa3a54addd7cf0340ebf42b58f6ce2eff56a2ba94125475e7b64989d06fedfc8b1ee41ece63b18b1f95686ad08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ro.pak

Filesize
546KB

MD5
36f8327b36f2c6c003f864895968af2f

SHA1
248d88aa9fe46cbcd013ea7d7270f8483215c073

SHA256
6343589863bdd2ae81ec9c33e335048fd8792d2c2e8872f91f7a325a1f0d97ac

SHA512
bb03b5af3ddf676dadb35d5b94f40ae1c95cba2e7175c87d128c319e0055dd91f412883daace89fa33a17b9761f1cd7bccdf261b16ffadd6e10da594445c2c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ru.pak

Filesize
897KB

MD5
a0072d84d1bcb2fa7bbe7ae4e06151ba

SHA1
b9227c6cd4ff9f6db6a8edf694c444beccd369f6

SHA256
8c169d6995d97feae8b8ec947be27697ca0ff731b593fff36163e4f31969a6fd

SHA512
fad335e81a24427f2b0a2853733da94c9839139a7982796bf742eacba306ecd9998914bcac49b925d5bb18953091a4dcc62ea6a628fff125c086099cfd33e3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\sk.pak

Filesize
563KB

MD5
e9bb6352cdd0f1c2fdd543a48ba076fe

SHA1
50053620d7be5566bb3ee588feda1a4daa207672

SHA256
441155d63257beaac9e2998afa1a9e65957286ed1cd9e0670072a63e24ff3f8b

SHA512
c1f87c7976159c8ff3e28185adcabf93d47ace0dc9b95fbaa4d1e5ed9ea8257263276880486a4c17a68a5869e6ec640eaf81f5ae6c4481e351e73e7b4dd9dd9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\sl.pak

Filesize
541KB

MD5
299acf51d74b95ae4272730c437763aa

SHA1
8a0ff73f37d830b6677e514371a5825631aa455d

SHA256
26e29cd70c4143d7e9fb65e86e02c9173997f2fc062633a5edb2b7df55942157

SHA512
d7d298a4eb476a3cd4411261058f6f9409d0dddb3756cdc1e27e64280efc8b84fe40afbd92c754d56f58ea333623b0481766320b5969f5dd71f0c2a93be8ff77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\sr.pak

Filesize
833KB

MD5
02bdb4d99bd466eed5fed3445560d52d

SHA1
c24e1895145b3066840be0d349f5e866e46e2a39

SHA256
ac09005a83d4ac8f61855c7e301e48a753d2f3558a04cdb94f23b539e2086e54

SHA512
fac7bcefe31f41b6e37f215f271b33ab21dad281c1b0bdaf28769c99e31bccca625f213fcfd7c0047b3e2104a8f51b2ebc5fb374b32f58ae22c4130e315aee1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\sv.pak

Filesize
486KB

MD5
eb39645ebed4f980ab12585feae2f4b5

SHA1
fc7c471b93f59bef13f7bb4669e683385a8b9dec

SHA256
ca34ee1c147358b5e32b5829acc0c355708925dc8df91c21d8e495c7485fa5c7

SHA512
5fb25d7dfca3483967a5262d2c62b5d37a192f5a7a19dcf6722a9a8753e299e567bf7f26171859c374c8d035bb521fb4eddc4821aebf9ceea1253c63e1595c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\sw.pak

Filesize
512KB

MD5
e2958cf2ab6cc74551c8360e6cc34333

SHA1
806aa1129f228ee48744cfa55d061149b37522b0

SHA256
51482431411be2d89bfc026b9acf9ce1a0fb971376468a47829a15392b47178a

SHA512
1f5f306b7233279800d18fa461f4c94ecad809b2bb7c292fce16abcac2e963f7567a86e43a3c950fc86bc73b4fef8451389fc57ac6750fe7546afad8ae00f589

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
474a2016df48f886e91fb9fd331d9bf9

SHA1
2548525143292d7d150f5014b44ef294ba7c4189

SHA256
75638ac7fdb226c0840d5c2edf763bae35afa1f47e89199d9724ff46c003a2c2

SHA512
a4c2c2c046420c77948a0479cbd2be3aa11c1b347eb508d020231eece5cf0c2cba8d4f6a0e9f875dece4a16413157fd9e9f1cf09e1746335eb11e8f8590cd013

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
1f20952c1a61fa6e42a7f055de8986ea

SHA1
301ec89ca80695865d884927c4c07c6777fb321e

SHA256
caeba6c853a0ee12a802fb9f610a95c676071414c1d8407d18b05f2fe8ce6bb7

SHA512
c43f5316dff21cd08f86e0d3d7c407449cdc751ff466683dff9a51e3a07bda203e8e22064bf240726e6e389b661d6dc2bf5ed5dc42750539990379e513228d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
7512a162ea0b65dd9477ac8c190136b9

SHA1
ae5fbce9516882a0d58da9ebee3c767c7ba4c305

SHA256
d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4

SHA512
425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\tr.pak

Filesize
523KB

MD5
4727af70df9094888ba46f3a62eff264

SHA1
d2ead301efab607d040c69c238a06d3b4d080717

SHA256
026fc65ed90fe356ce2b5e2b459a4487512d89e48f0ff8b044d6739ef51c1658

SHA512
5bb8dd6ad100581a7e0cb87b57e054ab23551c263144f7ffebf729b2280a1bd95e92eba9c64b80e2f77ce59c3c4315ba2b5253ac83dbb540828e7a59a70e74ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\uk.pak

Filesize
896KB

MD5
7f8d31b43f7319164bc0f6453bbaf007

SHA1
4be254da0ccb13040489403cc2d8015f448292da

SHA256
e33b1a611feca93d105dee7c867521b5fbf27da38532ea3ca0aec61bec7f6108

SHA512
9569bd24aa5d2f9b0a13784f5f3d98e636f72177c7ff7a14c7d390f1d5f0b39ffab512276f70e4d2df0d37fba94a2c2322a840ba303a4cde33ccb20f7980395f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\ur.pak

Filesize
782KB

MD5
305d39b5de5a1935d786da4bfc736dc5

SHA1
8dd952fea4dae937b9f87d229638cd22ca197a8c

SHA256
b551a93a300ab78ee6da5087ea417584c4fd3941fbac99c84c9c58be2c88a7e8

SHA512
d75ef12a56c2dbde5c7a1967297270f7d717a366776f6b2a316784f033c71fcb9d25dabc857398e8459d8ac40aae1bae59e82f551e00e9b96bfbea00a54fcde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\vi.pak

Filesize
619KB

MD5
593d33203c539d027c5b5bcc13bb38c9

SHA1
2f6288bc43ddf31e49a733af97e3e9e2fb8a2940

SHA256
d435c4c7154c24982185842a09cacd343cea77a5eb7fb859c4d38973cf240a42

SHA512
7c41c74f7220270da242562b93db8db053c0a7b08fdc1864d063706caccbc6926f288ae6bff1de43af656af67fcf2d8ad57f53d791bbc47a3b29a6a0856a68e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\zh-CN.pak

Filesize
447KB

MD5
156894db535f0fbe193d66c0afb4b112

SHA1
e347caa3c41ea7461c217c029dbca54567fbe27c

SHA256
cc5a411d3bf0ddfba9e5041dfeeaed70265ba949f7b7ccba0170b88e3e14ceb0

SHA512
e81a0968598536e91c17a1998682cb5fff42bd3199c41b64e2d76827c96b187e8f86182843c061735dad2b7cd5e32750e473c1a5f9c82bcc0dcc30f1bdb8b806

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\locales\zh-TW.pak

Filesize
442KB

MD5
337bba163068f2dd7ff107ea929c8473

SHA1
536ec5756f229696dd6f875180778afcee1966fb

SHA256
58753d4313ed7f548df16a9cd9aa1f0e30cebee675a76b8359ed23fc95825574

SHA512
000b98249d7b0e4c7e463bafdf827e3dc5afac447750320d6344c984f4ad41cab5795861920525f03dcaeea5aa3615684101b08bbc103d3ba01065676c8bd64f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\resources\app-update.yml

Filesize
96B

MD5
49f65d8987026e4026154578a1bf6f4f

SHA1
fc68a68fe05bb865709ca1a4d69a88280fbf8b16

SHA256
2da7ba3ba3b5d212feda18dde4f530478d8621829aec676ce899387743185e58

SHA512
d5745b12e619a8929f0e54e542558a7739cbe89ae3545505b6a66bc9627b4ef367b554cfdc68dbee276bf493aa8d1708768535e651cdaf9c0585c57c0533ba62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\resources\app.asar

Filesize
25.4MB

MD5
7dac1847b3675657a326d759218668c7

SHA1
f6a68097e9cf5b721297f7f968c97be37cee5180

SHA256
d1f6c74127947e7d33c0ffe399129926edd43cca304e8ca90c0a4883c5d4f6b5

SHA512
91fe17dc26d3af1eff370373e73a0c606138f33031195f1e1763dac4ca133d3bd78c1b468f2118e9b668b215ab8de863d5bd050f3ae9642ff672629ff4c87465

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\resources\elevate.exe

Filesize
114KB

MD5
f68aaa83f9b41ef5a4bc6324cf5d4c96

SHA1
caef01466800427b22693f31b091c7f9b0c7f2a7

SHA256
1556b9e943014767551c034bd2c226ca0288459f160759b6ab2a9c122de07ab3

SHA512
2ab66a71bb611401b3b024af56293ed9257fa9581a12dfa9b0c6d6f270060768ca6d2384bd76ee61f5cb7ebc2ca0c7fc40f6019a824f190c5b456e8a4285f807

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\snapshot_blob.bin

Filesize
298KB

MD5
cadef56f5fb216b1fbf7ada1f894ea6d

SHA1
373d2a4266be5c8fbf61d4363ec47ddeb2d79253

SHA256
0976145cc8c02f3e64ddbf51dc983bdbb456be7fcf3ce54608e218981671ac12

SHA512
9c90e8943f9ef6d644fe0fbe55ab25ed371739d17da8cf973893a2e41ebfa0a92bcf1761e72da032f9f3d1c6f1080c62f856aa07a3cbb609c9e8c186f92216b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\7z-out\vulkan-1.dll

Filesize
932KB

MD5
a6588e66186ccf486eede8e9223f0d41

SHA1
777a5c4028c7675ee1fc4e265a825b35d5099577

SHA256
419488597ea255ec61f028aeecd36572d072dfe49b7ab716cd2c0a8e186f24e6

SHA512
ba8b9577f47ac5b9503aab8d4cca6059c7208bf0eb37999f4fbef0c2cf03032a9359559a0221f332c6cd66c38366fb0e1f1d32173f282afd639fabea8fc9400e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi8F21.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
493492134ed9311b0e59200e6439fb8e

SHA1
7ba7c3b2fd7cd6248c39302e979f8e06fe71e760

SHA256
d94c7ec4a35408b9a04303991197a9c7804c70a1b3be98b3777facd84ed223c7

SHA512
45232c1f75a83bafca5504a040b78438b77fcc91992d884c27b4029d06825d8d5571a9285e34ebc92c4b33f6a07a9bca3fe5efdc28017340f33459415a3bca99

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
17da7244b789ca5cc7f8f205e5f66127

SHA1
bcc74b3527e84a45c5b15a07a410f02e515c9e7b

SHA256
9b8cfa64081d2a378a658cf3b19c6c5b22326a8950092c4bd47a8e72ebfcfa9b

SHA512
29af784b19b58ac39dad034fe256df00b0c22af2dce9986316416c606106a0d6f83247cd682c4c8c38094a55fbbf22ad253eca872f1a435a0bd2e6155363553e

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9b05d9d0cd12691f1d515272b775db89

SHA1
950258a4786c7e51b87fff1aa3c7c472af9d5d4d

SHA256
63197133f56e7f1fc1973bf8bb197c77a8357e1fa16c5f8ad5339879f93f0a04

SHA512
abeb87ac1e3ee7ebf51c20b7974fea357705a8d0aaf92f96bb5b73492b57c8161bf4f000c5d9ec044482614f8b25910661e41dc87c1f55008a10e01dadb1f891

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0597e4cfddc9c433684f5ba77853041b

SHA1
def9c12038e111dc61678ac738f7c72365c8e1b2

SHA256
c6dcd0898e872d6583ce0dd41c641b7aa91d708b8cdf8c91932d5edbb1cf08c2

SHA512
a3bcac17c2b78238fc2713a558fb8050e6b0c6dab5a0f43a5f34b373668e6dbb2c08e594e5ffc21dd56f6ea78a679709d92471e13e8626cc14eb94124e80a845

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f7c7d2464ef8ebaebf355f433e299bcd

SHA1
3e8b0000c0bfc93a3f813daa6f719058cbed7c49

SHA256
9aa5ac3363bf25f3e3de5fb2214e20bce7de1d23850261415e7853dd7d2c3127

SHA512
611b9d598885c31516ea09b682d14bc830d38a2f80aeb141671f719533d9e7546f4ee0100cfd20f490e666c0ce78cd6613403e8cadbaee7aad9d98cc7a7007ea

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State

Filesize
686B

MD5
f442ec0f7ee3bd7bdc5cbdd301b47cc6

SHA1
d7221b642e1e4b245dcfb3a12ae383e1dedf961c

SHA256
2882318ab1b40c0d1b4634598ec3b875463242abcdbd89469dde3b684ab8bfd4

SHA512
34110d973f6c2b3a6fa82c5ae260b368eab2ae5b906a8ed046cb5b84a644245191e0412159cb38179dbe6610477a14508b6fffb9554acf413ba15708e98abf9c

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\Network Persistent State~RFe5836ca.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity

Filesize
351B

MD5
203184f67eebb0fa7f361fa4fef03aeb

SHA1
50fd0de710fc897484877654fb1db855643efac4

SHA256
82fb0ff438b3204cdc133d98bc9504afc4d92ca8c52550ea31b1d71e9abe5b5a

SHA512
ebf7e0e5208491d84f34e5bf056e426c333fcf4b3a9ded88decc46359e60ae4692c040d236be934c0641a2a8774fffaf635c2ce7c85453b983a01e6698d1c029

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity

Filesize
351B

MD5
c8370131ba0eb5fda0d82d11d6467680

SHA1
bfc1285bbfc2f3a38e0e0766e0b57fcf3f825648

SHA256
161494f85839b0110692ba1ddc54bdf26261b42198ddd75b603ec01029d375c2

SHA512
d5ea87b13375913c69943f9d15b51534f369d423133a911c804b671596d1e5b7a20b8f2a2a27a908e019cfa611d75c385544ce47f3c0399ce9ba4cb4721a779b

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity

Filesize
857B

MD5
7aa424db018bec36555287b05c604482

SHA1
f3f7679433c320161507796697694cde1de75e3a

SHA256
10228696d8a078342bec1aaee2ad40db93ed281797f0854ca2aee40d4e6122da

SHA512
703fd9d0355c3af65bc496be1a0acfb2d47523b884bccefa6c0056cfc90f8095ba32dede8f162e2b01e7c9031a40ba5c7d3bdf0028b79ef79a9714129d9dfe37

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity

Filesize
857B

MD5
6ff49afced0ffcb674c7c5a803d63f64

SHA1
b61e180f0a460cd97ca40da42feee87f1d581964

SHA256
a052032aaa0f8b9641eacad03ff523bcbe0b0ea0c7f3d2d87ca04ccb8f6c6d96

SHA512
4fee3a31ab0c955d5dc46650f104213f654077eee9e63a1c0952d85e4ece9e479641022f8a64e3e04ead62f7796bf2ef051571b8560b6357dbb2692c8645b377

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity

Filesize
857B

MD5
1317853c62ebfe6c499bb1ce92a35be8

SHA1
55cb1424a54322e7229253677cf8e1eba1e259d2

SHA256
7238dfb94e4d3a5ea0ca78b42858779bec4c6ad167443778b3be792c2ae7251f

SHA512
c7f98e374d7c031d6c9c40474c4f4ef0c398a035ea67c84a57d1117675cce7ef0c7cab91f753362387f96bfa095895431737291881762e000eb9d3c72158fcfc

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity

Filesize
857B

MD5
a538f499c366c6bbdd5ac95d7abc55dc

SHA1
452e767fac8c02caff1d1de3b43e01befd1426a2

SHA256
7c6e7ca5318ecd8f189080cf2e06d919fa53cebc861fdef26669c177e7f38a5c

SHA512
f3e308cfb09e4288c8a136a21b74a4f22cf79b16e6ed47a3c68d237f5059bc80c0024293906b5cb2709851a8eb8eddcf03b5e916862379348c0fffa15cdd931d

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Network\TransportSecurity~RFe586e84.TMP

Filesize
351B

MD5
3be2aabfb903a268f09c4b326eae8a7b

SHA1
f31c264d0b37d62d8d79820a550f358584d63f8f

SHA256
537559b33e2c6a4c954a8442f70a9ce9e14f91be431a8bb1c8ccbb5433011f8f

SHA512
0a5e62f5dd9c813e693f6b965646fd808c3d9372a2160b3a9072a87852b602aca8226a810012b6d4b4acfb870e5833e55fcf6ae358db235a030b8a28f2868de7

Download Submit
C:\Users\Admin\AppData\Roaming\tetrio-desktop\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/3204-969-0x00000180D7530000-0x00000180D755A000-memory.dmp

Filesize
168KB

Download
memory/3204-923-0x00000180D75B0000-0x00000180D7626000-memory.dmp

Filesize
472KB

Download
memory/3204-970-0x00000180D7530000-0x00000180D7554000-memory.dmp

Filesize
144KB

Download
memory/3204-817-0x00000180BEA50000-0x00000180BEA72000-memory.dmp

Filesize
136KB

Download
memory/3204-917-0x00000180D74E0000-0x00000180D7524000-memory.dmp

Filesize
272KB

Download
memory/5052-797-0x00007FFE07750000-0x00007FFE07751000-memory.dmp

Filesize
4KB

Download
memory/5052-796-0x00007FFE06010000-0x00007FFE06011000-memory.dmp

Filesize
4KB

Download
memory/6056-1159-0x0000017C17340000-0x0000017C17341000-memory.dmp

Filesize
4KB

Download
memory/6056-1158-0x0000017C17340000-0x0000017C17341000-memory.dmp

Filesize
4KB

Download
memory/6056-1157-0x0000017C17340000-0x0000017C17341000-memory.dmp

Filesize
4KB

Download
memory/6056-1156-0x0000017C17340000-0x0000017C17341000-memory.dmp

Filesize
4KB

Download
memory/6056-1155-0x0000017C17340000-0x0000017C17341000-memory.dmp

Filesize
4KB

Download