Analysis
-
max time kernel
562s -
max time network
564s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system -
submitted
25-12-2024 19:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.nitrome.com/games/flipside/
Resource
win11-20241023-en
General
-
Target
http://www.nitrome.com/games/flipside/
Malware Config
Signatures
-
resource yara_rule behavioral1/files/0x000400000000f64d-738.dat cryptone -
Downloads MZ/PE file
-
Executes dropped EXE 14 IoCs
pid Process 816 SuperNovaSetup.exe 2148 SuperNova Launcher.exe 5032 patchfile.tmp 2336 chginteg.exe 2732 chginteg.exe 3064 chginteg.exe 816 chginteg.exe 2140 chginteg.exe 3548 chginteg.exe 128 chginteg.exe 4892 SuperNova Launcher.exe 2548 snlauncher.exe 876 SuperNova Launcher.exe 1512 snlauncher.exe -
Loads dropped DLL 9 IoCs
pid Process 5032 patchfile.tmp 2548 snlauncher.exe 2548 snlauncher.exe 2548 snlauncher.exe 2548 snlauncher.exe 1512 snlauncher.exe 1512 snlauncher.exe 1512 snlauncher.exe 1512 snlauncher.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\SuperNovaSetup.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 14 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language patchfile.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language snlauncher.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SuperNova Launcher.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language snlauncher.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SuperNovaSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SuperNova Launcher.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language chginteg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SuperNova Launcher.exe -
NSIS installer 6 IoCs
resource yara_rule behavioral1/files/0x0003000000025d04-294.dat nsis_installer_1 behavioral1/files/0x0003000000025d04-294.dat nsis_installer_2 behavioral1/files/0x001400000002ac01-363.dat nsis_installer_1 behavioral1/files/0x001400000002ac01-363.dat nsis_installer_2 behavioral1/files/0x001900000002abf8-464.dat nsis_installer_1 behavioral1/files/0x001900000002abf8-464.dat nsis_installer_2 -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 snlauncher.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz snlauncher.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 snlauncher.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz snlauncher.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 15 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova patchfile.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\URL Protocol patchfile.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\TacticsTechnology\\SuperNova\\versions\\0.1.23\\SuperNova Launcher.exe\",0" patchfile.tmp Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\shell\open\command patchfile.tmp Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache snlauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\shell\ patchfile.tmp Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\shell\open patchfile.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\TacticsTechnology\\SuperNova\\versions\\0.1.23\\SuperNova Launcher.exe\" %1" patchfile.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\ = "SuperNova Launcher" patchfile.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\shell\open\ patchfile.tmp Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\DefaultIcon patchfile.tmp Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\supernova\shell patchfile.tmp Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache snlauncher.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 936896.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\SuperNovaSetup.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 1868 msedge.exe 1868 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 2552 msedge.exe 2552 msedge.exe 2712 identity_helper.exe 2712 identity_helper.exe 4628 msedge.exe 4628 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4444 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4444 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe 796 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2548 snlauncher.exe 2228 MiniSearchHost.exe 1512 snlauncher.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 796 wrote to memory of 920 796 msedge.exe 77 PID 796 wrote to memory of 920 796 msedge.exe 77 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 432 796 msedge.exe 78 PID 796 wrote to memory of 1868 796 msedge.exe 79 PID 796 wrote to memory of 1868 796 msedge.exe 79 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80 PID 796 wrote to memory of 5016 796 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.nitrome.com/games/flipside/1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe52043cb8,0x7ffe52043cc8,0x7ffe52043cd82⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:22⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵PID:240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7148 /prefetch:82⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
C:\Users\Admin\Downloads\SuperNovaSetup.exe"C:\Users\Admin\Downloads\SuperNovaSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:816 -
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\SuperNova Launcher.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\SuperNova Launcher.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2148 -
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\patchfile.tmp"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\patchfile.tmp" /S4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5032 -
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low" -low5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2336
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects" -low5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2732
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com" -low5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3064
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\Logs" -low5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:816
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\openssl" -low5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2140
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com" -low5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3548
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol" -med5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.getsupernova.com/player_installed.html?rnd=8564915⤵PID:3936
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:12⤵PID:3464
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4892 -
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2548
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1224 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵PID:3888
-
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:876 -
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe"C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1512
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4760
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3268
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4144
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55431d6602455a6db6e087223dd47f600
SHA127255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA2567502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829
-
Filesize
152B
MD57bed1eca5620a49f52232fd55246d09a
SHA1e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA25649c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f9450c51351811b6c6cb00337b7d0ab7
SHA1e37ff4aeccc83d43ffda1b44b895d335007d9c5c
SHA25647cc32d0f6fd9c47e2dd6226136016e5b133a75b3163a425becc464ece89585c
SHA512bda53110d5b2b3b07dfe6af40392b5d44a2bf806fc683700f709ad315f34929f20a03c92fbf699fbaabebca85606fde5d16e5dc68dac10e39dbed38ffad078b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5cf0c01624ae1788ea9b93f1f2f697c38
SHA1a27346945f54bca58f961d86590a5228c5a3f354
SHA256768f4b6de56c3589291db29530cb85faa93421854bcffe15ae54347bbf9068ae
SHA512a9fc9fcd3e62558e46c483afa746d6afd16daa6499b3d0e091ca022f236bfe9596928b76d4c080e17d47a24aea262ebcf2c2af187fdc44d31f51d1398057e471
-
Filesize
5KB
MD538d986e7bdced2a0a3067e9305e0962d
SHA13f35f169b93b0b9fdc623741c5cfb18939a1ce1d
SHA256b88ae820ea904305a14b0ff91dcfd93302b4614eb6552ab0372cb7a0b9053fbd
SHA51245f23e3cfda75abbc12d12053215793c33622fcd60b91d9d183f6e670f36428e41d30544f3f1e4eb3ad7a1a3184595bafd18b9b904291a6eedc673df31315cc8
-
Filesize
5KB
MD56d90e20df9d3206113ab184c5f9345dc
SHA179982c7344d9b7c09cc8e9902d81df679523e956
SHA256ab50a1960894c4c31fcb82508430ce0c7c20b02dd04c55fcf08c8273f4d24e39
SHA5126f0de09214a8b8b41e09554a6b7ba0486382bffdac87b0b362b3329fc75bf23981390a904c2b92d3373c263c9d14e68b5beb7977bb0f9d8a5234545712604a23
-
Filesize
5KB
MD5e078408f40d62f404d0f91615fa128b1
SHA1abaa0af6ce7629777e0019f7a7feafccaf643102
SHA25652d8378d7860acacbaace8d2bc70bbda5a3e2ce35bb1775aacbcadc779698610
SHA512478265605760bba1f8004c26bedefe20fcac05d47bcbf37d355fa13325776946be38e9fcc3e6d5a10211b301a597ffe038b9bd1947358ac05eb743cf762ae759
-
Filesize
8KB
MD5bb9708601e8411abe06a5de418590249
SHA1f67ce7583150e7ba3ac19ed288c9a42ef5563485
SHA25639435356f99841b0d14b813a1a704ff0cc3168356abe70d30251a8da7fa802af
SHA5120243d607619ccbc93c2d8e775cca4df344e1cc20e964f1eea67a6fda37de98ddbcb63cb83fdce101f49411608e2e3e6dee82d7cfc3886c92f10c37f7b1edf755
-
Filesize
5KB
MD544b6b7b0386d43ce23521bda8480cbed
SHA1a1a4cc8345bba9e632c8d1aedd0e33555808c487
SHA256d3074c3dc537839f0983510ace5140978ddbedd31dc763824aaf446d21cc4fd5
SHA512bd0e7c16c0f2ab1dd2cfe643f9a2549c41f9dfc514f42bab396df4248f40f9c1afcb62815214570be2cbd75c719c0ca25a31134226bb21a0fb27aa2bc3236981
-
Filesize
8KB
MD5ae2a760f3e7d2027bf6bb79baa1df5be
SHA1c7fd03a746a8aa9590ec665a9ea750a369cfa583
SHA25651e3d292d5ad43a463d5fbb410716845f63d7001003ac6c76133795db274c8fc
SHA512146695e3a7f056c20b04ff478a7695d69cab284f6eb8e85b5eb938904c987cfc78e2bb291ac9cd0c2b3810f5aa1159443ee393c787b80b90e81660884adc5341
-
Filesize
1KB
MD56081b1b5294c1ef230776d41eed271c3
SHA14607bd3a51b110e339b0383785c30449a6eaf578
SHA25681b1e15400441d2fc0c305b53221da4e941620d5602be3ca447c424877e58b02
SHA5121c70eeeaafa07f6af4db9e92e8a321f6c5c940fa4aa905a1da9c4541d4da0ff3a4e62ae538331d9e34e0c325125a98c5eb06638eb97babbddadfe7271724154c
-
Filesize
1KB
MD52ed1e191eb71a52852530b91ba827bc0
SHA1cd1c370201dc9f7032a8a81a514ca5fc97954148
SHA256dcf78856248d7fb51c4dea1596a1d68948a9893556c12637f873c84d6bb1c470
SHA51258f4cda1b3351688bf4cf45b85553d6577ca5bfc0df53a12accdbe89fdbe178b6b6d6780ac5f16ecce3285c4cb671b4c7d677c8dd2a11869a3d195b57a368a19
-
Filesize
1KB
MD5f627a2ec58e83f4fbdd663684016020e
SHA12c519609f61f2c141b7833968d697f9f0edc6978
SHA25647f09e3fd045bd11582d8731426b2f3369697682b473c9ffb1b5bccc5a90fa3f
SHA5120506d557507f1f939e1833f6c26f6c878c5dd4cb0baad942474f040aa3f41a9794d6f22c10722fb18d6bbf46a6b8ce77954bccbe8b32132cd4aad9215c38f037
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5a13e930e18f98b535d13f17796f64ac4
SHA15e3d9cc812f51fb463edffb533699c7bd56bba2b
SHA2562432e0cfd7295adef4802efd625881ed18c4175c36c8b683ece4532425bc27c9
SHA5126a10ebcb8c6c269159fc9848045613d8de3c6e53fa6d916dd2591267ad61cba317f73332c2aad7ea97d050f695af104a68a20b7fc73a0f245e4c5ccee52da506
-
Filesize
11KB
MD569d7114a284743bb1ded2d0f67379a9c
SHA1bbbd2c158389a09829e942527e1a1b341ec24338
SHA25654bf0adbfa038ae49d4d046bb3c9de12d199fcbd85a762b90f1f274b7eb880d9
SHA512d347ed399fefaf916e9ffdfd559498c478fc721054397f8245d5fcdd0f0e8b40a28312963a7421856a8e494713097f540329384724c4476fe97eaf398ecccd44
-
Filesize
11KB
MD51d8195677183663b233448f8cc7a4bd3
SHA1f96d51325c82d6100d357b6db124285266cf87fd
SHA256eb9fd924096b6391082128f2a62f4a1f9332950f3e58c3fd77de3f56a8c70670
SHA5123d5ffea045aad7bf2879ff9b93144f82b566c3874deff1b14f7820da445024fc676dee3debb2234f1fce22f60d6d7a22c1ec3b0db91b7374af660a299b37f171
-
Filesize
11KB
MD5e8cf0d3b05270410d4fb30ea7d81559e
SHA17845343ac7f195d9a6e200654959a7f664cc144c
SHA2563177ac0becc35ab786384b028da49def6d1213dceb25a998e9d9a23dd354e2ea
SHA51234355238287ef114294a90d91f17be569e5dcc5b389a99b5c1181150d30c6c87933d633cbeee7652039ac27fbef550b058f271529feb4d584ac32da69862cb12
-
Filesize
11KB
MD5c266a1b2ed06bf73b0ec6deae6f77685
SHA19e4e8b9db128051ed16444142cd57f736bd7814a
SHA256029191970dbb157c0bfcea19a9ff6d77b266ad3fe2103bd5c7cdb3c889b62c8d
SHA51278c2da767b4c193694f6cba51238c5e9375c8c1270879a1d29c527fdd0282da4858fcf2b1827ca342bd3a7dbbaaa8fbcfd26e13f6146897fd93e4319932d91f5
-
Filesize
10KB
MD59905c3e5d8102ba769d8491e9e45a6b3
SHA1b57f513533c1b51bb888ea188326acb314681575
SHA256b97fb5e898ea6b053f35f877e60032afb4e0351b0d09c5fc0350d3c45b8abe47
SHA512deedb6a7476b9f57b1e3e7734dbc0b187711b65070eb5342f5dff92fa9a6a610804a728a98a864a98246b1784e2073746323c94f8cdac7f1c54e16d5e8c75f24
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD51301a13a0b62ba61652cdbf2d61f80fa
SHA11911d1f0d097e8f5275a29e17b0bcef305df1d9e
SHA2567e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716
SHA51266aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5964219fcbf4c1e0008bc5e05686367a9
SHA1685a0b860afbfd43305bc67763e41b296a22ba8b
SHA2564f4388ce8c3055db4827ad4b6d7d6ffc7bead99955a3fbe44ab3a5454651ae25
SHA5122745f64b2bd54740a5c1f754785c39eeda9b6b5112707cc8630ba188638442de7c636446f750aeb340905d9da26f96ee4e7f7c96e2b690058ce29d7b6efe8c16
-
Filesize
56KB
MD5cf9999578a714efab632d767150b67bf
SHA1dc27eed83f90ea4d8cb2841f6ebf7809cc5d6a48
SHA256b2ed0fde11b5fe6489d637a39b280458f5f95595d7d835add0b41a2f82e5c62d
SHA5129ae974c62a4d74da67b571d8b5b544cfeef1caa02cb2d098258447e27f8085ad2feeaa827a0f10fc0fdba7c2b1f2830287cc7bb27786a69c837f0b6c8e2dc872
-
Filesize
2.1MB
MD5a35d5f372f46820311c59840eba6fffb
SHA108617d11d0a0fc063266a64f77ff08b4fc48395d
SHA256ead1dcfd124fe9005917b375ebc950a9770c49c218236eda7b46c680c015354f
SHA512660f662943eb6f11a4f32919c5b6cef320e0a87376ae0344bc7919f825ecb52cea4b47a73ad84b2473eb794a2e32df01ab7f911725da9316d2cfff01d453ef83
-
Filesize
27.8MB
MD5056e0fa934f42e91e1e35a3f5b05169a
SHA1369531a2652d9a63aac75e4f3bfc427808eb9bfa
SHA256c693f1a8407cb117f41b97d4d9eec8faad40ff9811384809941a43801b46a86e
SHA512415592c8aeb14c5b19d2be2eb935b732023a31fcd89d5463f9b2ffcefc77d31ed5d9ca0adc50b238c0fb82fdf50b2799c86772b8df80fff357609e43a147582f
-
Filesize
573B
MD5ebbfe0dae6078482cd4b29d870c1be26
SHA1bbe5e6df53c3dd06534e46cd9877854d9edb65a8
SHA256058b8ea5c883d189db0b3b7bb0f6f2e8b2d0046a10fe9fc2169817627c84f395
SHA51265ff2153e6d2a1a15f0c9dac5e43e887631bbbd1c17e6ba64dcf566127fb4dd43fa2bf61a0dff7158da13e549ea24db56d314185dddfabdab9c84a4e5b788e7b
-
Filesize
2.1MB
MD5876eef07cb24f6be1d1f2018efba14ea
SHA1b7f58fd9a42cd3ef8604ce90b4931f1f4fe4089b
SHA25694c007d27b644662dd9abd3b63647c20176ff490db6815eb833d417e1da92683
SHA512b2ce892aae0655be4f3cb46d0bba35cbcb97c10269e46e38ad5f6856d2c87bb92a10229b4d5c335d54d3f19be1829fc75ce4837876e0754f766d159382b5966f
-
Filesize
176KB
MD57e86dbb05df26824ce7d2c2f9a486d2c
SHA14f8be2cf9bcd6c988174da7dfda9955327d0dfb9
SHA2563341873244c2ba4c1e4b71a52992669150d269d93b6e9143e7171f52ef0b0464
SHA512646cab94b68a86a85696490e017b84ed9efa912658981a1638ae10c659238d21c184ede5abf51dee8fd0e53515c16e2c865c49674d902d625bb3d9f041732520
-
Filesize
71B
MD5f50b3648cb98ec69ff083bd113389e87
SHA164ce2b9cc1652d78d995d765a33f694d74f6a2e8
SHA256f3ddb4109c5afddab1f3a7ad19fb9450b6629e4247ddfc8d88c8b6f70f04a27b
SHA51245c3904c4f5a9802324a165ac597b9388fe23f514d0de4d67196c261a74fe679e75fd003d004659a1a7be094cdc2eb8bbefbe4d0a7dc92558e9c6390999591d6
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\Adobe AIR\Versions\1.0\Adobe AIR.dll
Filesize20.3MB
MD59656db174178623376cd257b9b5f0a04
SHA1bb2e2b0ade83f80d318f322e8a9ca6515d385f76
SHA2563b96df478e8c2b4c0c8e4caf29212e9c1e92c4b76763ecbffa92591b95322a11
SHA5122410e8d48a18e3355369aca2fc0d11f5802da6dca917d0cf657ea5096abee1017c1876cefb71f27f2c6ab0c30faa6c03c51d776b731b85ad1d01b9d3015e6dde
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
Filesize18.5MB
MD53938a41f662899c7ded7263c7d4cdef7
SHA1e3071e9be236303716a4958f5bb5cde095c9034e
SHA256ae786b1072adfcd25c013b2f79d28163bfea74d7d5e06f6c227ed73d7a32fe47
SHA51222a89698ff72cba1f35df0488f940e95c563e9fc52efb3638c0fe714484d0d3e09ffe3616ef5e12a6ea72ecc8bfd1598b1661c6ca8e0a329472b23e288ebf429
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\Adobe AIR\Versions\1.0\Resources\WebKit.dll
Filesize4.7MB
MD592b06d7ed7a1c3a47ae7378cd727d1ae
SHA1372b950fe0438ae9858a2fad1ab2223f0cfe3c15
SHA2566277b7970e81c0b3c635d1d01668396493a96c906314e4d5206a8ff4a42ccc6f
SHA5120eda1ea2c5f40b2f517f88ac9a8fab6a523f22accf959950ae0fa22a5292fc63fffb09548cad031a32ffc4b388bcd781a9881aaa3bccdcaee336b52e80d9a342
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\application.xml
Filesize953B
MD5eae9b1b281e6fbb68db883b00072e793
SHA1dedc156acbe4fc853765bbbc4823c45d4504b011
SHA2561edb7155c8de02c1b513287e4d4b7071dfcdfeb19bd8ae1f9b7fc64882a294d9
SHA51262f0fb2a174507ba7c2301d05c331e1695a49507059a31897bc280084e97dccfee31ac225ba738f30001d60d2031c3253f0ad6bcb02cff674b34e7d16e6137b3
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\extensions\com.cpmstar.SuperNovaANE\META-INF\ANE\Windows-x86\library.swf
Filesize1KB
MD5fab57d7a0d0bc842b1270517bdb186a5
SHA1c99d096698aa47b17c35abbf99fd1cac2e81a86d
SHA256bed48f838aa6ba611272621f4d30254c2a8efe0e58ddd8e705294b36146bc9d8
SHA51218660e13afbf192e9461034a767a19f1982474267d0ec08caf095ce64a77128a5940d5c9b0b28d3979e613d73332cd9150c71f373aab59d837b2c1c7a0f45526
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\extensions\com.cpmstar.SuperNovaANE\META-INF\ANE\Windows-x86\snane.dll
Filesize458KB
MD5276c60dac7f22be30be7af9d6d0fbd66
SHA1703e5dd059f9d4cc80e604fbaaf15292479ba320
SHA256417642ac799380ed60a41681ba460380d81918966db6ec518888b0c57f01b108
SHA512bc3ac224257f1e30e4a3daae5ad294dd0ae6cc93f4362c140be6f5beb8a137221ed27dad7a917a99657c831cf641ed294e3da3d8cf8a8107b60e15043e5cb8ef
-
C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\extensions\com.cpmstar.SuperNovaANE\META-INF\ANE\extension.xml
Filesize722B
MD548c0a42e17f823f3db6b7e2a119e9141
SHA143b7146d9ae560029a541eb615a4af580b25c384
SHA256e0f532975611b3c959a72cc5a3a33a097a1bf3f75a767382d5602c4a9d573a41
SHA512020c42bee3a23257ab69ca8075b98a65ef42713d340369d64db67f0f139a01b777eada23cc20013b02ac0661446683874a21e8bf69c9bfe66e7420df4d7640b6
-
Filesize
142KB
MD50c7c77194bfaaf9bac5d1c721486a662
SHA1430d8a730b43134c6fc6f69cf0120c73e3aa53c9
SHA2569e5245ce1feec92765e5435f6948769abe82458b13f38af55222cef943e22ff5
SHA51240727fb3d35c39ea0bed413679b98b6a6dfba86bc97fbdf3deb5f2fa5e35379ee6f422fcee21899d2ec09c69aea6dcb35c5c198a82ecb932d54f56903e57072c
-
Filesize
329KB
MD50c71fd6b531150cc1548128fbe780294
SHA11848ccffe578a20a555ba3d3221a5f17a539c86d
SHA256b230561dc9a071eb7e7a2675cb7ed100b27d255f1a29259ac0ea9a07703b3104
SHA512a672fe231ba9d92ac6c8f16c8102dc962fb02678f720023bf7787a21a81d1a694a9fd1dff0bcff3a553817c60ec81bb40b56d5c5c7984ddbcb6e4df24f1c7416
-
Filesize
11KB
MD5fbe295e5a1acfbd0a6271898f885fe6a
SHA1d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
SHA5122cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
Filesize
5B
MD57ddf5ed9f3df13943aca2577c832266e
SHA1eb3b03a44cba9bb3f0771f81042decc96dda8392
SHA2566a075184a25b4260ddcb9619dc133f890acbee0b8cb7bcd7bb76d04013d163a0
SHA5122c67437835749e9a6f4e8b8bab7a53ea6a3020bb0429bd9f2570439e19ef75071816e80d0c11213b521bcf4936dd9199745eb48004a530ae979b44aacd3737f0
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
1.2MB
MD53f6d3ac37364c2d0dfe2169fdad4f6c1
SHA1900f03d3e357e7d877e5c13fa7eee236acddefac
SHA256e2b12ec20216d087d95c26a1ac3fa05491bab26483ddece7fb575286836863f2
SHA512b5802b8406db518cc0c92290bbb47ab7868d6d20b828abbb599bb8aeb5daefce871148fd2c9941275d6319556a4af8122822fcdfc5f63f7b36dd8f0459acae4c