Analysis

  • max time kernel
    562s
  • max time network
    564s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-12-2024 19:09

General

  • Target

    http://www.nitrome.com/games/flipside/

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Downloads MZ/PE file
  • Executes dropped EXE 14 IoCs
  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NSIS installer 6 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 15 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.nitrome.com/games/flipside/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:796
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe52043cb8,0x7ffe52043cc8,0x7ffe52043cd8
      2⤵
        PID:920
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
        2⤵
          PID:432
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
          2⤵
            PID:5016
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:340
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:356
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                2⤵
                  PID:1400
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
                  2⤵
                    PID:5036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                    2⤵
                      PID:5040
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                      2⤵
                        PID:4192
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
                        2⤵
                          PID:2356
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2552
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
                          2⤵
                            PID:5044
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
                            2⤵
                              PID:3312
                            • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2712
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
                              2⤵
                                PID:240
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
                                2⤵
                                  PID:1736
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
                                  2⤵
                                    PID:4968
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
                                    2⤵
                                      PID:3276
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7148 /prefetch:8
                                      2⤵
                                        PID:2548
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:8
                                        2⤵
                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                        • NTFS ADS
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4628
                                      • C:\Users\Admin\Downloads\SuperNovaSetup.exe
                                        "C:\Users\Admin\Downloads\SuperNovaSetup.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:816
                                        • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\SuperNova Launcher.exe
                                          "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\SuperNova Launcher.exe"
                                          3⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          PID:2148
                                          • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\patchfile.tmp
                                            "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\patchfile.tmp" /S
                                            4⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • System Location Discovery: System Language Discovery
                                            • Modifies registry class
                                            PID:5032
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low" -low
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:2336
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects" -low
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:2732
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com" -low
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:3064
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\Logs" -low
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:816
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\openssl" -low
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:2140
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com" -low
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:3548
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe" "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol" -med
                                              5⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:128
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.getsupernova.com/player_installed.html?rnd=856491
                                              5⤵
                                                PID:3936
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
                                          2⤵
                                            PID:4820
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
                                            2⤵
                                              PID:3464
                                            • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe
                                              "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:4892
                                              • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe
                                                "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F
                                                3⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • System Location Discovery: System Language Discovery
                                                • Checks processor information in registry
                                                • Modifies registry class
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2548
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1224 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:3332
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15542576340366253781,8230439824052175944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                                              2⤵
                                                PID:3888
                                              • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe
                                                "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F
                                                2⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:876
                                                • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe
                                                  "C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe" supernova://play/?swfurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2Fflipside.swf&flashvars=g%3Dflipside%26ar%3D1%26ac%3D1%26pu%3D0%26dark_colour%3D000000%26mid_colour%3D666666%26light_colour%3Dcccccc%26game_name%3DFlipside%26game_reference_id%3Dflipside&pageurl=http%3A%2F%2Fwww.nitrome.com%2Fgames%2Fflipside%2F
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • System Location Discovery: System Language Discovery
                                                  • Checks processor information in registry
                                                  • Modifies registry class
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:1512
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4760
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3268
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:4144
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F4
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4444
                                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2228

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    5431d6602455a6db6e087223dd47f600

                                                    SHA1

                                                    27255756dfecd4e0afe4f1185e7708a3d07dea6e

                                                    SHA256

                                                    7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

                                                    SHA512

                                                    868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    7bed1eca5620a49f52232fd55246d09a

                                                    SHA1

                                                    e429d9d401099a1917a6fb31ab2cf65fcee22030

                                                    SHA256

                                                    49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

                                                    SHA512

                                                    afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    f9450c51351811b6c6cb00337b7d0ab7

                                                    SHA1

                                                    e37ff4aeccc83d43ffda1b44b895d335007d9c5c

                                                    SHA256

                                                    47cc32d0f6fd9c47e2dd6226136016e5b133a75b3163a425becc464ece89585c

                                                    SHA512

                                                    bda53110d5b2b3b07dfe6af40392b5d44a2bf806fc683700f709ad315f34929f20a03c92fbf699fbaabebca85606fde5d16e5dc68dac10e39dbed38ffad078b7

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    cf0c01624ae1788ea9b93f1f2f697c38

                                                    SHA1

                                                    a27346945f54bca58f961d86590a5228c5a3f354

                                                    SHA256

                                                    768f4b6de56c3589291db29530cb85faa93421854bcffe15ae54347bbf9068ae

                                                    SHA512

                                                    a9fc9fcd3e62558e46c483afa746d6afd16daa6499b3d0e091ca022f236bfe9596928b76d4c080e17d47a24aea262ebcf2c2af187fdc44d31f51d1398057e471

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    38d986e7bdced2a0a3067e9305e0962d

                                                    SHA1

                                                    3f35f169b93b0b9fdc623741c5cfb18939a1ce1d

                                                    SHA256

                                                    b88ae820ea904305a14b0ff91dcfd93302b4614eb6552ab0372cb7a0b9053fbd

                                                    SHA512

                                                    45f23e3cfda75abbc12d12053215793c33622fcd60b91d9d183f6e670f36428e41d30544f3f1e4eb3ad7a1a3184595bafd18b9b904291a6eedc673df31315cc8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    6d90e20df9d3206113ab184c5f9345dc

                                                    SHA1

                                                    79982c7344d9b7c09cc8e9902d81df679523e956

                                                    SHA256

                                                    ab50a1960894c4c31fcb82508430ce0c7c20b02dd04c55fcf08c8273f4d24e39

                                                    SHA512

                                                    6f0de09214a8b8b41e09554a6b7ba0486382bffdac87b0b362b3329fc75bf23981390a904c2b92d3373c263c9d14e68b5beb7977bb0f9d8a5234545712604a23

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    e078408f40d62f404d0f91615fa128b1

                                                    SHA1

                                                    abaa0af6ce7629777e0019f7a7feafccaf643102

                                                    SHA256

                                                    52d8378d7860acacbaace8d2bc70bbda5a3e2ce35bb1775aacbcadc779698610

                                                    SHA512

                                                    478265605760bba1f8004c26bedefe20fcac05d47bcbf37d355fa13325776946be38e9fcc3e6d5a10211b301a597ffe038b9bd1947358ac05eb743cf762ae759

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    bb9708601e8411abe06a5de418590249

                                                    SHA1

                                                    f67ce7583150e7ba3ac19ed288c9a42ef5563485

                                                    SHA256

                                                    39435356f99841b0d14b813a1a704ff0cc3168356abe70d30251a8da7fa802af

                                                    SHA512

                                                    0243d607619ccbc93c2d8e775cca4df344e1cc20e964f1eea67a6fda37de98ddbcb63cb83fdce101f49411608e2e3e6dee82d7cfc3886c92f10c37f7b1edf755

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    44b6b7b0386d43ce23521bda8480cbed

                                                    SHA1

                                                    a1a4cc8345bba9e632c8d1aedd0e33555808c487

                                                    SHA256

                                                    d3074c3dc537839f0983510ace5140978ddbedd31dc763824aaf446d21cc4fd5

                                                    SHA512

                                                    bd0e7c16c0f2ab1dd2cfe643f9a2549c41f9dfc514f42bab396df4248f40f9c1afcb62815214570be2cbd75c719c0ca25a31134226bb21a0fb27aa2bc3236981

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    ae2a760f3e7d2027bf6bb79baa1df5be

                                                    SHA1

                                                    c7fd03a746a8aa9590ec665a9ea750a369cfa583

                                                    SHA256

                                                    51e3d292d5ad43a463d5fbb410716845f63d7001003ac6c76133795db274c8fc

                                                    SHA512

                                                    146695e3a7f056c20b04ff478a7695d69cab284f6eb8e85b5eb938904c987cfc78e2bb291ac9cd0c2b3810f5aa1159443ee393c787b80b90e81660884adc5341

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    6081b1b5294c1ef230776d41eed271c3

                                                    SHA1

                                                    4607bd3a51b110e339b0383785c30449a6eaf578

                                                    SHA256

                                                    81b1e15400441d2fc0c305b53221da4e941620d5602be3ca447c424877e58b02

                                                    SHA512

                                                    1c70eeeaafa07f6af4db9e92e8a321f6c5c940fa4aa905a1da9c4541d4da0ff3a4e62ae538331d9e34e0c325125a98c5eb06638eb97babbddadfe7271724154c

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    2ed1e191eb71a52852530b91ba827bc0

                                                    SHA1

                                                    cd1c370201dc9f7032a8a81a514ca5fc97954148

                                                    SHA256

                                                    dcf78856248d7fb51c4dea1596a1d68948a9893556c12637f873c84d6bb1c470

                                                    SHA512

                                                    58f4cda1b3351688bf4cf45b85553d6577ca5bfc0df53a12accdbe89fdbe178b6b6d6780ac5f16ecce3285c4cb671b4c7d677c8dd2a11869a3d195b57a368a19

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c6b54.TMP

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    f627a2ec58e83f4fbdd663684016020e

                                                    SHA1

                                                    2c519609f61f2c141b7833968d697f9f0edc6978

                                                    SHA256

                                                    47f09e3fd045bd11582d8731426b2f3369697682b473c9ffb1b5bccc5a90fa3f

                                                    SHA512

                                                    0506d557507f1f939e1833f6c26f6c878c5dd4cb0baad942474f040aa3f41a9794d6f22c10722fb18d6bbf46a6b8ce77954bccbe8b32132cd4aad9215c38f037

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    206702161f94c5cd39fadd03f4014d98

                                                    SHA1

                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                    SHA256

                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                    SHA512

                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    a13e930e18f98b535d13f17796f64ac4

                                                    SHA1

                                                    5e3d9cc812f51fb463edffb533699c7bd56bba2b

                                                    SHA256

                                                    2432e0cfd7295adef4802efd625881ed18c4175c36c8b683ece4532425bc27c9

                                                    SHA512

                                                    6a10ebcb8c6c269159fc9848045613d8de3c6e53fa6d916dd2591267ad61cba317f73332c2aad7ea97d050f695af104a68a20b7fc73a0f245e4c5ccee52da506

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    69d7114a284743bb1ded2d0f67379a9c

                                                    SHA1

                                                    bbbd2c158389a09829e942527e1a1b341ec24338

                                                    SHA256

                                                    54bf0adbfa038ae49d4d046bb3c9de12d199fcbd85a762b90f1f274b7eb880d9

                                                    SHA512

                                                    d347ed399fefaf916e9ffdfd559498c478fc721054397f8245d5fcdd0f0e8b40a28312963a7421856a8e494713097f540329384724c4476fe97eaf398ecccd44

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    1d8195677183663b233448f8cc7a4bd3

                                                    SHA1

                                                    f96d51325c82d6100d357b6db124285266cf87fd

                                                    SHA256

                                                    eb9fd924096b6391082128f2a62f4a1f9332950f3e58c3fd77de3f56a8c70670

                                                    SHA512

                                                    3d5ffea045aad7bf2879ff9b93144f82b566c3874deff1b14f7820da445024fc676dee3debb2234f1fce22f60d6d7a22c1ec3b0db91b7374af660a299b37f171

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    e8cf0d3b05270410d4fb30ea7d81559e

                                                    SHA1

                                                    7845343ac7f195d9a6e200654959a7f664cc144c

                                                    SHA256

                                                    3177ac0becc35ab786384b028da49def6d1213dceb25a998e9d9a23dd354e2ea

                                                    SHA512

                                                    34355238287ef114294a90d91f17be569e5dcc5b389a99b5c1181150d30c6c87933d633cbeee7652039ac27fbef550b058f271529feb4d584ac32da69862cb12

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    c266a1b2ed06bf73b0ec6deae6f77685

                                                    SHA1

                                                    9e4e8b9db128051ed16444142cd57f736bd7814a

                                                    SHA256

                                                    029191970dbb157c0bfcea19a9ff6d77b266ad3fe2103bd5c7cdb3c889b62c8d

                                                    SHA512

                                                    78c2da767b4c193694f6cba51238c5e9375c8c1270879a1d29c527fdd0282da4858fcf2b1827ca342bd3a7dbbaaa8fbcfd26e13f6146897fd93e4319932d91f5

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    9905c3e5d8102ba769d8491e9e45a6b3

                                                    SHA1

                                                    b57f513533c1b51bb888ea188326acb314681575

                                                    SHA256

                                                    b97fb5e898ea6b053f35f877e60032afb4e0351b0d09c5fc0350d3c45b8abe47

                                                    SHA512

                                                    deedb6a7476b9f57b1e3e7734dbc0b187711b65070eb5342f5dff92fa9a6a610804a728a98a864a98246b1784e2073746323c94f8cdac7f1c54e16d5e8c75f24

                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    1301a13a0b62ba61652cdbf2d61f80fa

                                                    SHA1

                                                    1911d1f0d097e8f5275a29e17b0bcef305df1d9e

                                                    SHA256

                                                    7e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716

                                                    SHA512

                                                    66aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b

                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    964219fcbf4c1e0008bc5e05686367a9

                                                    SHA1

                                                    685a0b860afbfd43305bc67763e41b296a22ba8b

                                                    SHA256

                                                    4f4388ce8c3055db4827ad4b6d7d6ffc7bead99955a3fbe44ab3a5454651ae25

                                                    SHA512

                                                    2745f64b2bd54740a5c1f754785c39eeda9b6b5112707cc8630ba188638442de7c636446f750aeb340905d9da26f96ee4e7f7c96e2b690058ce29d7b6efe8c16

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\uninstall.exe

                                                    Filesize

                                                    56KB

                                                    MD5

                                                    cf9999578a714efab632d767150b67bf

                                                    SHA1

                                                    dc27eed83f90ea4d8cb2841f6ebf7809cc5d6a48

                                                    SHA256

                                                    b2ed0fde11b5fe6489d637a39b280458f5f95595d7d835add0b41a2f82e5c62d

                                                    SHA512

                                                    9ae974c62a4d74da67b571d8b5b544cfeef1caa02cb2d098258447e27f8085ad2feeaa827a0f10fc0fdba7c2b1f2830287cc7bb27786a69c837f0b6c8e2dc872

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\SuperNova Launcher.exe

                                                    Filesize

                                                    2.1MB

                                                    MD5

                                                    a35d5f372f46820311c59840eba6fffb

                                                    SHA1

                                                    08617d11d0a0fc063266a64f77ff08b4fc48395d

                                                    SHA256

                                                    ead1dcfd124fe9005917b375ebc950a9770c49c218236eda7b46c680c015354f

                                                    SHA512

                                                    660f662943eb6f11a4f32919c5b6cef320e0a87376ae0344bc7919f825ecb52cea4b47a73ad84b2473eb794a2e32df01ab7f911725da9316d2cfff01d453ef83

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\patchfile.tmp

                                                    Filesize

                                                    27.8MB

                                                    MD5

                                                    056e0fa934f42e91e1e35a3f5b05169a

                                                    SHA1

                                                    369531a2652d9a63aac75e4f3bfc427808eb9bfa

                                                    SHA256

                                                    c693f1a8407cb117f41b97d4d9eec8faad40ff9811384809941a43801b46a86e

                                                    SHA512

                                                    415592c8aeb14c5b19d2be2eb935b732023a31fcd89d5463f9b2ffcefc77d31ed5d9ca0adc50b238c0fb82fdf50b2799c86772b8df80fff357609e43a147582f

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.0.0\updater.cfg

                                                    Filesize

                                                    573B

                                                    MD5

                                                    ebbfe0dae6078482cd4b29d870c1be26

                                                    SHA1

                                                    bbe5e6df53c3dd06534e46cd9877854d9edb65a8

                                                    SHA256

                                                    058b8ea5c883d189db0b3b7bb0f6f2e8b2d0046a10fe9fc2169817627c84f395

                                                    SHA512

                                                    65ff2153e6d2a1a15f0c9dac5e43e887631bbbd1c17e6ba64dcf566127fb4dd43fa2bf61a0dff7158da13e549ea24db56d314185dddfabdab9c84a4e5b788e7b

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\SuperNova Launcher.exe

                                                    Filesize

                                                    2.1MB

                                                    MD5

                                                    876eef07cb24f6be1d1f2018efba14ea

                                                    SHA1

                                                    b7f58fd9a42cd3ef8604ce90b4931f1f4fe4089b

                                                    SHA256

                                                    94c007d27b644662dd9abd3b63647c20176ff490db6815eb833d417e1da92683

                                                    SHA512

                                                    b2ce892aae0655be4f3cb46d0bba35cbcb97c10269e46e38ad5f6856d2c87bb92a10229b4d5c335d54d3f19be1829fc75ce4837876e0754f766d159382b5966f

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\chginteg.exe

                                                    Filesize

                                                    176KB

                                                    MD5

                                                    7e86dbb05df26824ce7d2c2f9a486d2c

                                                    SHA1

                                                    4f8be2cf9bcd6c988174da7dfda9955327d0dfb9

                                                    SHA256

                                                    3341873244c2ba4c1e4b71a52992669150d269d93b6e9143e7171f52ef0b0464

                                                    SHA512

                                                    646cab94b68a86a85696490e017b84ed9efa912658981a1638ae10c659238d21c184ede5abf51dee8fd0e53515c16e2c865c49674d902d625bb3d9f041732520

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\currentversion

                                                    Filesize

                                                    71B

                                                    MD5

                                                    f50b3648cb98ec69ff083bd113389e87

                                                    SHA1

                                                    64ce2b9cc1652d78d995d765a33f694d74f6a2e8

                                                    SHA256

                                                    f3ddb4109c5afddab1f3a7ad19fb9450b6629e4247ddfc8d88c8b6f70f04a27b

                                                    SHA512

                                                    45c3904c4f5a9802324a165ac597b9388fe23f514d0de4d67196c261a74fe679e75fd003d004659a1a7be094cdc2eb8bbefbe4d0a7dc92558e9c6390999591d6

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\Adobe AIR\Versions\1.0\Adobe AIR.dll

                                                    Filesize

                                                    20.3MB

                                                    MD5

                                                    9656db174178623376cd257b9b5f0a04

                                                    SHA1

                                                    bb2e2b0ade83f80d318f322e8a9ca6515d385f76

                                                    SHA256

                                                    3b96df478e8c2b4c0c8e4caf29212e9c1e92c4b76763ecbffa92591b95322a11

                                                    SHA512

                                                    2410e8d48a18e3355369aca2fc0d11f5802da6dca917d0cf657ea5096abee1017c1876cefb71f27f2c6ab0c30faa6c03c51d776b731b85ad1d01b9d3015e6dde

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

                                                    Filesize

                                                    18.5MB

                                                    MD5

                                                    3938a41f662899c7ded7263c7d4cdef7

                                                    SHA1

                                                    e3071e9be236303716a4958f5bb5cde095c9034e

                                                    SHA256

                                                    ae786b1072adfcd25c013b2f79d28163bfea74d7d5e06f6c227ed73d7a32fe47

                                                    SHA512

                                                    22a89698ff72cba1f35df0488f940e95c563e9fc52efb3638c0fe714484d0d3e09ffe3616ef5e12a6ea72ecc8bfd1598b1661c6ca8e0a329472b23e288ebf429

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\Adobe AIR\Versions\1.0\Resources\WebKit.dll

                                                    Filesize

                                                    4.7MB

                                                    MD5

                                                    92b06d7ed7a1c3a47ae7378cd727d1ae

                                                    SHA1

                                                    372b950fe0438ae9858a2fad1ab2223f0cfe3c15

                                                    SHA256

                                                    6277b7970e81c0b3c635d1d01668396493a96c906314e4d5206a8ff4a42ccc6f

                                                    SHA512

                                                    0eda1ea2c5f40b2f517f88ac9a8fab6a523f22accf959950ae0fa22a5292fc63fffb09548cad031a32ffc4b388bcd781a9881aaa3bccdcaee336b52e80d9a342

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\application.xml

                                                    Filesize

                                                    953B

                                                    MD5

                                                    eae9b1b281e6fbb68db883b00072e793

                                                    SHA1

                                                    dedc156acbe4fc853765bbbc4823c45d4504b011

                                                    SHA256

                                                    1edb7155c8de02c1b513287e4d4b7071dfcdfeb19bd8ae1f9b7fc64882a294d9

                                                    SHA512

                                                    62f0fb2a174507ba7c2301d05c331e1695a49507059a31897bc280084e97dccfee31ac225ba738f30001d60d2031c3253f0ad6bcb02cff674b34e7d16e6137b3

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\extensions\com.cpmstar.SuperNovaANE\META-INF\ANE\Windows-x86\library.swf

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    fab57d7a0d0bc842b1270517bdb186a5

                                                    SHA1

                                                    c99d096698aa47b17c35abbf99fd1cac2e81a86d

                                                    SHA256

                                                    bed48f838aa6ba611272621f4d30254c2a8efe0e58ddd8e705294b36146bc9d8

                                                    SHA512

                                                    18660e13afbf192e9461034a767a19f1982474267d0ec08caf095ce64a77128a5940d5c9b0b28d3979e613d73332cd9150c71f373aab59d837b2c1c7a0f45526

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\extensions\com.cpmstar.SuperNovaANE\META-INF\ANE\Windows-x86\snane.dll

                                                    Filesize

                                                    458KB

                                                    MD5

                                                    276c60dac7f22be30be7af9d6d0fbd66

                                                    SHA1

                                                    703e5dd059f9d4cc80e604fbaaf15292479ba320

                                                    SHA256

                                                    417642ac799380ed60a41681ba460380d81918966db6ec518888b0c57f01b108

                                                    SHA512

                                                    bc3ac224257f1e30e4a3daae5ad294dd0ae6cc93f4362c140be6f5beb8a137221ed27dad7a917a99657c831cf641ed294e3da3d8cf8a8107b60e15043e5cb8ef

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\META-INF\AIR\extensions\com.cpmstar.SuperNovaANE\META-INF\ANE\extension.xml

                                                    Filesize

                                                    722B

                                                    MD5

                                                    48c0a42e17f823f3db6b7e2a119e9141

                                                    SHA1

                                                    43b7146d9ae560029a541eb615a4af580b25c384

                                                    SHA256

                                                    e0f532975611b3c959a72cc5a3a33a097a1bf3f75a767382d5602c4a9d573a41

                                                    SHA512

                                                    020c42bee3a23257ab69ca8075b98a65ef42713d340369d64db67f0f139a01b777eada23cc20013b02ac0661446683874a21e8bf69c9bfe66e7420df4d7640b6

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.exe

                                                    Filesize

                                                    142KB

                                                    MD5

                                                    0c7c77194bfaaf9bac5d1c721486a662

                                                    SHA1

                                                    430d8a730b43134c6fc6f69cf0120c73e3aa53c9

                                                    SHA256

                                                    9e5245ce1feec92765e5435f6948769abe82458b13f38af55222cef943e22ff5

                                                    SHA512

                                                    40727fb3d35c39ea0bed413679b98b6a6dfba86bc97fbdf3deb5f2fa5e35379ee6f422fcee21899d2ec09c69aea6dcb35c5c198a82ecb932d54f56903e57072c

                                                  • C:\Users\Admin\AppData\Local\TacticsTechnology\SuperNova\versions\0.1.23\launcher\snlauncher.swf

                                                    Filesize

                                                    329KB

                                                    MD5

                                                    0c71fd6b531150cc1548128fbe780294

                                                    SHA1

                                                    1848ccffe578a20a555ba3d3221a5f17a539c86d

                                                    SHA256

                                                    b230561dc9a071eb7e7a2675cb7ed100b27d255f1a29259ac0ea9a07703b3104

                                                    SHA512

                                                    a672fe231ba9d92ac6c8f16c8102dc962fb02678f720023bf7787a21a81d1a694a9fd1dff0bcff3a553817c60ec81bb40b56d5c5c7984ddbcb6e4df24f1c7416

                                                  • C:\Users\Admin\AppData\Local\Temp\nsf8835.tmp\System.dll

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    fbe295e5a1acfbd0a6271898f885fe6a

                                                    SHA1

                                                    d6d205922e61635472efb13c2bb92c9ac6cb96da

                                                    SHA256

                                                    a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

                                                    SHA512

                                                    2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

                                                  • C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#Security\FlashPlayerTrust\air.1.0.trust.cfg

                                                    Filesize

                                                    5B

                                                    MD5

                                                    7ddf5ed9f3df13943aca2577c832266e

                                                    SHA1

                                                    eb3b03a44cba9bb3f0771f81042decc96dda8392

                                                    SHA256

                                                    6a075184a25b4260ddcb9619dc133f890acbee0b8cb7bcd7bb76d04013d163a0

                                                    SHA512

                                                    2c67437835749e9a6f4e8b8bab7a53ea6a3020bb0429bd9f2570439e19ef75071816e80d0c11213b521bcf4936dd9199745eb48004a530ae979b44aacd3737f0

                                                  • C:\Users\Admin\Downloads\SuperNovaSetup.exe:Zone.Identifier

                                                    Filesize

                                                    26B

                                                    MD5

                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                    SHA1

                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                    SHA256

                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                    SHA512

                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                  • C:\Users\Admin\Downloads\Unconfirmed 936896.crdownload

                                                    Filesize

                                                    1.2MB

                                                    MD5

                                                    3f6d3ac37364c2d0dfe2169fdad4f6c1

                                                    SHA1

                                                    900f03d3e357e7d877e5c13fa7eee236acddefac

                                                    SHA256

                                                    e2b12ec20216d087d95c26a1ac3fa05491bab26483ddece7fb575286836863f2

                                                    SHA512

                                                    b5802b8406db518cc0c92290bbb47ab7868d6d20b828abbb599bb8aeb5daefce871148fd2c9941275d6319556a4af8122822fcdfc5f63f7b36dd8f0459acae4c