rhadamanthys | hxxp://partyroyaleplay[.]com

Analysis

max time kernel
1080s
max time network
1037s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-06-2024 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://partyroyaleplay.com

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

explorer.exe

description pid process target process

PID 6656 created 2588 6656 explorer.exe sihost.exe
Downloads MZ/PE file

description	pid	process	target process
PID 6656 created 2588	6656	explorer.exe	sihost.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	PartyRoyaleSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	PartyRoyaleSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	PartyRoyaleSetup.exe

Executes dropped EXE 9 IoCs

Processes:

PartyRoyale.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exea6c611752824cf8ffc285cc752193438.exe

pid	process
6076	PartyRoyale.exe
7100	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6488	PartyRoyaleSetup.exe
6608	PartyRoyaleSetup.exe
6168	PartyRoyaleSetup.exe
7068	PartyRoyaleSetup.exe
6852	PartyRoyaleSetup.exe
6760	a6c611752824cf8ffc285cc752193438.exe

Loads dropped DLL 17 IoCs

Processes:

PartyRoyale.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exe

pid	process
6076	PartyRoyale.exe
6076	PartyRoyale.exe
6076	PartyRoyale.exe
6076	PartyRoyale.exe
6076	PartyRoyale.exe
7100	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6488	PartyRoyaleSetup.exe
6608	PartyRoyaleSetup.exe
6168	PartyRoyaleSetup.exe
7068	PartyRoyaleSetup.exe
6852	PartyRoyaleSetup.exe
6852	PartyRoyaleSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 1 IoCs

Processes:

a6c611752824cf8ffc285cc752193438.exe

description pid process target process

PID 6760 set thread context of 7160 6760 a6c611752824cf8ffc285cc752193438.exe cmd.exe

description	pid	process	target process
PID 6760 set thread context of 7160	6760	a6c611752824cf8ffc285cc752193438.exe	cmd.exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

5160 tasklist.exe

pid	process
5160	tasklist.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "3508"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\partyroyaleplay.com\ = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7f69f879f7c4da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\partyroyaleplay.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\partyroyaleplay.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\partyroyaleplay.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "805"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 902cc17029c5da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "806"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fe203391f7c4da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 93e6ab0bf7c4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "805"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\partyroyaleplay.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000834d68df3b820dff0d80432084b2a00d33973b9e1f7543bf6837d20c8cdca2562b296ad4408f5831f378f09f8e2a0b3e0bf687fff1456625e21c	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

PartyRoyaleSetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	PartyRoyaleSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	PartyRoyaleSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	PartyRoyaleSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	PartyRoyaleSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	PartyRoyaleSetup.exe

NTFS ADS 2 IoCs

Processes:

firefox.exePartyRoyale.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\PartyRoyale.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\partyroyalesetup-updater\installer.exe\:Zone.Identifier:$DATA	PartyRoyale.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

Processes:

PartyRoyale.exetasklist.exePartyRoyaleSetup.exea6c611752824cf8ffc285cc752193438.execmd.exeexplorer.exeopenwith.exe

pid	process
6076	PartyRoyale.exe
6076	PartyRoyale.exe
5160	tasklist.exe
5160	tasklist.exe
6852	PartyRoyaleSetup.exe
6852	PartyRoyaleSetup.exe
6760	a6c611752824cf8ffc285cc752193438.exe
6760	a6c611752824cf8ffc285cc752193438.exe
6760	a6c611752824cf8ffc285cc752193438.exe
7160	cmd.exe
7160	cmd.exe
7160	cmd.exe
7160	cmd.exe
6656	explorer.exe
6656	explorer.exe
6512	openwith.exe
6512	openwith.exe
6512	openwith.exe
6512	openwith.exe

Suspicious behavior: MapViewOfSection 10 IoCs

Processes:

MicrosoftEdgeCP.exea6c611752824cf8ffc285cc752193438.execmd.exe

pid	process
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
6760	a6c611752824cf8ffc285cc752193438.exe
7160	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exeAUDIODG.EXEtasklist.exePartyRoyale.exePartyRoyaleSetup.exe

description	pid	process
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3156	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	3156	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3156	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	3156	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3156	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	3156	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3112	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3112	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	1076	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	1076	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	660	firefox.exe
Token: SeDebugPrivilege	660	firefox.exe
Token: 33	5572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5572	AUDIODG.EXE
Token: SeDebugPrivilege	5160	tasklist.exe
Token: SeSecurityPrivilege	6076	PartyRoyale.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe
Token: SeShutdownPrivilege	7100	PartyRoyaleSetup.exe
Token: SeCreatePagefilePrivilege	7100	PartyRoyaleSetup.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

660 firefox.exe
660 firefox.exe
660 firefox.exe
660 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

660 firefox.exe
660 firefox.exe
660 firefox.exe

pid	process
660	firefox.exe
660	firefox.exe
660	firefox.exe
660	firefox.exe

pid	process
660	firefox.exe
660	firefox.exe
660	firefox.exe

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exePartyRoyaleSetup.exea6c611752824cf8ffc285cc752193438.exe

pid	process
1536	MicrosoftEdge.exe
4644	MicrosoftEdgeCP.exe
4176	MicrosoftEdgeCP.exe
4644	MicrosoftEdgeCP.exe
2488	MicrosoftEdgeCP.exe
1536	MicrosoftEdge.exe
1536	MicrosoftEdge.exe
1536	MicrosoftEdge.exe
1536	MicrosoftEdge.exe
660	firefox.exe
660	firefox.exe
660	firefox.exe
660	firefox.exe
660	firefox.exe
660	firefox.exe
660	firefox.exe
7100	PartyRoyaleSetup.exe
6208	PartyRoyaleSetup.exe
6488	PartyRoyaleSetup.exe
6608	PartyRoyaleSetup.exe
6168	PartyRoyaleSetup.exe
7068	PartyRoyaleSetup.exe
6852	PartyRoyaleSetup.exe
6760	a6c611752824cf8ffc285cc752193438.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 3156	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4644 wrote to memory of 1076	4644	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 2972 wrote to memory of 660	2972	firefox.exe	firefox.exe
PID 660 wrote to memory of 3524	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3524	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe
PID 660 wrote to memory of 3700	660	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:2588

C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6512

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://partyroyaleplay.com"
1⤵
PID:4956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3112

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.0.1732293662\11444804" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37814ecf-f708-4569-8403-5846826b1d96} 660 "\\.\pipe\gecko-crash-server-pipe.660" 1780 276b04d6158 gpu
3⤵
PID:3524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.1.1196029121\1833006137" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf16d7e-f6cd-4d98-990b-33362c96b273} 660 "\\.\pipe\gecko-crash-server-pipe.660" 2136 2769e170d58 socket
3⤵
PID:3700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.2.2071771191\188746500" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2752 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dc0340e-954e-4548-9132-8882368fd6a3} 660 "\\.\pipe\gecko-crash-server-pipe.660" 2744 276b4697e58 tab
3⤵
PID:356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.3.1823729453\248271208" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2bbbcfc-1770-434d-bcaf-82547f0bf7e0} 660 "\\.\pipe\gecko-crash-server-pipe.660" 3496 2769e15b258 tab
3⤵
PID:2408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.4.584025787\2007163425" -childID 3 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1918ddcb-5956-4581-8c9b-311a1ae78ab3} 660 "\\.\pipe\gecko-crash-server-pipe.660" 4228 276b64c1b58 tab
3⤵
PID:1132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.5.295523163\818791248" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4792 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3ba8cbf-4579-4043-9ac9-ee7bceec5e75} 660 "\\.\pipe\gecko-crash-server-pipe.660" 4824 276b2cf8758 tab
3⤵
PID:5164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.6.1179492098\1802574183" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb4c34ab-8ff3-4ff7-ae58-554bb4070185} 660 "\\.\pipe\gecko-crash-server-pipe.660" 5048 276b6a5ac58 tab
3⤵
PID:5172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.7.1855148306\310939357" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b25f7ec0-9ef2-4168-b9e8-e316fa6b0767} 660 "\\.\pipe\gecko-crash-server-pipe.660" 5156 276b6a5bb58 tab
3⤵
PID:5180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.8.1194028320\1628498973" -parentBuildID 20221007134813 -prefsHandle 5504 -prefMapHandle 5632 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8a851cd-2714-4fa4-a681-30c151741f3c} 660 "\\.\pipe\gecko-crash-server-pipe.660" 5628 276b80dd458 rdd
3⤵
PID:5760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.9.1053105114\107695392" -childID 7 -isForBrowser -prefsHandle 5816 -prefMapHandle 4860 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5636fa6d-b4a7-4f3e-8e06-12563201e794} 660 "\\.\pipe\gecko-crash-server-pipe.660" 5824 276b8104d58 tab
3⤵
PID:5844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.10.1625397542\669999285" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6076 -prefMapHandle 6016 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e805b5b-a527-485b-a71e-41830da84043} 660 "\\.\pipe\gecko-crash-server-pipe.660" 6072 276b86f3058 utility
3⤵
PID:5284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="660.11.1542280881\1446744358" -childID 8 -isForBrowser -prefsHandle 6196 -prefMapHandle 6192 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5a0c9c4-4fb5-4d3b-87c8-600cda0bd8db} 660 "\\.\pipe\gecko-crash-server-pipe.660" 6188 276b8858758 tab
3⤵
PID:5488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3432

C:\Users\Admin\Downloads\PartyRoyale.exe
"C:\Users\Admin\Downloads\PartyRoyale.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6076

C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq PartyRoyaleSetup.exe" | %SYSTEMROOT%\System32\find.exe "PartyRoyaleSetup.exe"
2⤵
PID:5124

C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq PartyRoyaleSetup.exe"
3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5160

C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "PartyRoyaleSetup.exe"
3⤵
PID:1012

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:7100

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1428 --field-trial-handle=1608,i,6507898202521578838,17106549465123212896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6208

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup" --mojo-platform-channel-handle=1808 --field-trial-handle=1608,i,6507898202521578838,17106549465123212896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6488

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup" --app-path="C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1608,i,6507898202521578838,17106549465123212896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6608

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup" --app-path="C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1608,i,6507898202521578838,17106549465123212896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6168

C:\Users\Admin\AppData\Local\Temp\a6c611752824cf8ffc285cc752193438.exe
C:\Users\Admin\AppData\Local\Temp\a6c611752824cf8ffc285cc752193438.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:6760

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:7160

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
PID:6656

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup" --mojo-platform-channel-handle=3376 --field-trial-handle=1608,i,6507898202521578838,17106549465123212896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:7068

C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe
"C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\PartyRoyaleSetup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1608,i,6507898202521578838,17106549465123212896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6852

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\SocialWrapper.6462daae[1].css
Filesize
201B

MD5
d12c09d9e8f95066b5f0475d839994d5

SHA1
7a2a2bf9a8f4bff14569f4627714736be6ec88f4

SHA256
6462daaea680cde7a93556c9e9ff796c7620ac4e0ae6aa2565aa1e2e7f091f71

SHA512
811da076fde7370a47cb3458e1d8d3cd661204d55e40119949fbbec9ee3d23fa1fd1afef9eb3a75bd4c6fe2da339d80f1ec2628f921d307ba5d43bc46a247074

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\facebookInit[1].js
Filesize
2KB

MD5
4af357b5e55d7d35abf327600a9d9dcb

SHA1
ce55e0119e65a38725290b53cc8940d4d8b10ca9

SHA256
d1af7dfd2e3da5f749768852f2cbd2c50ccb2c3c84065af97e3a12b27d398c38

SHA512
ff7f6145398f106f2153aa727b1a086c198a6a0a9b6f6bdece1fd8150e53c70c0ad741d494a2175171d8852a28092a0f521d5e5a9f04fcc1effd1cb37329431a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\gtm[1].js
Filesize
178KB

MD5
2b776d52783aca594a2d1185dbe817e4

SHA1
96066586eeb983d8fb300ad7b8997024adbb909a

SHA256
465e954c83efdfd8ea437ae433f7e41962bd08f036a3044f65995bd796b1abb1

SHA512
0cf54b583cfe3c624f8bcd471daed98652ad8f3e07f76f915c7a5911a2d68ff2b28845afa0088d4f106c19ae8faf9834846ebec70370c6f6ebbb7461fed77652

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\login[1]
Filesize
2KB

MD5
ae053dae6f7e2fb4b6d3eee5bbe01dd7

SHA1
6cc7b27cfdc3e84693e3ebb6bca0a1d4b0bc8787

SHA256
358bc88119b46859bdca88982294c3c377af610872ad494d2c7b7f076759ad9a

SHA512
936ec9feacb94b4c911bc68304cfcc14234a98d6c6b277dd834a940a7a447b7bb9c2465f00a571588568c9e736fd24b848d3a63042fba1531fbc0452ef7bbb28

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\warmup[1].gif
Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\71NTS5YI\entry.66f6d9f3[1].css
Filesize
47KB

MD5
ad1fa5a7b3013f22c4488b5938d07de0

SHA1
c8ce1820c3543be445ac8eddd0cd2fb26f0dc722

SHA256
7026682648228ad1241db31df875d8b24f2aee5a7e9680689b402d215ed3f736

SHA512
ae4826b6f3dd57798ca3c518dfcafe041394ecc7116fc5b647cdb2b2e687b2f00f680001eed74a4a85f86fe166cd60ff7c137a4689040bf883a3f77c2aff52e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\71NTS5YI\google[1].js
Filesize
193KB

MD5
7ba3554c56bfdba0804a48de3c039280

SHA1
dba3019b0b98e24ae07e11aa90da83bc13094d53

SHA256
792d7958956de98f5871e8dd02cd14b11e55335813aa51d2ab445f4e9bd33e76

SHA512
2bf9419538d6efbc85ff81716c187f93bd9144ceacb9ba0ed8ff2d5004ceae3f224a4e8816bc9f644f68e8431f1a328b5003c16aaa56477a6c752c54e0393a6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\71NTS5YI\index.24e60340[1].css
Filesize
736B

MD5
0c44af70473ff7bf6dccfc9b6424e7ab

SHA1
ed2ff4cebef285e1191e37f527ba1ff960673eb2

SHA256
dec07a748d1219c7bccfc276cdda986ec692c92ae1402e7fae16fd98abdf2d78

SHA512
bfa4e0c1d8898c393d24147d85823ee5b96b0afb249ce315863b07e27e7dd74b0f14d50cfc4d8cb261fd2d735974a6a2e306048ba61d8d11544cd458cd4fffdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DYROZ7UR\js[1]
Filesize
292KB

MD5
e7ce4d2af314fa9b0844df8aee487404

SHA1
644dd5bf663afdd112325e0f6b20609db79cf8e6

SHA256
d3293ba7954aa3087a23a4b71301a8aac7719ff5898b4781dde67890603a2078

SHA512
85a4a8455590c13ff14baee080c85dfbd4d453f9ab963f1000c92b3ebc137c09c4c1041555388345fdebd2990f37c72d5f509716fdaa97338990cc1cc1045096

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DYROZ7UR\popup.all.min[1].js
Filesize
74KB

MD5
505813d74839f5efb098a5a2aafc65a8

SHA1
50d06f90fdec4f7fd72222770285f0fc11ffcacc

SHA256
0f8b56139e57be7b54597bf9628bc23edbca72dd66205809e451b56f1fa69c60

SHA512
126048473043fd7edf36543d79d01acbd8c4529f0b3fa5e8e319fee5bc9d30a81925990697393bfd1104bc2bbb06963a1a330bc5b8820194fc8784db6863cd70

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DYROZ7UR\twitter[1].js
Filesize
195KB

MD5
3f5711799a095bb347638edea6b28495

SHA1
6319fa6679a3cb44ccdb533461759e48a00d564d

SHA256
8fbae4c382277cd1985179105027a1d853e850327a76c456c579865a469baf60

SHA512
f8d3c537e6ed511d1eaaf77a1c8e58f359a63fcec530fa4b73ba4723ce2cb960ab37499eee1b65d3442c79cd7d044bdf70af9056d62db65e828709fdcdaa6f02

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NOJ38UUS\discord.min[1].js
Filesize
1KB

MD5
a83a0368d78d73050e26b2bd3532f747

SHA1
45d568d4e026bf95827544b2de483ac8bc4ad68f

SHA256
439433d2f95166cb73259ba3ad67643924fa87126a5a510d123ae1c830a0ce23

SHA512
16548db948a98a6342157c35d9612e60cdc5adf1f23d8b08025781851585c82c218222081d46df9a050480f922aa52985b3dd2e2c213dc7de4c7d41b4a722e59

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NOJ38UUS\facebookMain[1].js
Filesize
441KB

MD5
faebc96578acbc8cac8907f43df2acb1

SHA1
0afc71c1b49c056c7682c2ba6775f2e34738bd9a

SHA256
72b7bc8362ba72a3383ace4060f888aa7db816a06c5cffd41ce45eb418d98279

SHA512
e4ea9800f2c29644400c22054a0090b89cdfdd9679d0f0c3f2965b3ac4a0cd60a59403f733d16987eebf26559e22c0327eee22a71fed0efc6d6228e212151d8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\71T7JJT7\partyroyaleplay[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\J3GO6R8I\www.bing[1].xml
Filesize
1KB

MD5
bc3cfc322b75b457018035f6c2ab0e5c

SHA1
f6394fa08cdb0019ed19b061c447ed511f460e34

SHA256
3163d33afc1b653bba8c8946c211e2fd34480c852d8d02b1c8e6e0ba6e2ca607

SHA512
25971e4c7eb5d1814643de47577e074f7a7f1f44cea6f1d86155ca4dc7902f8af7387cc80bb33d0793d9f1b93ed733321988988d5e527d08ad4d9324f89ae04b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VQDT4NKQ\logo[1].png
Filesize
3KB

MD5
2b0be6aafaa68dbdf5aa70be15f6e4bd

SHA1
d6b7731199c90647141eda1e0a7dd51712b7af3e

SHA256
9b6bc8b015cdb6e428be5cb53e77f0640802a5e0acfb90415f05a4517690cd7f

SHA512
e5986702817677bf4b60781b3bc02d7bf301fcf1f865d97a16ba4e42f3e625551cd721a41df524da3aae7df915535c2c50ecb55d5f31d9ff986c61368aeb492f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XM2HW706\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFD4D057AF23A1D5BE.TMP
Filesize
16KB

MD5
31277100f7ca5a42b4da0adecbd2f11d

SHA1
1745bf036b71afeb4be2ed184088ab59a37848ba

SHA256
278b3104e70d705275f04e158e702586e04525608ee78f0a48589691cba78b2f

SHA512
522ce6837a8283a0f7cc72152f0c676d00b20243275274d9a58653673520026da004b5d975db74c9790df04365a48260e467674f7e214f8d788cac7c289b2a6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\628c7b06db750821bf1c6f08_Comp%203_1-transcode[1].dat
Filesize
768KB

MD5
bef7205e640cbe179530353c7953c6d7

SHA1
588a72550f5877c6a505f22736711ba8a8e2a120

SHA256
962a68685e24cc9cdeea24d2b18234d440fc4da1d820a240602312a5967148c6

SHA512
e9fb826bd40ee7612597c72374334bae8efabfbdb89e0592b62f10db5779b8d31f5a3e518cdd1a2b0de393f490ab9e10e706efada3d6d7bc75690b1e1b58975f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\Jazzicon.eb20102e[1].css
Filesize
42B

MD5
10506ebce712e0e94e5a662cc7ad102c

SHA1
8f8e4d9f918038dc8a9f9c295c17f7c334bdcb10

SHA256
eb20102ece61dcb15f879669f25a8c7cb7d9a974ef285518a7971664396e9a6a

SHA512
32f2bf371deeb5bc7a759f50db65850a22e4e4993a159fc6b0d1ba833c34a853445b71a890c515875997d9be0422f2fadbd87df0f1e4aa3214daf0be743338ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\71NTS5YI\asfalt-light.2bb482ca[1].png
Filesize
15KB

MD5
8bf06bcbe5bd33d5b3a2655c8e164c6c

SHA1
003abd51db123c74649c37091582188b35ee6191

SHA256
2bb482cacc89e0f9accdc4746f706d7c0b480b58f3d5234b07733d3ce375c966

SHA512
10591a35a5879b616d3cd723ea02d87fbbcd4c396224fb303b226b60169f11d6ab674f2eec4a71d7f3d1242d65345f5c9fc4bba4ef4157e72580fde58d48d6c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DYROZ7UR\Notification.d798fedc[1].css
Filesize
1KB

MD5
b3655685c4c3e7670fcc7993f3573cdc

SHA1
d83c7be89ae16549ab61d69e7c135ac9c8dda98f

SHA256
d798fedc0c81ba34c97f2be5e718a21ba6f1006e321ea376bf4b6ed3f4457668

SHA512
b61f69ab945cdfed8cb8d8cf78f7b982708470aef2144475a41df28a7f928fc763b3558555f847e7d586a3ed3cebe3375871e5acb09596649143eff496771fb2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DYROZ7UR\entry.9e81fb8a[1].js
Filesize
7.5MB

MD5
e15a8bfb3b704b9f5e9c031b8ff6befa

SHA1
66849d40714b5753770d9dd333950ae2aebbce42

SHA256
5ec879f6f1f31c74f5f804372be569119e95f98fc5e7cbd1818492dfe6d4567a

SHA512
8b7636ebef9481cf0b9bedd291627ee4ce1307a569cc5da8eb8ee16f596dd7de48bc061c947fb4c457462fe2a034b4448aa678d8ee31bf703b6262609872774f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NOJ38UUS\BXELCC53.htm
Filesize
232KB

MD5
7311d46b343f2e3230e774403cc60bc5

SHA1
5a32af9d6ff556dae86df3830cc675293b9ee52b

SHA256
b74b520e59beb720eccc0d8c43717caac30520e6615085fac73b754963597f4f

SHA512
3aa8d15bbc289b981e60e0cfbdc49c4ca51c978487615f2d0a78ca33cbfa7d62ff58a2382207f1ce06f526cb65efa4ea98932009e6831e939c71505d48546a7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NOJ38UUS\SandBg.b9b54d10[1].css
Filesize
254B

MD5
9b6915b62134cb57a3ba140b769ffd09

SHA1
4ef39bf61fbb8c5bad897f377565bdc8961254f6

SHA256
b9b54d100b02220a858b7f3641e4d3e1d2d3156f34f880dd08dfc4c8b34754b5

SHA512
a20c34e358a6f1ab0684c6b94028b13ecd208eb526ac2a332dffbba306475a5ad801a45605f721f836ec4041c8003c5883399fc29bc4681172bcd23fae0fda56

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NOJ38UUS\ogxlogo.82a3a4eb[1].png
Filesize
6KB

MD5
8a1f1f2812cb8be0a2fdda99db12981e

SHA1
b16e378df24fd91e598e80cb3e32cf94af7b017e

SHA256
82a3a4eb60e7d839440251752296bd1cc16c9be6951dd5c920355788299cbe83

SHA512
ff58116d3eecacb979a9c74664ce20bdd7ddd2c947e11ed09e73ba8131b937d58a052f536a9e92a4a93f1ea2d48f6c97c7d8ef11fefda56190e86a95f2012fca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NOJ38UUS\widget_iframe.2b2d73daf636805223fb11d48f3e94f7[1].htm
Filesize
319KB

MD5
95e1b50b0c179aefb47b5b211bb347b5

SHA1
0b06f801ddba503e9a255621dac7516bab1a9d00

SHA256
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

SHA512
7e6c32bf45d95b39522bcd11aa1adfb5fa9779026caa5beacd37b688d70386bf6ef355987b1e38ac5351ab304069f38b6514793768463b359f506bfcdc284d70

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
73f7b669473cd1630eaf816cae80538c

SHA1
b995672bdf405bed4af7c99a0469d737085896e3

SHA256
7881bf254eba4550f8204ab4ec7674a61e0786ebcb05ba5dc7c7b69693bdfc8c

SHA512
10d524d3391d788979e4e91898db1a617c6771e3b15fe9545640ed0e23579863df7146fcc2cc937d2a0812cb39eb79b1607d529989376c280665a56fecbe2a72

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4540FFF096A00B57ECC6E67303DE0B53
Filesize
503B

MD5
817d91a11b08a0b83cad7ba813c4b541

SHA1
f407e9eaf2f33106eeea3d72fcef231a3a15d23b

SHA256
dcbecd74dd250875cae2fff7ae214c877c0751d54a593418add8cd1daaa55077

SHA512
15dca6fe95e80338826344f9a1c6dff91a114c265e48c83728c340123bc8658226c09a4a90e97e7f91f9bc657e05d002de5822f1c773e653fc0ad538f7f4b21b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8
Filesize
472B

MD5
c08698df8f55dcc1df2b50a71a53de5d

SHA1
222947014bd20eca754f1f1dee9798e86f9b187c

SHA256
1d257569f0832bb7d95d4739e7f475d5c9721db5e5d68ce4c51758f07ea5bde4

SHA512
d2cf54b7ca264555dad62d2df00c840d35843c0bd21524149d2ec04e2a5f272120f9dfa03d4df414e1fa6ac1172a49ef9474383b45717bf594a3fbc3e70b077d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
Filesize
471B

MD5
3a8f52a73a0ffe1b25e9cc236f48fe24

SHA1
98f65a3bd838f6fc17f19d143697668019d74fb6

SHA256
08c5a29774a8796daab8d3242d129c6820b92bad1717d60a881e202043d539a6

SHA512
7b60cb681ca7f0125f397ca8b9d79f6caeabac04b9d74eed5a32d4d021fc399e1846e7da5f6b10b16bf946a9bbff216c900a114add4f4a1f9c88bfe9ae76e625

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
Filesize
170B

MD5
a0ed25484883d5b406cf85ae57497928

SHA1
c2d986b497b318ad7af7eb7db8f4fc075e51b45b

SHA256
1a5ef8dc5592f86c948727405d0a653fffab7cff06e56f7de489657f32f0387c

SHA512
836c85d37b015507df3b06d02be1ef412c33777025f48817e00dc44453f90a97d1c326f998a5a8cd580d70e3e32bc00671198941915da815ce06a87b45507329

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
3642d662fb3c5c9e6ad461188228521c

SHA1
68cb666dd1ec252900cb4a67df832553a091798f

SHA256
eae2e381971982559a5ab714d99f2a5afb57d960ca2dc45a2e86889bfa30c722

SHA512
5d13da6881cfb0de24736db321a1dcc666f0efc00e9cd3225600d10bdf5649418b0e7fa2e307b57d8c5c156f9af8dc3d06c755962be57c5cff5d3148352bb6e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
1ee3da81df4c710274ff766ec86df3ff

SHA1
7ad3de3ff96270e21df43f3483a94eb2a5bc8eb9

SHA256
609415fe5a6625b2db4c837068431e977c15b59809ffa58159e00db3bde8734d

SHA512
7fcfe3d533a4ca678e3477c5b3afc9ad43a474e6dff9f59d35f4f60c32449e6cfe4b897868f4c881de99341d5ed56a17aa3f10766ccd55f48957cff9e108d6ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4540FFF096A00B57ECC6E67303DE0B53
Filesize
548B

MD5
bba1c5d98e51ead8a51e255076960971

SHA1
e12307b6058773bd8c10620a894448f36255a932

SHA256
6240743f4502b830d49d18069dc77ade040a6a3d81459097d895dd595c33f722

SHA512
2b68d55b01cb577ad60a3606f4c9e45a4e6339345579f697b9b2efa41b7636c53bf1e54ebf5f21d322b2726428ee6a414e8855f33c827be3b9afb70b0e6f083b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8
Filesize
398B

MD5
bdb896f17567c80f8c936164a7316829

SHA1
d0a62970b90d008378b3a50c0cfaa8717afb425a

SHA256
d21f5ce6c16f9756ac7f9161bb34398ae12eb1c36565016f0a9102d6d0da0e4d

SHA512
439669860589b5f9124b05b8e9370cfafe9203658f1bcfbdcd81bf83bac71431a7540458775a3dee929f5706f787ef340198c0b14762e4918129f99a75e1b489

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
Filesize
412B

MD5
a100580941e71022a5b5626fe16446e0

SHA1
2218c076c4d6d478c2110b41fc380cb508e055a3

SHA256
3ae34d8da72dfbdacd199e8df4b7d76b28ad4ab6fd7b112a4412bc07368017e5

SHA512
acecd943f652385ef052402c290f4cf044f5701d1e9258323ef72031642d846abac60e0ee4f30cbf35e10dc18c85a05153b947fd89efbe983fc23b1f06368a24

Download Submit
C:\Users\Admin\AppData\Local\Programs\PartyRoyaleSetup\chrome_100_percent.pak
Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\LICENSE.electron.txt
Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\LICENSES.chromium.html
Filesize
6.5MB

MD5
796505037e030807d9ddd01c93eb353b

SHA1
79a1eac3b505e6d94a6206d4a5198d3cc11ab038

SHA256
9f3f2b4d9bbd3113486839eca85de119fab766450cdca08a4574b80748885708

SHA512
9435273a4541a579a427a295be47af8b81133896f50c97bab1d8ab391089f90186a7fd057b53e8b74829e4747e98428d8b4d242eb6854b1304a94a2891c2fd11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\chrome_200_percent.pak
Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\ffmpeg.dll
Filesize
2.6MB

MD5
00ffabbb9438a0da15a021451a9c2d0d

SHA1
4bb79fe2b09962c6c46b70d7dfb1f9d9604a22dc

SHA256
aad7e7ac9d74ac18892801950c9728e9c4eacd3b676cbb5d6f63382da2ce0559

SHA512
989d8d0afd3ce64c65a90d1046f28b19e5b125f8b5a565b76b8c950d152d3b9a57d68126888321c7cd8a4985249c1ec649c453e7501aaa4ff60d9662afd85f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\icudtl.dat
Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\libEGL.dll
Filesize
473KB

MD5
ef4291ace01485ee773183ee3c1ed5c4

SHA1
9c9d32813a733ebceb25c0dbb9f85ef27f6e0a0f

SHA256
85f238fb7ace3cbdf7c29c72b01307c440f13491b07a509cbc5b9f257a637164

SHA512
a98bfe1845a712943687f0b20d1904bae1b6836ea37f8a2053872f938dceb2f391fadd3db034c0b8563c0b1ab3d4506d13b613ed51780ef10e813c085c830f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\libGLESv2.dll
Filesize
7.2MB

MD5
60e42e83b260582fc96aaf43293d99e1

SHA1
c548a10873f9a57e18c7fbb1fe89685f4cf1ba84

SHA256
25d49934fc220b169cadeb21fc99dc2a8fb1dd5a4f244265799392f0f5f2f8f8

SHA512
6a905e2b9427fb6e4a53080afdc2ae9dc32c54aab5460f88f7d3fd16e7e9a841d332057f58942d54defe91361a54d3cbedba295399cead754f353f80f92f238b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\af.pak
Filesize
340KB

MD5
198092a7a82efced4d59715bd3e41703

SHA1
ac3cdfba133330fce825816b2f9579ac240dc176

SHA256
d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba

SHA512
590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\am.pak
Filesize
551KB

MD5
952933d2d388683c91ee7eaa7539e625

SHA1
7a0f5a10d7d61c32577c0d027db8c66c27e56c7d

SHA256
55357baf28716a73f79ac9a6af1ae63972eb79f93c415715518027fc5c528504

SHA512
5aa5ef0ed1da98b36840389e694dc5dcef496524314b61603d0c5ee03a663bb4c753623fb400792754b51331df20ac6d9cf97c183922f19fc0072822688f988d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ar.pak
Filesize
602KB

MD5
98f8a48892b41e64bef135b86f3d4a6c

SHA1
32f8d57ec505332f711b9203aed969704bd97bc9

SHA256
e34d5cabaed4634c672591074057c12947bc9e728004228a9e75f87829f4a48a

SHA512
6ed3fe415b2f6de24136917da870b47c653d15c7a561baae55a285946a6f75e5141aba3bc064982f99baef0a893266693864c2d603c5c22c2b95627b2035f7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\bg.pak
Filesize
631KB

MD5
9dc95c3b9b47cc9fe5a34b2aab2d4d01

SHA1
bc19494d160e4af6abd0a10c5adbc8114d50a714

SHA256
fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e

SHA512
a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\bn.pak
Filesize
812KB

MD5
d6ccc9689654b84bc095cec4f1952cca

SHA1
286130971826b0af1b6d29c5283dfa71af7cd7b0

SHA256
e325d936cd97c3f9ddfca2d87caefb8b6e7465ffa31d0386ae2456b18f7a92da

SHA512
db0400820c5cd1100337c955084eac3036b55bbf66b403337bec2079bc47696e2e48a771214662b286f4f45f763d2ad423aeccbd0f06cf0bc11038662558f4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ca.pak
Filesize
384KB

MD5
2f8d050c228583559cda181291b76e5a

SHA1
b047f1cfb30b1162b1dd79f7e424a83fd807eec7

SHA256
e1d6b5fd0bc411f2895eaaa1409916f5ffe39a5c6bd1bafe8af7ce33da5be17d

SHA512
e4f150cd9942ef5105e72376835da6edc31ef91783e41cd2fc04600c04f342bbc96e08e23c8af1c0c1e563bb8a7d3840a2289767525c30d08c2f23d0e837801f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\cs.pak
Filesize
393KB

MD5
26765c7be201444f0238962bb16a506b

SHA1
f9d4a33795e45127c14bcf35cc770845627e15e8

SHA256
936466784a55b965d23b016bc49377655bc5d281d012c8369c0809c961e05c74

SHA512
577d52d2d5048cd952aff1e76121a495328c1978cdea2eaa4f85812cc513917f69510e135e96f7967f4ed43cf88e180cb1d9059e17c855c8d4f94ca036730214

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\da.pak
Filesize
356KB

MD5
fecabf71853bab84eacdd95699c49f69

SHA1
8519afc13e100a550ca3d756518a0bc33674e0d3

SHA256
1b0793b1cbeb6a56ff1e64523c37ba753457320aa29f9718022caa07b4981d8f

SHA512
e932d382d41a79ece172349e916221a67d97f5fd4b2dc1325d6bd2f7c6757cbc01d6fbc8d9846f6ec462eb637210f7c650f6944418edbd3f8614ef99030d9392

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\de.pak
Filesize
381KB

MD5
ec069f60c9825080b9d18ff6492e816d

SHA1
34ce5101c9646f9c2deb9820a3b26eb91c525ebc

SHA256
e0f632ce324951002c80e019dd0169be9f6b0640533fa434cd6ca80f28a1d3f7

SHA512
95a88ac98f0957e5f200af76c1a743b976228f7da1bb6c6b3b88a54adcff05e1172d7cf2e6f0a82cbc8ad0aa79974a1bc046516250a3a5889fd7b2e4d7c0b804

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\el.pak
Filesize
691KB

MD5
306a80dadadb1f9182810733269537fd

SHA1
bc01a65a9d024ec72e613aedc60f4838be798040

SHA256
92403b6160e38746597d4dd7f64d64cf19e30b5e7862901263c39679187b2c91

SHA512
491016b8fcca59a7dc9523358c4a7b56c55360f424e8fe9330d6f01480835805e961f1e48f8777660510d9af9a66961c639df162190dec595a867d54150eecfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\en-GB.pak
Filesize
310KB

MD5
502260e74b65b96cd93f5e7bf0391157

SHA1
b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7

SHA256
463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b

SHA512
0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\en-US.pak
Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\es-419.pak
Filesize
380KB

MD5
774ced79da2fd32bd1ba52a0f16e0a19

SHA1
ff36dcf8b62046871f441f301dd7af51cb9ce7ee

SHA256
5aff3762747a6e8c6df9f2a3b470bf231b44163006b17ce87e2a03694be27b81

SHA512
7763c15fa97efa9a5af73dcdedd4fe260139bd8ff782ca3aa0937d9355b2d14c3e482e570844ac33d22d7b016c7b9097d727c1dd585f421dccd59ca7bbc24269

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\es.pak
Filesize
380KB

MD5
ba80f46ef6e141cef4085273a966fd91

SHA1
878f35e15b02558f75f68ec42a5cc839368c6d61

SHA256
267e7b6376e7e5ab806b16fde93bbbcd961bf0c3a7b3a2cabccab37faa9a1d16

SHA512
8a8b4f7db23d4c93756b6dc4219f00c77358a8fe992da1f51431597b82c3aa87abf3a98d79e13e7b4a14a1a9e94d388760fb6abf3a744406dee951c8e78cf361

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\et.pak
Filesize
342KB

MD5
e97fe1e6d06a2275a20d158dc4e3b892

SHA1
1575b9b1fc331a70bbe4ca7d1095d4ed6777ecc1

SHA256
d984aee4d18ca24a88846b1b6e0294d373733430f30bb4f1b97bc7d50d512c2e

SHA512
77879a4d1062671b616ba9b2ce0b6f69a5dbed6bd56b73ded902d1f9f44ecd96a2212690b3568c0ba273c73d91589ff2bf18c7ef9b66e0630fbaafde2a61b1b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\fa.pak
Filesize
557KB

MD5
d55f65c6fda6ed6f549d2c9f0a4ce874

SHA1
952792f2da5ed9cb1cfed14e5afb8abf5cf29cb3

SHA256
221bbbde078d135f6daca4978a31cc6a82f8f46536467ebc9a0cd322c58a7785

SHA512
d0bb83467182d8b3a8f8371d749e682cf05f89daefe28764f2c263e7cfbfc3f86cb388061b48dadda26c3dd246dd6f7a57af58ca9344c2f6b90de87af1e91c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\fi.pak
Filesize
351KB

MD5
fa7dbd2ee35587ff31fde3c7107e4603

SHA1
baaa093dcb7eccf77ce599c8ff09df203e434b60

SHA256
5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c

SHA512
587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\fil.pak
Filesize
394KB

MD5
3126f74d021e9423d71913bb45a62935

SHA1
c9a80c8585aabbfec34ae891416794b1b3e29a11

SHA256
4cd3fa70487e894400ad29e3bfbfba3e1c5edd799aab12c62c3aff3c2580ce5e

SHA512
fb360723ee53b3f7038eebd1b919a36784a0e3dc878e810bc905c4297379dade6006c8872ed68412b06161cacb0d6e32a7157ecf97d9e103a4ca3b2b71db8765

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\fr.pak
Filesize
410KB

MD5
51ee1ed54fec49effd103c29677885b5

SHA1
ced6fd3354007d1ef3ea7b6689aae5213c20cc69

SHA256
1f6bc09499ee37456968a28b67b81bbf5b9df4f0c6035a388242d2037a3b65a1

SHA512
dfd50ad99b89345940afead11c3a6940d4408a0e6265cddda1d71ad92527ea00d8057ac77ceb2ffe137a3f0d2f321c210bc7cf97ed821f01e538dc08d07149a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\gu.pak
Filesize
787KB

MD5
b7f4c73d56be31042d8edd7e8ea080f3

SHA1
c0c3595701c0a75c14931ed65958d36df0d925c5

SHA256
c36a20730d5f2b91cb61b5b2a5912db2ea5a328a9b8abe0fca0af300446d3c20

SHA512
ea0d766a754604cad4d5f3180c30f7dfdc3e1cfe79d67365b72adc0d7574851f21bdd5b748b16e8b4a95ade40c8ed0442bcefd511a2934cc9c701e379c955d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\he.pak
Filesize
488KB

MD5
6376d0a5f4273b76b1f4aabade194e0c

SHA1
337ba39f09454c0779ab64872b9fa11f866d6adc

SHA256
875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45

SHA512
00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\hi.pak
Filesize
821KB

MD5
ede7fa471c5eebc1fa55b9b3b6f92d00

SHA1
1d1f529c615799bb3a3319ddd1357cb5dc71464e

SHA256
1e9623c7407ae8b8a88df3f69a47ae8117f74c4dcb56897bb794a9c38ee5805b

SHA512
0f51ea54e828700080effa6c728230c523ff8e26fb350e6f337028d18614d5dfc4a2792cb92b5e606bd0702067f55fea546029cddd1ebf7fa74ef5521ff08338

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\hr.pak
Filesize
381KB

MD5
7095ef4caf6bd39174487002a4e09300

SHA1
1efe686bd0b7f035aee7ab4c52be6133121cd0f3

SHA256
3d7685163c5eb6a11e745ff934312b8681c5f85dfa8d9ea701e9dcaee1e7a285

SHA512
45488d46dfe7a31a007932917f7baf4c195da899de5dc56d98e555336668af3edb77996487649b86f56beac688374ce77f8feadc01e3f84d30d83bd67631f9c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\hu.pak
Filesize
411KB

MD5
d6904e7d1b6750d43a6478877c42618d

SHA1
919f090a6a3aa1112916f5bb0d5b73a62be43c1e

SHA256
3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f

SHA512
d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\id.pak
Filesize
336KB

MD5
881ff04e220aa8c6ed9d0d76bfa07cb8

SHA1
cacf3620d1bf85648329902216e6cdc6f588a5ba

SHA256
9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22

SHA512
9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\it.pak
Filesize
373KB

MD5
91391f388b4b6c12a72710c35f4c355d

SHA1
f89e6ea977a10a9f050395489285ce8c041c2c05

SHA256
c0dc0a4a87f7bb054a30eb1174c3228ea2014bd94668a7d22995b99c4937d817

SHA512
8796d69d1a8bdbc7690ded45404174b7fa0b5bec8453d79a3c85bf4707c3f32caf634c792c72ce7bda3522eceb5fc6761b696471586397064d9f1f1988ceee88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ja.pak
Filesize
456KB

MD5
8209dd8cf4e416416e015ff239b7c483

SHA1
7affd1707b9eec52c26a4c17708c8471c369e2f6

SHA256
3accfd9a1833ddeedb2082fb94101beb59b555c60f42e3070e9e04a372eba84a

SHA512
6a58a1ea8a46c325cac0629f2e3b571532a9a2a342ed61ca47bd1dcee20ce0b0350e4f6d3e8e4c6903c7ba4a4592a6382bf0fcb5437febd1673b3c2ce8cd7499

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\kn.pak
Filesize
910KB

MD5
d3d6bc60bead608e68e776e07d21ad30

SHA1
e40e38ca99026056c127e9e1a1ff821a50310887

SHA256
90b2df3338468e84e2cf2f2f67597cba5c3ceb5dba9c59ebd072ec15a70ce741

SHA512
05421db2f1202573a34de1e722c6bdb55a35821c4aebd54c80e6594fc92075cd9b97e5bfdfe93b4228c3a2646b92a27da4722ef3826e2807238dcc56ba273706

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ko.pak
Filesize
383KB

MD5
b31780fff9541290c1d9f5b76141430d

SHA1
8b0fbdccd0a7f8141846763a0d27e4e0da0552dc

SHA256
b04c1b91cab31054be70cb851dc6716065545445801045daceb96eeee4d2334a

SHA512
a573dd09520059832e7f53386a64dcdde47452b02ce1e5d7e11385abbc8b734dcee0065b4ca351591bf9cc2f66fae204b9300702246d20265e8ddff4f7c1e6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\lt.pak
Filesize
412KB

MD5
7b6bf901352885c0699db71239b7cf24

SHA1
9e3ec5f327c0d0e54a449332061e60a8c79243cf

SHA256
9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350

SHA512
79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\lv.pak
Filesize
410KB

MD5
e664eb35f1284e9fc615e1bb4fab892b

SHA1
e777653abec377a394170b04f79e78acbe4b6a3b

SHA256
b5a31cbfcb40ad8d911de1618c4eb7e8cc67b97eb8878220f15d40eb014d8ac8

SHA512
c3232997e8d306e91ded72e9d81ffae2018af3e6c32fe620532e03bccd2883fce59b2a2290a1580d7080c468c02bcd24c1bc90051f06bfa9a4e17857d4aa583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ml.pak
Filesize
948KB

MD5
00292b0801e0dd0a74091bf53f1574c9

SHA1
63a002e7a8796bc4b4459a19c95ce426fbd1ec7f

SHA256
61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6

SHA512
e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\mr.pak
Filesize
772KB

MD5
b9a2aa88c69c42ebcc41fef00c980a38

SHA1
9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8

SHA256
481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09

SHA512
5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ms.pak
Filesize
351KB

MD5
d5da199f347452c5904bff9332a08f84

SHA1
b5fb8c22708a7e3130684f1a9923b6dab10c3ae5

SHA256
fe58cc4f62fc31e32c1fb9a0893a5483391ab6a91b1c92ed4a5e3103a962da7a

SHA512
9fddeb376bececc51dec997b3ed1e22821340fa172636f641af774dae8bc9b5c0780757380bf3fa8df0f9682a555ede81c449ae9468f63215c17123d13ee9f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\nb.pak
Filesize
344KB

MD5
bbae0915edec081b04bb903b689bc40b

SHA1
6a0fc635ce1c431e512b8b3b8448176aa4025556

SHA256
d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8

SHA512
573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\nl.pak
Filesize
356KB

MD5
9f547a24e2840d77339ca20625125b4c

SHA1
23366411b334f990a0328a032b80b2667fda2fcd

SHA256
55413d5eddb3300e0ae0fa5d79d26fdf1e5a12922d7018c8054b1faa9d660301

SHA512
34da7a0b58ee3904d00cf02d16d5a3ef508fb708d7c0a887286fc32cd6145b2bd857d317c784d1d1b17662041eadcf7e225908980eb93f2b81161d845c0bb67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\pl.pak
Filesize
396KB

MD5
0dc77139d3530695cb4e85b708bc0bf6

SHA1
6915655afd1e37361c011f5c2113d72c7a0e85bc

SHA256
53b59486361b11512fb90f15065104b15ee2322bb7804f859cde2f2ecf9581fb

SHA512
ee1ca1d99ac279df4cc0e532aef2fc531061736b636a84310bdbd627e0f2435eac1a386ebb19aa901b6eae3929bda1c5da4f41b73a25a1b20137522e34547600

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\pt-BR.pak
Filesize
374KB

MD5
a064cb9d7cf18936600e9ccc03297006

SHA1
eb436a0c584ba91acb05dfccde139afbe26fe9f4

SHA256
c9ec3822044365457b8736348cf95a8e39bdfe3ed36267449bf3ed739accef2e

SHA512
95af684abf9d24cfc4d0668a02da1e2e69f5e671d671d8cdfadc22ec991908c6aa5663fe1fa88ca8e85c0508f409fa6c2bbc174c53674270f2b188018d358415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\pt-PT.pak
Filesize
376KB

MD5
3f367760b57a5e4360dabcd4a650bc5f

SHA1
8d7cd6b0eb42361ee862455ecfa475d28f5aa934

SHA256
c89170385b3afb2ec89fbd61b8470ac718713c7296441c8430f173dac218e74b

SHA512
3dc30780d57dee91215a716dc6b4cb432838aa0161af4371f49f70db2076bd155b170fd2c1617f59e1b572144a2e150a34143eda82d9f2227d24d2281d5aba60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ro.pak
Filesize
387KB

MD5
745a9b8c6422682f2cfa5561cc1f4022

SHA1
31e3616ef09f9b1fd1c41cf8f43e504a6f90276f

SHA256
7247470057a936d03bfa2a8776508ab66aa1040c41a4eb8f79c1e93551c74bb8

SHA512
8e0b7f98cb842a862ceca65e0166462275feed26c32c9c299aba9986d36b716a90d4a8db5ccef355ac266b7e969071014cc7ab6439778e77c52754bc23b4c575

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ru.pak
Filesize
634KB

MD5
5cc0f54e022a9996773dbd64906d5580

SHA1
87c103bd69724579b478f904235e03caf61d5d79

SHA256
b4223b56ec88235819a427d60bb937eb3984076523f02a018f57819e0429bea9

SHA512
b3365fedcba50643cecf1a70297e1e67990d63ae05caa87de01a70ef6f28e0f73a9a0edb0ff80b4138c624e51aa2dac065a2d40877fc92137714ae07734c2f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\sk.pak
Filesize
399KB

MD5
72946b939f7bcaa98ab314cfba634e0b

SHA1
71c79a61712c8c5d3dac07a65d4c727e3b80ab17

SHA256
75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7

SHA512
2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\sl.pak
Filesize
385KB

MD5
4ad22c6c64dbe0fc432afaa28090c4d9

SHA1
19eb65ae52a585dbd9c25c32f22b099020c43091

SHA256
6002c129a56558832e9bd260c427c0bd2e1566e0aea3ad999f89c8e479534f9b

SHA512
94f9d34e76560059ef80fc04be4d54e52a7d934dd28747db7f0f6684243b841087245699a471a55d667623d2ce5e597a3d2c6bc37cfd7ebd2f5b8fb40e6207e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\sr.pak
Filesize
595KB

MD5
fca817ed4b839b976ebcbf59cac66d68

SHA1
413efa65470319999032b6a25b3b2ee33b8cd047

SHA256
524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb

SHA512
cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\sv.pak
Filesize
347KB

MD5
5130a033016b45ae2c3363edb3df7324

SHA1
9f696d78b1b9efec180dc89ee0defc3ba23e6677

SHA256
3420a1fbcca5bf8c2d65d6dcb0db78b03f95f7f2fc56479a0de6e3312333ce6f

SHA512
401b71360dcacf3b1fdc411c92195051370db110863cbed37143263e7804cb24b75ff1908ee39ee848c28776df00d6edd8cc748acf3725668af7815929e8066b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\sw.pak
Filesize
365KB

MD5
9632dd7d883fa4deb3963ea663e0ffd4

SHA1
0db135be4b3a7c54c39e9df5034d5576b68ea92e

SHA256
690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e

SHA512
3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ta.pak
Filesize
936KB

MD5
f100566697a96ce1f0a0c7e0bbfbe36d

SHA1
4c80a4930ba7d174c4203c199492463242bddf62

SHA256
7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db

SHA512
dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\te.pak
Filesize
869KB

MD5
b1b6a9e3a04be79080ebbfacc1a0eb2d

SHA1
a5c8eb6a930062f6021d073d5f74ae146dc7fbc8

SHA256
d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b

SHA512
bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\th.pak
Filesize
731KB

MD5
a970b7e9d3aec2cd1b8ab798b3179f07

SHA1
bf17a7e80e01ac1704a1efdf27baf271b4c21e36

SHA256
cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1

SHA512
880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\tr.pak
Filesize
371KB

MD5
46f9b2a35efdf1120a8a946e4f1d0115

SHA1
af7bec1fba32d912b50288a7d988440627e4ee85

SHA256
b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0

SHA512
cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\uk.pak
Filesize
634KB

MD5
3b2a976a25dca963e91df3695c502d8c

SHA1
ce7ae51211f512c3723bb43ea0de9e6debb70597

SHA256
28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37

SHA512
ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\ur.pak
Filesize
552KB

MD5
ba86f1f13fdc37a2c48c1da34c84f4c4

SHA1
2f1578d0eee76e60effb63967712b15c0d56829e

SHA256
4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707

SHA512
fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\vi.pak
Filesize
439KB

MD5
065179c466c5b7457e249f11d152b99f

SHA1
cfc05e9dfb91b2af2944aed4718fa05b43844914

SHA256
b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb

SHA512
fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\zh-CN.pak
Filesize
319KB

MD5
2febe4ef32e1a3884089908f402ad62f

SHA1
e65c54adc127b78494dd6189cca71f1c7bd2a5b0

SHA256
a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6

SHA512
8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\locales\zh-TW.pak
Filesize
316KB

MD5
02e9e0bc5c30ca60a869ea761fb662eb

SHA1
c5200f692544b681af8757627da430aeea4283ee

SHA256
c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff

SHA512
07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\resources.pak
Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\resources\app.asar
Filesize
9.8MB

MD5
6e2859346c84432ba52a7120759f216d

SHA1
c247bbfc69ccf897c8995f83f035e5899b81c493

SHA256
4f9f48cccf86581eb910be331e782226934e0d772c658291686157c6af9b279d

SHA512
17820e97f7a355f9bc0aee461f1188a16b57547c00ef7f8ef9f49893b25619f4cd018891ee501ab3a22ab104b36c95e79e1ba67a2419930a09bf95d1747b4970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\resources\elevate.exe
Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\snapshot_blob.bin
Filesize
168KB

MD5
d276f526d6af118924193274b8456df4

SHA1
19043bde20a58102d48e94a90074ab76cea9401d

SHA256
8613412ebcf462373d4d50f5729f5b9a61ef2b5c599b267f750276c8e29caf25

SHA512
4babc0c7df37a873053b6df8d3a3ad80a7231fbfbaae844297730bc4035c00a248812634a37ed12ccf569b0c250d0f15a153dcda4403f335e5ce270d4e96e186

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\v8_context_snapshot.bin
Filesize
471KB

MD5
6503b392ac5c25ff020189fa38fbaecb

SHA1
50fb4f7b765ac2b0da07f3759752dbc9d6d9867b

SHA256
add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470

SHA512
9c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\vk_swiftshader.dll
Filesize
4.9MB

MD5
afb174ccd1abb292da14779a079d4282

SHA1
ddd74e61c48c4445f1b3fa886b7c28b0de3f1859

SHA256
a32c3fbbf74699a10e7642bf4901191f29c88c5aec93ae7ba28c79ab28462a69

SHA512
fddd4d70dc6b8d424adfa509ad145845d13d898eaedb1706de357cf1dcd4eb25fe581c9dc58c1de0954b1a10b232934d219563a1e2e8ed1bc01412bfc789cbfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\7z-out\vulkan-1.dll
Filesize
894KB

MD5
7ba000aece0d376e6f77e4c2f48f69c8

SHA1
24b103a2d9d5d742783ad3ecbfeb2cc57bd711c6

SHA256
1f8b647f161f20d45d554e349b3e5ef0b7b5da8c7bdbc1ff631d37dc9c819503

SHA512
d051ed9d1b9c28cd38da020cebe8b58da53c520f8686dc08fb9e626a9751c23fc43b97b2c309314e3f9a94f1eea448b77657c955c7b22aaadc6c0753b85f744c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
13KB

MD5
2919b0bc18670b4161b45b0860ebf722

SHA1
9e8b22860d6a9098b2806aac81e68caf48d61b9d

SHA256
0bb635b3e87383a8bc989b9054fff197aecc90abbf56e5b7958081d6dba97d91

SHA512
f0f2ec8b30c1836e5319361d9f2965d52b42bb518b7c74264f519c5c90571129cd0d44b425ec05b3f9f1ee1d8b866f5ed90dc79d9bf710e7ac16ceb363e89b47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-06-22_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4
Filesize
945B

MD5
838d93fe7f64f4f752cc6aa88379ef54

SHA1
55f0a2bd40fd96e3a319f886a58891fd9d416c0b

SHA256
1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d

SHA512
8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json
Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
cc0e3472d8c0d00d1dabbc34a2dfb84a

SHA1
27303dc0e6e008b46016e9d5419180c67d886c26

SHA256
9f44aad3628e6cd5c2a0729ba1a42472f307f62c7ebe006a51f3d62404cd3487

SHA512
0079f105f19277973d5d61ee0f33a19806cb77f1a85c7417b980a1a52a6d8fc08abcb3dd5a220d2e0409d156be560558076b055f1897a3cd7cfe372770548df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\1f82dcca-e634-47a1-a10b-18d357641357
Filesize
746B

MD5
ed30641cad95b81a9d12d4ae78d7b5aa

SHA1
ff710df32b095766e02268bcb41ab4c547b3ca44

SHA256
711179cea4cf34043691417bbfa4e7cd5aeb6785b0943e01403531dd0feade13

SHA512
cbe56fd30bca6a0dd6ec6f833a20e5e35f68891acc8d1923ed40ee006ade411aee541cbf1453bfa8c25d2ab3c68e31af8d4bd1dc13a52ca3ad780c882f7f8c97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\34d5ed79-e227-408e-853d-511cab17e3c9
Filesize
11KB

MD5
f2dfc2fde4eef2cd31fe733cc03289ed

SHA1
9dac724bffc470def08f9db9a33a4ead5b80254d

SHA256
275117075dfd357307aec23964254c6f1816355ca6503a870c6ef9e1eabf4343

SHA512
84113a11d3133d58e63df9140d8675c82acd2302006cdf791b4dcc90f0dd4b21cc3a0db60df0622baf231f0c02a825dc1044727883d9eb23712840d29f9c76e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
Filesize
7KB

MD5
10b9a382bdf50bffad8fb668b1824297

SHA1
1f44a21dfe9fced0a766e1ec49f50dd5352add5b

SHA256
c1a28de2a1d5dbefbd41b437c4281b2d7daa1a7e56184580383936b06fcc3b2e

SHA512
2d2130eeac6f43b95dd913a5f7f06b2e10ce9f84c67e46e5227158068e20fbd6db8e52f9fb4d4f8c0197949609ce8004c27887d635545037d7baddc9824dc42e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
Filesize
6KB

MD5
50dd371ae26c219cd8f8bb77361d23a9

SHA1
6eb5503705db8992b478a898a87e561ea5e257d2

SHA256
48684f53483d6ceffc9b09ceee6124c78df3489ec593ef7d99c93e23668ea4e1

SHA512
0709e4cb3daa0acf87bbfde9da5e2cd2e6d5009f8024b804d6ed357dc36a1214bd5517a2194a002c0b6fe6fd9526f32b431542160f81eadbbe02e0bdc345f6a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
Filesize
7KB

MD5
2f5d03128c6a1db7474ca7376a7bb007

SHA1
8a1d9cb1a8693764520c017bf6e8ba519c9aceb2

SHA256
4db8de1bc13d2563503b2721403e9ecafaeb294af2a52518afc73800f1b99fb8

SHA512
f26f1621acdc73223313bf8471bcb5f06614116d84b4c543f86ff20dcba990724f993513eab28136826f72a7df9eb816d340080f80c297953531e792384e67cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
Filesize
7KB

MD5
81d3a2c461fae56b5cadd4b1176b25b2

SHA1
e96872f69b15aab576bef79e388018c1478d3906

SHA256
245ae73bfcb2269dfba3b60ccd5c851fb5f754382e57e84f1707b510d4717e53

SHA512
87ff78469ffc088c0deb339d61135fc1c6bce53a80839e18d77f08d28d29e12b356a637f0b50d2ee317188a70ec43115b3210a7d16bc0adccc1553477b769e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
Filesize
7KB

MD5
2c828e3f5927d5fb846898de8c183675

SHA1
6690b600cd71dda8763f27b3226cff5f7b57678d

SHA256
21f8f51ef9cdcde9e8c0cc6cf989f11f8ecc2f4b5cfaf9a39aa765f0c9dba3be

SHA512
7bc592b668b0c08849493d748c8b59ea404ca3f9fdefb49fec94ffb33755c5b6c8a28ad8f9eb8fd9614802ed72f634e05fbc05fefc337bbeaad1fff9b15bd818

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
408ba835b85e9924405a6357cc012f44

SHA1
6b1dbcc21d2382a0622482d1e85ada272421e489

SHA256
4eadee4355df06ecf704c2c254eb9d009c8fcfd125b6268f1b1864fa852fea0b

SHA512
b0ccc73e86f343de694af2ed34a8672fac2da0ba8841bd6d317c4973ee4ca12fffac59078bdc74d298bb446b0e07fdf6aec612ae260a76f9c8d45280bb4e4d2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
e0e0d088b76c023c73600d98caf972d1

SHA1
4cb6fdb07ba01cc5e127e567a62670850b5b04ba

SHA256
cf47ad7565b805c9691cf4b135de4262e38a344a9cf272144913c541f6b72b82

SHA512
da926fa26c806a629559373db7bc6a9512c6fc355dc1a132d832815eed336ec2fc31c75873396bab9d27ce35fc2a12cd668c1566457079541b7edfade196bb7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
9684c87721e5b2694c3917a330674ce1

SHA1
2a4742fc96282151c172f795b30daef137aab049

SHA256
cadd4b154d4332450d48137d1de7233e51c9990f7a1cc40b146b38c27c799bbc

SHA512
f1400d1697f29c0006ae246ec1ef769e9a81062697af43c103d9bafa6fc137f602dfa19f4d785b22b7c9133d852b696e77945e21645baa5da980a47e2c80bc25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
4f67cc2d89703e9f5b3db4a33e7ed6e4

SHA1
fa17df59bfa81a1a0b39c2c305efb1d8582624d5

SHA256
6975ca9cc22cf056103d462062f2c712cffc0ff1cf17210da61989fd1047898c

SHA512
1a5b9db5aa968d1472d3115d2d2991948b6b0467c8701ea07a699b8711a31245a205e852290270a492a500845d4cd3746a9128d1b6b86ea7c4c5b3468c29e3cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
56b31097da89d8fec1ed3f26ce414e18

SHA1
176886e26bb0af3619c74f9c4309385586c7689b

SHA256
2fc31f9b67e1bb7ee8ff725cdb0bce056f85aaddb511ca950e76c33118a39eb3

SHA512
91d0052d2a9fb8de7041330c19318f52506b7b3f36e606d6334814c0c458271dec7430d10f125eafa232387c1fd6e105f5d268e92a31404e1673f89637c2a3f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json
Filesize
3KB

MD5
bdcbea3606423e35b150022c63bf186a

SHA1
55eb1ba23126eb5d29529149f51bd94ffa6553e6

SHA256
ec512651ecd4e964a0b420121d58368ec0ba5665ff58925bb6a7e5f2510393c4

SHA512
9a24692ec1d844dd1d6c0ce5b47d772babe04a0c96f5bac0efea5f2b9c0d882c4247612b49ba964b0af22ee18ade48ce16edce20489ae9587d21a5af4cf83dc1

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\Network Persistent State
Filesize
1KB

MD5
0c88b6d09333f575897e79bf7963bc96

SHA1
649efe417b9c301467c0af28070f7a929e4a4ce7

SHA256
46e4e36ffac0d27346eb9bf4f8fccfbbae76a1851b559c003f06f64be0592988

SHA512
2704f753b2e7044c7db9b336aa73a3d940082305a343e4ce653ec11b5a9897dc7240f7b1b9060b938547098d1fc81e0c63325b8aa499b687339d897dcd577c7c

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\Network Persistent State
Filesize
1KB

MD5
f6a7de019384acfee9c09c39d07fb0d7

SHA1
454a0a0a1abd1d3bf89660a932cd720eb4806615

SHA256
a3395496464a2f59be3053d0725d8e62a907b2dad98cdc9e59dec7993283345e

SHA512
c7780487dad26c89ba32c932002d0960c1dabbf8ed49bd31cedba75f9ccf9c86cc6082708a28b8c3ecea8e1caff1c66229f768796845ac6022b14e19d5a7ae5b

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\Network Persistent State
Filesize
1KB

MD5
656892ccfa559a0ad2bbd4034db1947b

SHA1
9ef94acf1b94e016236f4945e91f3a1b1ae67fa4

SHA256
c91b9adc80faed25471a87a9c2b28553dfc5a8abf0169b3e4656bfddc2db7855

SHA512
3cd751dbff789863b740435bdb66298fdd9f60277eb8ce65330a8af586ee564c692ece47d3b0cb9ce58004a44bb8dc001f405bbf0781d2a5313349effb202dbf

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\Network Persistent State~RFe5da182.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\TransportSecurity
Filesize
539B

MD5
c3faff67562f5f79169ec05ba2a32207

SHA1
692f2fed0cd9c39d098ff7c5249db68bab5c7ae7

SHA256
c1a4b5ee5eea5291bd15fda51a63add1d59dd29f468ada9e770d3f3056795ffe

SHA512
19d6d4cb4c7fd2e84025b1eabd39003d64376a91ac1058a9e3c6aa1e0b382278d8f0619e75a4b455462eb7e812b96943e8973434a2ca59a8e46fcfe620c85176

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\TransportSecurity
Filesize
539B

MD5
c1bd595bae0ea4c614ee40813ab7eac2

SHA1
8b40e6f8798f796fef50b342cd462f0f5a930e92

SHA256
31d03b385b0a6f428ea7ac471f60956f6d68abedd4974c89a1af49e04af2d15e

SHA512
80f441144da3cbe35f9089e2e526dff1a557d6634d2f6b7205b23cd592942516617bb9277492b503ed52ffaad76bf37a9d1fd84582e789f9c5f8ca8a83d45626

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Network\TransportSecurity~RFe5d20e8.TMP
Filesize
539B

MD5
52b4d00d9811e1605267a361cfff5e3d

SHA1
c8276e3eec5a35a530631373f6b40550b3b7979e

SHA256
c2ff64b31524406a62c187e95b921924b046e9fdd93ff2ceae03d6107e36f562

SHA512
4ae5b3d64ea96d5c8adf8dd5730367db7a8b6a7b235722ac5beb0e6857d67f0d6f3ef85f86659e169f79ddd4fb84da692e5bc773285b11751f6fd31cfa565dab

Download Submit
C:\Users\Admin\AppData\Roaming\PartyRoyaleSetup\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\PartyRoyale.v0CMm2Bs.exe.part
Filesize
15KB

MD5
27d37511ac52a427033440535ec9b38d

SHA1
921e5251a9787c2c1b4ba4e1c8f0f5bdb5664229

SHA256
7795c794ce063624fb81e7192e25fd6c8cd2e4cd9882cc3ecf12bfb0cb7a45be

SHA512
9687668469732e6175772ea6e77896ac57cfad025fd73ece0eba96b8acf0fcadc43fd5dbcfcabf4b0e29ef9e86e9336f00a0afea07e1086b82ce10f275a79f81

Download Submit
\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsf6F1E.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1076-1593-0x00000210C4500000-0x00000210C4600000-memory.dmp

Filesize
1024KB

Download
memory/1076-1474-0x00000210C2900000-0x00000210C2A00000-memory.dmp

Filesize
1024KB

Download
memory/1076-1585-0x00000210C4500000-0x00000210C4600000-memory.dmp

Filesize
1024KB

Download
memory/1076-1592-0x00000210C1520000-0x00000210C1620000-memory.dmp

Filesize
1024KB

Download
memory/1536-239-0x000001DB6FB80000-0x000001DB6FB81000-memory.dmp

Filesize
4KB

Download
memory/1536-16-0x000001DB69520000-0x000001DB69530000-memory.dmp

Filesize
64KB

Download
memory/1536-35-0x000001DB667F0000-0x000001DB667F2000-memory.dmp

Filesize
8KB

Download
memory/1536-238-0x000001DB6FB70000-0x000001DB6FB71000-memory.dmp

Filesize
4KB

Download
memory/1536-0-0x000001DB69420000-0x000001DB69430000-memory.dmp

Filesize
64KB

Download
memory/2488-953-0x000001B927F40000-0x000001B928040000-memory.dmp

Filesize
1024KB

Download
memory/2488-998-0x000001B938D80000-0x000001B938DA0000-memory.dmp

Filesize
128KB

Download
memory/2488-993-0x000001B938540000-0x000001B938560000-memory.dmp

Filesize
128KB

Download
memory/3156-231-0x0000020FFE000000-0x0000020FFE002000-memory.dmp

Filesize
8KB

Download
memory/3156-128-0x0000020FFD660000-0x0000020FFD662000-memory.dmp

Filesize
8KB

Download
memory/3156-126-0x0000020FFD640000-0x0000020FFD642000-memory.dmp

Filesize
8KB

Download
memory/3156-233-0x0000020FFE080000-0x0000020FFE082000-memory.dmp

Filesize
8KB

Download
memory/3156-124-0x0000020FFD500000-0x0000020FFD502000-memory.dmp

Filesize
8KB

Download
memory/3156-229-0x0000020FFDF40000-0x0000020FFDF42000-memory.dmp

Filesize
8KB

Download
memory/3156-227-0x0000020FFDEE0000-0x0000020FFDEE2000-memory.dmp

Filesize
8KB

Download
memory/3156-536-0x0000020FFCF00000-0x0000020FFD000000-memory.dmp

Filesize
1024KB

Download
memory/3156-284-0x0000020FFF100000-0x0000020FFF200000-memory.dmp

Filesize
1024KB

Download
memory/3156-246-0x0000020FFE090000-0x0000020FFE092000-memory.dmp

Filesize
8KB

Download
memory/3156-225-0x0000020FFDD80000-0x0000020FFDD82000-memory.dmp

Filesize
8KB

Download
memory/4176-45-0x0000024D2A080000-0x0000024D2A180000-memory.dmp

Filesize
1024KB

Download
memory/6208-2527-0x00007FFE412B0000-0x00007FFE412B1000-memory.dmp

Filesize
4KB

Download
memory/6656-3008-0x0000000000C80000-0x0000000000D00000-memory.dmp

Filesize
512KB

Download
memory/6656-2999-0x0000000000C80000-0x0000000000D00000-memory.dmp

Filesize
512KB

Download
memory/6656-2994-0x0000000000C80000-0x0000000000D00000-memory.dmp

Filesize
512KB

Download