229de03b6c70a57a4f5f37213049342a72a9cee5305b5c5c05d05ea30f8a8563

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 21:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hcleague-setup-0.1.5.exe
Size

98.4MB
MD5

f681d86f6afec19947101a79fc214d07
SHA1

ee698956295c94d930595ec259cd3c7c2af07205
SHA256

d0f90377fe5f029ecc4f5dcee8299910588f79d36197fa91609d30fe6755d1cd
SHA512

77e0b7c77f7c219ffa99d7b0208b537347fc751cc5213eb68211abb7a45539098a2204695ed12a8ef073ecd91853551ef7cbd9e34db03facc2ad79ca9289be52
SSDEEP

3145728:3jBnVx2snNLMqbfyOaxjBnVx2kgo6B48HxFv6GqeDPo:3fNLMqbPaxaow1Lv6Gqek

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	hcleague.exe

Executes dropped EXE 14 IoCs

pid	Process
2092	hcleague.exe
5028	hcleague.exe
536	hcleague.exe
1820	hcleague.exe
4920	hcleague.exe
2500	hcleague.exe
5016	hcleague.exe
1696	hcleague.exe
1280	hcleague.exe
1964	hcleague.exe
4256	hcleague.exe
4924	hcleague.exe
624	hcleague.exe
5000	hcleague.exe

Loads dropped DLL 24 IoCs

pid	Process
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
2092	hcleague.exe
536	hcleague.exe
5028	hcleague.exe
1820	hcleague.exe
4920	hcleague.exe
5028	hcleague.exe
5028	hcleague.exe
5028	hcleague.exe
2500	hcleague.exe
5016	hcleague.exe
1696	hcleague.exe
1280	hcleague.exe
1964	hcleague.exe
4256	hcleague.exe
4924	hcleague.exe
624	hcleague.exe
5000	hcleague.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	hcleague.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	hcleague.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	hcleague.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	hcleague.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	hcleague.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	hcleague.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
5068	hcleague-setup-0.1.5.exe
536	hcleague.exe
536	hcleague.exe
1820	hcleague.exe
1820	hcleague.exe
4920	hcleague.exe
4920	hcleague.exe
2500	hcleague.exe
2500	hcleague.exe
1696	hcleague.exe
1696	hcleague.exe
1280	hcleague.exe
1280	hcleague.exe
4256	hcleague.exe
4256	hcleague.exe
624	hcleague.exe
624	hcleague.exe
5000	hcleague.exe
5000	hcleague.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	5068	hcleague-setup-0.1.5.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2092	hcleague.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 5028	2092	hcleague.exe	91
PID 2092 wrote to memory of 536	2092	hcleague.exe	92
PID 2092 wrote to memory of 536	2092	hcleague.exe	92
PID 2092 wrote to memory of 1820	2092	hcleague.exe	93
PID 2092 wrote to memory of 1820	2092	hcleague.exe	93
PID 2092 wrote to memory of 4920	2092	hcleague.exe	95
PID 2092 wrote to memory of 4920	2092	hcleague.exe	95
PID 2092 wrote to memory of 2500	2092	hcleague.exe	103
PID 2092 wrote to memory of 2500	2092	hcleague.exe	103
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104
PID 2092 wrote to memory of 5016	2092	hcleague.exe	104

C:\Users\Admin\AppData\Local\Temp\hcleague-setup-0.1.5.exe
"C:\Users\Admin\AppData\Local\Temp\hcleague-setup-0.1.5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5068

C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
"C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=gpu-process --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1672 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5028
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=utility --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --ignore-certificate-errors --ignore-certificate-errors --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --enable-sandbox --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5016
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1248 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --enable-sandbox --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1964
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --enable-sandbox --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4924
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=renderer --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar\src\renderer\preload-client.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe
  "C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe" --type=gpu-process --field-trial-handle=1664,3819266713024016988,8391686526584159178,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=3252 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\hcleague\D3DCompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\chrome_100_percent.pak

Filesize
175KB

MD5
3ff806f44723cee528a1aaee4d3a289e

SHA1
56830e7ff31f803077aed774fafebd4e6c5e6c90

SHA256
65cb11d090b32e0fb3c740a736c13c0a47cb1bcb265c084e3de5bb7474fb662f

SHA512
03dafb839308d644a9943ba66838536fbd1f606cafe392f90925ce51766b5e3a9064d60ca8463bacf7238258beded570d5a0007f3ce11c14f87b10faa2da2977

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\chrome_200_percent.pak

Filesize
312KB

MD5
bd66e8de6979dfe12cbaa29390d11a64

SHA1
967916eb7587f0163fbce50c7b4822d06e939d5a

SHA256
cd584f20aeed80fe5852d5d5656a12d25d9116d6b805ddbec3874d310925df2a

SHA512
f77bd5004d8da54e8588ffcf6962b3244b8e4a9f6310d31f0c7c44d913504577c9e3fb858078705c384649fbcf26223d8f98dd02778e259a8924028f2be3bc1c

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\hcleague.exe

Filesize
99.5MB

MD5
288d0aee9c4eb0feec0fead4368e7a12

SHA1
3b017dd8af14febabad4f2949ec599053e8db4ad

SHA256
f92c9f11450b6fafdc3cce0a8e965b41273c4b4ee2a59a72b7fd287668d17f37

SHA512
a84b1bd9f79e9ebc789844b44a8b14a2aea8ee35193653e311de31e9afb152d427aca3dbf2786fcadb12159e46c8dc5d25304f10d236133e26c70f66f2db8110

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\locales\en-US.pak

Filesize
75KB

MD5
a2201115723fd61d1e68ab001e6cdca0

SHA1
a97073e22adf7b300e702e717743cd249e64b4fb

SHA256
3333cf1fb2b0c15ea819787ba672d2274f3136e6a8729f2e5d2796b740688183

SHA512
e68c451602a0c2cd47ee3652daf1d74d87e6e61ebda9166cbb182301f03118b72288968695f85a1bcdefb45e4753ba7187dd5159b6694952f33238af39d89479

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\resources.pak

Filesize
8.9MB

MD5
5118ebd39acde0236a71fad2880add8c

SHA1
1daa8e701f17a793c0e70f4b0aa36fbb376962ae

SHA256
e3386c5fd98dc711a70eae7a9f6bf3139de3e9a15e3a022d343a459b747c6471

SHA512
925ae1d8c643e4f3c20221ae850a171e6032d9e391cf07e5efab4a4a29e8f6640973a8f0dc97704df5263ed93dfd4c32650c656fbc9874c98ab87c6131fdcaa8

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app-update.yml

Filesize
96B

MD5
a5ab37c2c93140d27bf924bbca387a98

SHA1
1d15f14a63da26029580864e24f78513f0d06fa3

SHA256
8c7dd73a50e6de7cc4b7941b85e9d321a0635d20d13c62b0783df1ae1aebb053

SHA512
4132f8cb88f8b385cfc87d3917ab75520b8434afb4e61c6e139a259657dda4fa8a6d0b8b46505252fc4e53df0a30018623bc11ee47bca4431e49771f1659a9d5

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\resources\app.asar

Filesize
19.4MB

MD5
110ccdf45a73526c8556566192e9aa8d

SHA1
39563fbc81da6f498635645c00bba5aca082ea7c

SHA256
11e03c4538db2a74444e482cb94b4a660200c98f5ba672e7b448ce0ec20de5d4

SHA512
5573795ae57217c465ce463f7009c70078d63fb0abc3fdee910a5f0fe2836c30324a6dd04b7c216e3ace69399bc9f2d2d970f6876bfb50777dbe22b212dd9144

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\swiftshader\libEGL.dll

Filesize
392KB

MD5
f1cb951b601764ecb615752aa6a6eb5d

SHA1
985c16c5e71abe9d2eb0292ca1f911451c0e5ba8

SHA256
7d226ad9f213890b37714808ab8397bf71cced005ae746dba84cd009bf6bb600

SHA512
f439a218654f37b1dea0a44aa2c052b0f783b8de19302e86dc1799a99f25744060fe5b3e6b4d909ebe3d742ea50bada2d73e621d40a72e7a1c5805ae014002f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\swiftshader\libGLESv2.dll

Filesize
3.6MB

MD5
6fe59c8fb550e7b94fdc8c252e7f408f

SHA1
dd141acd0d9631f853bafa7e11e0c5f12cc30fb7

SHA256
bc8886eb76aff294a6b0855c2c75e6ff675e24de1fdaa6294f89f64e4dad195a

SHA512
ab09359e2a654bab80f004ad694f96c533f92c34838886c82be38b6e955834c0f087a15e79f568ea9def7487bd6aee9b4270e3e20444e89945e15001a73106e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\swiftshader\libegl.dll

Filesize
392KB

MD5
f1cb951b601764ecb615752aa6a6eb5d

SHA1
985c16c5e71abe9d2eb0292ca1f911451c0e5ba8

SHA256
7d226ad9f213890b37714808ab8397bf71cced005ae746dba84cd009bf6bb600

SHA512
f439a218654f37b1dea0a44aa2c052b0f783b8de19302e86dc1799a99f25744060fe5b3e6b4d909ebe3d742ea50bada2d73e621d40a72e7a1c5805ae014002f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\swiftshader\libglesv2.dll

Filesize
3.6MB

MD5
6fe59c8fb550e7b94fdc8c252e7f408f

SHA1
dd141acd0d9631f853bafa7e11e0c5f12cc30fb7

SHA256
bc8886eb76aff294a6b0855c2c75e6ff675e24de1fdaa6294f89f64e4dad195a

SHA512
ab09359e2a654bab80f004ad694f96c533f92c34838886c82be38b6e955834c0f087a15e79f568ea9def7487bd6aee9b4270e3e20444e89945e15001a73106e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\hcleague\v8_context_snapshot.bin

Filesize
607KB

MD5
adb5d101b2d980211c8a662debbca53c

SHA1
60b02ba2e857eabb71c5fb1b49b25b8ee0672a2f

SHA256
5dff1f430af6626356963cfe4bf149362fd3ecc9bbaf765fe3184b17f6ad007b

SHA512
96a7430fcb1c2f4a5d568614c69151ce6f6b1c23d75c7eedb5966b12369f6e8025ff728597077b627c3418195a9ab07464b1c735e29d3b6e438732bdd2b31b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8C09.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\645d4cda-167c-4759-842b-05a8ab3a17a2.tmp

Filesize
421B

MD5
90a19f5d1c85ea6a4e6f8a527164a991

SHA1
6439ba00f303c0d07e67eeb3fe072f4a5c0cdd32

SHA256
a729198e60267918a3820017e50e57da4563aacc637be513a184cab83788766d

SHA512
7aa5752f3014dae6d5275f558aa1c3ef3db58cce07887a5711f9a562e36329762f72d32a8e5706d02d381072adb77481fa2ca7d1ece9dbdc9f89e060e10eb9b5

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Cache\f_000001

Filesize
436KB

MD5
0af2c2ded404eafedc91003914dc1650

SHA1
1ffddb9c1958a872401e906928934a34529b7433

SHA256
1ed02f55bb7a2689704b7995f0f7953fbcf9bfc7ce7f7f178168fe58f3481575

SHA512
60294b1ec4bd71c328f0aebd2ddffc6d1acb24be783d939b35ec059053f407b8c2d1cb8b082d3479ac1a12b87aa62e0055695a43b205e0be2aa7da210ba41526

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Code Cache\js\index-dir\temp-index

Filesize
96B

MD5
63e0b1485a3786994395449501a75e76

SHA1
9546934f643af82e37ae60654e7b559f98777811

SHA256
9a5af8a83718580e9efdd1e0937a3dd24eb9d84eceabfd8677e09d145fb06eb0

SHA512
b0ea81f3145a0b6e9c08554c13424349ce347e33a235505c7ec5ff8a13b387e011bdc79d2cd49961bbf0ef2ccb816653553335f9ba421a28ba2c84ee1fd4bf30

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
8622d2d807d7397942ae4ead891dca20

SHA1
c29c3843f8816cf5e823504dbcd5360f4a5c026d

SHA256
8bb7a97536db3f1abc9beef5e96c5071758cb374da7a7e8b23826a8394cb6e11

SHA512
b4be432de69200b7ecc27d5b02c4cb94d063b1febf2b351f3bb6c1465e554ae19b224e15e04048f98d5340ff8a2b0d43160808bbb8704c39825d358a6893b05a

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Code Cache\js\index-dir\the-real-index~RFe5741db.TMP

Filesize
48B

MD5
1a2e7cf01a5763dce21b3dbdfc0b9b37

SHA1
f7d4a288ba987baeb4c8e731dd01c86be780c485

SHA256
c277e454b3895c9963e1fa21b79a20cfa8844392d28ff071ba760ec6611ff4d4

SHA512
52dea08010345907b09c9eb83f390ec435fdb8c675db14bb12957510949cde0de6be7ba9c3f82e0a4997ea0faa70d372c8f3e6d56e94fe195c53771df1317207

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Network Persistent State~RFe57ee57.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\hcleague\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/1964-524-0x00000162B34B0000-0x00000162B355D000-memory.dmp

Filesize
692KB

Download
memory/1964-523-0x00000162B3410000-0x00000162B34AE000-memory.dmp

Filesize
632KB

Download
memory/4924-553-0x00000226675E0000-0x000002266767E000-memory.dmp

Filesize
632KB

Download
memory/4924-554-0x0000022667680000-0x000002266772D000-memory.dmp

Filesize
692KB

Download
memory/5016-477-0x0000018D6BAA0000-0x0000018D6BB4D000-memory.dmp

Filesize
692KB

Download
memory/5016-464-0x00007FFBAE330000-0x00007FFBAE331000-memory.dmp

Filesize
4KB

Download
memory/5016-463-0x00007FFBAFB50000-0x00007FFBAFB51000-memory.dmp

Filesize
4KB

Download
memory/5016-476-0x0000018D6BA00000-0x0000018D6BA9E000-memory.dmp

Filesize
632KB

Download
memory/5028-356-0x00007FFBAEFD0000-0x00007FFBAEFD1000-memory.dmp

Filesize
4KB

Download
memory/5028-412-0x0000021F04660000-0x0000021F04AB1000-memory.dmp

Filesize
4.3MB

Download