egregor | ad1da074b5a660e91c49c77d851b68137dc277f07c6e2ccd404b4ff7e5d76115

Analysis

max time kernel
125s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bt2-20230616_301_301002_301002101.exe
Size

10.6MB
MD5

3429c3be6c8c39bce465a2a8735dcc9f
SHA1

e15458cafba1bc8180a9c587e2d84db7417caf7b
SHA256

ad1da074b5a660e91c49c77d851b68137dc277f07c6e2ccd404b4ff7e5d76115
SHA512

3a29c8a4aa38cb83fd2dbb8b2d3af7e0d88f7c2f346b98d42f2c79d0a0f56777e5f96969c11198145bdfa57fea1b70d017de5755ce87acd9f8ef7df337c8705a
SSDEEP

196608:cgUPoZ+n584+baA/9/oC3/FwSb78nfXtkv2OwoY8NNSZSEGaYHmj:HZHNbaA/9/VvFwSHkdkOSTNNBEGaj

Score

10^/10

egregor discovery ransomware

Malware Config

Signatures

Detected Egregor ransomware 2 IoCs

resource	yara_rule
behavioral2/files/0x000100000000007a-887.dat	family_egregor
behavioral2/files/0x000100000000007a-904.dat	family_egregor

Egregor Ransomware
Variant of the Sekhmet ransomware first seen in September 2020.
ransomware egregor

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	WDlauncher.exe
File opened (read-only)	\??\F:	WDlauncher.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-508929744-1894537824-211734425-1000\Control Panel\International\Geo\Nation	WDlauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-508929744-1894537824-211734425-1000\Control Panel\International\Geo\Nation	WDlauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-508929744-1894537824-211734425-1000\Control Panel\International\Geo\Nation	SSJJ2MicroClient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-508929744-1894537824-211734425-1000\Control Panel\International\Geo\Nation	SSJJ2MicroClient.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 8 IoCs

pid	Process
4224	WDlauncher.exe
4488	WDlauncher.exe
4864	SSJJ2MicroClient.exe
1964	Update.exe
2276	SSJJ2MicroClient.exe
4516	SSJJ2MicroClient.exe
2108	SSJJ2MicroClient.exe
2096	SSJJ2MicroClient.exe

Loads dropped DLL 22 IoCs

pid	Process
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
4864	SSJJ2MicroClient.exe
4864	SSJJ2MicroClient.exe
2276	SSJJ2MicroClient.exe
2276	SSJJ2MicroClient.exe
1964	Update.exe
2276	SSJJ2MicroClient.exe
2276	SSJJ2MicroClient.exe
2276	SSJJ2MicroClient.exe
4516	SSJJ2MicroClient.exe
4516	SSJJ2MicroClient.exe
2108	SSJJ2MicroClient.exe
2108	SSJJ2MicroClient.exe
2096	SSJJ2MicroClient.exe
2096	SSJJ2MicroClient.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WDlauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SSJJ2MicroClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WDlauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WDlauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WDlauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SSJJ2MicroClient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SSJJ2MicroClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SSJJ2MicroClient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bt2-20230616_301_301002_301002101.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bt2-20230616_301_301002_301002101.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-508929744-1894537824-211734425-1000\{15409B93-1552-4162-97DA-61D3F333F4A2}	SSJJ2MicroClient.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	SSJJ2MicroClient.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	SSJJ2MicroClient.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	SSJJ2MicroClient.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
3900	bt2-20230616_301_301002_301002101.exe
4224	WDlauncher.exe
4224	WDlauncher.exe
4488	WDlauncher.exe
4488	WDlauncher.exe
4864	SSJJ2MicroClient.exe
4864	SSJJ2MicroClient.exe
2276	SSJJ2MicroClient.exe
2276	SSJJ2MicroClient.exe
4516	SSJJ2MicroClient.exe
4516	SSJJ2MicroClient.exe
2108	SSJJ2MicroClient.exe
2108	SSJJ2MicroClient.exe
2096	SSJJ2MicroClient.exe
2096	SSJJ2MicroClient.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3900	bt2-20230616_301_301002_301002101.exe
Token: 33	4992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4992	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4864	SSJJ2MicroClient.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4864	SSJJ2MicroClient.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4488	WDlauncher.exe
4864	SSJJ2MicroClient.exe
1964	Update.exe
2276	SSJJ2MicroClient.exe
4516	SSJJ2MicroClient.exe
2108	SSJJ2MicroClient.exe
4864	SSJJ2MicroClient.exe
2096	SSJJ2MicroClient.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4224	3900	bt2-20230616_301_301002_301002101.exe	85
PID 3900 wrote to memory of 4224	3900	bt2-20230616_301_301002_301002101.exe	85
PID 3900 wrote to memory of 4224	3900	bt2-20230616_301_301002_301002101.exe	85
PID 4224 wrote to memory of 4488	4224	WDlauncher.exe	88
PID 4224 wrote to memory of 4488	4224	WDlauncher.exe	88
PID 4224 wrote to memory of 4488	4224	WDlauncher.exe	88
PID 4488 wrote to memory of 4864	4488	WDlauncher.exe	90
PID 4488 wrote to memory of 4864	4488	WDlauncher.exe	90
PID 4488 wrote to memory of 4864	4488	WDlauncher.exe	90
PID 4864 wrote to memory of 1964	4864	SSJJ2MicroClient.exe	91
PID 4864 wrote to memory of 1964	4864	SSJJ2MicroClient.exe	91
PID 4864 wrote to memory of 1964	4864	SSJJ2MicroClient.exe	91
PID 4864 wrote to memory of 2276	4864	SSJJ2MicroClient.exe	95
PID 4864 wrote to memory of 2276	4864	SSJJ2MicroClient.exe	95
PID 4864 wrote to memory of 2276	4864	SSJJ2MicroClient.exe	95
PID 4864 wrote to memory of 4516	4864	SSJJ2MicroClient.exe	93
PID 4864 wrote to memory of 4516	4864	SSJJ2MicroClient.exe	93
PID 4864 wrote to memory of 4516	4864	SSJJ2MicroClient.exe	93
PID 4864 wrote to memory of 2108	4864	SSJJ2MicroClient.exe	94
PID 4864 wrote to memory of 2108	4864	SSJJ2MicroClient.exe	94
PID 4864 wrote to memory of 2108	4864	SSJJ2MicroClient.exe	94
PID 4864 wrote to memory of 2096	4864	SSJJ2MicroClient.exe	96
PID 4864 wrote to memory of 2096	4864	SSJJ2MicroClient.exe	96
PID 4864 wrote to memory of 2096	4864	SSJJ2MicroClient.exe	96

C:\Users\Admin\AppData\Local\Temp\bt2-20230616_301_301002_301002101.exe
"C:\Users\Admin\AppData\Local\Temp\bt2-20230616_301_301002_301002101.exe"
1⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3900
- F:\Wizard Games\Battle Teams 2\WDlauncher.exe
  "F:\Wizard Games\Battle Teams 2\WDlauncher.exe"
  2⤵
  - Enumerates connected drives
  - Checks computer location settings
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4224
- - F:\Wizard Games\Battle Teams 2\WDlauncher.exe
    "F:\Wizard Games\Battle Teams 2\WDlauncher.exe"
    3⤵
    - Enumerates connected drives
    - Checks computer location settings
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4488
  - - F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe
      "F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe" --clound= --yilewan=
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4864
    - - F:\Wizard Games\Battle Teams 2\MicroClient\Update.exe
        
        "F:\Wizard Games\Battle Teams 2\MicroClient\Update.exe" 50544 0 "C:\Users\Admin\AppData\Local\Wooduan\log\eu"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1964
    - - F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe
        
        "F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2528,13496886343140236587,6751178876441146513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --log-severity=info --lang=eu --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --mojo-platform-channel-handle=2992 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:4516
    - - F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe
        
        "F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe" --type=renderer --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --remote-debugging-port=2012 --field-trial-handle=2528,13496886343140236587,6751178876441146513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --log-severity=info --disable-extensions --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3140 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2108
    - - F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe
        
        "F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe" --type=gpu-process --field-trial-handle=2528,13496886343140236587,6751178876441146513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --log-severity=info --lang=eu --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --mojo-platform-channel-handle=2540 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2276
    - - F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe
        
        "F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2528,13496886343140236587,6751178876441146513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=audio --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --log-severity=info --lang=eu --log-file="C:\Users\Admin\AppData\Local\Wooduan\log\eu\MicroClient.log" --mojo-platform-channel-handle=3452 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4992

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle Teams 2\Battle Teams 2.lnk

Filesize
894B

MD5
4af142d970d627f4474c7e5c000428cd

SHA1
5b457b58b5edc2e295eb0f33ecaa147458dc4780

SHA256
77aae5333a535ba1678abd5bf9d29bcdc04561eb714a6a1eb023c0e5ad34fa91

SHA512
f13fd95cc4bc6e704f15c873bac41617b8c917927137b06b072841dc0ac3c6e9450e37c1797e98ced1e2e5959cca926f3960c283dd3316842ef38ead25a7fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\UserInfo.dll

Filesize
4KB

MD5
a6f622a2f12ac10bca04e23deff5cada

SHA1
abf851b5ccfb64004e9b49718a467bd754545887

SHA256
b8fa7b9393fff910144768588c471ca7c9ec98a2b8b186b2172b8ba7a5279500

SHA512
35c8b0db179104e638f1b40f3f8038a41fdc327e112de5cb0dbb97cbf1dfa276fcf6400fcb46b88cb5ba233ca769becbdb4b4d40920adca831e3c0f38193c50f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\example.dll

Filesize
8.0MB

MD5
ae7b2e1060493290d5ad3f10c6fe8888

SHA1
74cd7fea5ada46514d506f5b351f2efac2fbad7f

SHA256
67adde9ce3ca7978cb7b17d8beda26974af9f3126446afe19719a94c2cd58cf3

SHA512
2debaf01d70614aa9b565511c6a28eb2cc91caace1b2ed89899fd1ec6271243635245adc98665bf8ed10cc71fdfe89fd3888d28671e4e0746921cbd1e21ae29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\nsProcessW.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\wdTrack.dll

Filesize
847KB

MD5
502c6765efb0ddaa1eac04b0d92603fa

SHA1
35a89f9e515df119895fc377f37e780cf8a3a21d

SHA256
eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

SHA512
c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\wdTrack.dll

Filesize
847KB

MD5
502c6765efb0ddaa1eac04b0d92603fa

SHA1
35a89f9e515df119895fc377f37e780cf8a3a21d

SHA256
eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

SHA512
c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\wdTrack.dll

Filesize
847KB

MD5
502c6765efb0ddaa1eac04b0d92603fa

SHA1
35a89f9e515df119895fc377f37e780cf8a3a21d

SHA256
eaa3998b986ab344d5da97676e3d74742f021b45d95eb1c0c1cdbb81d12cd4cb

SHA512
c49b9ad2edaba4878932de6092903a90d8a6dd98d67146ec689d6e0a89b31547215c01c3a7435b0286b624ed35a895d17f413c0bdc729126dc794e319f6e6a6a

Download Submit
C:\Users\Admin\AppData\Local\Wooduan\Microclient_eu_32\Cache\f_000001

Filesize
171KB

MD5
7ca7a54cc6c916054a183e2bb5ddc845

SHA1
923d222545bb46d5ea5c82b1b67a152e5885851c

SHA256
395d92fb9383be4df6e9e038ee46e9cc4e6745f6cfbde69a6c5b097ebbb9c2c3

SHA512
9232c8f0ebca69f220ff7dd8a8372ea64eabfe4e4bcdca8ff5a615002a2a971f5551ac02d7836c1ff3d20864283c04ff38d3c264e0110d59ad24bebfce2eaf12

Download Submit
C:\Users\Admin\AppData\Local\Wooduan\Microclient_eu_32\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b64fb54021ed99ffe56765d02d611bb4

SHA1
587a6b0c5b23084e307a7e3823e029728f8e73a4

SHA256
a7d504899fac53f87514f4d5477a3389983ce77946b544e96bb5a61149785861

SHA512
cd35e6e426fda3f3f14be9274bd0b7a03fbe71bfcdf799695d2c21c38a43a67d9b76f4f8e1fec2680e997a57b50de27ee4b11f6d1c3efcc1de8e91da731fd74f

Download Submit
C:\Users\Admin\AppData\Local\Wooduan\Microclient_eu_32\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
183a23e80f9fff542e1c7eebad483221

SHA1
421a75fdcacb9fee22da6dbebde353861291c60d

SHA256
dbb4b22ca6c4b5ba6ff1c66f9ec530bbf5ce6b900b6222ce24eee9f60e150340

SHA512
98f3ec159009ba5047c1753d7221d55d67af4fe2927b3e2e4c00a929f4e60234776eaaa8c523ea50143c7e41d0162410dfe061fe21cebd1269334c115d99eecb

Download Submit
C:\Users\Admin\AppData\Local\Wooduan\Microclient_eu_32\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Wooduan\log\eu\launcher-in-use-20230623-210337.log

Filesize
4KB

MD5
93403518267cd066ee8f72d81e2b82e8

SHA1
eb17be5888e1f89c1c8340096f692d92f1d3d5d5

SHA256
5b633623acf995ee76a859659aa1e41f804d8214adc6a23ff552e7c2585950ca

SHA512
d6e2c9f5c1caffa90ccefd4a3211abebd71edbd5685fadcc7b766bdf4f1e4d4fd8900f47daae796cbb8d0ffd7cc13b5ade2d67f1ab03b72d5272d973b6a4ec2f

Download Submit
C:\Users\Public\Desktop\Battle Teams 2.lnk

Filesize
858B

MD5
64370f9a9f9cc92d772d64228089b70f

SHA1
45e021aca8d7a388ad8e9f262c60ce4a6a89f3fe

SHA256
697a69c8f1acbe1501165e3446fea27e97ea575dc1fd9c4a218a2a50db5f8d4b

SHA512
40dbd35359a79645a587e4df9e06ef47bba8127d8a9d962ae38461cc051bc2c9963d5669aafa7342f7dbaea94056723e52fa5b12cf54efa34c9329f109d6bd6a

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe

Filesize
6.3MB

MD5
81d50c1d0f9115c946ebd1fe676457c3

SHA1
d7587e4574d4777ccdb40f408d670a4968edfad6

SHA256
6a42a29121d23fb6d94b0f2b4281cdbff94d262b6e4842361609dbfcd17633f0

SHA512
e8d736c06336d837388a72ba160d6e86c8d4bfc15ed19db1390262277a2f206557c59b23966161e1262eb1a406bd7762cc3ddc637d324c206fdc4cfc95ff69ec

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe

Filesize
6.3MB

MD5
81d50c1d0f9115c946ebd1fe676457c3

SHA1
d7587e4574d4777ccdb40f408d670a4968edfad6

SHA256
6a42a29121d23fb6d94b0f2b4281cdbff94d262b6e4842361609dbfcd17633f0

SHA512
e8d736c06336d837388a72ba160d6e86c8d4bfc15ed19db1390262277a2f206557c59b23966161e1262eb1a406bd7762cc3ddc637d324c206fdc4cfc95ff69ec

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe

Filesize
6.3MB

MD5
81d50c1d0f9115c946ebd1fe676457c3

SHA1
d7587e4574d4777ccdb40f408d670a4968edfad6

SHA256
6a42a29121d23fb6d94b0f2b4281cdbff94d262b6e4842361609dbfcd17633f0

SHA512
e8d736c06336d837388a72ba160d6e86c8d4bfc15ed19db1390262277a2f206557c59b23966161e1262eb1a406bd7762cc3ddc637d324c206fdc4cfc95ff69ec

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\SSJJ2MicroClient.exe

Filesize
6.3MB

MD5
81d50c1d0f9115c946ebd1fe676457c3

SHA1
d7587e4574d4777ccdb40f408d670a4968edfad6

SHA256
6a42a29121d23fb6d94b0f2b4281cdbff94d262b6e4842361609dbfcd17633f0

SHA512
e8d736c06336d837388a72ba160d6e86c8d4bfc15ed19db1390262277a2f206557c59b23966161e1262eb1a406bd7762cc3ddc637d324c206fdc4cfc95ff69ec

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\Update.exe

Filesize
1.4MB

MD5
2dd8a8bab152c13d80b2a10f52be80e5

SHA1
5f89903282c4196f33f2f6af6b265ee57acc4a78

SHA256
8627087eac7010ad9671a48f121287831afb790aae9c095f8bf00d571139a70e

SHA512
0906a5022898cc132978aedda415accb3cf61c045914b2d9b299c687fac0aaadcfb46aa00b9c6eeedb7ad57583fda504b0e68d28d8bd710c16988a7d68a11c95

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\Update.exe

Filesize
1.4MB

MD5
2dd8a8bab152c13d80b2a10f52be80e5

SHA1
5f89903282c4196f33f2f6af6b265ee57acc4a78

SHA256
8627087eac7010ad9671a48f121287831afb790aae9c095f8bf00d571139a70e

SHA512
0906a5022898cc132978aedda415accb3cf61c045914b2d9b299c687fac0aaadcfb46aa00b9c6eeedb7ad57583fda504b0e68d28d8bd710c16988a7d68a11c95

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\cef.pak

Filesize
1.9MB

MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\cef_100_percent.pak

Filesize
261KB

MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\cef_200_percent.pak

Filesize
412KB

MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\cef_extensions.pak

Filesize
1.2MB

MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\chrome_elf.dll

Filesize
816KB

MD5
f4ba0f3418c25c0524c4d1c8c4965cae

SHA1
e365eb894c0169b3c21ccec434aa48961c4c9e62

SHA256
ca1ef82140cae4627c1968f22a646346a80151fe62c6b2a999b2f5d6bb923ba0

SHA512
0a9d6a6f4e2368a252199ab71be4325096c830a4cd0af7816647e9fcff69991384bf6b065983c4830a67a3f65659928845c3066cac9bfe69101bcdde9ef22189

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\chrome_elf.dll

Filesize
816KB

MD5
f4ba0f3418c25c0524c4d1c8c4965cae

SHA1
e365eb894c0169b3c21ccec434aa48961c4c9e62

SHA256
ca1ef82140cae4627c1968f22a646346a80151fe62c6b2a999b2f5d6bb923ba0

SHA512
0a9d6a6f4e2368a252199ab71be4325096c830a4cd0af7816647e9fcff69991384bf6b065983c4830a67a3f65659928845c3066cac9bfe69101bcdde9ef22189

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\chrome_elf.dll

Filesize
816KB

MD5
f4ba0f3418c25c0524c4d1c8c4965cae

SHA1
e365eb894c0169b3c21ccec434aa48961c4c9e62

SHA256
ca1ef82140cae4627c1968f22a646346a80151fe62c6b2a999b2f5d6bb923ba0

SHA512
0a9d6a6f4e2368a252199ab71be4325096c830a4cd0af7816647e9fcff69991384bf6b065983c4830a67a3f65659928845c3066cac9bfe69101bcdde9ef22189

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\devtools_resources.pak

Filesize
1.6MB

MD5
6198a72ece5e8b9a8566ab22ede91061

SHA1
d911e03d0b01ad5a5ba55ec56f7b7b74aabf7b4c

SHA256
4868cdbe694270afc2e1ffe18592e75a733a14a48ab8d12d43e1e5f7eaee05c2

SHA512
53af0b552fe5971067f2bc7b8c8b8f19ba483e1c7956c3ad175a7505eb74f50fd11b6aeac81b2cd5a0c8e003c815869caec1b0c81b9e7552c9d910dd2d78bdba

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\icudtl.dat

Filesize
10.0MB

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\libcef.dll

Filesize
109.1MB

MD5
a4a17c923bef82728015ade25b4faca9

SHA1
1c82aa1acb7f7931fea43fa90654ec57689a6ced

SHA256
f64305ba2879c3c71919cb2ccf36c00d63d86714aaa8c9dc47ea7c597ca37e22

SHA512
e13ea35da9e43b8bf633442db9b406732283ef1d97d67bfbed9a2f5281f49d79ce616ab45e5b4e0884ceb1efa117cc33ee9cc9d82f391512dbca53c79c803d45

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\libcef.dll

Filesize
109.1MB

MD5
a4a17c923bef82728015ade25b4faca9

SHA1
1c82aa1acb7f7931fea43fa90654ec57689a6ced

SHA256
f64305ba2879c3c71919cb2ccf36c00d63d86714aaa8c9dc47ea7c597ca37e22

SHA512
e13ea35da9e43b8bf633442db9b406732283ef1d97d67bfbed9a2f5281f49d79ce616ab45e5b4e0884ceb1efa117cc33ee9cc9d82f391512dbca53c79c803d45

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\libcef.dll

Filesize
109.1MB

MD5
a4a17c923bef82728015ade25b4faca9

SHA1
1c82aa1acb7f7931fea43fa90654ec57689a6ced

SHA256
f64305ba2879c3c71919cb2ccf36c00d63d86714aaa8c9dc47ea7c597ca37e22

SHA512
e13ea35da9e43b8bf633442db9b406732283ef1d97d67bfbed9a2f5281f49d79ce616ab45e5b4e0884ceb1efa117cc33ee9cc9d82f391512dbca53c79c803d45

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\locales\en

Filesize
1010B

MD5
64d22e0bfb32f9dc11043e1e345ba923

SHA1
e23d173bd6187d1bb08173d7659debc6872bbb8b

SHA256
8a5f398784fe86f269d102d82da7248ebef32ea38ea7c3afeb192cbc18aa1f46

SHA512
90f7e54161fa71a1983bfa9c5d6a746a2babec77d716463a918b78109dfe7a0997f4d9a7acfc4342f31aebfdb1ae8556f58d4eb95a4ceac3168b853b896634c3

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\locales\en-US.pak

Filesize
225KB

MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\md5cache\1.0.0.007.md5.list

Filesize
15KB

MD5
c6a0e779d5d712b69f63f6ec827a6f66

SHA1
df4187c4fd135ccde7726e6e62a879c146c3d490

SHA256
f18107184662500853e49294813f74c698ad1513a870083016cfcf5198ea84f5

SHA512
5d19a9d17be685d03c04b54fc78e3b7746a308dde5d4ef0f8181cfc488024a982760b6968a38e32b2665e8dfa7e342749709edd40a1e16ef81aa1345aa3f283e

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\myeasylog.log

Filesize
1KB

MD5
66971e9adea081653d313ede947b432e

SHA1
62e831a6780534fcaf62277dfc09db3ebcc6c856

SHA256
313ce640328de3b54c68b0427bd101e6cd5e23e0fc0e15891cd6dc7c6da55d48

SHA512
579cae6bb27b684d37f5cb5076396bb380475f8c447248a04fc4afec5b64946e6948e79e8ddc58da40273984c54f548f90cf9c010f8217e78816af3006a98451

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\pages\zh-CN\images\bg.jpg

Filesize
469KB

MD5
92ce39ba3fdd2f48a3795a0fea2004fe

SHA1
24df3644a7f5cc27215841a1b120ec3a51b8124b

SHA256
189397b4bb33371e8690b64acad473aee9be586423e35827996daf59aca98bae

SHA512
2815c4043b368ed9f0cbe233d9d5b98dcc44050e71edea683155ad5a631572aa4d0116c5b498049c8a4b4376dd6ca39060d35cf2b76f7abdaffb8ebcf06a1dd3

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\patch_version.conf

Filesize
9B

MD5
fcfdf6fbe654b2726596b876434909ea

SHA1
4469bfae9c57bd3e55d50a0afb5f1451cfed587d

SHA256
842a15d0532692b6570c43811af6330729fd7e018f02fe811134be56a4aa2f02

SHA512
51f5f39b4c0eb5a63ff0863a543fccd23740f46721eecdf069fd0df2b627088b428031991d7765925de814d44a96338bb5b8fa5330f6bcf889a6567061f4c447

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\resource\wdlocal\images\logo.png

Filesize
8KB

MD5
2b20f6110940c3f6388672515a797e74

SHA1
0055f765edacafcfde72724a7f8e8ca2b5f70840

SHA256
727caee2c83e30125d48f56e1b43ca228f59137a3cd6e70c69869f1111de8260

SHA512
e6cb5e7c544de9ff06d76b533ec652d9ca2db45b0da66106569c6b89e34dcada9b13ef7b63f8b95dc45bc07f5f29acce4cf8200f32f53a1552a9ce76361a05eb

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\resource\wdlocal\images\msg_bg.jpg

Filesize
9KB

MD5
b88704f46acb1b738bd6cd028a8da838

SHA1
69405c870f055bf4a57f3840b542e8fe64caa397

SHA256
de2797b3a99393a42662e2b66d6d506015087e9aecc0fd7c0b3e3b2e5de66a94

SHA512
7a95f88fe473e22c05f7cae6cf26494de6e46ad638a4fd35b1e69853d5d75c6f7537ab99c1cf72ea08d60cfda8ab0eb42afbdefcf0d429aa1d0436cd2bfb0940

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\v8_context_snapshot.bin

Filesize
167KB

MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\wd_dl.dll

Filesize
2.2MB

MD5
5b12be1fd5a17ef3cb33d214f5f33d2b

SHA1
c5ba7751452df297ee61358fa3ecd93c754538cb

SHA256
4049b44a132e1ad324f7fc97e2b08e3a896aa504f2704ae5b2a0a798aa07fb8c

SHA512
98e811409e0f6ab6b07262f32f9d21d8d2aa5721e7ab8f87d51d49b24607d56eaf245f99cbe2d06f6d28fc35ddff4e3729206a784f3bc1e71384f82d4141d1cb

Download Submit
F:\Wizard Games\Battle Teams 2\MicroClient\wd_dl.dll

Filesize
2.2MB

MD5
5b12be1fd5a17ef3cb33d214f5f33d2b

SHA1
c5ba7751452df297ee61358fa3ecd93c754538cb

SHA256
4049b44a132e1ad324f7fc97e2b08e3a896aa504f2704ae5b2a0a798aa07fb8c

SHA512
98e811409e0f6ab6b07262f32f9d21d8d2aa5721e7ab8f87d51d49b24607d56eaf245f99cbe2d06f6d28fc35ddff4e3729206a784f3bc1e71384f82d4141d1cb

Download Submit
F:\Wizard Games\Battle Teams 2\WDlauncher.exe

Filesize
5.1MB

MD5
aca9423627d311cc18e81ff53dc07b5f

SHA1
4c72d6130985ed0cff06c2a4525817c4e6fefec6

SHA256
56990992c2a57d05ce4205c764e4d23f70888fd4d81136801df0d4ab32c92d9f

SHA512
078a8ad14b0fa57857f0dd91ce4584c68ce062dbfc00f03c6b110e7d31f6effcf0361085a2268bfbb28bf575e30ff372f7f1f8d27a8b7e5e54f3571f1aeefa63

Download Submit
F:\Wizard Games\Battle Teams 2\WDlauncher.exe

Filesize
5.1MB

MD5
aca9423627d311cc18e81ff53dc07b5f

SHA1
4c72d6130985ed0cff06c2a4525817c4e6fefec6

SHA256
56990992c2a57d05ce4205c764e4d23f70888fd4d81136801df0d4ab32c92d9f

SHA512
078a8ad14b0fa57857f0dd91ce4584c68ce062dbfc00f03c6b110e7d31f6effcf0361085a2268bfbb28bf575e30ff372f7f1f8d27a8b7e5e54f3571f1aeefa63

Download Submit
F:\Wizard Games\Battle Teams 2\WDlauncher.exe

Filesize
5.1MB

MD5
aca9423627d311cc18e81ff53dc07b5f

SHA1
4c72d6130985ed0cff06c2a4525817c4e6fefec6

SHA256
56990992c2a57d05ce4205c764e4d23f70888fd4d81136801df0d4ab32c92d9f

SHA512
078a8ad14b0fa57857f0dd91ce4584c68ce062dbfc00f03c6b110e7d31f6effcf0361085a2268bfbb28bf575e30ff372f7f1f8d27a8b7e5e54f3571f1aeefa63

Download Submit
F:\Wizard Games\Battle Teams 2\WDlauncher.exe

Filesize
5.1MB

MD5
aca9423627d311cc18e81ff53dc07b5f

SHA1
4c72d6130985ed0cff06c2a4525817c4e6fefec6

SHA256
56990992c2a57d05ce4205c764e4d23f70888fd4d81136801df0d4ab32c92d9f

SHA512
078a8ad14b0fa57857f0dd91ce4584c68ce062dbfc00f03c6b110e7d31f6effcf0361085a2268bfbb28bf575e30ff372f7f1f8d27a8b7e5e54f3571f1aeefa63

Download Submit
F:\Wizard Games\Battle Teams 2\WDlauncher.exe

Filesize
5.1MB

MD5
aca9423627d311cc18e81ff53dc07b5f

SHA1
4c72d6130985ed0cff06c2a4525817c4e6fefec6

SHA256
56990992c2a57d05ce4205c764e4d23f70888fd4d81136801df0d4ab32c92d9f

SHA512
078a8ad14b0fa57857f0dd91ce4584c68ce062dbfc00f03c6b110e7d31f6effcf0361085a2268bfbb28bf575e30ff372f7f1f8d27a8b7e5e54f3571f1aeefa63

Download Submit
F:\Wizard Games\Battle Teams 2\icon.ico

Filesize
278KB

MD5
9323359d0a2628aeab310352cd61f4c6

SHA1
211ead385bbd889c2bf066c200899d2a2588dd1e

SHA256
78c003573d8048413d8487e8d571742c2f551523905d0f1b69a1fc037253d781

SHA512
e7c9bfda3da9e11233d3add9f0abb00cd601362ed827e26a93cca8c0e16616941af8e3b20b4a207d23b131b80360a1d5b9d07f5a9eea1c6008ab4d41b88c27dd

Download Submit
F:\Wizard Games\Battle Teams 2\icon1.ico

Filesize
167KB

MD5
e223380541cd9b5aefd76ff51f0aa12a

SHA1
c5a0f99ff6b4039d1b90d34ded512ef2155b65f5

SHA256
a07c47080163bf440751201d86610815ee443819f13984ed51d4b260b8d5b2ac

SHA512
7fded1da41bfbde0db2d6831299050495e25caba4b226f78db81bfa288dc5e0ab11adca19e681b3a4f81b9f3084801e64314accdde3e66bbe5afb66c93c653fc

Download Submit
F:\Wizard Games\Battle Teams 2\installer.ini

Filesize
135B

MD5
b17aa3715ae1c91a98c1f94571a94593

SHA1
57137a0c32d07188d91ff343dbd7512519251420

SHA256
a26a3c371d0914a12d77ae8f3b32c473f6a935b2cad422abd0b797c38d2085a9

SHA512
ba7f51d0672ea55f1e2921e0b35edb55a938940555d8dd88b22333ff9238a98898601bf1372664a5c1e549014840330efb268e298465e155a821e7012eb74fa4

Download Submit
F:\Wizard Games\Battle Teams 2\locales\de

Filesize
2KB

MD5
704ee8cdfa5e710c80b2cc9bdf2de230

SHA1
1b95d0960a1281fef63b1ceca14322066a257bae

SHA256
f84481fe37779180a8d5420619550d4b2461e1b3da8ca5bfd6165740f6a7f63e

SHA512
306ce19bb51a60a3dd27653e6f1dddf0f3bd46c51181224a4c5bf95768d970cdb8f709a47e305e87a2ef886d5e7596659edb46982199d131b5fb565c1635b5bb

Download Submit
F:\Wizard Games\Battle Teams 2\locales\en

Filesize
2KB

MD5
2f16dbbd8321355c6938e27b630c7f3d

SHA1
fc95bfe5e8ba0009639260fa10535c4e6ca76e75

SHA256
711e0272ad0e7f2a9e50a4669db9c944c96ad008d181e793036a21aa835cc7f8

SHA512
8244cff8a3b8ef013ba588585e4fac296076874a22c7f5f8308054fcd4478907a935ba08aebcfe30a40659756e992c918de84c47bb40c8dd9fb93315a8e19482

Download Submit
F:\Wizard Games\Battle Teams 2\locales\en

Filesize
2KB

MD5
2f16dbbd8321355c6938e27b630c7f3d

SHA1
fc95bfe5e8ba0009639260fa10535c4e6ca76e75

SHA256
711e0272ad0e7f2a9e50a4669db9c944c96ad008d181e793036a21aa835cc7f8

SHA512
8244cff8a3b8ef013ba588585e4fac296076874a22c7f5f8308054fcd4478907a935ba08aebcfe30a40659756e992c918de84c47bb40c8dd9fb93315a8e19482

Download Submit
F:\Wizard Games\Battle Teams 2\locales\es

Filesize
2KB

MD5
ec0882f97ec644af3e26fe932f1c52ac

SHA1
5da2057375cd0dfad0a6316788850f7b03bccace

SHA256
3d0a2ab90f393e57109c5f34325753c54b046aa3d26c0db382ae9843d7ba9888

SHA512
c76286ad6a8d91ceee7adb0398e1be78801e049168a5e5e8e443a70afe7a20b9f8bf7d5302bb194754321b29b94a900d606a12da0607628417c8a5f48d3dcba4

Download Submit
F:\Wizard Games\Battle Teams 2\locales\fr

Filesize
2KB

MD5
c2b6b8d9ee9ed12eee94c3ce8b1120c9

SHA1
c949682e85553fe65837c22e0d8bea016e6de047

SHA256
b978c9d800a5b13184737e17802d10a3f46de013730b811650c10209a851d416

SHA512
c5bf4ad7320f44f5747c2cb2533ca3426d6bf08d01ee2ee62b38347f9fd3ccd77a2405ab78d91a3f71f215143e73f085b467ab9347eccf5c90788cc319b8d1e3

Download Submit
F:\Wizard Games\Battle Teams 2\locales\na

Filesize
2KB

MD5
2f16dbbd8321355c6938e27b630c7f3d

SHA1
fc95bfe5e8ba0009639260fa10535c4e6ca76e75

SHA256
711e0272ad0e7f2a9e50a4669db9c944c96ad008d181e793036a21aa835cc7f8

SHA512
8244cff8a3b8ef013ba588585e4fac296076874a22c7f5f8308054fcd4478907a935ba08aebcfe30a40659756e992c918de84c47bb40c8dd9fb93315a8e19482

Download Submit
F:\Wizard Games\Battle Teams 2\locales\na

Filesize
2KB

MD5
2f16dbbd8321355c6938e27b630c7f3d

SHA1
fc95bfe5e8ba0009639260fa10535c4e6ca76e75

SHA256
711e0272ad0e7f2a9e50a4669db9c944c96ad008d181e793036a21aa835cc7f8

SHA512
8244cff8a3b8ef013ba588585e4fac296076874a22c7f5f8308054fcd4478907a935ba08aebcfe30a40659756e992c918de84c47bb40c8dd9fb93315a8e19482

Download Submit
F:\Wizard Games\Battle Teams 2\locales\pl

Filesize
2KB

MD5
0c455db1595e28eb3b43f3ef42cc5664

SHA1
395a85e39cb19b207a701289acd8e58b12398804

SHA256
a1845f9f2ce055bcc8ec32fabb6a824e0812f949278b3a68ff6c6ae49af4c73e

SHA512
52731e27624b68add823154d772858744e0ae9a0f4cf717f5ef60a617a7b2640cde335c292c95cb4d749df375783a7c517da4c96de05490bec929a3abda32ccd

Download Submit
F:\Wizard Games\Battle Teams 2\locales\pt

Filesize
2KB

MD5
fb5fcfb1071d3fdcbb93268dfc3c3bdc

SHA1
9d0ba86517578e9b6ea4b6fce0cae27d65adf54e

SHA256
01d667e21518b95fa53687024701ca4e0321308f6ebfa63aa80864bc0539c940

SHA512
8e25aa027960a0256953d47675e38babc7d95b68063cd4f6bd7b86a9a11b5de409c0ca70e68b0db21d3971a2a60ae7da4e152b767ed9edaef34ef92cd372ed38

Download Submit
F:\Wizard Games\Battle Teams 2\locales\tr

Filesize
1KB

MD5
f48104fb2a87de7f70c33fb993532b7f

SHA1
e8d0b41abaa9a8d867592e95405701e4d89d7e1c

SHA256
8d2ea8aaa9f7b2d5dbe4b7825d65f1cd3707cc5597bbc0aeb8782c92fa50bdeb

SHA512
37c8186c1de0ab2db7cf4fc3622a0f56615f52a89dfb19be3bb2b53f53a7a7d03342fa3bb19c35f543046a27a08eb5b6315199c07b008db23544a458ac04618e

Download Submit
F:\Wizard Games\Battle Teams 2\locales\vi

Filesize
2KB

MD5
fd4997fc6a55413d9fc59d7f996080f5

SHA1
1b44e8dd081284ec4b02d2de31aa66d43104ddcd

SHA256
6ea5c0e0b5ff52b39b1b6f6a8a244a425c0a6fc0d75433488bd263d6b54438d9

SHA512
8032faa46e6c5f080c6882aa255f67afcc459db4ab9187567cefd5637d795379182eca892e865fa968a1032ec94c1f8d4691be2cb1f1301410ce5dd6d546ab76

Download Submit
F:\Wizard Games\Battle Teams 2\locales\zh

Filesize
1KB

MD5
f3ddb86db0c12e727c6bf10659efb12d

SHA1
c4e2f450a825a314846bd533614ffd56e0d07d90

SHA256
f4f4f682746ee6396536349bda98712bca7aecf50990fb978b7d8cf7e34b38d8

SHA512
0208382fc090871d5daf69d8459f062fb03dee1f465b768e378c0b6f742f1de465b7e981c493bf0fb6206bb195d6b7f66cb7dffd460d524dc89771c6d5a7a6f8

Download Submit
F:\Wizard Games\Battle Teams 2\locales\zh-CN

Filesize
1KB

MD5
1d0a8bb934c4c853a0131c41a6391ba8

SHA1
bb6036821485eac6612b37c96537481cef501b45

SHA256
d3ca30652f96a148a0324260a31ac65cc58e46ac1f3533b2d618ab0627e961e7

SHA512
972274236d19f52df8d89099de2be27c910505f683a052f549494b21d0dd5b02014421d46270a420a176d6b5d095da2d4a8564f14fd45c912529970700682d19

Download Submit
F:\Wizard Games\Battle Teams 2\md5cache\1.0.0.007.md5.list

Filesize
735B

MD5
1910bda768ddaf6e7038ae68bc07d8b0

SHA1
b42da7ec5eae6e44d0c9ae75640ca0f21537d48c

SHA256
58ac68ff807736f787c4d59b516925185d6201764c0983559f5466aa7b2328d4

SHA512
2c0955b4ed29c89e82e0ed4792f2b2129a6261952b6fd6d909d28bc31b39a8bd10920b0fb8963d4f5663b45f03a87de78b6a2c36af36ef63b4adc1e3029edd14

Download Submit
F:\Wizard Games\Battle Teams 2\my.crt

Filesize
4KB

MD5
cbcd010a091653212a55e9b6ab7af20a

SHA1
4703b6111a821ec1c052db8d119cca354b791e50

SHA256
8c85f87eff5a1c0ccbe68c290a09f4b975bd1399b63fe980ad4732b098f26020

SHA512
98888d90dffc8956180b1989927cff4a8f43556deb66556cadb127ae41bee25fcb838682bcd31c1410f991567c20d3563a76c38e36bb155eae6c6d7572676a4c

Download Submit
F:\Wizard Games\Battle Teams 2\my.crt

Filesize
4KB

MD5
cbcd010a091653212a55e9b6ab7af20a

SHA1
4703b6111a821ec1c052db8d119cca354b791e50

SHA256
8c85f87eff5a1c0ccbe68c290a09f4b975bd1399b63fe980ad4732b098f26020

SHA512
98888d90dffc8956180b1989927cff4a8f43556deb66556cadb127ae41bee25fcb838682bcd31c1410f991567c20d3563a76c38e36bb155eae6c6d7572676a4c

Download Submit
F:\Wizard Games\Battle Teams 2\myeasylog.log

Filesize
334B

MD5
5c9bbea23f9eb91af782df392678e591

SHA1
ba1f0a643f2f3f00f624f6d5f8aa35b83f1e40ed

SHA256
c756ec5a657ba749b79e9dc1d738caf0fd930526373f96c2443d2a7599e1ed52

SHA512
b954eca704469175c5d210c1f3f6eb8333988f7ab6d85f5121e267c08b7abb86c3ed7233e9e424afa88991df388a6469028ec8fb1b45fd70072cab43881d1142

Download Submit
F:\Wizard Games\Battle Teams 2\patch_version.conf

Filesize
9B

MD5
fcfdf6fbe654b2726596b876434909ea

SHA1
4469bfae9c57bd3e55d50a0afb5f1451cfed587d

SHA256
842a15d0532692b6570c43811af6330729fd7e018f02fe811134be56a4aa2f02

SHA512
51f5f39b4c0eb5a63ff0863a543fccd23740f46721eecdf069fd0df2b627088b428031991d7765925de814d44a96338bb5b8fa5330f6bcf889a6567061f4c447

Download Submit
F:\Wizard Games\Battle Teams 2\patch_version.conf

Filesize
9B

MD5
fcfdf6fbe654b2726596b876434909ea

SHA1
4469bfae9c57bd3e55d50a0afb5f1451cfed587d

SHA256
842a15d0532692b6570c43811af6330729fd7e018f02fe811134be56a4aa2f02

SHA512
51f5f39b4c0eb5a63ff0863a543fccd23740f46721eecdf069fd0df2b627088b428031991d7765925de814d44a96338bb5b8fa5330f6bcf889a6567061f4c447

Download Submit
F:\Wizard Games\Battle Teams 2\platform.xml

Filesize
4KB

MD5
f9494fba718c039bdfe244124dfc489c

SHA1
b1e5cfdf98136019b7d6ad20c459091fc209ba23

SHA256
814c190e85aa7c93886a3a6fcc810ab57d3e8728672471102d84f30185cd3996

SHA512
9dc86dbb5e17262aae3f1647c07888b7f649a708d39cde145e1ab78e2bf13afc47ee8cd2ce9c34923c1c2f6f76acb820d102255ffc4c7656c0e2af36c4fb0c58

Download Submit
F:\Wizard Games\Battle Teams 2\platform_exm.ini

Filesize
56B

MD5
8d63a45b71f3a0504811be8182fcd95a

SHA1
7f7e8e67a8d2a09eda464e8e54663cee30c197d6

SHA256
0e731d41e4dd7e81d3de474e97c93f1f7592b2d2c2aab8b2dd5fc4e28452e925

SHA512
3f74affbcd606c4f65242eb7778bf6187ed0b669348ed53372a05d328b523928d7fcb410c2d158ca1517e107ac76b1f5893c89da91d845d9b4a91a521d7d728a

Download Submit
F:\Wizard Games\Battle Teams 2\res.zip

Filesize
2.6MB

MD5
3da061b07f45d68fa8821a44f42014f3

SHA1
9a81fc2ddcc6734a6c9af7462da79ad4a2aaca99

SHA256
bdd4fb098fe6dc3b4e4e7338dbf17a57ffe1d5bca7451c4c61c0998006bab6d5

SHA512
84311fcc6e046cb789768b292d29cbe391478f417d7a4fff88b1291b1e70593888954c89310fff1f462a2da8087d5a68307e8e3f12aa8a8e5695fb95f21cd5cd

Download Submit
F:\Wizard Games\Battle Teams 2\res.zip

Filesize
2.8MB

MD5
893dd975cbd825b68ec592e01cc369b9

SHA1
0dc814f6d5a5d587324b31b9d5c9bae69bbb7d5b

SHA256
8b1d4a2c9d812d4fcb40d01eb7c7890e591c77c65bd6d79a1e9fb0e020672183

SHA512
941da2de8e706fe603b9ca6fd079950f8e805ac8058b8468d39af24f82e0e61b1f3ac225c659c30fe1b705b43c6d1833b6e90711483311977c96224e50345ba5

Download Submit
F:\Wizard Games\Battle Teams 2\uninstaller.exe

Filesize
5.4MB

MD5
3ba7875640d6bcae7ebcbbf8edfa98b2

SHA1
92dd7cae8d4f3f5b5f25c66fef7a540dacc5249a

SHA256
5aa0faeaecadceba965f697b89af79015fe8a68d015646915d41cff99b45e52c

SHA512
071bdc0fb8c5c1a089056fbec59881b9c353c0be6b6bcbfb78d0829cadf045b32459a67dee96e6b7c8fe824e753e29bc61a4d4c01cc4b9eab161c86f85d10f7c

Download Submit
F:\Wizard Games\Battle Teams 2\uninstaller.exe

Filesize
5.4MB

MD5
3ba7875640d6bcae7ebcbbf8edfa98b2

SHA1
92dd7cae8d4f3f5b5f25c66fef7a540dacc5249a

SHA256
5aa0faeaecadceba965f697b89af79015fe8a68d015646915d41cff99b45e52c

SHA512
071bdc0fb8c5c1a089056fbec59881b9c353c0be6b6bcbfb78d0829cadf045b32459a67dee96e6b7c8fe824e753e29bc61a4d4c01cc4b9eab161c86f85d10f7c

Download Submit
memory/4224-302-0x00000000007A0000-0x0000000000CC9000-memory.dmp

Filesize
5.2MB

Download
memory/4224-239-0x00000000007A0000-0x0000000000CC9000-memory.dmp

Filesize
5.2MB

Download