hxxps://battlylauncher[.]com

Analysis

max time kernel
150s
max time network
147s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2023, 19:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://battlylauncher.com

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
924	Battly-Launcher-win-x64.exe

Loads dropped DLL 6 IoCs

pid	Process
924	Battly-Launcher-win-x64.exe
924	Battly-Launcher-win-x64.exe
924	Battly-Launcher-win-x64.exe
924	Battly-Launcher-win-x64.exe
924	Battly-Launcher-win-x64.exe
924	Battly-Launcher-win-x64.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2172	tasklist.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\battlylauncher.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A053 = 140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f90f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a40520000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A053 = 190000000100000010000000f044424c506513d62804c04f719403f9040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4055c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce20000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3b3b2a52bfb5d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\battlylauncher.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8a683640bfb5d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 50451a210bc6d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C5	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{0E81905B-DC62-4DAE-A421-A1E0455625FD} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cfcbfa3fbfb5d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 00219d91f1b5d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1facd147bfb5d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "396089626"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\Certif	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\A053 = 040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4050f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "396041040"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a68d432cbfb5d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\battlylauncher.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe.43rjdsx.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
924	Battly-Launcher-win-x64.exe
924	Battly-Launcher-win-x64.exe
2172	tasklist.exe
2172	tasklist.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	96	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	96	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	96	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	96	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4260	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4260	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	924	Battly-Launcher-win-x64.exe
Token: SeDebugPrivilege	924	Battly-Launcher-win-x64.exe
Token: SeDebugPrivilege	2172	tasklist.exe
Token: SeSecurityPrivilege	924	Battly-Launcher-win-x64.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4888	MicrosoftEdge.exe
5116	MicrosoftEdgeCP.exe
96	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 34 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 5116 wrote to memory of 508	5116	MicrosoftEdgeCP.exe	74
PID 4760 wrote to memory of 924	4760	browser_broker.exe	79
PID 4760 wrote to memory of 924	4760	browser_broker.exe	79
PID 4760 wrote to memory of 924	4760	browser_broker.exe	79
PID 924 wrote to memory of 1124	924	Battly-Launcher-win-x64.exe	81
PID 924 wrote to memory of 1124	924	Battly-Launcher-win-x64.exe	81
PID 924 wrote to memory of 1124	924	Battly-Launcher-win-x64.exe	81
PID 1124 wrote to memory of 2172	1124	cmd.exe	83
PID 1124 wrote to memory of 2172	1124	cmd.exe	83
PID 1124 wrote to memory of 2172	1124	cmd.exe	83
PID 1124 wrote to memory of 4488	1124	cmd.exe	84
PID 1124 wrote to memory of 4488	1124	cmd.exe	84
PID 1124 wrote to memory of 4488	1124	cmd.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://battlylauncher.com"
1⤵
PID:600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4888

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe
  "C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:924
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Battly Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Battly Launcher.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1124
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Battly Launcher.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2172
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "Battly Launcher.exe"
      4⤵
      PID:4488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:96

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:508

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4260

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5D4M01Z4\Montserrat-Light[1].woff

Filesize
23KB

MD5
f7b7e089826a71c966368fedc1cdba16

SHA1
b024e39fc0d3a9dbfc2e51c32737fcf278fe0732

SHA256
f41f98faf17cf0dfefa677455583d0f2eb442de9418341e76b81c1b86277fbeb

SHA512
88fc5efad102d5e7158f0cf89451ca1d3431c956c035a6fee32020781b6fdf2c7eaf824e1524d03cf25e6607add84c8a7bbd72d15167c59c7615a0d5bd3d8cf8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5D4M01Z4\functions[1].js

Filesize
9KB

MD5
310bb9a851a2fb0e84d165aae13f78b4

SHA1
766adcc0cf16f02761a410d99963a7a9ad315fe9

SHA256
73a65f7f0b1c4e2f9b426b4e5ea0e660ab497e7cffabc26acfb74bb082d5941d

SHA512
784fbff3a38987cc63da8778a3985fcb7f37fcfcb17e5678e0b5d481c1d0ab60a5789e9d617171199ab5d85714884cb20c22cd749815d35656b0fc38f2482309

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KJ4YTPST\functions-min[1].js

Filesize
25KB

MD5
972ffa1548ddb564e54184db659ea4a1

SHA1
136c05333337b718def94c6d437b5b10935ef07c

SHA256
295185f9dfd1b53586f9592fe9c8cd606f1fdeed4e96a948049e725d3bc9e5e8

SHA512
3f58c0f5c7bd91f9c1b742de47c00230136eabaf3b1b8c94b0e23b5206e1f0ba197cf3b2517cc24162aa279591ced216c06ca9c0028a40280796cd08a8de18f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KJ4YTPST\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KKAB4RBG\Montserrat-Black[1].woff

Filesize
22KB

MD5
27eccda3ff559946c7da160090cca74c

SHA1
6e469f21f5e6d766e1004585cb20e1d89aefaf22

SHA256
c07bf8de64125d4bbdd261d932049e7c978d5df858a18ee791753d61375d0586

SHA512
bd934561d494de9d467f10d07f76bb433503fe557dd727375b41bb3561f0cd8c1dc780edc91dc759eb4b6b03bbf923df772db15efec6110ffdda77edb18bea99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KKAB4RBG\Montserrat-Bold[1].woff

Filesize
23KB

MD5
4e256ac12e4b216d06e89d214e839175

SHA1
e933ecfe812ebab0afc187a3d97b3a2fe63fa21f

SHA256
39c1ec7f4970b471391cb85629a708b2f89eb0e412d5faef1dc39d855f42d210

SHA512
bd1ee359e62d452286d50d1cb179f29ac2c927d6834e6b7a5152891caa3f138189f04e057f3f4506b5aabc9bc44a79dfe15bf06afa959ae0a75ae21bb70e2bb8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KKAB4RBG\Montserrat-Regular[1].woff

Filesize
23KB

MD5
1c92a5e1aebd06c5ccdbb8a877717c18

SHA1
72c0594a166f2810da6007b2068b81bc8a536640

SHA256
dd65545505bce94615dd3dabd95e8cde5f3095703c740c7afd8ccfb4be42c486

SHA512
2bd42c4d2d265873ef916d9fabe509a296bea979cd6cf8b8fc7ac67eb0f888f12abe13ff6206a1ac21b42a475df29f4f645dcace25314b4c04bb21fd76202f2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KKAB4RBG\main[1].css

Filesize
34KB

MD5
e646357ebfd39af78fafa2ead062347f

SHA1
a6da8e3ad882b130a9252c04a25f26fed12b03e6

SHA256
7af54b8dcc829edabefbf3ec010ff2329206797d6243dc68cb33ea5b37946821

SHA512
171b9ed47d6b06ddcdd76b5931347449eb00bf7ed08183e85475f59715e9bb7240c1007da75649b455e772795ef5d16ca4179986815963852eb93a21b34fbdd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C8408FE5CA4467EE4DA84A76EF238FE3

Filesize
1KB

MD5
e829e65d7c4307d6fbc13c179e037a36

SHA1
a053375bfe84e8b748782c7cee15827a6af5a405

SHA256
67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd

SHA512
96c5793b2b57d8df5891c94015720960e0da4c2cf8ce1fc5707a0b46e5db8ce3761fb5fdb430f619d1579f13e80fbdd973ef6a024129ed039aa193273158fcad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C8408FE5CA4467EE4DA84A76EF238FE3

Filesize
192B

MD5
df7ea5fcbe3968a5e5d99af21d09dcd9

SHA1
28ae774a84348e7f19e99da98ff0b0efe67bb441

SHA256
efd430b219b9dbe5627cfa87e9c895f62639941e5f5b89e8a5ad574a68178101

SHA512
69d15c3d2883250dc23589d0c5dcc4914be2f824560c02606bb3273aff21f1d64d556b7b16b027896a33ff6c11a1fda7792ae12dacb3ddaaca242c6cd7f4f8ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OK9PZHGF\logo_500[1].png

Filesize
13KB

MD5
3d2d1b11aef4b109472eb583f8d391fe

SHA1
27a0f5bc7c9352afd2857768a2e95c110582f66b

SHA256
f6aef204029494fc8533eff1c6af2e1edc6837537071f380bb8fc0bdb1f4027d

SHA512
07755f1c78ffac526fbccc91a22fae99dc303b36c1fcbe63cd50ebc15f39580d3e10fce1084e92e306bc85e9b6d7112bedb0a1b07193eadcb6c4f9fe18db6b35

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UWGATTX9\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ABRW3DTI\Battly-Launcher-win-x64[1].exe

Filesize
799KB

MD5
fe26138a04d62b406cbb0e955b988081

SHA1
1fb2048f559d6f5b5c0fd73a1ceb75277249b973

SHA256
48906eca492082f573f7319fcb8368a65cb57a0b09215aee42254be706beeec0

SHA512
81e2310b3b73f87da05542027627b5f87ca5fa87c5e234183089ce8d6e4bd9b93e5fe2acf98a700ce4f837044dc890773cb868c2ebb7b61bc4208db49ae4fe68

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KJ4YTPST\Battly-Launcher-win-ia32[1].exe

Filesize
80KB

MD5
4cc811c973337fa5223ca3f0ce64edc7

SHA1
7e62a3f28c4d6e89148b27c5f235bfe5c6769312

SHA256
e6eba2d59ca754c9aaa7b53d75df6b8b05cfce088b48139e54a49fcd5372cce8

SHA512
494155646d4d9b7fea4c9924dcb14e319863cf8635e0f112c2b1d6b38c416ded58f942a6c4c0bdc5a9a422f64ea2a52de884b99504a88466252eba93e9b64663

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
ea3297e089fbc8b9912ff6c45a083257

SHA1
62c363fc3fdd34f7a930e17decf5e24f4d796c65

SHA256
f8668fabd3711e563365ca21d41fddc984022c1c79861a948607385f1469283c

SHA512
2ee100769a20ed9c73e3790fabd69bdf16514f4737f13114bd3162ca17d87843dff3f0a9b969c04735aa183aabd6f9eb9a2836fcb25128d6f2fc7c1b106a2274

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
fe0571ca7fc65fcf1f2cd6521c46d27a

SHA1
952471b5eb0af73417bda9e7288399e54e8b0047

SHA256
ee38c98777692f033cbc023d29b291dfba4de687a105623141a4069248baf352

SHA512
329c0d2324aaf2c11a8660625b6231c5b1b713f007dba01dd1ce37832d5033313fd32da8f57b4669c90ee52ebf6dbfb46983fc9525bd88a5903fd20b2ee83aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst6568.tmp\7z-out\resources\app\node_modules\@fortawesome\fontawesome-free\js\regular.js

Filesize
120KB

MD5
1f1eb37b5caff742b8e0ee857a34cd77

SHA1
127e4bd8983e888665d81d30fd2d135d6b33cd50

SHA256
f471f033bf47cf7061c7750de75fe3fcbac051ebf95c713c11eb6842d0513004

SHA512
7c1a6fe7e5d097756b23b763116fb085629333e854346a2a040d7a9b17c4bdd55bcd67b73fc06c6fe4cb60a48dea1254ce46f1153c4bc01f88156630f841adab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst6568.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe

Filesize
81.0MB

MD5
7331a9d7f476a8bc4eeecc977355854f

SHA1
42d79c54d5c93537e713d79910ee1597b29c20f2

SHA256
34c774897818d17e303b4c1792dcec46315e59a69e17a62fab73fd7da1c75682

SHA512
d2bac69cfbd5b256bee8cfff79927c092079a215c1f83f2587bd17dd60b0756735affeb72f1a123de2dca22c53990e3a21ccb135d15df0da7ca5bbc2f15ec620

Download Submit
C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe

Filesize
81.0MB

MD5
7331a9d7f476a8bc4eeecc977355854f

SHA1
42d79c54d5c93537e713d79910ee1597b29c20f2

SHA256
34c774897818d17e303b4c1792dcec46315e59a69e17a62fab73fd7da1c75682

SHA512
d2bac69cfbd5b256bee8cfff79927c092079a215c1f83f2587bd17dd60b0756735affeb72f1a123de2dca22c53990e3a21ccb135d15df0da7ca5bbc2f15ec620

Download Submit
C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe.43rjdsx.partial

Filesize
81.0MB

MD5
7331a9d7f476a8bc4eeecc977355854f

SHA1
42d79c54d5c93537e713d79910ee1597b29c20f2

SHA256
34c774897818d17e303b4c1792dcec46315e59a69e17a62fab73fd7da1c75682

SHA512
d2bac69cfbd5b256bee8cfff79927c092079a215c1f83f2587bd17dd60b0756735affeb72f1a123de2dca22c53990e3a21ccb135d15df0da7ca5bbc2f15ec620

Download Submit
C:\Users\Admin\Downloads\Battly-Launcher-win-x64.exe.43rjdsx.partial

Filesize
81.0MB

MD5
7331a9d7f476a8bc4eeecc977355854f

SHA1
42d79c54d5c93537e713d79910ee1597b29c20f2

SHA256
34c774897818d17e303b4c1792dcec46315e59a69e17a62fab73fd7da1c75682

SHA512
d2bac69cfbd5b256bee8cfff79927c092079a215c1f83f2587bd17dd60b0756735affeb72f1a123de2dca22c53990e3a21ccb135d15df0da7ca5bbc2f15ec620

Download Submit
\Users\Admin\AppData\Local\Temp\nst6568.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nst6568.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nst6568.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nst6568.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nst6568.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nst6568.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/508-366-0x000001EDAA900000-0x000001EDAAA00000-memory.dmp

Filesize
1024KB

Download
memory/508-191-0x000001ED981D0000-0x000001ED981D2000-memory.dmp

Filesize
8KB

Download
memory/508-407-0x000001EDA8560000-0x000001EDA8562000-memory.dmp

Filesize
8KB

Download
memory/508-409-0x000001EDA8580000-0x000001EDA8582000-memory.dmp

Filesize
8KB

Download
memory/508-411-0x000001EDA8590000-0x000001EDA8592000-memory.dmp

Filesize
8KB

Download
memory/508-244-0x000001EDA9E60000-0x000001EDA9E62000-memory.dmp

Filesize
8KB

Download
memory/508-448-0x000001EDA85A0000-0x000001EDA85A2000-memory.dmp

Filesize
8KB

Download
memory/508-496-0x000001ED97B20000-0x000001ED97B22000-memory.dmp

Filesize
8KB

Download
memory/508-498-0x000001ED97B30000-0x000001ED97B32000-memory.dmp

Filesize
8KB

Download
memory/508-379-0x000001EDA9070000-0x000001EDA9072000-memory.dmp

Filesize
8KB

Download
memory/508-286-0x000001EDAA600000-0x000001EDAA700000-memory.dmp

Filesize
1024KB

Download
memory/508-185-0x000001ED98180000-0x000001ED98182000-memory.dmp

Filesize
8KB

Download
memory/508-189-0x000001ED981B0000-0x000001ED981B2000-memory.dmp

Filesize
8KB

Download
memory/508-405-0x000001ED97C20000-0x000001ED97C22000-memory.dmp

Filesize
8KB

Download
memory/508-231-0x000001EDA90F0000-0x000001EDA90F2000-memory.dmp

Filesize
8KB

Download
memory/508-236-0x000001EDA9DE0000-0x000001EDA9DE2000-memory.dmp

Filesize
8KB

Download
memory/508-246-0x000001EDA9C50000-0x000001EDA9C52000-memory.dmp

Filesize
8KB

Download
memory/508-240-0x000001EDA9E20000-0x000001EDA9E22000-memory.dmp

Filesize
8KB

Download
memory/508-344-0x000001EDAA900000-0x000001EDAAA00000-memory.dmp

Filesize
1024KB

Download
memory/508-242-0x000001EDA9E40000-0x000001EDA9E42000-memory.dmp

Filesize
8KB

Download
memory/508-312-0x000001EDA9630000-0x000001EDA9632000-memory.dmp

Filesize
8KB

Download
memory/4888-290-0x000002F50E220000-0x000002F50E221000-memory.dmp

Filesize
4KB

Download
memory/4888-291-0x000002F50E230000-0x000002F50E231000-memory.dmp

Filesize
4KB

Download
memory/4888-152-0x000002F506C60000-0x000002F506C62000-memory.dmp

Filesize
8KB

Download
memory/4888-133-0x000002F508200000-0x000002F508210000-memory.dmp

Filesize
64KB

Download
memory/4888-117-0x000002F507A20000-0x000002F507A30000-memory.dmp

Filesize
64KB

Download