hxxps://www[.]byplay[.]io/byplay-desktop?rq=desktop

Analysis

max time kernel
125s
max time network
113s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17/04/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.byplay.io/byplay-desktop?rq=desktop

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Byplay Desktop.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Byplay Desktop.exe

Executes dropped EXE 7 IoCs

pid	Process
5116	Byplay-Desktop-Setup-2.0.11.exe
5964	Byplay Desktop.exe
5288	Byplay Desktop.exe
4888	Byplay Desktop.exe
5080	Byplay Desktop.exe
4432	Byplay Desktop.exe
4504	Byplay Desktop.exe

Loads dropped DLL 17 IoCs

pid	Process
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
5964	Byplay Desktop.exe
5288	Byplay Desktop.exe
4888	Byplay Desktop.exe
4888	Byplay Desktop.exe
4888	Byplay Desktop.exe
4888	Byplay Desktop.exe
4888	Byplay Desktop.exe
5080	Byplay Desktop.exe
4432	Byplay Desktop.exe
4504	Byplay Desktop.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
143	raw.githubusercontent.com
144	raw.githubusercontent.com
146	raw.githubusercontent.com
142	raw.githubusercontent.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
688	tasklist.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Byplay Desktop.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Byplay Desktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Byplay Desktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "641"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Byplay Desktop.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Byplay Desktop.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "540"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000007416a1a0662b962b967820e319ed74607c7b0db55a0c32e8b3a5e9b7a9f582d9bcb1e61d8d79dc02182e88f4ecab6f8f0e570289543e817a89f1	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	Byplay Desktop.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 457111666390da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e12fd5686390da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Byplay Desktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 611936656390da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "5"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Byplay Desktop.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Byplay Desktop.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Byplay Desktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Byplay Desktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Byplay Desktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "3511"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	Byplay Desktop.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ab6725656390da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3e7040606390da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Byplay-Desktop-Setup-2.0.11.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\byplay-desktop-updater\installer.exe\:Zone.Identifier:$DATA	Byplay-Desktop-Setup-2.0.11.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5116	Byplay-Desktop-Setup-2.0.11.exe
5116	Byplay-Desktop-Setup-2.0.11.exe
688	tasklist.exe
688	tasklist.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5964	Byplay Desktop.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
1052	MicrosoftEdgeCP.exe
1052	MicrosoftEdgeCP.exe
1052	MicrosoftEdgeCP.exe
1052	MicrosoftEdgeCP.exe
1052	MicrosoftEdgeCP.exe
1052	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1724	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1724	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1724	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4932	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4932	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2152	MicrosoftEdge.exe
Token: SeDebugPrivilege	2152	MicrosoftEdge.exe
Token: SeDebugPrivilege	780	firefox.exe
Token: SeDebugPrivilege	780	firefox.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	688	tasklist.exe
Token: SeSecurityPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe
Token: SeDebugPrivilege	5116	Byplay-Desktop-Setup-2.0.11.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
780	firefox.exe
780	firefox.exe
780	firefox.exe
780	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
780	firefox.exe
780	firefox.exe
780	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2152	MicrosoftEdge.exe
1052	MicrosoftEdgeCP.exe
1724	MicrosoftEdgeCP.exe
1052	MicrosoftEdgeCP.exe
4256	MicrosoftEdgeCP.exe
2152	MicrosoftEdge.exe
2152	MicrosoftEdge.exe
780	firefox.exe
780	firefox.exe
780	firefox.exe
780	firefox.exe
780	firefox.exe
780	firefox.exe
780	firefox.exe
5964	Byplay Desktop.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2332	1052	MicrosoftEdgeCP.exe	77
PID 1052 wrote to memory of 2332	1052	MicrosoftEdgeCP.exe	77
PID 1052 wrote to memory of 2332	1052	MicrosoftEdgeCP.exe	77
PID 1052 wrote to memory of 2332	1052	MicrosoftEdgeCP.exe	77
PID 1052 wrote to memory of 2332	1052	MicrosoftEdgeCP.exe	77
PID 1052 wrote to memory of 2332	1052	MicrosoftEdgeCP.exe	77
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 4472 wrote to memory of 780	4472	firefox.exe	85
PID 780 wrote to memory of 4716	780	firefox.exe	86
PID 780 wrote to memory of 4716	780	firefox.exe	86
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87
PID 780 wrote to memory of 808	780	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.byplay.io/byplay-desktop?rq=desktop"
1⤵
PID:2024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2908

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1052

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4932

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.0.692714355\2059115466" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1877b2d0-71ae-4d8d-9a1e-ee79019cd74a} 780 "\\.\pipe\gecko-crash-server-pipe.780" 1796 22832dd6758 gpu
    3⤵
    PID:4716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.1.1598972677\326137233" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {504215cc-2c1b-4f9a-b3fd-4155cde29d29} 780 "\\.\pipe\gecko-crash-server-pipe.780" 2188 22832cfc558 socket
    3⤵
    PID:808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.2.827007015\1171997746" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2892 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdf39ebd-d027-44e6-9edf-8642af7e01ec} 780 "\\.\pipe\gecko-crash-server-pipe.780" 2880 22836f98858 tab
    3⤵
    PID:4624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.3.2144710466\2139640163" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {294ce5d4-311e-43fe-a42a-9075eedb05d1} 780 "\\.\pipe\gecko-crash-server-pipe.780" 3476 22827d62b58 tab
    3⤵
    PID:4080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.4.1691202530\1976675518" -childID 3 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d519cf62-bbc2-4b2b-9117-7f8eb32c2c42} 780 "\\.\pipe\gecko-crash-server-pipe.780" 4276 22838e97258 tab
    3⤵
    PID:5160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.5.68430428\333485287" -childID 4 -isForBrowser -prefsHandle 2632 -prefMapHandle 4764 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81c2e812-4500-4ef8-81c2-4c49bf3a7b4c} 780 "\\.\pipe\gecko-crash-server-pipe.780" 4952 22827d2ed58 tab
    3⤵
    PID:5548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.6.345402805\732119477" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {921f4d2c-ad47-4ebc-8238-2f9486d30b62} 780 "\\.\pipe\gecko-crash-server-pipe.780" 5076 22838e96058 tab
    3⤵
    PID:5560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.7.768924656\1175190564" -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f121dc-8573-46aa-990b-0d29e6712929} 780 "\\.\pipe\gecko-crash-server-pipe.780" 5276 22839332858 tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.8.518480741\960093302" -parentBuildID 20221007134813 -prefsHandle 5564 -prefMapHandle 4952 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7fa8845-edfd-42b2-9a3d-1dd7eed2a2e7} 780 "\\.\pipe\gecko-crash-server-pipe.780" 5572 2283a8fb358 rdd
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.9.1076544256\1494092623" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5884 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5be529b-f5ec-4329-963e-118ca1658cfc} 780 "\\.\pipe\gecko-crash-server-pipe.780" 5896 2283acbcc58 tab
    3⤵
    PID:6120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="780.10.1690125931\2110867297" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6084 -prefMapHandle 6068 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea16afa0-ca63-4143-9879-15e057c30494} 780 "\\.\pipe\gecko-crash-server-pipe.780" 5916 2283aff7b58 utility
    3⤵
    PID:5460
- - C:\Users\Admin\Downloads\Byplay-Desktop-Setup-2.0.11.exe
    "C:\Users\Admin\Downloads\Byplay-Desktop-Setup-2.0.11.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5116
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Byplay Desktop.exe" | %SYSTEMROOT%\System32\find.exe "Byplay Desktop.exe"
      4⤵
      PID:4176
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Byplay Desktop.exe"
        5⤵
        Enumerates processes with tasklist
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:688
    - - C:\Windows\SysWOW64\find.exe
        
        C:\Windows\System32\find.exe "Byplay Desktop.exe"
        5⤵
        
        PID:3496

C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe
"C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5964
- C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe
  "C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Byplay Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Byplay Desktop\Crashpad" --url=https://f.a.k/e "--annotation=_productName=Byplay Desktop" --annotation=_version=2.0.11 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=25.0.1 --initial-client-data=0x430,0x438,0x43c,0x418,0x440,0x7ff7c89da208,0x7ff7c89da218,0x7ff7c89da228
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5288
- C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe
  "C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Byplay Desktop" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,13067333103643625199,491387399323146718,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4888
- C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe
  "C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Byplay Desktop" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1820 --field-trial-handle=1648,i,13067333103643625199,491387399323146718,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5080
- C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe
  "C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Byplay Desktop" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\byplay-desktop\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2764 --field-trial-handle=1648,i,13067333103643625199,491387399323146718,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4432
- C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe
  "C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Byplay Desktop" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3188 --field-trial-handle=1648,i,13067333103643625199,491387399323146718,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c
1⤵
PID:5188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\339TKJSV\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FQ6L406G\www.byplay[1].xml

Filesize
79B

MD5
47e6c4dabaaa079a7993b67188f23c4e

SHA1
13c3af29df2217782b44d6a9ac4b3a14c72e5eb0

SHA256
77c743f42994053224aef4ab792951b6919f2b9f69430472403c0ce7a4936473

SHA512
fb3ef402e3437e4b50efc26404e9b6f2ac5b0d41f99877e17297339b86b773b0a941b558a24a299d7ca8c149d9ccda58102df8bdb0956f70e34c8ecd9360ec9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\XIKLLKI4\www.bing[1].xml

Filesize
1KB

MD5
3812e9f471ac85b1e655a13304fd4277

SHA1
b99356ac15b0c360b7cfe4f04b9214cb57cc8f77

SHA256
6ecffb49ba1f2800876914a4a196312205888341b558032f6b92903a444bf3a4

SHA512
8a4babb1a74408a65716a5f8e78efda05441ab60c5bfc4205fe389d7e2c8483735f1d5f7f1abc95c9264e3a2508ece54b129482582b0cbf4f5e7e5774e2745aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\F9WLKBR5\default-favicon[1].ico

Filesize
6KB

MD5
aa78d04664d6b65058ff847eb8d2d821

SHA1
abbe5f24dae7833b596beab1c431f58e1c1c95e0

SHA256
0d75fa1c9f78745b408f55992519c9bd64dfdd5c1b456c5f48b5dc7c43184a8a

SHA512
828d6f59938220694cf3a851157f0ffb2179dfed687da2f15927c8f119852c8f4625356b05d56404aac91e1846974dfec459387ac353a513baa4048bbae5aa0c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF976C2012EBA9E167.TMP

Filesize
16KB

MD5
4f1109a0c4ef0bfdddac4ea57daa0c39

SHA1
d6b150e6e7f38964123724faf2ec2ac78a19f5cd

SHA256
09c38d90a21be6a75f7e05722df8ba1d9708b69595662a0feab33b4a72ffbd41

SHA512
37cffe98e3b4e79eab3f1eb3223687b5d82ecea3dd659f2f98fb81eb9acd0a202fcc33c6f655a9e3b25eafd78657db9180b8d63b58ce860b3e1a28136aae034d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
314B

MD5
b5aa92534ff96466c122a07e3a0de5bd

SHA1
c6a2734737c297a8bd32680a5d56d4eafc79292e

SHA256
1c5735e3bc7cc730a6fb48b8171ac477e279453da8ef7d8daafbe6ef36c4f5f2

SHA512
be80f5c3917254bd2da017d44a889bba57df900698640db44b0c83a8ca9b862b68489af73614ea19b13ed246e8a1f5d9c03943f951f9c5150c4cfdbc8cbe9171

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
02f00445b13ced8549913d5ae64c695b

SHA1
42d2b7d6285b237beaf2df371dc983189f2cea94

SHA256
1f85866c306adb155e46cde3fe4e9d0cde5a7b57301ec65763cb3e8093b1d4fe

SHA512
38b2bc323829beeabd9c6ec458736ae6c07c0a3ad3fe8606c4f1eaba378de62dda5d820da4941e1e74518bc169164223738dea80d80916202b56c0943a79df6b

Download Submit
C:\Users\Admin\AppData\Local\Programs\byplay-desktop\Byplay Desktop.exe

Filesize
155.8MB

MD5
3931df4400a4e773e1b0e4737136498f

SHA1
8c32bad43b553af469fdf802592d3065a6e8c8eb

SHA256
eaf17a45c24873fcac4ff83b90b5f2f4ec2ebdfa9c878e50b3ebf63bcb06fdad

SHA512
423738e37da026ab6bae516eadbb56d25f8ee167e0b70792e9cb7ca284c4da82428de1f1ad2f23ca2fe009ef69b0caa221bd1e3f40853a0fd91a4225a872d0a6

Download Submit
C:\Users\Admin\AppData\Local\Programs\byplay-desktop\libEGL.dll

Filesize
469KB

MD5
25e543c36b2f9a1ac4c502a5ebe131ae

SHA1
c78b47302cb454b001f31b59d1b761e94f428462

SHA256
e31c2d93dc2ae7040dedc93172b215b5c39f258e55ad2e0fa2e08769f7df4d3b

SHA512
960f09ba96e9a0f5696cd443ab389aaa5c1039a8b67191b535f34a61147c581dd669231d3a22064c11d32905e8d8091e4defd1a850077d016820473d638942fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\byplay-desktop\locales\cs.pak

Filesize
441KB

MD5
634f808a31943ad21e3f3f373d3e6eca

SHA1
8fda42730cff887d6829a2dbbef1a196e7e058ea

SHA256
9dfd844999ef20ed9f254fe45f0314f98e01e6ca74ad059d7168849e61540e6a

SHA512
7c2bc1fb73d66751dbef12bad11a47155b00bfd732b7739ddca05fc51eb86c2db6c41914ea0990915677dcc19253633fa5b3c4d879e83e5630a7125747c401b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\LICENSES.chromium.html

Filesize
7.9MB

MD5
d5b1f4d67bbb923ae30f5d5ac424b269

SHA1
e751270f329f8f5cc882e615157891421f569c79

SHA256
6bb288835bc59b4550338d8034ef8fb9f05714e890ec08c327149c82142cb4ea

SHA512
b8c5ebcfabf56c85467b27815d7b2cbb0ff922a5bf08a3e619772644fb53049393134d17a849d3191a29b6af1218feed32895bf26c7b77cf3ef0178552ccede4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\chrome_100_percent.pak

Filesize
132KB

MD5
443c58245eeb233d319abf7150b99c31

SHA1
f889ce6302bd8cfbb68ee9a6d8252e58b63e492d

SHA256
99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760

SHA512
081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\chrome_200_percent.pak

Filesize
191KB

MD5
81b5b74fe16c7c81870f539d5c263397

SHA1
27526cc2b68a6d2b539bd75317a20c9c5e43c889

SHA256
cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4

SHA512
b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
2d90ecfe83871585c94f8f236f1fc061

SHA1
76ccae6c5347ed35922f35ec2057c25f8e93df6c

SHA256
5029d501f209f06716461fae8816961202d08585f7226655f13f0e569962554a

SHA512
098ed9b753ec31c5c8df97bf91d5d802e63b3bb1d9e961a22b52cc03e1e84e2d56cf387b91d47d3eae747425ce68b24787ce58e1139e109a04504509a213bbb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
2134e5dbc46fb1c46eac0fe1af710ec3

SHA1
dbecf2d193ae575aba4217194d4136bd9291d4db

SHA256
ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41

SHA512
b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\libGLESv2.dll

Filesize
7.1MB

MD5
80db304ec5d10925045314cb6895727f

SHA1
9e1f005b1e9db8ef5c843eb31c6a21738766a7a2

SHA256
7d1df9e693d2ec4fd4fa84bd05c62b3070be5f82168ed869f07fe12cdd6bf89c

SHA512
94afd1ffb96e5a2953064508219d24ee2aa160de99b1c55e1e807c2eae63de0007fa9ef77b13747404a21fd759f4d7dd77a28a2e2c845088dcf8080601e36313

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\af.pak

Filesize
381KB

MD5
b293cc5ea7db02649bd7d386b8fa0624

SHA1
32169b9d009b7a0fb7ecdaf650c989e956291772

SHA256
7bb75adef02d28819f1bd3b42fa46ed56d6dfbeae072341997b09b8c1f52d8dc

SHA512
496bc72e7b798d02e453eb96d20566b91405bab774521527ef882c1fcb58f25e2d0718013ddc0d23f7fad883f4cde93b57c6caaeba8cd18a09665c9f6245f557

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\am.pak

Filesize
619KB

MD5
d3f48b60620c5bbe519db9c0cfb634de

SHA1
7b54a0bf25b2ecfd78c2ad7dfb6f6a09bfd20abc

SHA256
1974de0984976556288a4612d5f38fe0ff21e868bdd877ba5d5fde3bb4c9e36d

SHA512
279a7c162e53b2d4e7a92a57de3ce3c919cd9a9700595af6a26ebc53f925773127656b2c817e91cdead87c2b1f5dc00bb0b134d6d51cb083149d85598a2d5b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ar.pak

Filesize
680KB

MD5
0ff7a127ca01498e946394aad3648674

SHA1
a7ae6aaeced53b096a8f3005c666fef3f1138db0

SHA256
da3294b3c8cd12000a4fc6610618a96b82d1ca67a764fb6387c7edb388b6c6fc

SHA512
088e210bd15a63f32ed52bb844e25bb6f16565e92f45a6505ab8831919e70369069592840af84ddf6a6dfb816f944264a976824e49ce5643c817046418c4ed3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\bg.pak

Filesize
706KB

MD5
5f629042a1c501b290eec5ea3fcc6779

SHA1
d6b304838630bbbb375c21a0e6de3e1ea600ead8

SHA256
571e87f9c62cfea2a2303674f93ba879d9b899afce4dd7e47ddf5e6781b7d4a6

SHA512
e30f92453bed2dd0cdd5a2a2f70d1e240e983b0a65f056a9623295ed01e9a87869706fc4acb40cb79ffe7c60f5121a95893662c1d0299c0a585b8ab75888c14b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\bn.pak

Filesize
911KB

MD5
35cc4775dcc2361b3378c88e5f2e58a4

SHA1
5e921d75204fc2e2d65c32cc7557cabd31939813

SHA256
9043ace925426f9589efa8705feec280e16ca2a678a45085b9fe880bc8bcd16f

SHA512
24ba4297084c80cf05562f65d6e21171759a95af6bc9ed558de17dfe1af40dae2b13e819479e3a753f2e648e35b44d064370b57e3551beaeaa45607c4a1d468a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ca.pak

Filesize
430KB

MD5
a69946c79799dde4ead4ee6f27d7fbc4

SHA1
f304240b57df781eb38eb3968b8110db24f18de3

SHA256
6cf25816859b95a5ba7b50578c14630105aa5c078338a4d67f15df0aab58233f

SHA512
169a676cdc1efa5700f8f472a9c0f784dcc7d6215c4ce348a0fc91f3c0dee6c512aea02967051e4daa880ace00cbf2fb9def032590f416ba9f6129fe30df3957

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\da.pak

Filesize
400KB

MD5
4bfee234ac9e04fe60d97f67f881ebb1

SHA1
bf2b676c6268580b179fd9716d54cd7fbca36334

SHA256
d4d8ce557a333310ff0f59d6225c41cbde396fccf0872605252425a917230894

SHA512
af91c4c890625011ddf93048f84ce11f267b72239b6eabba8be3673585ad8e595338ce7b91962c18b81f9f6b91e2c4c9c0fd2136894022cfdec47536b58ec2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\de.pak

Filesize
427KB

MD5
169d036fc78554a8011c72644d7c8129

SHA1
5bf6df20d0f4383c1162e787d019e822cea6a87e

SHA256
5883c8b60f43c5e12437eefa5d74dacf9c16e6187526df74a53f2eca9e6f3d62

SHA512
e9bb8eafc47986063892070ae57d6da5a996d68b2c2460f1672abe4e047628b50410cdf72d627d38e15abea7647c686bd30bd7f80648f1058f9a9f3b7a10309c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\el.pak

Filesize
774KB

MD5
33309b3685f75753aae6316b8d4aff8a

SHA1
4d53b3f62f020e2556bbdc4aa6adc050fee36d96

SHA256
795baa943e85a4c4b425163c7a27f08fd02a825e41387e24330921bca2a4a35e

SHA512
bac0dbe03e4ad63e7ff675481acbc29497dd2711e9b06f17c337c05d40aaf3e1c9f71e8221fd2c0a1dee9ef790fab12b3a070713cc89a139a160b4fc33c10a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\en-GB.pak

Filesize
348KB

MD5
f7754eefdf5e791032e71502c7943f2f

SHA1
aa9cde895db4556e55cd6d408793a53f4dd3977c

SHA256
04820f38b261b4ae387b2a77ee6f5f1ddfabfe0d7fe7e61ab92d5e23823b29f0

SHA512
276e6b76c1af44283bb3434ce5f312bd72da8499e649f7a0a7ef9302562c6f280230853aeaa8ca116e6be3b0562126728666d212d388422df57d416a2e571ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\en-US.pak

Filesize
351KB

MD5
06d28839ea0b3aab4597ba8646a53a96

SHA1
9c6a74aae8c783546d613c6f38cbfc8f5e3736f1

SHA256
69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a

SHA512
a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\es-419.pak

Filesize
425KB

MD5
b70acfc99fe28cf6701e2eea604d9db9

SHA1
f997fbc4c651cb36516c42a4893fcaf3f4417a9e

SHA256
b7a5a00fd697e152f5027ef8de38e57b6f844524db24bd648c60c414af457627

SHA512
a28e50059e53445d40f1f544cfb15ff5617847d4bcba4aed36d1c56d39482a41ac4589331a4ed1ac1a3a7224ad8e081d597569e0720b5f7f961c74d802e431c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\es.pak

Filesize
425KB

MD5
efc938df6436e429c5c3ea6d03dee875

SHA1
aa0b1458fa0a7549254f647cc9434eaf396aae44

SHA256
591e454d9e530561540460448da5e346bd5a034fe5ba153b81284f820b914329

SHA512
18d196f43cbe6fe9748ff553422f167f8384a26b282b2b23774f406efbc52348cd2e5073a50a3f5fc41326889797186e1ffd9d78c76a8eb1ac4378a573e29fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\et.pak

Filesize
384KB

MD5
ccd361017778964de23bf1d741cb888a

SHA1
5b0305538762987901b7a8332635f3d7996c09dd

SHA256
41883af1e49cc180fb48e02659e75b0169d974d77373cf7bb2a4ea02dd654e26

SHA512
a9d7c99c07229d382e8ba7cc3199bc66fc39df5fd9b58e6a76e423b865f8c05f53398125a17a20c27462b2db595f3d778b4d94b1853121d8447b771f9284e5c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\fa.pak

Filesize
629KB

MD5
f036f51b53f87aaa9bfee6fe62d86378

SHA1
c9441fe85d557eabd084283380bd1293a29f54ca

SHA256
89cb2e20ca3da9e670d5e56523c3159fc59cc451c00f568fe85dee71690e3649

SHA512
574b1d0af2d7726cfef5a59f5a6bc094afa33ff3c7089b1decf4ef6a7d02428bcb80e9cad2c3c6984d2a3a0df02e019841109a30830b8cadbf142862d81f56b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\fi.pak

Filesize
392KB

MD5
f87a1ccbcf3db6988e95e94333bc5a4f

SHA1
e85f8446eb74d8bd4318354ec98135c17afe3248

SHA256
052a72c9d6f2bb55f02fb1c5c4c68525a32b8cc9120c270d07d7b813d604f7dc

SHA512
c4a7ee0552b343010fce8ceeef70620acf672c9ab56fc24ccfb88abdbad23aac4cee65c8b241c594b7ec92d0841087485aeda583d2e887cf4c823a10b2e7cd3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\fil.pak

Filesize
442KB

MD5
2e6a6728bd5a09339ac01a38bf686310

SHA1
619e27f30c99eff8f2df3ba2287c6f7fe0b5b063

SHA256
e8f03c2e9c88adb04648ef93f9ea3cff87641638ac97c9a6752b751e7f7a8a20

SHA512
0452ac74eafcf971265de92041659c006b5e559919b895b41795bb1307ee7c302e873440b006485b7cffcdab0f6b908a119683fab40a664d5bf3591239427c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\fr.pak

Filesize
459KB

MD5
7a16856d9876ee0bf22c25594c63d09f

SHA1
fa5fb140fd6374c04bbea0f11b3b4f1cfc6f2711

SHA256
ab1af61cb6e56c2b73337e9c372af5d5da5a24e13fa487594dd4960441b70563

SHA512
21ab44be15ef57965460b3d21b209a9ce11856231bbd4fa2718c4acd6b1ed572239dd0cd2e5d35fbf7b6ef9bb37211e7d16b56ed83a90ade1c30faa86d5757b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\gu.pak

Filesize
886KB

MD5
0c33e2a35eaaed3572f31e7b24d4493b

SHA1
278498568109ea7d6cb34c634316f95b04155b64

SHA256
0f0fee8a2f22f80a0c4a758e7f4fd90d40be4048dcab0d824135caa5e92efd5d

SHA512
4eebf9be5a8c317d2d2e8e9b1e607774f5c7c35af7d8bd6c80326fe3c6e2e05089f04485eedde8be8c7b71a7b49e407289f361361d86802c0463c5b6b296f2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\he.pak

Filesize
549KB

MD5
0b47e584b7cacaec9db4202cfbb69baf

SHA1
fc08bee15ac6a3a94a7ffeb87e76f7377e490f75

SHA256
f7d753020bf136d4b878aab4f826c31dd283486aa509cd488326fdc25f77f80e

SHA512
273ac7970a15154509326c148100a320c27a453e87fcb262b630bb4fb9979e6947b69c6300c74485ecca1c4c4835ec79ffb14925ee2ddd0cdf34c9e64266670e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\hi.pak

Filesize
928KB

MD5
a11bd9d8c3a1ef8c200efb0b5c496022

SHA1
652d2532f06052b31dd31d27e91447ca1c692b5f

SHA256
40cd407204bc8f9148014d459143a78c33d2c61a140f05091aa9c20817b22bc5

SHA512
33b6b251731d083b480e8640ccada554457518a8ff08d3f329221db954f64196ff381db3f28ff9049f16b73a50345edf99c447862a230d562f2e10f96e4284c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\hr.pak

Filesize
428KB

MD5
fd00f07cd205acfd59941b551a0e8fe7

SHA1
d61f986a219194b926faa5a5daf7dc5daeda8023

SHA256
104192f0c9fa89c7b08cc53cee8e7de4d4779b9c19799e2296cfa73416546b92

SHA512
bbf0572b5df7ce87d4ade92ae306a789f1d65a714fbf3b22002eff856bfc9703eb14c4955edc70e01e521fcb39612b9a310ecf2317dd0f83d0686cda70cf0f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\hu.pak

Filesize
460KB

MD5
2fef83993a62f73f8e4b40a6e28a085c

SHA1
8bae181f3eed8d5ea8fb0f912c679e608ee7c008

SHA256
ca4b4c7c7be45ea0871abf7d5668ab948f712a02facdc1d6bbc189b1b3522446

SHA512
6eed29acd38b662f62381a5c00ebfb254915a57de6fde8e6da77f60dffd13d4846b26b1897d710ef852bcec5728a4460becaed2367f1a06a066da77521701324

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\id.pak

Filesize
377KB

MD5
b92e90c57ba7396f20c5a3d218d5b12e

SHA1
6ab2c2da1f12bed9f28d1130a57cce842963cd3d

SHA256
2010188f23d55ccb134fba71c419fc80230fc36ab30c64a24247008dba2fcf4e

SHA512
b4ee4e785b046d613d9057bf3f803ed1f417a6692cf62d307c91914d82ae749ba6e304bb0ac020abd20f4ba8959b287e17688f4ca0dd0557d1559cb9b314cf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\it.pak

Filesize
417KB

MD5
16f657640d67f10d93bf0bac80d23d82

SHA1
fdf210da4f37f04142aad1fd53698392c91dbe4f

SHA256
e4f9cf33c2dd8adb450029fd43f603b1e0730dd0ed66599afb0cff7d78fafb2e

SHA512
c9e439e542e147e09d84b0157023fba67401f8caab79b4a8aa27993a5f8a545caad621a5462565fa6989f842483446e16684937b37a7127caf902a079ce8ea51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ja.pak

Filesize
509KB

MD5
9192661c73a4219398c34364ff957280

SHA1
8ddd5fa769088120ae9d952ba879006c80815886

SHA256
92df6a6db021b480f76b91249bede4102dac600b7a459fbf4446457af8c29081

SHA512
cc553e2467cf0451ff7dfc7090c0239070433f50e31803766b2c28b1903f6db4865bf9ad8957cb8021798631b744c3de341c1efe42b59fe42903b7db84d40a43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\kn.pak

Filesize
1022KB

MD5
42759877542ead4ef748748edf97060e

SHA1
c20cad0e5c56e1639feaa432391e27b8ccc24681

SHA256
3887b937e892433a86a0a7a8cbc7194292c8bb37a894544ff1e7f2c4a53018fa

SHA512
a0751cc5630b267cff00a9a208554a025b84441518415bf4850f18753c566f6cfee198ab21b666ffb7549e5605eae0ca9cfceb86aaf3c54faf37fce5f592538a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ko.pak

Filesize
429KB

MD5
fde2b0f2a810a2d853a46bda17d452f6

SHA1
8a04e5473be00bf3dd80bc44eb5e0196f4fb0622

SHA256
70f9b65c9b554ac64b4e690c77bfc7a524c4c483cc063254bedeea20ee437d15

SHA512
60f6dd69b7ed889f13ff75005faf8a836b962dbfbe01a654d227dd46b8d6beeab28c7dcd69b447223cefc197cc629b1bf387d3e765f3234371f745d3dcd44242

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\lt.pak

Filesize
463KB

MD5
f40e916fc2e1abbff97d39964250d0e2

SHA1
957a575fa4b0cf406201aa15fc39d84911d66ab9

SHA256
3f380b4772aa391ae562318247b7d981d7ea128cb41657c25a9bfd1052e698c1

SHA512
4b113dbfade34023fb899351a8e7c2c08d6818e2867b8ad572229f4bc2fb97b2228d1403f6e8d3cc0bf07c71b452673460c0587de968265afa53dc6669ef7efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\lv.pak

Filesize
461KB

MD5
efbffd8c85df4a3a1d190f1f50c0d82b

SHA1
363df0e02fabae4339d90e3daa2172576c355ab0

SHA256
af1f3deb4bad0a8933ac9ba122557901061518a6bc41cbab129b3a1a17362bcb

SHA512
ce85ccc9f81d6b7e133032cb9ebedd6f9980a7b74f1899880ce36170480519a6fc6f4210e231d8715021916927a2a7a0aa8b8878d9bd938fbc7bd1b624a067b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ml.pak

Filesize
1.0MB

MD5
d7b31f00e4f650f40e10c2c8379ab7b0

SHA1
da94e2b3fbb935a9abe76d080e0f85cbe631cb16

SHA256
6f203a64bc4766cce23ba6ff5756875b450e945e894afe471d998bd2ac71dbc0

SHA512
f18e2a33047355007c3b4b3c1e41455812e38a1b10f37614b2d0e391664198dc89a5244251bf56348be596659c9e733d75f13d9808066d78172a0e3540b01896

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\mr.pak

Filesize
870KB

MD5
f6e22beb66334014c49c721cf4be0f77

SHA1
b5f59891b4819785dbcb1c168a51ba0eae462392

SHA256
d0d4352ecf8bf9592e810df2dc40e6ba162014a17826c6bfb1b8bd8db84075f3

SHA512
c89684d0423d96950c4ddbc3ba0e95c338d8764aada9fd165431c14de8394e5753275db2751643fda04481a74c443523c0384a7b01d1b298153e6b7f7e4805c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ms.pak

Filesize
395KB

MD5
2c4056d84b980267faadd69d52c17086

SHA1
3b3c5fcf182d86a170c8f35c041bf3869a82b362

SHA256
163eb7ba5f0c61acb6443709c24e38ca6370a33f89a12e13d0a57c258a87ca16

SHA512
47285ab42b46cf7d6556eac2a8f7afb9a9c9abe8cb026fe847b2504e4dbddd481a98c1ea959c74e31f195ecdbb618a3d93df8f20b797411a8bf2b3856fc9b963

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\nb.pak

Filesize
386KB

MD5
d4e75af4416e98c406000cdabb1f470d

SHA1
0bc68b12f3ad681ee65d0cc40e0659a8548dda1f

SHA256
7a69a2bd54012986bad91b32f045d85555319efb9a9f817fefd8289a9ad23119

SHA512
982c27bf509091d457f0730cdc033e552501237d2732c593ad3c35e40f6ab57a9ec58e20fed3b7d79eee4289598623d3c8aa513ae090c015f96d0d390919dd80

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\nl.pak

Filesize
398KB

MD5
e3b4d575dc7acae2f29ad962b6f073a8

SHA1
7947434ebc6ea720668f3e10cf9f5a9674a431f1

SHA256
71eba0a0280bf70a7cd596cad97ab4569217ae3278a046c6ba8dacd987a23df4

SHA512
1bb3994fc58ded17adca43f585481cb665b00ef88a4a9092e80591003c8e373cbe334a17af76e2dda0e0134e3357d683fde514fb5271a892d9dcfb0a21a5478e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\pl.pak

Filesize
444KB

MD5
cec7e878f86c3d60d9b37a1bf9e1c792

SHA1
f0deab58aa38a4d925d742b895675355d6dd367d

SHA256
2e9384816d17eb39240b0b26e93caa5bee232836dee6384f76a4c1ba98dfc734

SHA512
657406d7cf1a531b52d74063cfa46c90349067f02eb32a9447705cb91301bff3db8dc600ae667f5f3e60927c55dc30b29ca8990085cde8a76cfeb236a07fd93f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\pt-BR.pak

Filesize
419KB

MD5
ca1f076b8161185811ca14d7c2469b65

SHA1
b7e3a34e79c29180c52e84dd2cb98c6383e37485

SHA256
faca8d85fb57806f3801160c297fa568df1d82c24f16ca487ee338e7aa3e4bf1

SHA512
35ad5e73d26d3a21bfee414a5e1fc79171cab61def0f37b4fb09e3855749db2fa4ee344a227ae1017eecf3a4e8b9f4408a8b46ddeeac8663fa137d7f601557dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\pt-PT.pak

Filesize
420KB

MD5
446671881e8266ff7a625d36e75c1e8f

SHA1
f4600e32d359d2af354a609e48e36f0c917c6dec

SHA256
1c90b118fb760f6acbcd000e908a390ef4687447ba72003cf42fd998b4d0e239

SHA512
da370bf9a5c2959a51408e4eb98e2418a82a5f0d04b230f01e229fa91c6140a294dd85d445f0a58b905e7598865c46608cb2538a23c0388f3704816b5f1e36ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ro.pak

Filesize
434KB

MD5
6805d8f53fb301aa1c70ec9886df8769

SHA1
78cf4ca5fd24ce88e912c172da308bb1cb6b1070

SHA256
a322744798d3930738fecacfcdb5a474a4de656aeb363f2b2f11503e6333801b

SHA512
ffd82bd9070200545974a4e02b312bb9407b881fba126c8151f5f5feb8314a8b9f7a4349e4061a1ad41a71c6f03fa7ae52016ff2fb2b094c9732e7410e562dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ru.pak

Filesize
711KB

MD5
287ac572f9f6801d22d129cbdf6ca56d

SHA1
7f6c98136e7548412825ce2456afa86c34aa35b0

SHA256
6d9fb7def13400d9fc49fa16a65f9dd8d68a3a49dbb5f8c6a984e6ebbb415384

SHA512
e86044132d1d75cb5a889166a3cf09cbd649103f6f1ed8737f16020b962c79c412c8a4162b45b2f5ecc4b208f24da21569664490d06a6f4f89917e4711b73dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\sk.pak

Filesize
448KB

MD5
11c998c7767244948f06552b5c43c8fe

SHA1
47cde3503c9299856d3411adf3ed37e4029277e8

SHA256
72a64cbd5d94e4f7ecc064daf542c2a461e32acdbd25432cf9e3f747d6c27d4c

SHA512
0a932d14b6dc2892930dd5f0659e4d8b193897ca419106d49006f742b1ffb09405a441923a2a67bdab49bfc80cfd15f53c7237ea251208a5056f51aba70c7410

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\sl.pak

Filesize
433KB

MD5
1b02b0834b8bbd12a77f7fff09e1d81a

SHA1
1898cfedde55aae307f7578b88cb0bcaf61e1d52

SHA256
b36e1fe2405cc4b9f34587e30da2feadaa6f03124769b02f79333adacaddb49b

SHA512
b1006053ace6f8842e9436c94934b2e7d1b502e3df9ecd1fe59ab39ae35e69e8f0dcff8728aee2c35a3a1eb7a27f0146d6113b4de0632dbab20eb0a37942bc4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\sr.pak

Filesize
666KB

MD5
a1d591d8e16748b52720094042f3f60f

SHA1
945c336507af951882718bd21ca72fe0a56315ee

SHA256
f4b900d2925f823fdc1740f1156f9900c44ba6a6e12bc3690f0ab70ca7a84eda

SHA512
f097910d3ad8079caa173fd6dc61da8cb34ba67e3b91746c42eb43e8d4ffaba93b78a39472c30cb8a880820c92db4a10a5475c862bbe9d7b0f2e644948f88e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\sv.pak

Filesize
389KB

MD5
094d69544816535e4d040ef0ce923100

SHA1
5891cdc73bc4c112855d099ee112da0c3e9cea81

SHA256
110112c2f7ff5d3c8599036669d156e96ec19e70515fbba3bbcb2043ab994680

SHA512
023037077a3482a3bf2ac076b5c00922d7039bfc2098797275465138142fea0f97c1e003f77de71b9ab88f786b7401182618603610c51f634ad17a123faf5bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\sw.pak

Filesize
408KB

MD5
c7b196938b6c5678d58ced6dba76e77e

SHA1
5a2da5121689b6d216f4757f0ea97118b43c7316

SHA256
bdd5f68349e39363558b3cfb6b0b7daeca53cbafc464009f32e96c9561fcc95d

SHA512
67ac24e6ab2e9ee5a6d69d62cebcf4e8af4b0153fbae9c8f400be490841a41532468cae81840431210bca49daa4e42b4a7f4e397c67d563f954cac9b6d151940

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ta.pak

Filesize
1.0MB

MD5
abf95e05d798043abf4f2f514c0517a9

SHA1
b8c6c1cdcbfea03fb106c7a44385a3a8e6806aa6

SHA256
9cd624a97493282afed3b9b1e848b12639234fa54c04b22128169924f9c92777

SHA512
aacd7439df84ec76a3d0c69c39341b51031b66b24be53c87f3ffbced989b38fee416b19db2c3b36904eaf88f98b24e1e26f070bcc8dfb4ecc99dc7bb6f6b911f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\te.pak

Filesize
973KB

MD5
446ae5f5a5320274d26b4cd3fa2217e6

SHA1
d68d91e000739f3c4982f123e5376f9e31d6fe95

SHA256
5fc26be9164230da66408e764006c77bc0769648392da36aa4eada7b570122d4

SHA512
120cbd03eb1175be65ebf6ffe4fe65bd88e0c8bb6fe61e1b6afcfcfda931386bb3d0ef8f642c472d80d23c2786f2f2570a097101d3697d5a61f661e768e554b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\th.pak

Filesize
817KB

MD5
4d33f6f44edcf206f2408120f507b1c3

SHA1
52fe9f58177eecf7476ac8f827580504210470e1

SHA256
e1d9feef119988bd7d3800cc318eebc92e0d00b902558c073d634052a97434a4

SHA512
783b4a09ede8dab551da6a2f686c382422b3b2ad2fbf806fd58e99db197c2e2a102deaee3529f819be822c76b021049730ca3885717bb306e4d575c954e3b6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\tr.pak

Filesize
415KB

MD5
675c7b24716ef5781214724865077a03

SHA1
77b32a5adcf96b9969d0f9adbb0580262bc30968

SHA256
2ccdab4226ed4dd1fbafc2f38cd24c27d985ef90cd45efc2bad75f46e383f2b0

SHA512
a5c8d7f10f9a3307260ea351e9f54417593699c037debae5fb86ee31a6b56781e2883fc671465eec8a12eb06a0caa0bb3d2902172908f1db181ba38e5d407583

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\uk.pak

Filesize
711KB

MD5
0f50471f97053c4965025495f0a859e2

SHA1
d2d1c5427fab4ebe0dba9c54b4242652772e5b13

SHA256
393298aaadc405de720aaa7ede4b16d3d57337160bc52ff0b66db5e1f7af5fd7

SHA512
912f08d956fd539d038f9e99b8c43c4f822ffb7e147d249f1f239e2f28ccfb1e49accb43ee932370bdde66de12c087bae81c84a5813bd4729c9c108088956fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\ur.pak

Filesize
622KB

MD5
d85cb34c33a95ae444d49ca58f809b00

SHA1
f85c7c5c1a5f4b441fb70436f100b02907711608

SHA256
710f92ec980615110dd4ee66900060e2fbbc14dd2c42dab006c690ab3c23d520

SHA512
020ee46802aa3da1b5ac04dab7f97d72d4c04f54f7add0b9744dd95af6674ca35c8c1479dffe0fa8ada3235f72abd8f97fb5d5a5ce782701fe99297c289faf5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\vi.pak

Filesize
492KB

MD5
f82332dd74b77f5fd87368545a0867f4

SHA1
d70b461978c972b119556bc1f018a8cdd96fadb6

SHA256
c95b2816a6bec4a75f8999bdcbff5466012458f0dad12d549d87d84c819cf028

SHA512
89dfef0c3b29dce7dcc310db4e7d37197d72e5a455be335c2d13e88a20fa83d7937c9092a28bccc98c970dd149c793ff34f65cb2706395fc747afb445b77b926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\zh-CN.pak

Filesize
357KB

MD5
db6958f5b69eea00caf17bc0812929a8

SHA1
2b6861ff24dddbafa08a17ab81b762b0003c1df3

SHA256
8143a221d68b5ae06b040bcd95677c2781021d006ad88241b3cbfe9985d3bc49

SHA512
7b43d4a09f156e587e6860b49688d339bb11aaa5de9651cf1b1e39dd84ddbcfec8adb0e174caeb4dbcb3db2b2fe507cb607cc36bd7bc4c1f292982f412eb07d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\locales\zh-TW.pak

Filesize
353KB

MD5
2577b46fd051c4707cf4c8ae6c0399f7

SHA1
ff22154ec825a763e7b44073cdfc7dfddd8abc4a

SHA256
abd9e0b2299d4366834c65ef5508d7a0389ea0f4da36aed9199eb81adb702f42

SHA512
9bfb8746258ed3991cfe2b1ab0fa34d2f1a0505e70c40f79469b6554d1023925565a0cebc0cd19057b756f916d2da0d1c668ffdcd4959fee459138ca2ed57365

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources.pak

Filesize
4.9MB

MD5
b72a7ef97e1e9421f2fc5e95a2236cbd

SHA1
3895d403f2326204dae0753684faf7e78a9f7b54

SHA256
692e4256fa8a11bbc3a90a52a257e1e99126c4fd9592a34ad45e6f90b0208f9f

SHA512
0e7480af4c29875f2f07e8756ff9f1cf98fae6f47a503343afb8463da2fa478c5812e9d7c1f8f3ad80edff3911ee6bbe4f92d8a9b34a3f3e6ea7c10af99a74a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\app-update.yml

Filesize
99B

MD5
b9236918675bf91cb6e38000e07bd9b0

SHA1
3d66694afc97d00018bc10618356b58371bbafb6

SHA256
3e70af9c6cb2f2d36c84eb98d38f656e9d0fe830242210adfef93f6db0af564d

SHA512
a8c09da482b59d0169426e2590fa05467d9644a710482480e7f66960f43d748fcd9e104d98b3340ee81fb68d1dfe66e2c56cdaa4d3ac3c891b11e2042d4afe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\app.asar

Filesize
8.1MB

MD5
8848527c972999e299d4b3650d58aa22

SHA1
dba2f20a5cf9340ea60d1a15055fbf576fdca51b

SHA256
a1bd7a0f3e572c339058416112fa040bf13632c6b999252b37cc1f2f615bfa9c

SHA512
179810d34d988a293b6b50efc91e0d4fa9970a8d1c45b72ab6c295b0fa0840af4b04f71619dcc682b846716de358e5600831e3c201fad7dff8fc4a17efc30cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\assets\assets.d.ts

Filesize
623B

MD5
b9d1467e2b8b9e67630f784255b565dd

SHA1
67f2a748753e51c6b782c2a257a9e3b088cffacd

SHA256
d1688c0a786e3d9c4dd1a71178fcd06230eb5eba9cd64421015b98c170cdeec6

SHA512
f29bd26c1f3e7c685c9e85acd62b78e0880bd58b00094e01088beaaf141ae8ad5b74589e164b7f4a2882de40f98158443c9dfe6b90ad2a7ba8a957d4202bcb10

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\assets\entitlements.mac.plist

Filesize
333B

MD5
9920b60c89256ceca825062dc9c53c53

SHA1
0f1d847ef4067022c69fd82c135f3dfd2e4d352d

SHA256
f4b2891dc2b1239191cecf7cd5b9a36ea4edaec33c1cc091e09380d669e8fb63

SHA512
93ef0a66d6aa8091af3ab8af4b1ced502ded11f658aa77b6a5fe9e3d36bd5d01231060a0a656ea627c0fa32313b7a3438c75e1eb96f4f07692ee4d0f53ce9a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\assets\icon.ico

Filesize
7KB

MD5
d7d83711040dd5f8c1d2fe99fcd9484c

SHA1
5fc41af6d3d6956fac0a066e19c310742f87fc54

SHA256
7e94001817aec38b25cf0b3e01e2082b8cf5ebdb7942d5c155202ed8ea80da07

SHA512
36681d6958b7c30aa61134d7d27d95b2bd53a43d6dc397784007a7ae7e2db8bcb8bb6abafbecd086e83d1b6fb102d99077834788aea7ff1d3213f302c5a74e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\assets\icon.png

Filesize
54KB

MD5
9ac65198d980101ffaa0b04c80fb0073

SHA1
0d6e3c1b386f570157c0f6609f380b86d466b3e9

SHA256
a0ab4bfa1adbf5db6a7b0dac8551f82013e2e0f3ce99effc54ee35d1ad26ad04

SHA512
8ce3e74da5694bdee653f0636f33a099229641b473e29b0defd6b8913eebb998ec16c60131213fec6c2da836005aa863b938410e57b0bd86d8a58457fd9ec096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\resources\elevate.exe

Filesize
114KB

MD5
f734630c5b4e70935b30c98fa9737f10

SHA1
269c6a16c8d57644663e2a44f893a6bf49c4b5dc

SHA256
ba240b5150a7477a2fe7d8e1e49d55756047ab2b04e73f352ee6f97805a9e737

SHA512
82e680dc7d9abf0b6007aaad1e9a90e21b16ec11766536c8bed68c644c88b8fcc55886a0aa7985a29a109d96a24848de2187f4c143055933df495600ad57c6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\snapshot_blob.bin

Filesize
253KB

MD5
084244c327fdaed8db7b4a2adef492ce

SHA1
c2146327e0d39b8786042fefe94b0ccce445e70a

SHA256
9e2aa9cf1017327fa92380bda72e6f335523208fa3dfcb15f4604ebe3ddf1ed1

SHA512
45b7e433d6f89a80b26fd666360a9044857f0b35f5673b43beb6dfa858f8a60a9f5b464c0cd2b7b250cea5f6656dff6582d99928a4ac06652ec8c472dc6d0ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\v8_context_snapshot.bin

Filesize
564KB

MD5
1006cf9bb21a971a07efe5e0379c137f

SHA1
1b0c502a6f99ff9721e8b34bd1298e0aa2a348c0

SHA256
d4e45bd5cfcf5a4a50dba4fa3a5d1bcec38b96a84cfd18dd64093356d1e52499

SHA512
42cb092cf3954ea118c2dcbece4b5ab8ed25458e663e01c9c18144d53cfde788aff35978dd36990b2bfa5c8c33c88ea6e7ab16d1cec1aff7bf6c726412872fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
a7777e8ec09643da2a7f0a4e6cda8501

SHA1
2517d35a4b2497d915380678440c6a3ec216ce14

SHA256
338f34e97a85251a99639d1e0d0aec97d574e8b4972d3a3ec791690e3978020e

SHA512
45489c8717ceb690f6b4851307ae4af4e560c7bb2547e6dfdb486412961e5a2ecd04466eb556bce3ee6f7ac67488691501acaa33b44a8c00c10587ee9cf64405

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh171E.tmp\7z-out\vulkan-1.dll

Filesize
910KB

MD5
ad8de3264abc4657f144e99a99f2a671

SHA1
48bcf39d20d1a18565143efc3f586564b1c76893

SHA256
678956621852ee395477b5c350d0a60f2d614be2fadffbadb66e2deedf42f292

SHA512
edb3f9197f12aed0faf775d6abeb44c93a4330de3fb9b391e603d0bbbfc64e1184bc8e444d71831739d8504c99f20cca173990966a9fb7146392a63a32cf96bc

Download Submit
C:\Users\Admin\AppData\Roaming\Byplay Desktop\Cache\Cache_Data\f_000001

Filesize
566KB

MD5
e4ef3e87c2566d0d50be2c4cdb9796e1

SHA1
15fe7a38e8c39f68ae6f9269b1a39ff0789cf10b

SHA256
0c54d5daf3cb3d5424829293d862d175c5f10978e0bd6f3c3611f563f87ef7f7

SHA512
3eae8e86aa7dad033f0383c52a052910c807c397197f0d27ef005400a114109cdb72044d4c6b28e4cc0dceb5821e5338cb2d73a63141774456a469b407c59147

Download Submit
C:\Users\Admin\AppData\Roaming\Byplay Desktop\Network\TransportSecurity

Filesize
188B

MD5
c5d46d5af19d372aa654b7cf093b115a

SHA1
9a5c8dd6fb8fe3a1ac2a0b36c8e1ca13c37147ba

SHA256
6ad36c1fe1a1302e0bb34f8fb14c3dc8d722d89f8bbd4172ebab3414758f9e64

SHA512
e14c46eaa2e5c634179df45cc55638e1182012c0f1a3e7fba6ea192602ace58843ffb381b66a0f40b387d5299994e0bd28a829131aaf42ac234d4c8aa90bcb31

Download Submit
C:\Users\Admin\AppData\Roaming\Byplay Desktop\Network\TransportSecurity~RFe594387.TMP

Filesize
188B

MD5
37b8df3e51586c93320e984406824763

SHA1
65f8ff313d4939f3cb2d7f06a7fa8c748700a9cb

SHA256
43ea3645253446404a30f4e041810f77a4607e5b89fbf586933a88f78f2f2a73

SHA512
bb4ccfc6680df766a5d69271c324b0a5be674d34636d8b676345f3e545dc43f5b352ec70e740329296f4d3285f1773a301a06b9ba0fca5a625cd95175334856d

Download Submit
C:\Users\Admin\AppData\Roaming\Byplay Desktop\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Byplay Desktop\Preferences~RFe585d0f.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\Byplay Desktop\sentry\scope_v3.json

Filesize
8KB

MD5
2ec6f950ed114dd50a700b96c00daec4

SHA1
39da62996c1223b57e0cd7f4be6864c6143e7313

SHA256
c1879c30cfe1bd8b60d809f0bdb98b867413988903b6ac35ff1a5108154b8a59

SHA512
8533e11380f59d3833e81c6d1963386607884e44e17a91b56a3dfd1f7b90b4af2fb975ee9174e07beac4ebc058865ec54b964f89a3125b22a3f0f165edd85416

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
fd6578caca5adc0c6074e915559f7e36

SHA1
6010c3b9ee87ca7bc1211507fd3e962684def4b4

SHA256
f0e4d4d69c85bd827e02039084154cdb9f4a6082f8d63b704b80d684430ea568

SHA512
4367083a69edd898e45d175120076af030f4dbadc9f3fe9afb72c0d0225528321b81997197314b02356de104c938f0ddd1e220d5b63acfeb395ea9812afdfaf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\b838f121-f5c5-456f-8489-175e99febf1e

Filesize
734B

MD5
e0bf7730e339258f8e03155a394d54ae

SHA1
d6f331c41c50e5e290c948c6ab304e4da3e0d6ad

SHA256
6f641e60887ef2908aa03790b4dba0d4eb6ec2dd7b56ded8a9fb93227591b0fa

SHA512
8869f3febbe42ded1939c8c3527aaf2f38003098fb1d388e5d12a6ed10ebbd31bce19cd5b47a2417c08bd70f0743d301c9853469fb89413c9cda64a0ef27b5ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
82d3ab36038996351b863c6647ea650e

SHA1
4df6d837ce1e0dc52c0a2b291cbf3a37f36b0d97

SHA256
7fa71d47c360327a15bffe53bfa8a57547765852129188f35ccd868bb1eee8fb

SHA512
b7bcaeafd04654e47e7caff22dbfe47d6864bf9b89c79bada8bf9688d93244e34a0b8000d5282f596463cab25653d8851fc4c8a7369e4b854d00809dc2dae317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
aaf48fca3014afac172535a355e2a920

SHA1
3c53422dcfb6f4f90aa49b62f59be45fad991793

SHA256
ac1ff29d6d14b45c9e1a177ceb90c0a06fc3a3369fa19861458c2780a1f1e797

SHA512
4e21c4ec3b82c60f546efba89b0a47b7db87da4697c3a1bfe756ca16cf979c3014a126c4b2d84b1b22127fa00278f0d299e0706f99486189716357f396155d8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
327e58550a42098194784a58e8122cad

SHA1
cb17fefcb0b2b7b9ab1fda19cc51f6bc29ccd5c3

SHA256
102442e76d781ce3d8a20ab35029042e4e0e70a0032a939779d352d6f2e8950d

SHA512
009c4b890f183034475ecab49bd8f71521e8614a825e0102831256b51fc44e3c10f4884f2eb1e9a37a7e0c9d12f81d1280b3b2fb28f4239a0fca46751509f6fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
f5360680972e3e6b7e9dfda305aeb99f

SHA1
416b124387f55d7c570e5e123798512abb2ac2e6

SHA256
13772db67192f78a471545fff613a8e9c3a504c15754bc42fb56cc21849fdc23

SHA512
2a66533bf363d199b68f962cb4318c89e91383389c613467d056656801f0a40cbb05bbfbdc3d78597e0f0660d78ea6748b6a76151aabe5c49adc0514c06eac25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
88ea4823361618eba4e1c7a732bac010

SHA1
ea22dcfb9f10425bbccb75b3e85bb09a8613e06d

SHA256
8f3878cf3f89f7dbc5077b5d4980a87b3fb4724a2d477441f06d4da6a9a91828

SHA512
8fe3c4ef79347fefc0bcacd1b68acee1e23f90038e0187b5f83eef9116b6161d25265eaa306456aac78605cbfddb96ca44fd405d497b58fb19d7f81ed0c12bd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c61ad68f98b2681fdcbd6aa8c332ac64

SHA1
daf2d6d1de5f77a536096767091dc8ebf8eb522b

SHA256
e4f753b0e910e573d9e38e9b13a5b384333c6096248124a18ea975a61ab4ac14

SHA512
4ad3a3531fd83d6370cc5660bd8aeb10e5ba037073c139d4f7f03b0dd299d6370970fee40f398b52936dc0e6f1f388d491e79762cf7b897e3b7074d0a237f3de

Download Submit
C:\Users\Admin\Downloads\Byplay-Desktop-Setup-2.0.11.exe

Filesize
68.8MB

MD5
156aeee2971d1c29bc1aa983d9256514

SHA1
378f5682628962303ac9d3ffe9a9202a265f244c

SHA256
266dca1570133f20ee41a1e49657b469af0266cb577cb58253a8c063f2562e0b

SHA512
be6497620220d8e889fd853ae35e0eac3491c5f3c870760cbd89c01ae68ee4c01558df33846046abcdf47e929c89e295b530ee0fbb27e8a6955a4a4d39f7e239

Download Submit
C:\Users\Admin\Downloads\Byplay-Desktop-Setup-2.2X-V64Mh.0.11.exe.part

Filesize
18KB

MD5
df6752affd2244cc1730c6a2f0ba8c2d

SHA1
66cd89c4e4e93ba8ec54d87e5185349428de3e38

SHA256
974c356cbf8c0e6bbcdfa72fcbebfc24f43abf980b17e68fe3263868f77c3d4b

SHA512
5074ce66670042af34ccadf46e4e1a6cea22aaa9239705f2830303677970aeb5b93c2f245801a351ec8b7bb1d7965791296fab57eb8302a3cdda6d484b8f026a

Download Submit
\Users\Admin\AppData\Local\Temp\nsh171E.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsh171E.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsh171E.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsh171E.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsh171E.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsh171E.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2152-599-0x000002E6A8B90000-0x000002E6A8B92000-memory.dmp

Filesize
8KB

Download
memory/2152-165-0x000002E6AED90000-0x000002E6AED91000-memory.dmp

Filesize
4KB

Download
memory/2152-167-0x000002E6AEDA0000-0x000002E6AEDA1000-memory.dmp

Filesize
4KB

Download
memory/2152-602-0x000002E6A8B30000-0x000002E6A8B31000-memory.dmp

Filesize
4KB

Download
memory/2152-0-0x000002E6A8720000-0x000002E6A8730000-memory.dmp

Filesize
64KB

Download
memory/2152-606-0x000002E6A8860000-0x000002E6A8861000-memory.dmp

Filesize
4KB

Download
memory/2152-16-0x000002E6A8F40000-0x000002E6A8F50000-memory.dmp

Filesize
64KB

Download
memory/2152-35-0x000002E6A8B00000-0x000002E6A8B02000-memory.dmp

Filesize
8KB

Download
memory/2332-228-0x000002C3E4C00000-0x000002C3E4C02000-memory.dmp

Filesize
8KB

Download
memory/2332-149-0x000002C3E2600000-0x000002C3E2700000-memory.dmp

Filesize
1024KB

Download
memory/2332-112-0x000002C3E0800000-0x000002C3E0820000-memory.dmp

Filesize
128KB

Download
memory/2332-64-0x000002C3CD6C0000-0x000002C3CD6C2000-memory.dmp

Filesize
8KB

Download
memory/2332-62-0x000002C3CD6A0000-0x000002C3CD6A2000-memory.dmp

Filesize
8KB

Download
memory/2332-59-0x000002C3CD670000-0x000002C3CD672000-memory.dmp

Filesize
8KB

Download
memory/2332-129-0x000002C3E0C00000-0x000002C3E0D00000-memory.dmp

Filesize
1024KB

Download
memory/2332-138-0x000002C3E1DA0000-0x000002C3E1EA0000-memory.dmp

Filesize
1024KB

Download
memory/2332-148-0x000002C3E2600000-0x000002C3E2700000-memory.dmp

Filesize
1024KB

Download
memory/2332-126-0x000002C3DFBE0000-0x000002C3DFC00000-memory.dmp

Filesize
128KB

Download
memory/2332-146-0x000002C3E2600000-0x000002C3E2700000-memory.dmp

Filesize
1024KB

Download
memory/2332-158-0x000002C3E2600000-0x000002C3E2700000-memory.dmp

Filesize
1024KB

Download
memory/2332-194-0x000002C3E4270000-0x000002C3E4370000-memory.dmp

Filesize
1024KB

Download
memory/2332-224-0x000002C3E45E0000-0x000002C3E45E2000-memory.dmp

Filesize
8KB

Download
memory/2332-231-0x000002C3E4C20000-0x000002C3E4C22000-memory.dmp

Filesize
8KB

Download
memory/4256-372-0x000001E49D8F0000-0x000001E49D910000-memory.dmp

Filesize
128KB

Download
memory/4256-366-0x000001E49D560000-0x000001E49D580000-memory.dmp

Filesize
128KB

Download
memory/4504-1876-0x00007FFC0EDD0000-0x00007FFC0EDD1000-memory.dmp

Filesize
4KB

Download