0dfc9627816b72691bec2cb22609dedaf6600d04591fba4b171a3c16ebd4b981

Resubmissions

07/07/2024, 03:53

240707-efngbatajn 7

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 03:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

LabyModLauncherSetup-latest.exe
Size

117.8MB
MD5

7f27e58482ba0dfe4c3792b907fe3157
SHA1

5c620695d5c22d6a41caf33ade5f04275dc5143c
SHA256

0dfc9627816b72691bec2cb22609dedaf6600d04591fba4b171a3c16ebd4b981
SHA512

b8f674317646ca4e47489d43b006f3f9937e5c1adbb8864d3362bf778a77e79eb974070ce203a20d43d45573463ce4f0a18c1b8e66cdc6c291ab27cd3d320754
SSDEEP

1572864:sJuCHOAm/coUV8fo6BeOuEGhqPJGkf3/m88LMMxdJsxS7DSAVGY/IP+zQ06ngWOt:sUI6u8OxqSI+J37GA0d+z4vhmr

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	LabyModLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	LabyModLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	LabyModLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	LabyModLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	LabyModLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	LabyModLauncher.exe

Executes dropped EXE 16 IoCs

pid	Process
3944	Update.exe
2796	Squirrel.exe
540	LabyModLauncher.exe
2216	Update.exe
2680	LabyModLauncher.exe
4540	LabyModLauncher.exe
868	Update.exe
4868	LabyModLauncher.exe
4444	LabyModLauncher.exe
1928	LabyModLauncher.exe
1652	LabyModLauncher.exe
2412	Update.exe
244	LabyModLauncher.exe
2964	LabyModLauncher.exe
2028	LabyModLauncher.exe
3056	LabyModLauncher.exe

Loads dropped DLL 28 IoCs

pid	Process
540	LabyModLauncher.exe
540	LabyModLauncher.exe
540	LabyModLauncher.exe
540	LabyModLauncher.exe
540	LabyModLauncher.exe
2680	LabyModLauncher.exe
4540	LabyModLauncher.exe
2680	LabyModLauncher.exe
2680	LabyModLauncher.exe
2680	LabyModLauncher.exe
2680	LabyModLauncher.exe
4868	LabyModLauncher.exe
4868	LabyModLauncher.exe
4868	LabyModLauncher.exe
4868	LabyModLauncher.exe
4868	LabyModLauncher.exe
4444	LabyModLauncher.exe
1928	LabyModLauncher.exe
1652	LabyModLauncher.exe
4444	LabyModLauncher.exe
4444	LabyModLauncher.exe
4444	LabyModLauncher.exe
4444	LabyModLauncher.exe
244	LabyModLauncher.exe
2964	LabyModLauncher.exe
2028	LabyModLauncher.exe
3056	LabyModLauncher.exe
3056	LabyModLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	LabyModLauncher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	LabyModLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\labymodlauncher\\app-2.1.5\\LabyModLauncher.exe\" \"%1\""	LabyModLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\ = "URL:labymod"	LabyModLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\shell	LabyModLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\URL Protocol	LabyModLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\shell\open	LabyModLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\labymodlauncher\\app-2.1.5\\LabyModLauncher.exe\" \"%1\""	LabyModLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod	LabyModLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\ = "URL:labymod"	LabyModLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\shell\open\command	LabyModLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod	LabyModLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\URL Protocol	LabyModLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\labymod\shell\open\command	LabyModLauncher.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3944	Update.exe
3944	Update.exe
3056	LabyModLauncher.exe
3056	LabyModLauncher.exe
3056	LabyModLauncher.exe
3056	LabyModLauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	540	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	540	LabyModLauncher.exe
Token: SeDebugPrivilege	3944	Update.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeDebugPrivilege	2412	Update.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe
Token: SeShutdownPrivilege	4868	LabyModLauncher.exe
Token: SeCreatePagefilePrivilege	4868	LabyModLauncher.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3944	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 3944	2968	LabyModLauncherSetup-latest.exe	85
PID 2968 wrote to memory of 3944	2968	LabyModLauncherSetup-latest.exe	85
PID 3944 wrote to memory of 2796	3944	Update.exe	86
PID 3944 wrote to memory of 2796	3944	Update.exe	86
PID 3944 wrote to memory of 540	3944	Update.exe	87
PID 3944 wrote to memory of 540	3944	Update.exe	87
PID 540 wrote to memory of 2216	540	LabyModLauncher.exe	88
PID 540 wrote to memory of 2216	540	LabyModLauncher.exe	88
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 2680	540	LabyModLauncher.exe	89
PID 540 wrote to memory of 4540	540	LabyModLauncher.exe	90
PID 540 wrote to memory of 4540	540	LabyModLauncher.exe	90
PID 540 wrote to memory of 868	540	LabyModLauncher.exe	91
PID 540 wrote to memory of 868	540	LabyModLauncher.exe	91
PID 3944 wrote to memory of 4868	3944	Update.exe	92
PID 3944 wrote to memory of 4868	3944	Update.exe	92
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94
PID 4868 wrote to memory of 4444	4868	LabyModLauncher.exe	94

C:\Users\Admin\AppData\Local\Temp\LabyModLauncherSetup-latest.exe
"C:\Users\Admin\AppData\Local\Temp\LabyModLauncherSetup-latest.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3944
- - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\Squirrel.exe
    "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:2796
- - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
    "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --squirrel-install 2.1.5
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:540
  - - C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe
      C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe --createShortcut=LabyModLauncher.exe
      4⤵
      Executes dropped EXE
      PID:2216
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1880 --field-trial-handle=1884,i,12884490154838350484,12785377301797714665,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2680
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --mojo-platform-channel-handle=2400 --field-trial-handle=1884,i,12884490154838350484,12785377301797714665,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4540
  - - C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe
      C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe --checkForUpdate https://releases-launcher.labymod.net/update/win32_x64/2.1.5/stable
      4⤵
      Executes dropped EXE
      PID:868
- - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
    "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4444
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --mojo-platform-channel-handle=2272 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1928
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --app-user-model-id=com.squirrel.labymodlauncher.LabyModLauncher --app-path="C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2388 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1652
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      4⤵
      PID:2952
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:552
  - - C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe
      C:\Users\Admin\AppData\Local\labymodlauncher\Update.exe --checkForUpdate https://releases-launcher.labymod.net/update/win32_x64/2.1.5/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2412
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --app-user-model-id=com.squirrel.labymodlauncher.LabyModLauncher --app-path="C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3892 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:244
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --app-user-model-id=com.squirrel.labymodlauncher.LabyModLauncher --app-path="C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3856 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2964
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --app-user-model-id=com.squirrel.labymodlauncher.LabyModLauncher --app-path="C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3856 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2028
  - - C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe
      "C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\LabyModLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\LabyMod Launcher" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3092 --field-trial-handle=1928,i,9923740724592836793,12588146700057648978,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
86B

MD5
edb49ae6d05888ff01614ee3209c023f

SHA1
9902cef5c9533bd13bb093e9a71e1f6bf77c4603

SHA256
73d6a59d025f3c93978186beb27448cc9d38b3b3a06f5d01c4be3744664e8f24

SHA512
3f64a70a11e950da46a7de840c0617acee024a4a80671f345dcf74df71fd45e478abe0483833f7fe47e9045ccca0ec8b35da81fac9965dbe51bf238ffa6b41a5

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
1aebd7aae95aa53067e2ea36fc644bc6

SHA1
da51deb35df39106101aea2cb9782f5b384b52ba

SHA256
852be1352542a3b93060e1a915c444bbb6d410e4cd3a89d133dd48c8599869c3

SHA512
8d05595e47018155a39231ce57043130c91b2615c732c113e944d468fae77a5d12ceec2705f624bda51fc84845c40a88421700b168291a5fff4f245c656d7294

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
41KB

MD5
def79fef823db7584ce1844c5fb157ef

SHA1
c61ac5eba78ac34ee4568c6a85ac780add6cab4f

SHA256
dc99de97b0324cddf77f56d2f07de40108eeaac9b50bed3820958bf383e8b345

SHA512
a179663bd53c4d39bd31643a08aae2326e12bba9dd07cbfb1d5b79aa4bd64c8d4178528871df5541e4ba7cff9bcb39f63a57eb4cb0e7be6625a5bb318c75f705

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
122KB

MD5
4bce15bbb0487f88efc006fd597441b7

SHA1
da5a02653245112aabfd45429c417c39fcb2f67a

SHA256
0e684d8f833fd47d4c98d4742ce46abbfdb1f4b130da4a93047df9926f189e46

SHA512
e128d96cad8d214d41b60a7ab129dbf105866fe895d206c5b77b65af04c5d83ff1be87ece9b862dc30c88faeda69cff185925d7ae7b311c5351ca664db4a3060

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\LabyModLauncher.exe

Filesize
380KB

MD5
5cfd636c884e5629104ab705ed24e414

SHA1
5da2b8ea6a723737b511a7ac36f2d1524beb24fd

SHA256
1b983044744d31d698148846764def6a36b0956b69a26f747b3317d1b3709b8a

SHA512
eb776d778d6586bda16be95072624cfb890533e9d3094f7b758febc3fd22decd4f25f202a9976d846d574b77a0b6cf9bca264d2fbb025fcab7171c83b006ec27

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\ffmpeg.dll

Filesize
2.8MB

MD5
94aca096ac1762ed185bf3086d0eee6f

SHA1
59aacdfc27903b3b44ca62cbebb1f5bc2c0a078b

SHA256
d5dfd6e0b3414e4765904b06824e68f8d626cea8a20a4e05551fda068d6a6fed

SHA512
fb8b8a98c8cba0abb8b4b2620c2b357b16db9d6ab9609ab6675e9f83c9b9dcec25b626ad3f919c0186fcdc324ca28c4ac98baabad66421d0763ac913d64d8b38

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\libEGL.dll

Filesize
474KB

MD5
a3c46ae46f1ad5a54d1bfcb6e5b323e9

SHA1
5d0d61331a83e6f0928755da2646a8ae19d60d5e

SHA256
fdca4ffcefec64cbcbc8e2859a8021479907bff11ae980c05e814c460b78ef80

SHA512
d53dea8294cc7ed23331c0bde2cdfc21134cd81cda184779293e5a572e667663ac5fe7669d0a180ab0f2fdf64727b78b4eb0ceb397b25d8f82ae2e82213a37f1

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\libGLESv2.dll

Filesize
7.5MB

MD5
eb687ddba11f64723d9e3fc825945ee2

SHA1
56c5125bb3c5868d447545662052dc169a6d1c3c

SHA256
8d6dc5048b71e4996a5ab6e91493a83a9b12a88402f5c994ffd1b940663475a1

SHA512
6918c942d5a1e5dd914124e132c98acf816480802787acec0e9fc2d040d598cb43f7919b37bd7c6ec86764ca1cebc33538530b44cf5d7b26e6a68fc54770be82

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources.pak

Filesize
5.1MB

MD5
ec486bb08ef8ccd459ed0991177b327e

SHA1
2ad4598a1fb4df722623ebccf488f59276c008c2

SHA256
50532d1ea84ca3b84ece09884d25e4b0e60ad6061ce4b28fdfdb1f7ff2d26d6f

SHA512
4358edc81aef7b51bc1462dc7e96eff8358c788e3c1044c4697dd9d9ce03fc44be22743d4d104ed7afbf1b36246c171e754288c873c6590513bc99632a78fd68

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\.webpack\main\index.js

Filesize
2.5MB

MD5
525c8ea96bf82c6d422ee0ea8f6243dc

SHA1
07d0900f3cfce49f43f66f92b55e6f447759a7c5

SHA256
ce4fe01e23b0bf16462120295e6c66d94a621aa0493839d9d7b21e743f9a8666

SHA512
79b30be79d237fdb884136805016654fc09c12833177446ceb1382de5fa73ebfeab5dea325defcc7246bad7ee09a2c34daaf3b307d4d41cb699f2de14da647dc

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\.webpack\main\native_modules\build\Release\deasync.node

Filesize
126KB

MD5
0da58c609455658b2f80341309c83c7e

SHA1
7c5eae4ee71c3d7413dcfb893446c354a4091ad5

SHA256
3bab2c2b7598aee8a5443dcc2ffb544acc24b307dfe61bcf2f7af422a81bd78d

SHA512
64d325e5ec8dc0d2537291b6cd26a8d8192d5b9c9a6db44223b2a7188d2a275ba144d92c7bbcf5ca8445b8477adc937bd6a8994c467e6f695a65f6c3b531f945

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\.webpack\main\native_modules\build\Release\keytar.node

Filesize
698KB

MD5
3a1d98d466f6d52af03f6b2c66db5b99

SHA1
d0863604a71b93da6481e0d9fda7ddb9100f6339

SHA256
abef76bcaf9a59623a74ecc0d824802f1d454265cafa032f9ed3727fed0dc7ad

SHA512
8445c9269cae613a25244bf2b3d83ac919ee77b4ff6f9debfea0bc7e58c1130b36add98186e0b782450be5949423ee04e3b4ecc613afc037106de10627fd68f2

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\.webpack\main\native_modules\prebuilds\win32-x64\liblzma.dll

Filesize
154KB

MD5
d360462b426e1ece8c64d1e0e9c68604

SHA1
58786b250876e5edc495b58e40c39df6b20df349

SHA256
8745a58dd09fe5a7590db77455828ef6891dacc9c5c6ac490f49bb21f74b938d

SHA512
9c9a3e12ccce3c6f737954dc2770e11815a1a9a91110e559633345387dfea6803200245bb6b1b0069a3928d31a08a8787237bab2b7d27537f042c88adc908b4e

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\.webpack\main\native_modules\prebuilds\win32-x64\node.napi.node

Filesize
804KB

MD5
a740d3fe37bebc84c93072250357293d

SHA1
ee684a8d445d1a607f993a8cf36822a59528eb21

SHA256
5189b83b9b3c5141220f45239e399fe33ab150021531192254af0ab4a237337d

SHA512
848174d4bff14fc0d817c33c9cff7bcbd6fae7367988db99caf77a0a66c4c44d45b6d73a33ce670852a550dba13aacb70b5a6f7644d3708312eaef0c93e7a034

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\.webpack\renderer\main_window\index.html

Filesize
190B

MD5
e608f35f90e7d6180960b796bcec383b

SHA1
12dfd065df391907ab40ba079ea52da47b150037

SHA256
ef086e75b0ba62d27935bbd9be67fb63e2e73f3aa3d03bef05a163b12df0953d

SHA512
39f6869340615880a93c432a48d036dcd2eca66d6b972a09142ccc226851aa17afc2488da2441757213e7d5f6869a28e5bc1a152249c6447d25333828a9e58c6

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\app\package.json

Filesize
3KB

MD5
a0ad95f0b7127a60c0eca9e91ed779b9

SHA1
c8ea38f667c0ef31d4f927c2767bf541e745cfff

SHA256
e34a5c24934984e96ee8906923100881a2b9edce320efc1bd5f742eea7c25f0b

SHA512
9312ad7878598fbf0f471687d87264cdba3de4ad7aab388a4369cc009df0000bc6101eda3d811c183fac3e9efcc6cd923670335aaddd7254bd43945e253ad0b8

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\i18n\ar_sa.json

Filesize
29KB

MD5
a8a7f04e4afd9766b033c507c6fbead8

SHA1
7a2a82f14a8824c50b375b896785c94b274c2edf

SHA256
31879a82c96bc1c0d92e0d083f3000cafc41c4d2a5fd40cb9b3f1afe05157bf1

SHA512
6a59057281f589d22df45cbfaf99fc2894fe7e39e0352ca296112dfbb1e873f04f36c2b4456b22e9081d1bce636d996f51f7c4496318a0c45b7b09550b9929c0

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\i18n\be_by.json

Filesize
10KB

MD5
bda9e1bc58693d8ea71527308395c51d

SHA1
1255de66bb7090747333958de0e36bf7f312413d

SHA256
4a63737f5cfaa7da9f9153956ff303407064a38d00ce2392181b91666e048876

SHA512
1add320264a5d1d1e4da02205faf11a0ffb92d8f079f1fd375f2832abd53715433f31bf065532083099a685e659f9a4119c87d15e2b27565c0be3b34c59e0b36

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\i18n\bs.json

Filesize
586B

MD5
ab3848d104c63dcd6768861199106b86

SHA1
066724319750126b75a64d1347da38ee5fee6d76

SHA256
93de33a52ddf907f056b317bc1c146480fda106abf2905f4405a4b9b6d82b56c

SHA512
872f913f4ce8fb04f8dad4090859142498cd3f384027c8e8b4cfe210b0d139277bb043832785ef65f7c12b5ad904b365261370ed217268d89e375244f7da4793

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\resources\icons\icon.png

Filesize
73KB

MD5
4b5e965745d33c7ae6d411d8bb43b8a3

SHA1
d3d334fc3c0d25c033d345ce21c52dac9f8975a2

SHA256
3f1068bc66952a721a68da58634f68605d98bfc107b6b248a7be35cac1055175

SHA512
fd65943dcc2a17ce21129f5697771f1f2d2d7b677af8edc9dd9da17a7c945fdae372344b8406751fe0e8872469111d309f6bf3ac0fe289cc8c752d99192c4526

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\squirrel.exe

Filesize
1.9MB

MD5
fc1b7cfa8f901954a1b49ef13fa01013

SHA1
fcfa707e43c491e6bd078d0f0e9b136f69941af3

SHA256
000770caadd9d3c0ce95da9743bf182129f0c7bec5e3013bca6620f0dc894861

SHA512
e762a19338183930f6c559b5dca622a602317fb399411a14b094d9c048aff893af14d6a77fa6210036eae9f251d09c0a72d6e7b1c9f46424422a5ae1e675a6a7

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\v8_context_snapshot.bin

Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\labymodlauncher\app-2.1.5\vk_swiftshader.dll

Filesize
5.0MB

MD5
840b41be0ad966fd28398ce02c40af02

SHA1
78cd210f528fadd2164765ff590165d214a36afc

SHA256
e081a2dd79ba6c86350f916fecf0d5b0d2a6bcd9e2f7cfd702d9e8bddba70e70

SHA512
0bdcd70af1f6c871b01ce6b8605157bc2dfc610a06a74667340a637c119544a38fc37e4a4c7c765879053f3b55fb8dd92cebf2c3bc035d7179973619fef8ec78

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Cache\Cache_Data\f_000009

Filesize
32KB

MD5
1e5b765b32c5f65973d835e9ee3ebf20

SHA1
2ae4b7b8e6303dbb2424730062c2fb1d752219b5

SHA256
d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379

SHA512
0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Cache\Cache_Data\f_00000b

Filesize
236KB

MD5
b46031e02b69c55b43053aedc00e59af

SHA1
3b4f355a7ea1d6f0da5f117335499489868087d7

SHA256
296d5be0236dcc1d7ff8d3d17a47a698c0d51968c9e4907123f88e21c14e0840

SHA512
a4fd995debf4369f826dd4320c169394a6c76e65036410261bd00e025682195847f9e26f6b498e90fccc7b054f52af277cd17944f14e050bc930e3d47c8a87bc

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3e7218bd9e72fa752a84e541d2be90f7

SHA1
879e2454ba0b152ec4a4965e001207f02957e3c2

SHA256
a59f7409585046813ce0199132c96635f647190f5e4e2b02e42c264554500191

SHA512
1084d056a698a9329d56f5c8e45b01887cb49e217fc92f6938a84ec7bad3bde8720e1b04c4af154e8ceed733991cd401ac3e3785c1eaaad8df8b90c63191ee8d

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
fdf527b43c84e855f5ce2be3538f82e7

SHA1
7940a173eb0e2bae55ecb2291b8e4bc4c40a553b

SHA256
7bac28dbe00e80ca6b7d0cd6bc45656f6d788e81a0a3af4d50696b8d209b162e

SHA512
64ed769756594ac7ded9b9808416bb33beed937d07c15c7db2058f9440aee3b082b54f61c9b83302386fcb998d211e0dfd50051dc95c8254215ad7a9722edc16

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Code Cache\js\index-dir\the-real-index~RFe58c81d.TMP

Filesize
48B

MD5
322f3634d6d36cef4be1fdcddec4bf18

SHA1
143043af179e318755e9ad4cbc4839b1b7a6d37a

SHA256
fc236c8bf4e2297b087d55d769e531b08c3502981b94685a57b9db24f6ee9edb

SHA512
8dd7be0ab11ca9c21013da66cb5af5486324d7f001126ed5a44493426031b71b6e36e9e3b1e4939f494857892c650557682096b8b836548944745d228d6e824d

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\DawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Local State

Filesize
434B

MD5
c3be3dab9c2684eec6957eb1ee31123f

SHA1
3d65034ac8f7e42584561e46d2758046802bf328

SHA256
f7ca565bda991479e5758ebb6efd84a23ff211b447396539e761ffff5199a2b6

SHA512
4f2c0c448e43cd38eeda371fdd58a9fe543fdbf83ceae23b5be33c5e8635fc84b7e4e9502f1a4448cdb44df95ebd18d784c702f91b8b3a7bde46270561231e9e

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\Network Persistent State

Filesize
706B

MD5
980754969c3d718253f13e0bc168091a

SHA1
7437a1675a636cf4f5b06a766c0033d2a2831684

SHA256
59120fd8e9717f98013d825f70c3a31ed14873486212b0a51a6499a083e20eb5

SHA512
f05e7a26687d649ba57a3cbbd5fd7803132f26006b85584300bb9e1e083978cc3731a046cb5d0bbfaec05e2963755c50830db5e05c8d77c6a3b6923bc593ae28

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\Network Persistent State~RFe58f9cc.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\TransportSecurity

Filesize
352B

MD5
f853c0a68f075c1477364e30322e8990

SHA1
bfc2d749f0bf55ea39521eb77b294eab36268b2a

SHA256
1f4fd1cf50901a76eae26da5a699e09df76cb7d488608f820c0492008b970763

SHA512
02e646e28f6e98e52b410538d28465d164f69b1cc893c3b345453366d38441a236f603c040281f62a8e5e2d93880d0646d7f0b767566e95507e42154b2b2b85f

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\TransportSecurity

Filesize
522B

MD5
943aa088c2a25d5b219aa996dfcc0945

SHA1
5f036833ee179afe957ced97b8330bbb6dfc98d9

SHA256
aff8d7e796717991002f66e080cdccfa17783495b16bc73536573055720a7646

SHA512
86b9de49b2179a9ef41c443373bd3cc2d11e41a7818df881321792f497b25240c935f7ca842a72224cb7d71c6a61e678976b0c6ed5dda72d541d5b46553563ca

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\TransportSecurity

Filesize
518B

MD5
d4be780bda5082d467aa7c2fdf7ad2da

SHA1
8b8e2e4d31267f10458ce0906a084cededb5ccfc

SHA256
25fc26228124270660a50bb2d703fbf828c1a985c756fa610bcadf34fc5cea08

SHA512
253fb5830af2981ee7e0dc4c5f0c79be3de385cea83dde84faa1ad9f408d66f8f3d05020bac81745cfa1cc9992174f55d36d28fc665d3c756be78f7b9e40743f

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\TransportSecurity

Filesize
524B

MD5
ec098d67ed4c7e542d4904275ab210f5

SHA1
956b9f6a2c2ef2467919bbeb220151348ea63ed0

SHA256
fd61bede3f4bd2b37657c153faef2494145edb4845829f0e64dd5ab12a7082e9

SHA512
6b831a176d543b15b6a201deadddc19e712f93db48b4c528af0f2ec19413748cdcdd2d5e45caf017165e4f9d7c57bdda27c2c4353b6c375ef0235dd214749883

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Network\TransportSecurity~RFe5884fa.TMP

Filesize
186B

MD5
14dc16ed4af1f99f8346102471c1259a

SHA1
88205a9ab05aa38b340afbfade51fda607e2e182

SHA256
9890187a716f7ac8c66dc7bb0df3cb87062af3dbd02b45dcc5ab14188478a658

SHA512
69f320469062f5643e88a4d9e3470fbd0629a17dd167d012e87c5e46526f8a9e7689e19bbebe427c635d11e4196a9b7b9f8dd775863454a39e5a128c4eb5879a

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Preferences

Filesize
225B

MD5
57d21d90838faddd77394a19ced94783

SHA1
dc96c13a089a072787d6fb52065c680a2b316f97

SHA256
7711440b914057d0647cc23b98a99ca8034f9786225fe7dcc1f9c045cac23240

SHA512
7a66344dbf191bbe2f98971e88fc987ffe1523ab1465529532eb8a16c4b779e6cdc9f7d57944a85e80141f20cbeadcaf20f171202f882241d6d80c6881044002

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Preferences

Filesize
225B

MD5
a400c7745f5be9e56bf9271d2e91d622

SHA1
243a6b720ac736ed7218d9842bac26614bec66cf

SHA256
e8b481a088a494025ef546a52211cb87906e8106e7e5a2a027bbd11f3ec57c17

SHA512
15b5c9455fd7b5243bf6cd61897e9a88b974407ca5638dafbc0e6ad7d448e32adb3fc80df4d21b855c13029bc535a15bc0886a3b922524c1a752a1c9df9cfd4e

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Preferences~RFe58ad71.TMP

Filesize
150B

MD5
6ee766b91f0c9ad2df7908d261822563

SHA1
7c3d3cc666e908b4550e4d2ca1ed393254c13388

SHA256
d9db2d2ff0848a1d9b6e34e74242968dded2a8e8f182da922f9b14942ba18749

SHA512
b8261947843f84115052f855227b1249967069d476109fe41586262a394d175aa3467096c4298d6d6c497b83ef6742ad46291b3b877433fffff2461050611457

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod Launcher\Session Storage__tmp_for_rebuild\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod\launcher-logs\latest.log

Filesize
2KB

MD5
0b389a1997a588cf91fc0aff91ca79a4

SHA1
fe3d57b9e77a4782cff8da96690857e9355987e6

SHA256
668382de991af6563bbb1571267ad7374736487647f65763b7ae4025e4c38457

SHA512
583049f8641a61b08246a1d35aa2a0d3e8559912c5d76c6faa5d738e46c81f4a4e8e4652ab9005274530a68e0fa06615545f7bd8dcc79a89a9092dfd86d6beac

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod\launcher-logs\latest.log

Filesize
3KB

MD5
55d34f53b25113fa1d2fcf90b79965f1

SHA1
d6cf322c39063a4d76e29535190d8ce204caf6ca

SHA256
49f78e87c232f3d49748d061c7fc8f4fe1f2f0b70165bbf8f2c5f824bdd24d14

SHA512
238142a172eeb03451e9a49cdf549f87ad8bc19cfd442441fd8aea768743cdae262c079c01fc1e91a36bf7ad5d1833473d3f5b6af0a4fe54de3a9cfa3152a82e

Download Submit
C:\Users\Admin\AppData\Roaming\LabyMod\launcher-logs\latest.log

Filesize
6KB

MD5
553e8e51fd6ca0ab117edd511e86e296

SHA1
281a25ad86fbea1c94edd9e263850ba7ecdccce3

SHA256
809be0f869d081819457a1518f656a680888355d5c19c77d586d84bd5f7b9004

SHA512
899a69c9568c43896ef2f6cdacc1be7614410004374e798da3a0f3c252c50c5f3e2804c5e0c36417bccc07594951e464d20be0a6b3c939fb04636439faefb8da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6b7fb8715bc30747.customDestinations-ms

Filesize
16KB

MD5
d1b5e855d567238e2957225497676d32

SHA1
7e337b96879c8a9a62ea0c6ca7a68f8e47007c5d

SHA256
84cb0b2d8f2ee05e500b204c15d1e3bfdd7a50b0efe4be49bb32c07ba41d387b

SHA512
86df3e5574c4ebc1bd2c74bc7aa351f71c88badf215b05fc1228edbfb6675069b0aa8496dec6a679559e74ec89f68659c4268e0937c97cbfafdce9c3353ee32b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6b7fb8715bc30747.customDestinations-ms

Filesize
16KB

MD5
779bb727d67d89c1f2b96928c3508cf4

SHA1
af6e303c0820aa296e00b5c715afbeeebf7d0c0d

SHA256
e6c5390d7a24f0297039ca62a48eece26222ca6fd257df14aac26ce1ee73e1b0

SHA512
b1932ad9674ac02ded4aa53184045333627e6c3a3c550d0cac04964277c943088bc18115c7311bf32afc7358ba425ef49cfaadfa55fa255b40112846558250ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6b7fb8715bc30747.customDestinations-ms

Filesize
16KB

MD5
7e5e911c44df5a1eec4cb43edc128113

SHA1
368044c0bae1530123ad88477db8f07545aa5c28

SHA256
2da0a9d15402eef918845b55e80b38cb0ce178b69c2976a84090705d01f130ba

SHA512
bef16ae7e6fd756f1a22beb8833fd795a54be591305411b3ec44457b4100f8b6dc8997fec07d8d3c908b5e84a675533e5fef6c2955d46cfff8af34f2f8326388

Download Submit
memory/244-783-0x000001AA839D0000-0x000001AA83A7C000-memory.dmp

Filesize
688KB

Download
memory/244-774-0x000001AA84070000-0x000001AA847AF000-memory.dmp

Filesize
7.2MB

Download
memory/540-461-0x0000000063CC0000-0x0000000063CEC000-memory.dmp

Filesize
176KB

Download
memory/1652-492-0x00007FFD462E0000-0x00007FFD462E1000-memory.dmp

Filesize
4KB

Download
memory/1652-493-0x00007FFD45B80000-0x00007FFD45B81000-memory.dmp

Filesize
4KB

Download
memory/1652-642-0x000002920FDB0000-0x000002920FE5C000-memory.dmp

Filesize
688KB

Download
memory/1652-641-0x00000292104D0000-0x0000029210C0F000-memory.dmp

Filesize
7.2MB

Download
memory/2028-1031-0x00000241C8820000-0x00000241C8F5F000-memory.dmp

Filesize
7.2MB

Download
memory/2028-1032-0x00000241C8F60000-0x00000241C900C000-memory.dmp

Filesize
688KB

Download
memory/2216-449-0x0000000000E70000-0x0000000000E90000-memory.dmp

Filesize
128KB

Download
memory/2412-625-0x000000001D160000-0x000000001D688000-memory.dmp

Filesize
5.2MB

Download
memory/2796-393-0x0000000000340000-0x0000000000534000-memory.dmp

Filesize
2.0MB

Download
memory/2964-961-0x000001C8B71F0000-0x000001C8B729C000-memory.dmp

Filesize
688KB

Download
memory/2964-960-0x000001C8B7800000-0x000001C8B7F3F000-memory.dmp

Filesize
7.2MB

Download
memory/3056-1025-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1024-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1016-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1015-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1021-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1026-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1020-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1014-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1023-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3056-1022-0x0000022585B90000-0x0000022585B91000-memory.dmp

Filesize
4KB

Download
memory/3944-405-0x0000000021B70000-0x0000000021B7E000-memory.dmp

Filesize
56KB

Download
memory/3944-404-0x0000000021BA0000-0x0000000021BD8000-memory.dmp

Filesize
224KB

Download
memory/3944-8-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4868-640-0x0000000063CC0000-0x0000000063CEC000-memory.dmp

Filesize
176KB

Download