a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battly-Launcher-Windows.exe
Size

183.1MB
MD5

777dae8f41c5c9ba97b798fcd52612de
SHA1

03ec3ee7b1e1a47dc8b0e7f5f980ebd7071c469b
SHA256

a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4
SHA512

792ccba986338f3a3d5475d615fa276a73c52eb483484ee2fda16a143f1100afdfd0dea2bb309bfba54202e07707df7bb025677f6477bf44ddb8f2282093f592
SSDEEP

3145728:qJcuNt6i+X0MdTUPo+YFawtU4odz5zA436E7IkGl0BkChNw5+VTmms+B6Q8k:ScuN7+QYFjmPz5zAJ0wahNw5+VTTs+Bl

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Battly Launcher.exeBattly Launcher.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe

Executes dropped EXE 5 IoCs

Processes:

Battly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exe

pid	Process
672	Battly Launcher.exe
4916	Battly Launcher.exe
4056	Battly Launcher.exe
1948	Battly Launcher.exe
5180	Battly Launcher.exe

Loads dropped DLL 13 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exe

pid	Process
3768	Battly-Launcher-Windows.exe
3768	Battly-Launcher-Windows.exe
3768	Battly-Launcher-Windows.exe
672	Battly Launcher.exe
4916	Battly Launcher.exe
4056	Battly Launcher.exe
1948	Battly Launcher.exe
4916	Battly Launcher.exe
4916	Battly Launcher.exe
4916	Battly Launcher.exe
4916	Battly Launcher.exe
5180	Battly Launcher.exe
5180	Battly Launcher.exe

Drops file in System32 directory 2 IoCs

Processes:

Battly Launcher.exe

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-47134698-4092160662-1261813102-1000\{6AF2DFDB-7D8F-491C-84C2-AF9EB20A875B}	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeBattly Launcher.exeidentity_helper.exemsedge.exe

pid	Process
3068	msedge.exe
3068	msedge.exe
2336	msedge.exe
2336	msedge.exe
3700	msedge.exe
3700	msedge.exe
3444	msedge.exe
3444	msedge.exe
5180	Battly Launcher.exe
5180	Battly Launcher.exe
5544	identity_helper.exe
5544	identity_helper.exe
5180	Battly Launcher.exe
5180	Battly Launcher.exe
5436	msedge.exe
5436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
2336	msedge.exe
2336	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Battly Launcher.exe

description	pid	Process
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe
Token: SeShutdownPrivilege	672	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	672	Battly Launcher.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.execmd.exenet.exeBattly Launcher.exemsedge.exe

description	pid	Process	procid_target
PID 3768 wrote to memory of 672	3768	Battly-Launcher-Windows.exe	92
PID 3768 wrote to memory of 672	3768	Battly-Launcher-Windows.exe	92
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4916	672	Battly Launcher.exe	93
PID 672 wrote to memory of 4056	672	Battly Launcher.exe	94
PID 672 wrote to memory of 4056	672	Battly Launcher.exe	94
PID 672 wrote to memory of 1948	672	Battly Launcher.exe	95
PID 672 wrote to memory of 1948	672	Battly Launcher.exe	95
PID 672 wrote to memory of 5088	672	Battly Launcher.exe	104
PID 672 wrote to memory of 5088	672	Battly Launcher.exe	104
PID 5088 wrote to memory of 1388	5088	cmd.exe	106
PID 5088 wrote to memory of 1388	5088	cmd.exe	106
PID 1388 wrote to memory of 3672	1388	net.exe	107
PID 1388 wrote to memory of 3672	1388	net.exe	107
PID 1948 wrote to memory of 2336	1948	Battly Launcher.exe	108
PID 1948 wrote to memory of 2336	1948	Battly Launcher.exe	108
PID 2336 wrote to memory of 4980	2336	msedge.exe	109
PID 2336 wrote to memory of 4980	2336	msedge.exe	109
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110
PID 2336 wrote to memory of 4752	2336	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:672
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1708 --field-trial-handle=1720,i,11350234440923744436,97491356722256853,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --mojo-platform-channel-handle=2016 --field-trial-handle=1720,i,11350234440923744436,97491356722256853,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2456 --field-trial-handle=1720,i,11350234440923744436,97491356722256853,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffa85fc46f8,0x7ffa85fc4708,0x7ffa85fc4718
        5⤵
        
        PID:4980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10116851244041977480,5349776564046435665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        5⤵
        
        PID:4752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10116851244041977480,5349776564046435665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10116851244041977480,5349776564046435665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
        5⤵
        
        PID:4492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10116851244041977480,5349776564046435665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        5⤵
        
        PID:3536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10116851244041977480,5349776564046435665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
        5⤵
        
        PID:1056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "NET SESSION"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Windows\system32\net.exe
      NET SESSION
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1388
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 SESSION
        5⤵
        
        PID:3672
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3324 --field-trial-handle=1720,i,11350234440923744436,97491356722256853,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85fc46f8,0x7ffa85fc4708,0x7ffa85fc4718
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,3878575336654614938,14646540377073410627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e412948d10ef6ba7ba6bb4933e46880

SHA1
e4b454e8bdc885ad3fa815943dccc33e63e95842

SHA256
277a3b2d3311049b295398443d97cd3f7da80cccb5e5048e92e2f1d547e5edbf

SHA512
79c7a4ff418f320a77a7cb6885bd686191605b98b535556b87feaa230d9929c6c12b7701e94fdfb8f05e152d4f3547b07b4c63041be3941176b85e0598e9924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0052283edcc193f821ca2697b98bd155

SHA1
528918c50f63c863c06c08f5833bca4ec185e448

SHA256
8214c9efc81c2571ab99ef37c615c3239e0df45e2963bc2549eae8ef4e7413ec

SHA512
d5f6c81c2623f3d201cc2a21ca795fb41c8242de3f285edfb92a9795d2608a8390b159c46bd61e4027054718d682d3265566cd771d987d78f26f28093211dfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a1b3e66ac9bb89c196276ae66ddd5625

SHA1
84efd344ee76a0cff754efe1b71e07806f8b3ac4

SHA256
b185dba5681a865894463d9a2dc1fc94c6844628cfd9c495eb3273226e12f060

SHA512
cf1d5f0416c45b77639b86d8e596b6defad590645bba4245bc8cc7024411856cf6bcf5fbd49f37fed21225fab1e98cf903429f8327b51e0d515814d47cf791f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
637a79bc67b0a20edc338bbc86f3012d

SHA1
dd3121a174fb049200f2133fed67cc657dd7a2bc

SHA256
6997d9203eee6a1325e4afa9ef19ea4e1a96127b22e0f5591bf403b5bea4d93a

SHA512
447a9693c5702e2228f4c98d969182a91cc921ba10eadb76620cd730ac50b5821dcc5cadcde8e6bf2869a2564d7fc7a75dd063a98cf628982f203f0ad67d8b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
455d6ea391cff7a501adcbb16cbfc3cb

SHA1
691e021081569082ea0679210059e1b0ed0143d3

SHA256
f9e56cebb23300410b784438e4a2a2922339aad6c8a1b797a270bf7532d88f30

SHA512
2b1dadfc13a9e316373cbf05d03b54bbc591db5d3dfa1d25744ce1d42c76557e0933520f272ffd6013a18f0677d952a4b4fb9469a8254a4a80671114488ea4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03c8ead013b2162f45e914c436cda248

SHA1
fd90556f7671bfd02fbb5f5a3f62c47410534249

SHA256
f88fc64fff5a1363c219d076d2b217b1334396c77f312a893f5a081cb3740ff6

SHA512
af91062d5fc302fc3bc95504d18f8191702cd8be6d99e4d98efe09721ba4f4d18a02aeb7b3bcb7514f83bd3b9dc07be090445705b206e764851a1386d0418e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9dc6f53914a5d8923f785fd9ef973130

SHA1
c16b120329410412d69bbffb799bf5a143ebe59e

SHA256
7b76d9eb1d0ba94ed4ff69ff37eebabf660d9616146bea9bdcf391091e5b093c

SHA512
5c643211beccd6f8f65dddc120b5eb05ffd2f0707aa7cc4b3547c2d723963c75d72992dd9eb9398a9e6beb64650d6d217f0e7cccd9714d1e457e513f27e2cbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21630dc892af9aaa1423f82a2521ba78

SHA1
47a823252106a59c25bbdb3ab674c3652eab13b9

SHA256
d3cef84cdaebe2e44fc6a8830ea3e20a93c37e9dbf795550ae1b723e497d2fa4

SHA512
0057acea7fb59b88276ec93c9af2b9df74a8a139a9cae692e68932f2eee0cf0f4b50cb0afa99537187f9abda6f579f50c6c7546d5c3eeab358a91ab061e40936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
635f2cf8d9267a7c87c4ef3d19300d6d

SHA1
eeca81ff4ff66eff6c7e64d91f00fb2443a82d1d

SHA256
a85048ba44a0621bdd4a0afdcfd4ffd8bd0c892b888b3ce58177e9f6a8725953

SHA512
5a0f06691462ad2e2f3965c7fa90500571ade9883135e1db066137afcf16ff4392f37abb5fc22043b5f72d2b6c6d99ee9a31f8fb114386d66a7e68082a3c57ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd9da0bcc7cd345c6bc7954acd779a7b

SHA1
22610a1e288bf0c7841cff80306e001e99d8a62e

SHA256
bba90573a92b2ff75344b258808f524d5f6cce20e4c0810e7ec0591dc0a94270

SHA512
45de1050a02145d83673139b79e0b5b5b4b95d8f684d43ccf1e751018674e707df8374b23ddb6e673b6a63e0227ca688b1bc9aa060422f67c5fa237cf7377797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
47c4d1872a380170ffb6b463ce7de6d9

SHA1
817d5af6a88c211b778cff5dbae8d8ebac31b139

SHA256
2a578d2b13a4701164db4df809684f33e5e65d1e89d72d8e5fddf97397d2f68f

SHA512
a9189444ca401b3cd393f1c74f42c0ddfcd5d4e2478016479f5cc28b8bbe48dd6c860e27fbdf6bb267526ff58343f04795033f6e0809478b29528955c7e9c357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2184a9819d2e95e6e8d0296ce6df8197

SHA1
02574fa64afcc90accf6958f459533aa69374af2

SHA256
e894b9b62d8ba9a15f0f05454dbcaa6541e77b65734fb3b0fcc5318e68b17831

SHA512
fb92edf3c268bc4d67b23b54d7eac7fe547ba5b93efe95f41a5df94801020db873202855160b6c71e874f6bee4bf525b88fe99eb0018520e333b9b5aa414e5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d466c743d20c1611ba5104044d721e2

SHA1
d68125d8ed969d09f75cb367b66cb0bfb3e39e71

SHA256
249e9a45264b44d0ba34d9a3ad2389f65c25e8a8b7eb1aecde90461e51c8a769

SHA512
7dfff964ca6bb4e6428fa568ba05a1a704d8b916d15f58998340e2ef1ac129ca8ce3e5ba951a97a0036f8e6d8d18902170a7134f591e0d7d26636ed339286dda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10fe99c59fa1c0ce22176e1d8481f0f6

SHA1
c7ca524db556d456043a88d6cdd5968aa199bea8

SHA256
acf60d3d491c96c18d7cc88e084b45fdfbad5c0de787a93738abd40c0a336155

SHA512
25a947d79eb32322903baea63412e3f2da3d242161640b23c59a1d384af2c54d0ce5a4f83214c506115ee8833c7b7160c1d175a75e8a956fdff730fc16033024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7bde48e3ed9a1ab1368ff8700be89c53

SHA1
cef2db2d2331487003299e7152e1177297e2922c

SHA256
08feb1b98335d5085c908fb01d44082ec74873405ef31061008a9d9042bdf663

SHA512
8f0604d4b679a53f5facf3a490aa9f51d25f2384e41fdb8cf18972e859e6d95c94d5445a14ddf33770ece75654bd4d4d196fcc126602ffe955de74535f5680a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\adm-zip\adm-zip.js

Filesize
30KB

MD5
9b6da3cd4a4ce0963e80d0e6dc1a11f1

SHA1
fce6550c2231f60425661f2f7db99efff491cdff

SHA256
cb49867d6ffe8e7c08ad0e6466c86450b0f81910069ed1ad9d5b7b9c27367929

SHA512
38f325ced4315f7fd39f9ec885e1a35f8d5c49bfe9721c3ae0b54d040c76e7df3e6d557f76bb5783594b0fe5c15f9e73f8c7a21fee373ecbd97ed9220d3127ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\adm-zip\package.json

Filesize
793B

MD5
d54047857da5c5c0f798702eaf6bbdb2

SHA1
13268d9836a3e86768a55e94d9ae566083450c32

SHA256
4a972775a807ee9450338de8587428f444df10d7d383721ab6f60c1981562089

SHA512
fd3311c500231a24c3923e9833e9c39e9369c340fba01bb8c5930313be2f1bd7cb7cdfa9ecedd16418a2164a87dfef09f0a33fb55c01da2d38cacae9e9c0a1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\index.js

Filesize
4KB

MD5
d441fba9399d196f943308f66d215d95

SHA1
76557f8a00782c3503b62784098b7832256c136b

SHA256
4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b

SHA512
7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\Mime.js

Filesize
2KB

MD5
5a77829e31fd521878c9484a90ff107a

SHA1
73efaff8e2e9adb871396c15c076dbf28757949a

SHA256
9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9

SHA512
dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\index.js

Filesize
127B

MD5
f18d3eb05bbc4d65415ee72c4b5d4dff

SHA1
e2d3efd8917c4ff9cbe668474891269d3fedcb37

SHA256
7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9

SHA512
65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\package.json

Filesize
775B

MD5
41460dd956f1244d052cbe727cb6be27

SHA1
4982079e4fc60559ed7fa2c066bf71fc7b74d9b4

SHA256
a1dccf7b9e97739c70cfe4a205babae71016a576f4385a8d66308978f21e0d19

SHA512
4e273dcbe5b5bde34c1ba8c0bf35251037b058fe3eef5703e53027a53b9f6661db97411be2ae2e7b4353adf5d77bb389566a81258adb8f11cac679ee6450c978

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\types\other.js

Filesize
25KB

MD5
ce7fcb8480cc926c86d46e4b1fb6cc9d

SHA1
dbfc26ed679cce39b3ecb6bee5ef5968cea6408a

SHA256
ee0e65cdfde6e492be9c52e35bffcbe0e0fd9a5be1a18fbaa7cbbc7b9b406934

SHA512
c5c943a1722aa52c3f85f28189258ebb4e3ed025c98bfa0d7ce978de2587b10239c578d5d96fb63f85bd8ec16d7d156847268cc14421cb920832688984fc0cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\types\standard.js

Filesize
9KB

MD5
5119196e906ee770dfd3610bcfbd0587

SHA1
a21f9b1eba88b1af8d16231a5759ffb8108a645c

SHA256
70aaa6f9c1b7caf38db2eff138406911368729b8dfb478fe70078e46ec1824bc

SHA512
30d30134c1044d36bf4ffd93cb0b6f003cb702a14b9e006bbc9a18a7e9e6915f18c22eb0b8bcfb5cae6cc15636726e0d8ab59189610550140ac90e51f45c324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\package.json

Filesize
367B

MD5
381be2da7b731d7e9f68c149ef521e46

SHA1
11f4eabe7d5c1236c02c9c6e1ef2e8f58226a2e3

SHA256
c30372a8a6ef7a7cf021a48200d7ca770ca5ad68022e92c6d15bd27878dc326a

SHA512
0595738800f268106a61f3526448bb1c89ed37db1950d00b7fc1f1d2874cfcd1bf7454b49d757614543caf756407d6594e2246f68d6916db51553c95e22c4f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs\lib\ejs.js

Filesize
26KB

MD5
e7286ffae51527e51efadb4ce65d1dd8

SHA1
2170a351835c1ff3ef58faab251e3d5ce5dfe9d6

SHA256
9ff1cb7fb0a7dbd822e04d35e50560a199926cc323b5aa11f1e89556d7b89814

SHA512
5a551b8ae5dc38eb4893acb2876046ebe27ed3852777b7e832173bfba8d5470b08495232811a82edd0662634bc6351e51d7d3509c87663900ca122a15e1d50e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs\lib\utils.js

Filesize
6KB

MD5
c4ed9f400aaac2c0b2ebe7c7f5795b1d

SHA1
4e88b60293299d879774768f84cf38524c3d34c3

SHA256
d77d4660b6fd5131949906b67fa4456223c308bd13a88d7dadbd2e10e5e7ace4

SHA512
100faa0f015ba8001eff8dc435174dde0af2d8717976448a3202272e7d0edde3d149f0a0acc6469f8d86fa0b15b79237cc1ffd5efb9456e0bbb625e6cfd53242

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs\package.json

Filesize
748B

MD5
c811f299cfedf923d32f6126894283b1

SHA1
4d25c24f5ff44f2963d08d74d474b03127c02ecf

SHA256
ba32b2005d817a23dc0e0b57c248b53b8b0316e8271fa433780750a954d56e69

SHA512
ce77756d8c128eff055923c6622f3b438a3eba87513fc6d962180b93762cb325c5b96c89e05e1df4a7ef227d35ad1de659d28c893742c5a1e8912b365b1a3fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\package.json

Filesize
530B

MD5
e102ea0d9f0e36be31e25b787c35ca2c

SHA1
022ea237f37e95570872a64ba6af1e2f63cb0dab

SHA256
9f66eafe35c475aaba1157c877406f448273c6e4811a1ef2fce10aa0d5eee706

SHA512
426e0af432f24562e548bf53ea972636c494f0c5b840b9e6affbc40f32fdb9de3cde3c4fd83d9a221eae9832a42631b2b178a3d46f1b2a56d1a82978fe32fc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\ads.ejs

Filesize
1KB

MD5
ee4146fab6611d7ba9d24e71d9b6363a

SHA1
0e0601beae6e65511660740b79fd18381601ba21

SHA256
213b9c67599b6c11cab64d5c9c2606eea16dafaceb028e93a5b9d4ad6c5c33b4

SHA512
9412dd10b99d79c10ba39e6e3fa027684b19f90361a65b25ebca1b9ccfc437fb303713ebf7e7be6906a4383302425c09a5cb3d0f446929f8d84ff8c462796fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\css\index.css

Filesize
20KB

MD5
3eaee883756164643699708fccb2c5ca

SHA1
d1afc0d030427a4be6e5f1d25ad5904503f527ef

SHA256
400743c30d1cb641da64e1bb44166d07850908e40e2103cda0e6010a3eaf4922

SHA512
3bbea7306e3fe1f6d20e5335b05ad25316236820255782fe8be10dcac1df0e45ed892e52f3f789895e7f811859f38538fa7a612d4e57748fc43100f34c8b257a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\icon.ico

Filesize
11KB

MD5
372b8e595552272d8980d7ce68a22a45

SHA1
3458abecc3172f86c0a42f889402a700964a7bdc

SHA256
9a6b51f26c9efb993a02f67582477d9b524b029af5d6b1bea046840012dc110e

SHA512
bb712405ea0c0ec66add82abd04ca8f32e07bea7e4bbdcb2bce53a16caf8d9bf2a514ec8e647739e739f995931fc6d04d155e8b2f381fb93765024a4aebc1fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\background.png

Filesize
713KB

MD5
54d3046d693ef7dc0e06a32ff629e7a1

SHA1
1d14c54f2db92c94e467dc3b3f6480fe737ed830

SHA256
62a7ec1cb750aa28bcfdc93cebf1521f8cdc352992938652527aacb79618e57c

SHA512
b4e123d3bf4b21bdb1c73ab9374bad0e1090e5cfd0b758bebfd907d4f3736c9f4e87e73e693a85eed66bd0e1eee85fbcf1a152eeb83ea6f317e85022d67fca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\de.png

Filesize
274B

MD5
0c730750c8a99bc30cf20b83d235aea6

SHA1
8ea6cd3bbdaae43607b4882560c4e04ef8eeaf8d

SHA256
b9d2aced61236662459e3acaaeaf44ce7af28405847c9a54d42fa4ae344f045f

SHA512
2fc3251378520052892b529b8c3638cbc3dd9c4ac471dc20382930c103c886826f05969400d7d1054b066cc81d00813ba86532b20be646aa8910efec9dfc6c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\en.png

Filesize
310B

MD5
c2de03c4d117d87763d4e1e5e28482db

SHA1
bfbecbfba4c5a871894c6784da913fa495a2aa3b

SHA256
e423db68a40835ac299155e365864461e37115a96f996091d5af026103d753e2

SHA512
628f47a91c2605a66dda06430f26d8685384136c0d04bc3146dd033462ef7def71c7d9ddd43cf3d07e892a400d089faed938a91317a94fce4febfd01183e1301

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\es.png

Filesize
370B

MD5
ff0df90a5a69c16ef24fab173a89ee4f

SHA1
02b14de1912f54b2b0630346c2cfe75a8da6d5b9

SHA256
c79f2cdfee1e6666b8180b7ee33d1f06bcffb113e602e8ec47b668d4db4f18d9

SHA512
4387449064aada45fba5e933304c5f931c29187acc025d291f1a758c6b2453085faa42693b2395fb08829b62187577988149514e133c2d4c58d6a2ed851f7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\fr.png

Filesize
284B

MD5
d03e36af77543804318d6a5e220724ea

SHA1
58f8df12d68e055019dce59a93afe17207d68bd8

SHA256
9914c4861965f03acbbc077509a8dbe76471a4b3c26eb3932427f9972236edb5

SHA512
8b10141b6411d05c4f7f7a1e3139fb0e7a8223c470b5f6a2ab84e07c482d39a56820b3e3a867263321744e2d5272bf9fabc81bde61fbb7e79e2ef31a37cacc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\it.png

Filesize
279B

MD5
b9673fed0ded2c7a6a3e2572b60ebb5c

SHA1
b4c6de948d9d7fb396dee563804fb161dc541cbe

SHA256
7ed6102d8a617b6cc2f7fe101ce130b037bf4fe7cc41deb011430f8def81b14a

SHA512
0f5965e93a08ea0a4f2a38de0e9f4accef71dea85d56f07c771ca62a966ab2049d611b1749544343e4389cea203137cb037fa2b7bd420087acfd3ddec2fc52f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\pt.png

Filesize
806B

MD5
188d843e650bbcb429950217dfc0131f

SHA1
ec3a3cbab918dc69f797f96b718fc22e398771b0

SHA256
60d97aeb01ec6481d1c9f5be24082655c880a4ec947e42713168e3c36d6015b6

SHA512
8b8aa9535194304633d229161377c73e0b13fb757a2661620a4ebb33d0bf6bc7d56fe2456a062e7ef9f6224fc2aabeaad9d472b83c96f2643e4e44b9e46015ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\opera_banner_es.png

Filesize
460KB

MD5
71feb71eed2ab2a53ff3765f4a1e83de

SHA1
5dbd35ad7104691f4996311516504c844fdf23a8

SHA256
d624cb45b2d295fbbfd59d20c20a825fe73f5cd2b09d1e01f8da5aae1508aff4

SHA512
f30ec6e622106e05d02caec8f2464157348bf150b4c3cf33565e1bdd66c35dde542383c788b37c78c8a06876ece338dc65ecbd8f0020b1ae1bfe2e803150d78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\js\index-es.js

Filesize
33KB

MD5
ca5f26a1bca7d0379bc07aa2196b9ae1

SHA1
384fd58e544cdc1d246e0b5077ebc1fc8e77800e

SHA256
7b84738f06f865a0bc533041e12acc8e2c651f153b8df96ca0a43956dddf20f9

SHA512
ef19bb165a47de0625499919db32788f7ee8ba563210f525fa7db074b8521345a6e0bc35cf2d51daab7fcc9441dfbb8623f19b34b4ce3fcdd6f65c6173bdab35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\js\index.js

Filesize
3KB

MD5
a43acb5bbde4eec35fa3992eca3a0fe5

SHA1
5df08727880475be34beabb49c80d04a1638ab07

SHA256
3c53963dae15a539bf383875155233cc4c1a069e5ba7c13937699c992b8a2701

SHA512
588412abff1307a4733bc5b0795ad1098791898e2329955a5db551bf51ad754382f16a0a6dd57717f135b0e9c334e4cc8b678353302d4960137462b24a919350

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\js\langs\es.js

Filesize
2KB

MD5
6e6fdf68120d784a17b10a8e1d87c2d8

SHA1
e6ef1aada60b098a9cbd60028a64a5f5aacf3407

SHA256
0bfb77caf7b42746b6738f4127ea215b43ed7d9e311b158d8776b22ae6a1e531

SHA512
be6b434436dafea7f545b208e525335d72013b9ac967b3a184598ecf06ed6fba1d5b6fda5ed59973f598648af3de4cbd1565622bb934300a238c733fe16760cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\langs\es\eula.txt

Filesize
1KB

MD5
3c09cb08016752513697717cb4524919

SHA1
4aaa2a8d3f1e759570252e0bf16b744b575fbb38

SHA256
6458dd3cfef6f596c6ba49bf5cb42429b8573ac9af021d6e0fedb8c2f89a3e5c

SHA512
4c866141850d40ba21b20cb96a2f7bed13afc6b0534fdb08e68381ea40ba072fc769c15cd416a0a5c6e71aa485a44d364327d215af7ba581340363e61809c11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\eula.ejs

Filesize
981B

MD5
0887c927cc2ba0250bea889fd5d40660

SHA1
8ae1b01d3c501a15cfeade573a13b93c44ae34d5

SHA256
df0dc42c4ec4e3dbed33e6fd855e977f3bfb4cc2a49a8402ead53bfb9f544d6e

SHA512
01dd4c0e622e95adc652fd06c8503864506cae7466d4114bd11938f69a5b97065ecedf2a9d516d485abaa33fc3442bcd9de46f6a00b0979c11b05951bf2183db

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\footer.ejs

Filesize
4KB

MD5
d6c4aec009f8a181f5f805169cbad491

SHA1
7a7263138772c78c8c4330a2ed6cfbd3092c8985

SHA256
a2da2ca46128fdf7530a27ab8345986278cda1b78d7a075ec0fb11b66474fa8d

SHA512
d0a2d60113cdce329303f9657b741317e2f5b691d248fa2131b6668e07e7db9a5292ab734456681f335b71c732e003009631113cf14f218e13aaad7d4e8bb4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\header.ejs

Filesize
38KB

MD5
eef60d35e9f75d3c7030d0574250e56f

SHA1
6d29148b90187fa1583652bc8799e65efa10f637

SHA256
3cf434b126e4369ffb8e9f4d489daee1aad9f47828850386984b3c752cdc7042

SHA512
529bf36dacd2fc808e63a8091a8aa92f5d3d39c23077bc72298bf052f1bdcd6fc05282608ce5337643d3c1a794bdde2b8d364f7deb0c4b7ae75810be3bdb165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\index.ejs

Filesize
880B

MD5
5cb43b3d3c087f4dfb7ef3604a39e757

SHA1
62796be76ccb921544aa6279dd0139b00450e24a

SHA256
88b3b17146349c92955cc88bdd70ef1fa414bf624d771a0b8ed0d7f2d40d76cd

SHA512
b5247488c6dbd4f682d27884f3b516df00ad6725665f79c2d4ea76c1a54d318a31e32c6f96a11fafc382d36097e50f505e0cba904e13b4d45afa96544401eb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\index.js

Filesize
4KB

MD5
c5cc3d4ff4268a128ca55321b7ad4f70

SHA1
87a0ad54e6b73a40fd5cc7e801603aa50e4ea973

SHA256
79912a218664d36de8b3f1adc69b43b2ccb67bebe39a3d38666bbbf4173cd411

SHA512
f55a303b010129a6b342e62b9a9d4e32297d7648c3054ce40d26d939cc7ef776d42438ce78d93a4897f5a6679a1477d2590e152dc601d174e53fffe8010f0e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\install-options.ejs

Filesize
3KB

MD5
877f16609a32c46ff5f8eab3648b1078

SHA1
5a3d5785704f016235b96fdbe04a9de69b48e203

SHA256
f8981d7e2001efe11511d6779675bcbead2fa27d6557a54dcb8492ea958a1454

SHA512
c6df43c91537d13d75e1b2e1b35fc2b452f7d62326f0074c24e975e18a47d31bade8a9e84514091bd537b8cb016c60e87920249cee73370188be045c628a30b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\language.ejs

Filesize
5KB

MD5
3fbf51eb59e0f0b050f5abcd2fcd3dca

SHA1
90d676bc914c2bebf33464dd088952abbedd56f3

SHA256
9016b2792ecdd22276e1d1e4172b4e598478f5668b27beb005e2219d229f216c

SHA512
c5e04500ebdd922d989594e3a0822fa9a9557d749e60af86ab1e309847342431a606f5e604538fa5d5666535bc68c4f5fbeeb4cdda9a832384505aac1ba2d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\logs.ejs

Filesize
1KB

MD5
6fc7c3d8bac3259202cb981acf8b18b6

SHA1
f3963b01f9a2df4e9b0b989b4e7ea8f55198ddfa

SHA256
62e112e61b5c9c582f5a9aac790a9275be8a560d1edb93c3a6879330298e53fc

SHA512
7d719b9698344ba99d3d860e28421bc7cfaf2e9d80cfc6da472413800900aa64f055add8269553e9838aa998df4d6575c6bf0091cf6263a6ea0c2537c36b5df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\path.ejs

Filesize
2KB

MD5
21e1d48f90eb1017539741c7a74cf059

SHA1
7906534922134e26a5c59324aafad63e20bf10ba

SHA256
870496c864624ebce9da0b98ea830249897a2a2317f6a816751f0edb30aeb32b

SHA512
2cd3d44337c5e1b794a2233d25fef122a97910d7f7d32cb811c0fa3f84397dd4781e917ba3db0e024384439413925dd0ab73888d3d82119951b86192e807685b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB130.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB130.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB130.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
697B

MD5
1e2100ba5a80727671ef5b45c6eadacc

SHA1
5e0dd88bd11720a01233b3318f96363a53aa9fb2

SHA256
220d2b708d6784381c0e3546a4ac3a9fded983c32c82af6c7fd7e523b92431c3

SHA512
d76e00b13f110eed80fb83eb7cedb43e9f6eeaced1c230e97c0f2368ceb06cd055d9eac3b6166c5b3f6f86e89203b730c25294799e9601617126354edb14e8d5

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1KB

MD5
5fc38ea7338c7b384cfdf4d3213e3c65

SHA1
7bddeb769ac77e8a7b45b2a6b8b7205cadf7458e

SHA256
7a4eaa7c4b936e2501e1c35fdba3f8f1dfd833f6bb75862be50027d88e7d8566

SHA512
868e1ea16ec77d78001be26d211b96725427aa80bb3ef784c60a637b65d1759b1290ceeb2470c6398a2b49c61825e44c9ad13337d16fc1a7c325fef541507688

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State~RFe58dd8a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
519B

MD5
3e082f9d4615d396a3690f936609e92b

SHA1
fad13b723bf36c27e3c22f0c379f23f47443753d

SHA256
cc482adc58a0df851e3fe5a0b76f1add94f812afe3d8ce669b3ec822b3c3f9da

SHA512
92b1b068bf8f99079c8325a529932af3b3df2af35d79c39710faee20d3a35734e6314469ec2efeae85751d277975b762c871f6938f65e3df1cb106f04f552d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
519B

MD5
d11ec7c28abf357eee9837691672c467

SHA1
55a1002545f0ae1918c3b67beef5d9727e59c09a

SHA256
a77861127f6a1cc768437ca92a7ff7af0cc08aba78ad7302d98cf58a0093bfad

SHA512
bfec05d1414b615b9524dc7d21626f82386d3102f9b73a8ba48bf51d7bd86ad850a35de9c59006989b6c2dcee895f00c8b159a7deeb39d88164086c78221b171

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity~RFe58efca.TMP

Filesize
356B

MD5
1cffee6938bae939c013498862b45c1c

SHA1
c0e0db4df6485cb31ec83ebb56284cb533a094dc

SHA256
3271a7f629b15dcdb9704fc3e6e56d59952abf8d06a967c506846dd86b066de8

SHA512
d97abfabf9fc0f6b7d56200ed84ed27744d5e4a7fef67bda9f61368b936e528d7e556799a56694139916d5db96937ed61a7dcceb3f32b256f37e7a57d387dcb1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/5180-762-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-761-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-763-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-764-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-765-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-766-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-767-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-757-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-756-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download
memory/5180-755-0x0000020FC07B0000-0x0000020FC07B1000-memory.dmp

Filesize
4KB

Download