a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4

Analysis

max time kernel
139s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
29-07-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battly-Launcher-Windows.exe
Size

183.1MB
MD5

777dae8f41c5c9ba97b798fcd52612de
SHA1

03ec3ee7b1e1a47dc8b0e7f5f980ebd7071c469b
SHA256

a1941786149857faebfd4f2731022d8af6aaa984b981bffd40bd123472b0beb4
SHA512

792ccba986338f3a3d5475d615fa276a73c52eb483484ee2fda16a143f1100afdfd0dea2bb309bfba54202e07707df7bb025677f6477bf44ddb8f2282093f592
SSDEEP

3145728:qJcuNt6i+X0MdTUPo+YFawtU4odz5zA436E7IkGl0BkChNw5+VTmms+B6Q8k:ScuN7+QYFjmPz5zAJ0wahNw5+VTTs+Bl

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Battly Launcher.exeBattly Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe

Executes dropped EXE 5 IoCs

Processes:

Battly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exe

pid process

3408 Battly Launcher.exe
3024 Battly Launcher.exe
3000 Battly Launcher.exe
4056 Battly Launcher.exe
5412 Battly Launcher.exe

pid	process
3408	Battly Launcher.exe
3024	Battly Launcher.exe
3000	Battly Launcher.exe
4056	Battly Launcher.exe
5412	Battly Launcher.exe

Loads dropped DLL 13 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exe

pid	process
4852	Battly-Launcher-Windows.exe
4852	Battly-Launcher-Windows.exe
4852	Battly-Launcher-Windows.exe
3408	Battly Launcher.exe
3024	Battly Launcher.exe
3000	Battly Launcher.exe
3024	Battly Launcher.exe
4056	Battly Launcher.exe
3024	Battly Launcher.exe
3024	Battly Launcher.exe
3024	Battly Launcher.exe
5412	Battly Launcher.exe
5412	Battly Launcher.exe

Drops file in System32 directory 2 IoCs

Processes:

Battly Launcher.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Battly-Launcher-Windows.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Battly-Launcher-Windows.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Battly-Launcher-Windows.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exeBattly Launcher.exe

pid	process
1096	msedge.exe
1096	msedge.exe
2200	msedge.exe
2200	msedge.exe
2064	msedge.exe
2064	msedge.exe
5980	identity_helper.exe
5980	identity_helper.exe
5412	Battly Launcher.exe
5412	Battly Launcher.exe
5412	Battly Launcher.exe
5412	Battly Launcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2064 msedge.exe
2064 msedge.exe
2064 msedge.exe
2064 msedge.exe
2064 msedge.exe
2064 msedge.exe
2064 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Battly Launcher.exe

description	pid	process
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe
Token: SeShutdownPrivilege	3408	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	3408	Battly Launcher.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.execmd.exenet.exeBattly Launcher.exemsedge.exemsedge.exe

description	pid	process	target process
PID 4852 wrote to memory of 3408	4852	Battly-Launcher-Windows.exe	Battly Launcher.exe
PID 4852 wrote to memory of 3408	4852	Battly-Launcher-Windows.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3024	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3000	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 3000	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 4056	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 4056	3408	Battly Launcher.exe	Battly Launcher.exe
PID 3408 wrote to memory of 1592	3408	Battly Launcher.exe	cmd.exe
PID 3408 wrote to memory of 1592	3408	Battly Launcher.exe	cmd.exe
PID 1592 wrote to memory of 3880	1592	cmd.exe	net.exe
PID 1592 wrote to memory of 3880	1592	cmd.exe	net.exe
PID 3880 wrote to memory of 3868	3880	net.exe	net1.exe
PID 3880 wrote to memory of 3868	3880	net.exe	net1.exe
PID 4056 wrote to memory of 3988	4056	Battly Launcher.exe	msedge.exe
PID 4056 wrote to memory of 3988	4056	Battly Launcher.exe	msedge.exe
PID 3988 wrote to memory of 1540	3988	msedge.exe	msedge.exe
PID 3988 wrote to memory of 1540	3988	msedge.exe	msedge.exe
PID 4056 wrote to memory of 2064	4056	Battly Launcher.exe	msedge.exe
PID 4056 wrote to memory of 2064	4056	Battly Launcher.exe	msedge.exe
PID 2064 wrote to memory of 1544	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1544	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 1864	2064	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3408
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1724 --field-trial-handle=1844,i,15603839766748710392,11792726898763337687,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3024
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --mojo-platform-channel-handle=2068 --field-trial-handle=1844,i,15603839766748710392,11792726898763337687,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3000
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2512 --field-trial-handle=1844,i,15603839766748710392,11792726898763337687,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8051046f8,0x7ff805104708,0x7ff805104718
        5⤵
        
        PID:1540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8591531390100510232,1451182491307269453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        5⤵
        
        PID:348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8591531390100510232,1451182491307269453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8051046f8,0x7ff805104708,0x7ff805104718
        5⤵
        
        PID:1544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        5⤵
        
        PID:1864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
        5⤵
        
        PID:3144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
        5⤵
        
        PID:5212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
        5⤵
        
        PID:5224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
        5⤵
        
        PID:5404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
        5⤵
        
        PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
        5⤵
        
        PID:5164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16916663598233055667,3791141191186115391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
        5⤵
        
        PID:1984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "NET SESSION"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1592
  - - C:\Windows\system32\net.exe
      NET SESSION
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3880
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 SESSION
        5⤵
        
        PID:3868
- - C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\Battly Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2344 --field-trial-handle=1844,i,15603839766748710392,11792726898763337687,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
25KB

MD5
a3eee7b1a705507648ee013f01eda06a

SHA1
c73272a849ad0d75fa3b6d826ffefad60c2bf9fd

SHA256
fec4bc11cebc824f76b47499965c90597531f89716646903e606c477f40cd169

SHA512
f1d895f303542802738aafc0aa74fd02b75c0379a282eb9b45d200f9c467323b149a24a6d5241c398eb6d7081049be1f85f7359f9da28f86a322a52622246642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
456B

MD5
cfdd6ba7cf256f6809a061deb45b7923

SHA1
fd48d7dad0b679d71be0e6d3ecceae8a033a0df2

SHA256
927b078bef6b45fe59c8f01cfa2fd86c1bde41b86a30bd302a552179d30c4ef9

SHA512
884d6ace0b7a3259d66aa90f63aaba6d604ea686f20731ed66191aa41cce64de2ce85c17d67e48fd03a86ec012f3273c1142816552e184fa6180a5e1a0c16163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a19c46f1c51620fa255af0a1f11e45f0

SHA1
b10e0079e21e593f2d445e6aa4f43f17f27d818f

SHA256
6bce65bb6fc442bbaa5a86b959432818aa955b5d03bf7c64b5ba395cf5220802

SHA512
2621d2adfbe37759515e4b0d37a584a96ac9a62a31b77c1e5f93c389600f190dd2c43d571430949ce680a0f80a59a405f6d3aa21daf14988c8bec35c988594ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98f116fc3e9113b50406014c465816ff

SHA1
e48bad78e08b68e53cd118fbf953ab4d8ed5d0f3

SHA256
ce41bcaac3b8f5ad9e187c384b402c0abd94f33f5aff471d006a625fec6d79d9

SHA512
2ddb6c8838df123886a1dd9cf2ee8aef4622142d65032020634fed1472a4b4f307bd435d95c879f8c0478eb89affc3cb30c9ce6aa70d727077e07bb0e55c274b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da9df47ee69d41c19b176d37483450f2

SHA1
f9377d7d69c72dfd9bdd733ae1ae29ce820b36fd

SHA256
95e325b89b1129aafa4b84a87d7b8432286110b59f450cafc4e8b2252430e448

SHA512
4588f85ad6ce415269367a184b9129588b29ff00cff71ccd88d0a86c9f9a0edd81e837bb5c9d0fdfa1c258bf843bbeafe34953675941988e97e32f1a8f2ac6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b26f6cdf16392ae83df903c8f546805

SHA1
83f5d950c919f9b5416ceaae8e0775cb20a6854e

SHA256
6cb486d354603f584a732e4f736ca0894edad81a5c98478d7daa494c6f92bb26

SHA512
57cb18b0bd2fd18124118d7d92c01bbfafab76f8f1084ecafc474d7fe20460fc3dc9d417ca681fdee3c3c615de3eb992e9e386e0d04b5503b581f3fe08225abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fb81fbb053ba564a4cfc84404017ff21

SHA1
79392ce0cc461464c3bd12fc0136aca7ad7c7978

SHA256
754fea740a7c418323b16573bdb9fe912be06bd1137703dbe1b2e00afc5e5e65

SHA512
6cabf5473a84c3838e31e7a5b2fdfd89b4ba7b89b1ea58ed7c23365abd7345379213ba533cd04a96776a5f3fdcc6106d550f749a4ad6553248bc2720aa6fa262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8832a829bedcccc78453417379b70ca7

SHA1
504c819dc9e4ad9fea4c2fd24d4eb443e1ad9adb

SHA256
f884f15af76502a8052941ece721d74dd63e92aa4825be8eb37bc469b7727d58

SHA512
b21acf42cbd9ef48d08f7592b9ade77df3ff5530c49a8eaf28821de1fa83d203fa27a6483aa7afabeebc3c1e432137684c5dc73ff540f1ff72a26ff38335b3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14563f19c871ac0c07ceae916d3d5f5d

SHA1
f4b5ce0c4dad8a417eb4e2544d33a4a1e8fc7cd9

SHA256
0d8338eef074966acff231b6daac4b8f12b375333008c5d8da035087ba752d52

SHA512
32a08c4046ce6bb298150426d2e90c4c5f8ee8c65191145890d6fa7517377b4720b0ab70df3bfa46086a4bd6c7b86e772d250f9fe5ab66854736d6ff1e08c65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\libegl.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\adm-zip\adm-zip.js

Filesize
30KB

MD5
9b6da3cd4a4ce0963e80d0e6dc1a11f1

SHA1
fce6550c2231f60425661f2f7db99efff491cdff

SHA256
cb49867d6ffe8e7c08ad0e6466c86450b0f81910069ed1ad9d5b7b9c27367929

SHA512
38f325ced4315f7fd39f9ec885e1a35f8d5c49bfe9721c3ae0b54d040c76e7df3e6d557f76bb5783594b0fe5c15f9e73f8c7a21fee373ecbd97ed9220d3127ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\adm-zip\package.json

Filesize
793B

MD5
d54047857da5c5c0f798702eaf6bbdb2

SHA1
13268d9836a3e86768a55e94d9ae566083450c32

SHA256
4a972775a807ee9450338de8587428f444df10d7d383721ab6f60c1981562089

SHA512
fd3311c500231a24c3923e9833e9c39e9369c340fba01bb8c5930313be2f1bd7cb7cdfa9ecedd16418a2164a87dfef09f0a33fb55c01da2d38cacae9e9c0a1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\index.js

Filesize
4KB

MD5
d441fba9399d196f943308f66d215d95

SHA1
76557f8a00782c3503b62784098b7832256c136b

SHA256
4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b

SHA512
7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\Mime.js

Filesize
2KB

MD5
5a77829e31fd521878c9484a90ff107a

SHA1
73efaff8e2e9adb871396c15c076dbf28757949a

SHA256
9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9

SHA512
dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\index.js

Filesize
127B

MD5
f18d3eb05bbc4d65415ee72c4b5d4dff

SHA1
e2d3efd8917c4ff9cbe668474891269d3fedcb37

SHA256
7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9

SHA512
65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\package.json

Filesize
775B

MD5
41460dd956f1244d052cbe727cb6be27

SHA1
4982079e4fc60559ed7fa2c066bf71fc7b74d9b4

SHA256
a1dccf7b9e97739c70cfe4a205babae71016a576f4385a8d66308978f21e0d19

SHA512
4e273dcbe5b5bde34c1ba8c0bf35251037b058fe3eef5703e53027a53b9f6661db97411be2ae2e7b4353adf5d77bb389566a81258adb8f11cac679ee6450c978

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\types\other.js

Filesize
25KB

MD5
ce7fcb8480cc926c86d46e4b1fb6cc9d

SHA1
dbfc26ed679cce39b3ecb6bee5ef5968cea6408a

SHA256
ee0e65cdfde6e492be9c52e35bffcbe0e0fd9a5be1a18fbaa7cbbc7b9b406934

SHA512
c5c943a1722aa52c3f85f28189258ebb4e3ed025c98bfa0d7ce978de2587b10239c578d5d96fb63f85bd8ec16d7d156847268cc14421cb920832688984fc0cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\node_modules\mime\types\standard.js

Filesize
9KB

MD5
5119196e906ee770dfd3610bcfbd0587

SHA1
a21f9b1eba88b1af8d16231a5759ffb8108a645c

SHA256
70aaa6f9c1b7caf38db2eff138406911368729b8dfb478fe70078e46ec1824bc

SHA512
30d30134c1044d36bf4ffd93cb0b6f003cb702a14b9e006bbc9a18a7e9e6915f18c22eb0b8bcfb5cae6cc15636726e0d8ab59189610550140ac90e51f45c324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs-electron\package.json

Filesize
367B

MD5
381be2da7b731d7e9f68c149ef521e46

SHA1
11f4eabe7d5c1236c02c9c6e1ef2e8f58226a2e3

SHA256
c30372a8a6ef7a7cf021a48200d7ca770ca5ad68022e92c6d15bd27878dc326a

SHA512
0595738800f268106a61f3526448bb1c89ed37db1950d00b7fc1f1d2874cfcd1bf7454b49d757614543caf756407d6594e2246f68d6916db51553c95e22c4f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs\lib\ejs.js

Filesize
26KB

MD5
e7286ffae51527e51efadb4ce65d1dd8

SHA1
2170a351835c1ff3ef58faab251e3d5ce5dfe9d6

SHA256
9ff1cb7fb0a7dbd822e04d35e50560a199926cc323b5aa11f1e89556d7b89814

SHA512
5a551b8ae5dc38eb4893acb2876046ebe27ed3852777b7e832173bfba8d5470b08495232811a82edd0662634bc6351e51d7d3509c87663900ca122a15e1d50e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs\lib\utils.js

Filesize
6KB

MD5
c4ed9f400aaac2c0b2ebe7c7f5795b1d

SHA1
4e88b60293299d879774768f84cf38524c3d34c3

SHA256
d77d4660b6fd5131949906b67fa4456223c308bd13a88d7dadbd2e10e5e7ace4

SHA512
100faa0f015ba8001eff8dc435174dde0af2d8717976448a3202272e7d0edde3d149f0a0acc6469f8d86fa0b15b79237cc1ffd5efb9456e0bbb625e6cfd53242

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\node_modules\ejs\package.json

Filesize
748B

MD5
c811f299cfedf923d32f6126894283b1

SHA1
4d25c24f5ff44f2963d08d74d474b03127c02ecf

SHA256
ba32b2005d817a23dc0e0b57c248b53b8b0316e8271fa433780750a954d56e69

SHA512
ce77756d8c128eff055923c6622f3b438a3eba87513fc6d962180b93762cb325c5b96c89e05e1df4a7ef227d35ad1de659d28c893742c5a1e8912b365b1a3fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\package.json

Filesize
530B

MD5
e102ea0d9f0e36be31e25b787c35ca2c

SHA1
022ea237f37e95570872a64ba6af1e2f63cb0dab

SHA256
9f66eafe35c475aaba1157c877406f448273c6e4811a1ef2fce10aa0d5eee706

SHA512
426e0af432f24562e548bf53ea972636c494f0c5b840b9e6affbc40f32fdb9de3cde3c4fd83d9a221eae9832a42631b2b178a3d46f1b2a56d1a82978fe32fc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\ads.ejs

Filesize
1KB

MD5
ee4146fab6611d7ba9d24e71d9b6363a

SHA1
0e0601beae6e65511660740b79fd18381601ba21

SHA256
213b9c67599b6c11cab64d5c9c2606eea16dafaceb028e93a5b9d4ad6c5c33b4

SHA512
9412dd10b99d79c10ba39e6e3fa027684b19f90361a65b25ebca1b9ccfc437fb303713ebf7e7be6906a4383302425c09a5cb3d0f446929f8d84ff8c462796fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\css\index.css

Filesize
20KB

MD5
3eaee883756164643699708fccb2c5ca

SHA1
d1afc0d030427a4be6e5f1d25ad5904503f527ef

SHA256
400743c30d1cb641da64e1bb44166d07850908e40e2103cda0e6010a3eaf4922

SHA512
3bbea7306e3fe1f6d20e5335b05ad25316236820255782fe8be10dcac1df0e45ed892e52f3f789895e7f811859f38538fa7a612d4e57748fc43100f34c8b257a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\icon.ico

Filesize
11KB

MD5
372b8e595552272d8980d7ce68a22a45

SHA1
3458abecc3172f86c0a42f889402a700964a7bdc

SHA256
9a6b51f26c9efb993a02f67582477d9b524b029af5d6b1bea046840012dc110e

SHA512
bb712405ea0c0ec66add82abd04ca8f32e07bea7e4bbdcb2bce53a16caf8d9bf2a514ec8e647739e739f995931fc6d04d155e8b2f381fb93765024a4aebc1fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\background.png

Filesize
713KB

MD5
54d3046d693ef7dc0e06a32ff629e7a1

SHA1
1d14c54f2db92c94e467dc3b3f6480fe737ed830

SHA256
62a7ec1cb750aa28bcfdc93cebf1521f8cdc352992938652527aacb79618e57c

SHA512
b4e123d3bf4b21bdb1c73ab9374bad0e1090e5cfd0b758bebfd907d4f3736c9f4e87e73e693a85eed66bd0e1eee85fbcf1a152eeb83ea6f317e85022d67fca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\de.png

Filesize
274B

MD5
0c730750c8a99bc30cf20b83d235aea6

SHA1
8ea6cd3bbdaae43607b4882560c4e04ef8eeaf8d

SHA256
b9d2aced61236662459e3acaaeaf44ce7af28405847c9a54d42fa4ae344f045f

SHA512
2fc3251378520052892b529b8c3638cbc3dd9c4ac471dc20382930c103c886826f05969400d7d1054b066cc81d00813ba86532b20be646aa8910efec9dfc6c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\en.png

Filesize
310B

MD5
c2de03c4d117d87763d4e1e5e28482db

SHA1
bfbecbfba4c5a871894c6784da913fa495a2aa3b

SHA256
e423db68a40835ac299155e365864461e37115a96f996091d5af026103d753e2

SHA512
628f47a91c2605a66dda06430f26d8685384136c0d04bc3146dd033462ef7def71c7d9ddd43cf3d07e892a400d089faed938a91317a94fce4febfd01183e1301

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\es.png

Filesize
370B

MD5
ff0df90a5a69c16ef24fab173a89ee4f

SHA1
02b14de1912f54b2b0630346c2cfe75a8da6d5b9

SHA256
c79f2cdfee1e6666b8180b7ee33d1f06bcffb113e602e8ec47b668d4db4f18d9

SHA512
4387449064aada45fba5e933304c5f931c29187acc025d291f1a758c6b2453085faa42693b2395fb08829b62187577988149514e133c2d4c58d6a2ed851f7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\fr.png

Filesize
284B

MD5
d03e36af77543804318d6a5e220724ea

SHA1
58f8df12d68e055019dce59a93afe17207d68bd8

SHA256
9914c4861965f03acbbc077509a8dbe76471a4b3c26eb3932427f9972236edb5

SHA512
8b10141b6411d05c4f7f7a1e3139fb0e7a8223c470b5f6a2ab84e07c482d39a56820b3e3a867263321744e2d5272bf9fabc81bde61fbb7e79e2ef31a37cacc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\it.png

Filesize
279B

MD5
b9673fed0ded2c7a6a3e2572b60ebb5c

SHA1
b4c6de948d9d7fb396dee563804fb161dc541cbe

SHA256
7ed6102d8a617b6cc2f7fe101ce130b037bf4fe7cc41deb011430f8def81b14a

SHA512
0f5965e93a08ea0a4f2a38de0e9f4accef71dea85d56f07c771ca62a966ab2049d611b1749544343e4389cea203137cb037fa2b7bd420087acfd3ddec2fc52f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\flags\pt.png

Filesize
806B

MD5
188d843e650bbcb429950217dfc0131f

SHA1
ec3a3cbab918dc69f797f96b718fc22e398771b0

SHA256
60d97aeb01ec6481d1c9f5be24082655c880a4ec947e42713168e3c36d6015b6

SHA512
8b8aa9535194304633d229161377c73e0b13fb757a2661620a4ebb33d0bf6bc7d56fe2456a062e7ef9f6224fc2aabeaad9d472b83c96f2643e4e44b9e46015ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\images\opera_banner_es.png

Filesize
460KB

MD5
71feb71eed2ab2a53ff3765f4a1e83de

SHA1
5dbd35ad7104691f4996311516504c844fdf23a8

SHA256
d624cb45b2d295fbbfd59d20c20a825fe73f5cd2b09d1e01f8da5aae1508aff4

SHA512
f30ec6e622106e05d02caec8f2464157348bf150b4c3cf33565e1bdd66c35dde542383c788b37c78c8a06876ece338dc65ecbd8f0020b1ae1bfe2e803150d78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\js\index-es.js

Filesize
33KB

MD5
ca5f26a1bca7d0379bc07aa2196b9ae1

SHA1
384fd58e544cdc1d246e0b5077ebc1fc8e77800e

SHA256
7b84738f06f865a0bc533041e12acc8e2c651f153b8df96ca0a43956dddf20f9

SHA512
ef19bb165a47de0625499919db32788f7ee8ba563210f525fa7db074b8521345a6e0bc35cf2d51daab7fcc9441dfbb8623f19b34b4ce3fcdd6f65c6173bdab35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\js\index.js

Filesize
3KB

MD5
a43acb5bbde4eec35fa3992eca3a0fe5

SHA1
5df08727880475be34beabb49c80d04a1638ab07

SHA256
3c53963dae15a539bf383875155233cc4c1a069e5ba7c13937699c992b8a2701

SHA512
588412abff1307a4733bc5b0795ad1098791898e2329955a5db551bf51ad754382f16a0a6dd57717f135b0e9c334e4cc8b678353302d4960137462b24a919350

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\js\langs\es.js

Filesize
2KB

MD5
6e6fdf68120d784a17b10a8e1d87c2d8

SHA1
e6ef1aada60b098a9cbd60028a64a5f5aacf3407

SHA256
0bfb77caf7b42746b6738f4127ea215b43ed7d9e311b158d8776b22ae6a1e531

SHA512
be6b434436dafea7f545b208e525335d72013b9ac967b3a184598ecf06ed6fba1d5b6fda5ed59973f598648af3de4cbd1565622bb934300a238c733fe16760cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\assets\langs\es\eula.txt

Filesize
1KB

MD5
3c09cb08016752513697717cb4524919

SHA1
4aaa2a8d3f1e759570252e0bf16b744b575fbb38

SHA256
6458dd3cfef6f596c6ba49bf5cb42429b8573ac9af021d6e0fedb8c2f89a3e5c

SHA512
4c866141850d40ba21b20cb96a2f7bed13afc6b0534fdb08e68381ea40ba072fc769c15cd416a0a5c6e71aa485a44d364327d215af7ba581340363e61809c11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\eula.ejs

Filesize
981B

MD5
0887c927cc2ba0250bea889fd5d40660

SHA1
8ae1b01d3c501a15cfeade573a13b93c44ae34d5

SHA256
df0dc42c4ec4e3dbed33e6fd855e977f3bfb4cc2a49a8402ead53bfb9f544d6e

SHA512
01dd4c0e622e95adc652fd06c8503864506cae7466d4114bd11938f69a5b97065ecedf2a9d516d485abaa33fc3442bcd9de46f6a00b0979c11b05951bf2183db

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\footer.ejs

Filesize
4KB

MD5
d6c4aec009f8a181f5f805169cbad491

SHA1
7a7263138772c78c8c4330a2ed6cfbd3092c8985

SHA256
a2da2ca46128fdf7530a27ab8345986278cda1b78d7a075ec0fb11b66474fa8d

SHA512
d0a2d60113cdce329303f9657b741317e2f5b691d248fa2131b6668e07e7db9a5292ab734456681f335b71c732e003009631113cf14f218e13aaad7d4e8bb4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\header.ejs

Filesize
38KB

MD5
eef60d35e9f75d3c7030d0574250e56f

SHA1
6d29148b90187fa1583652bc8799e65efa10f637

SHA256
3cf434b126e4369ffb8e9f4d489daee1aad9f47828850386984b3c752cdc7042

SHA512
529bf36dacd2fc808e63a8091a8aa92f5d3d39c23077bc72298bf052f1bdcd6fc05282608ce5337643d3c1a794bdde2b8d364f7deb0c4b7ae75810be3bdb165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\index.ejs

Filesize
880B

MD5
5cb43b3d3c087f4dfb7ef3604a39e757

SHA1
62796be76ccb921544aa6279dd0139b00450e24a

SHA256
88b3b17146349c92955cc88bdd70ef1fa414bf624d771a0b8ed0d7f2d40d76cd

SHA512
b5247488c6dbd4f682d27884f3b516df00ad6725665f79c2d4ea76c1a54d318a31e32c6f96a11fafc382d36097e50f505e0cba904e13b4d45afa96544401eb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\index.js

Filesize
4KB

MD5
c5cc3d4ff4268a128ca55321b7ad4f70

SHA1
87a0ad54e6b73a40fd5cc7e801603aa50e4ea973

SHA256
79912a218664d36de8b3f1adc69b43b2ccb67bebe39a3d38666bbbf4173cd411

SHA512
f55a303b010129a6b342e62b9a9d4e32297d7648c3054ce40d26d939cc7ef776d42438ce78d93a4897f5a6679a1477d2590e152dc601d174e53fffe8010f0e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\install-options.ejs

Filesize
3KB

MD5
877f16609a32c46ff5f8eab3648b1078

SHA1
5a3d5785704f016235b96fdbe04a9de69b48e203

SHA256
f8981d7e2001efe11511d6779675bcbead2fa27d6557a54dcb8492ea958a1454

SHA512
c6df43c91537d13d75e1b2e1b35fc2b452f7d62326f0074c24e975e18a47d31bade8a9e84514091bd537b8cb016c60e87920249cee73370188be045c628a30b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\language.ejs

Filesize
5KB

MD5
3fbf51eb59e0f0b050f5abcd2fcd3dca

SHA1
90d676bc914c2bebf33464dd088952abbedd56f3

SHA256
9016b2792ecdd22276e1d1e4172b4e598478f5668b27beb005e2219d229f216c

SHA512
c5e04500ebdd922d989594e3a0822fa9a9557d749e60af86ab1e309847342431a606f5e604538fa5d5666535bc68c4f5fbeeb4cdda9a832384505aac1ba2d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\logs.ejs

Filesize
1KB

MD5
6fc7c3d8bac3259202cb981acf8b18b6

SHA1
f3963b01f9a2df4e9b0b989b4e7ea8f55198ddfa

SHA256
62e112e61b5c9c582f5a9aac790a9275be8a560d1edb93c3a6879330298e53fc

SHA512
7d719b9698344ba99d3d860e28421bc7cfaf2e9d80cfc6da472413800900aa64f055add8269553e9838aa998df4d6575c6bf0091cf6263a6ea0c2537c36b5df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\resources\app\src\path.ejs

Filesize
2KB

MD5
21e1d48f90eb1017539741c7a74cf059

SHA1
7906534922134e26a5c59324aafad63e20bf10ba

SHA256
870496c864624ebce9da0b98ea830249897a2a2317f6a816751f0edb30aeb32b

SHA512
2cd3d44337c5e1b794a2233d25fef122a97910d7f7d32cb811c0fa3f84397dd4781e917ba3db0e024384439413925dd0ab73888d3d82119951b86192e807685b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2fejptRVqtuxOlbo01siOY8OCTG\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF7.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF7.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskDEF7.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1012B

MD5
84b7ca90f7efd4618045f46aa93424c2

SHA1
c8b44f04887569ed93cb223a57dc6afd13ba6ee2

SHA256
a854105b2dd5b10ab3fa6fb44a9a9bb7eb4b0981f2d50d9dfcd0249fb98869b1

SHA512
2bce5f0c36ca5f47707f99edd2393ff89939896c22784a08abbfe988af285b6b341555380951e4f51862accc83f07c0fa0dfaa976a8dbfe41d1f2b06a6dbc962

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State~RFe59137e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
517B

MD5
dea9190d31914e07d5ec2ba1b868332f

SHA1
17e24a6efa830c1a9f82b8a4ad0a070c2f2b0e10

SHA256
9ca397c3ef0d89e9aca61c43b80ae30a60839343f6df4388fbb8e98d170ca369

SHA512
172764acdc7e4c4fb3eda10e503060f6a0e7df5c2a39a5fcf3e39f50e2ea4ef824e0140b54a95b66eeec621afe816077369fb5b61d626a7d6124e874ed516b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
517B

MD5
94470edfe55e61985165196466775bd8

SHA1
115fe60fe08cdb930ddb2b9db2f19095d12171bb

SHA256
2f4f65b0f18b4c1d68a4fbb414cc12a7387f720ae224be3dc9954e39bf319a5f

SHA512
ba770a34729760161c49fae1e7a7478a622b4731f4df7b33446696947fd77f746aed7f8a5b4a98c095b93164cfa6e90679a0dbafa43fefe957ca960f5ad29626

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity~RFe588160.TMP

Filesize
352B

MD5
761b12023fa3d1629beb84fd8994add0

SHA1
c5672419bc697aa2b8912205d015adad41a2529f

SHA256
cdddd93d18cda60a6a214d97ec223cd31a63ae2f809e86d4ddbe6650c697cf1e

SHA512
b2a32087d396a2a6f0ecf38a16bb6e9cc5e06fa87f88cb45ab774e53bf7df7dea2b23443e9069a74e9a580f17bf162d0785bc4f55c9a43f7002a3e79e32a6b5d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/5412-874-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-875-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-873-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-885-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-881-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-884-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-883-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-882-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-879-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download
memory/5412-880-0x000001EE69550000-0x000001EE69551000-memory.dmp

Filesize
4KB

Download