9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d

Analysis

max time kernel
173s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battly-Launcher-Windows.exe
Size

112.1MB
MD5

03696da629e834c395f699847326448a
SHA1

3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6
SHA256

9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d
SHA512

fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b
SSDEEP

3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Battly Launcher.exeBattly Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-857544305-989156968-2929034274-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe

Executes dropped EXE 14 IoCs

Processes:

Battly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeOperaSetup.exesetup.exesetup.exesetup.exesetup.exesetup.exeAssistant_112.0.5197.30_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exeBattly Launcher.exe

pid	process
2128	Battly Launcher.exe
1412	Battly Launcher.exe
2948	Battly Launcher.exe
1928	Battly Launcher.exe
6060	OperaSetup.exe
6096	setup.exe
6136	setup.exe
5216	setup.exe
1136	setup.exe
5212	setup.exe
5432	Assistant_112.0.5197.30_Setup.exe_sfx.exe
5508	assistant_installer.exe
5556	assistant_installer.exe
5796	Battly Launcher.exe

Loads dropped DLL 22 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exesetup.exesetup.exesetup.exesetup.exesetup.exeassistant_installer.exeassistant_installer.exeBattly Launcher.exe

pid	process
3884	Battly-Launcher-Windows.exe
3884	Battly-Launcher-Windows.exe
3884	Battly-Launcher-Windows.exe
2128	Battly Launcher.exe
1412	Battly Launcher.exe
2948	Battly Launcher.exe
1928	Battly Launcher.exe
1412	Battly Launcher.exe
1412	Battly Launcher.exe
1412	Battly Launcher.exe
1412	Battly Launcher.exe
6096	setup.exe
6136	setup.exe
5216	setup.exe
1136	setup.exe
5212	setup.exe
5508	assistant_installer.exe
5508	assistant_installer.exe
5556	assistant_installer.exe
5556	assistant_installer.exe
5796	Battly Launcher.exe
5796	Battly Launcher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

setup.exesetup.exe

description	ioc	process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Drops file in System32 directory 2 IoCs

Processes:

Battly Launcher.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Battly-Launcher-Windows.exesetup.exesetup.exeAssistant_112.0.5197.30_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exeOperaSetup.exesetup.exesetup.exesetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Battly-Launcher-Windows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_112.0.5197.30_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exemsedge.exeBattly Launcher.exe

pid	process
1592	msedge.exe
1592	msedge.exe
1532	msedge.exe
1532	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
5796	Battly Launcher.exe
5796	Battly Launcher.exe
5796	Battly Launcher.exe
5796	Battly Launcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

4676 msedge.exe
4676 msedge.exe
4676 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Battly Launcher.exe

description	pid	process
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe
Token: SeShutdownPrivilege	2128	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2128	Battly Launcher.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exeBattly Launcher.exe

pid	process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
2128	Battly Launcher.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.execmd.exenet.exeBattly Launcher.exemsedge.exemsedge.exe

description	pid	process	target process
PID 3884 wrote to memory of 2128	3884	Battly-Launcher-Windows.exe	Battly Launcher.exe
PID 3884 wrote to memory of 2128	3884	Battly-Launcher-Windows.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1412	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 2948	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 2948	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1928	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 1928	2128	Battly Launcher.exe	Battly Launcher.exe
PID 2128 wrote to memory of 2616	2128	Battly Launcher.exe	cmd.exe
PID 2128 wrote to memory of 2616	2128	Battly Launcher.exe	cmd.exe
PID 2616 wrote to memory of 4696	2616	cmd.exe	net.exe
PID 2616 wrote to memory of 4696	2616	cmd.exe	net.exe
PID 4696 wrote to memory of 4652	4696	net.exe	net1.exe
PID 4696 wrote to memory of 4652	4696	net.exe	net1.exe
PID 1928 wrote to memory of 1648	1928	Battly Launcher.exe	msedge.exe
PID 1928 wrote to memory of 1648	1928	Battly Launcher.exe	msedge.exe
PID 1648 wrote to memory of 3984	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 3984	1648	msedge.exe	msedge.exe
PID 1928 wrote to memory of 4676	1928	Battly Launcher.exe	msedge.exe
PID 1928 wrote to memory of 4676	1928	Battly Launcher.exe	msedge.exe
PID 4676 wrote to memory of 2024	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 2024	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4456	4676	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1696 --field-trial-handle=1700,i,12046058554544807536,9058624192955723765,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --mojo-platform-channel-handle=1880 --field-trial-handle=1700,i,12046058554544807536,9058624192955723765,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2412 --field-trial-handle=1700,i,12046058554544807536,9058624192955723765,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc56c846f8,0x7ffc56c84708,0x7ffc56c84718
        5⤵
        
        PID:3984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6068884812796242954,7336496334304451706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        5⤵
        
        PID:4304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6068884812796242954,7336496334304451706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc56c846f8,0x7ffc56c84708,0x7ffc56c84718
        5⤵
        
        PID:2024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,280061503196898276,14972526011821697228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        5⤵
        
        PID:4456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,280061503196898276,14972526011821697228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,280061503196898276,14972526011821697228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
        5⤵
        
        PID:3016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,280061503196898276,14972526011821697228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        5⤵
        
        PID:4896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,280061503196898276,14972526011821697228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        5⤵
        
        PID:4368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,280061503196898276,14972526011821697228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
        5⤵
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Battly Launcher\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\Battly Launcher\OperaSetup.exe" --silent --allusers=0
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe --silent --allusers=0 --server-tracking-blob=MDA0YmI2YTAxNjQ3MjY2MTcwYjY1NWE1MDJjOTNhZGZhNTZlODI2NzNmN2JlN2NhM2RmMDY4ZWZiYzYwOTk5ZDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWJhdHRseSZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1pbnN0YWxsZXIiLCJ0aW1lc3RhbXAiOiIxNzIyNjExMjg2LjY0MjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJpbnN0YWxsZXIiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImJhdHRseSJ9LCJ1dWlkIjoiYjkzNmNjNDYtMWRlNy00NTNjLWIwNjYtM2Q0YmU1MjE2ZjBjIn0=
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Modifies system certificate store
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.39 --initial-client-data=0x350,0x354,0x358,0x32c,0x35c,0x73d1a174,0x73d1a180,0x73d1a18c
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=6096 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240802150826" --session-guid=d7b1d99a-3426-4230-918a-f7ccb8ce373e --server-tracking-blob="Yjc2M2FkMTQzZDIyZjY2ZjFjN2M3MDIyOWY1MDI0NjFhMGQwM2QyNDAzZDBkYmY5MTQ3ZjAyMjY1M2FkMzAwNjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWJhdHRseSZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1pbnN0YWxsZXIiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjI2MTEyODYuNjQyMCIsInV0bSI6eyJjYW1wYWlnbiI6Imluc3RhbGxlciIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiYmF0dGx5In0sInV1aWQiOiJiOTM2Y2M0Ni0xZGU3LTQ1M2MtYjA2Ni0zZDRiZTUyMTZmMGMifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=F405000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCA7A1AA8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.39 --initial-client-data=0x324,0x364,0x368,0x334,0x36c,0x728fa174,0x728fa180,0x728fa18c
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x1118f40,0x1118f4c,0x1118f58
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "NET SESSION"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Windows\system32\net.exe
      NET SESSION
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4696
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 SESSION
        5⤵
        
        PID:4652
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3132 --field-trial-handle=1700,i,12046058554544807536,9058624192955723765,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e22c2898ac78c14a840076a8446b9d

SHA1
ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6

SHA256
a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d

SHA512
19381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d8ccfa6a8b1b15db876b848b8fdc102

SHA1
dc7d92c35e9c84d8d78ac0aedc926214cee68135

SHA256
b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86

SHA512
6ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
25KB

MD5
a3eee7b1a705507648ee013f01eda06a

SHA1
c73272a849ad0d75fa3b6d826ffefad60c2bf9fd

SHA256
fec4bc11cebc824f76b47499965c90597531f89716646903e606c477f40cd169

SHA512
f1d895f303542802738aafc0aa74fd02b75c0379a282eb9b45d200f9c467323b149a24a6d5241c398eb6d7081049be1f85f7359f9da28f86a322a52622246642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
23b0688a129a3d0b2be8c68c25683998

SHA1
47b37ede0dcc6b3855fb32c44bd88c1068e453e9

SHA256
bdca17a2f28f30d13457ea9347d2fe8f59ce1f03e292b4bfaab95cc9ba1a82bb

SHA512
0173d8051a48ec3b825f2a05d896de8d5f1bde9a3bd0379ec47e75b07e42be2a43380f31f43fc419970cc79cb1b2f20ec79026ee0222422550d4e6ae5f364118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1ce185790466c4c65a63096de3a9142c

SHA1
ca0984d3c0023f4718dcfacf297ad1eb8f5de185

SHA256
bc3a75c1841d5b6136f0557f73211f77d21939324938473f92056e82065a5b6c

SHA512
695b5c1385447c653d33b43faab8b1bd4fb7e73f2f605f3c70416865da9351b30a2307d3dac80a72bf3b5778e3c56c6e6d43e460a2cfedbc3aa2882b216688e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb052ea91615da9d87c33816fdf60421

SHA1
0eb9ab9b3e0ac61964e0ab4d901285126644e8fc

SHA256
799460b071ea6ac8885111f605769891a004d3cd89b2b7d7d859d78d106845de

SHA512
018739475731194127a14e90effbc7c3c510ed33bfaf1fd9d24751cf976882794dea1d63f384120e0c7b47a31f9d027e98489edb3abf3b84a5e84f6b26f44445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f9d0366a833e9dd409f755c0edb7570

SHA1
fa17a5799fb1879d7fdfed94a3d155087b02f2b1

SHA256
8aea7765ca7dcee2d4fbbbf7053eaa34a0a465ecf51a94d1a22f24b3b38e287f

SHA512
cbaa8f48dbee4d9a5d2fe2ec11790115b3a2de44a3345ca4863833773c683118cc82e9d625f4f0322684cd2b3ae7f1e39f0d7fba1c62060fecc8b8d9a35c6094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
72f5615eb5a17e729563cbbe9d48082b

SHA1
d1354868c8a33d868bdc23936ed8bd11974f5c7a

SHA256
1756ac533d4089c6ef60269b710415f43dd56bd9fbdf8d04d6fc04399542740e

SHA512
cb7e67a940e292ef7aacb223e7008f1fc891d6b4b6e052a3a81d03f16ec9099288bd992d378a19a423dd24d54773b96bc82e90f50ca3fd91cbf03f473d5e0b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b0c24e9dbea2ccfb73d86e65fa12188e

SHA1
bd81cd7f537972f187224ee94de1a89784713b12

SHA256
8a0e537b6d16df2e139d69838fd73d788dec83ba40d0a63c2be185118db5a947

SHA512
deb033349af0eeecccc2ab6865ebb1619dd5527b736d64a832c5bc594339fe952438606a1cdff49349387f9beef19058f3d5e963f1534c6f504f8aefe6e97365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021508261\additional_file0.tmp

Filesize
2.6MB

MD5
1bf64fd766bd850bcf8e0ffa9093484b

SHA1
01524bb2c88b7066391da291ee474004a4904891

SHA256
58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491

SHA512
cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

Filesize
5.2MB

MD5
f234c4f296e58a704363ba1b6547d2e1

SHA1
c7d18136a216d13684be54596f6e4d1a2e86f088

SHA256
f6e43c32e89ced0b6c0d88e620e23b80a4cc440a838a733ae880b078dd62458e

SHA512
64f1a44807f428c004b2e752b39aeb0e8b4310b713fbf90e31dbe16ef40c31866bdc5aa25e3bb6ecaa6523da4b412265cf74e149d20a2ef37d8addc816d14c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\libglesv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\AppData\Launcher\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\adm-zip\adm-zip.js

Filesize
30KB

MD5
9b6da3cd4a4ce0963e80d0e6dc1a11f1

SHA1
fce6550c2231f60425661f2f7db99efff491cdff

SHA256
cb49867d6ffe8e7c08ad0e6466c86450b0f81910069ed1ad9d5b7b9c27367929

SHA512
38f325ced4315f7fd39f9ec885e1a35f8d5c49bfe9721c3ae0b54d040c76e7df3e6d557f76bb5783594b0fe5c15f9e73f8c7a21fee373ecbd97ed9220d3127ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\adm-zip\package.json

Filesize
793B

MD5
d54047857da5c5c0f798702eaf6bbdb2

SHA1
13268d9836a3e86768a55e94d9ae566083450c32

SHA256
4a972775a807ee9450338de8587428f444df10d7d383721ab6f60c1981562089

SHA512
fd3311c500231a24c3923e9833e9c39e9369c340fba01bb8c5930313be2f1bd7cb7cdfa9ecedd16418a2164a87dfef09f0a33fb55c01da2d38cacae9e9c0a1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\index.js

Filesize
4KB

MD5
d441fba9399d196f943308f66d215d95

SHA1
76557f8a00782c3503b62784098b7832256c136b

SHA256
4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b

SHA512
7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\Mime.js

Filesize
2KB

MD5
5a77829e31fd521878c9484a90ff107a

SHA1
73efaff8e2e9adb871396c15c076dbf28757949a

SHA256
9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9

SHA512
dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\index.js

Filesize
127B

MD5
f18d3eb05bbc4d65415ee72c4b5d4dff

SHA1
e2d3efd8917c4ff9cbe668474891269d3fedcb37

SHA256
7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9

SHA512
65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\package.json

Filesize
775B

MD5
41460dd956f1244d052cbe727cb6be27

SHA1
4982079e4fc60559ed7fa2c066bf71fc7b74d9b4

SHA256
a1dccf7b9e97739c70cfe4a205babae71016a576f4385a8d66308978f21e0d19

SHA512
4e273dcbe5b5bde34c1ba8c0bf35251037b058fe3eef5703e53027a53b9f6661db97411be2ae2e7b4353adf5d77bb389566a81258adb8f11cac679ee6450c978

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\types\other.js

Filesize
25KB

MD5
ce7fcb8480cc926c86d46e4b1fb6cc9d

SHA1
dbfc26ed679cce39b3ecb6bee5ef5968cea6408a

SHA256
ee0e65cdfde6e492be9c52e35bffcbe0e0fd9a5be1a18fbaa7cbbc7b9b406934

SHA512
c5c943a1722aa52c3f85f28189258ebb4e3ed025c98bfa0d7ce978de2587b10239c578d5d96fb63f85bd8ec16d7d156847268cc14421cb920832688984fc0cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\types\standard.js

Filesize
9KB

MD5
5119196e906ee770dfd3610bcfbd0587

SHA1
a21f9b1eba88b1af8d16231a5759ffb8108a645c

SHA256
70aaa6f9c1b7caf38db2eff138406911368729b8dfb478fe70078e46ec1824bc

SHA512
30d30134c1044d36bf4ffd93cb0b6f003cb702a14b9e006bbc9a18a7e9e6915f18c22eb0b8bcfb5cae6cc15636726e0d8ab59189610550140ac90e51f45c324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\package.json

Filesize
367B

MD5
381be2da7b731d7e9f68c149ef521e46

SHA1
11f4eabe7d5c1236c02c9c6e1ef2e8f58226a2e3

SHA256
c30372a8a6ef7a7cf021a48200d7ca770ca5ad68022e92c6d15bd27878dc326a

SHA512
0595738800f268106a61f3526448bb1c89ed37db1950d00b7fc1f1d2874cfcd1bf7454b49d757614543caf756407d6594e2246f68d6916db51553c95e22c4f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\lib\ejs.js

Filesize
26KB

MD5
e7286ffae51527e51efadb4ce65d1dd8

SHA1
2170a351835c1ff3ef58faab251e3d5ce5dfe9d6

SHA256
9ff1cb7fb0a7dbd822e04d35e50560a199926cc323b5aa11f1e89556d7b89814

SHA512
5a551b8ae5dc38eb4893acb2876046ebe27ed3852777b7e832173bfba8d5470b08495232811a82edd0662634bc6351e51d7d3509c87663900ca122a15e1d50e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\lib\utils.js

Filesize
6KB

MD5
c4ed9f400aaac2c0b2ebe7c7f5795b1d

SHA1
4e88b60293299d879774768f84cf38524c3d34c3

SHA256
d77d4660b6fd5131949906b67fa4456223c308bd13a88d7dadbd2e10e5e7ace4

SHA512
100faa0f015ba8001eff8dc435174dde0af2d8717976448a3202272e7d0edde3d149f0a0acc6469f8d86fa0b15b79237cc1ffd5efb9456e0bbb625e6cfd53242

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\package.json

Filesize
748B

MD5
c811f299cfedf923d32f6126894283b1

SHA1
4d25c24f5ff44f2963d08d74d474b03127c02ecf

SHA256
ba32b2005d817a23dc0e0b57c248b53b8b0316e8271fa433780750a954d56e69

SHA512
ce77756d8c128eff055923c6622f3b438a3eba87513fc6d962180b93762cb325c5b96c89e05e1df4a7ef227d35ad1de659d28c893742c5a1e8912b365b1a3fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\package.json

Filesize
530B

MD5
e102ea0d9f0e36be31e25b787c35ca2c

SHA1
022ea237f37e95570872a64ba6af1e2f63cb0dab

SHA256
9f66eafe35c475aaba1157c877406f448273c6e4811a1ef2fce10aa0d5eee706

SHA512
426e0af432f24562e548bf53ea972636c494f0c5b840b9e6affbc40f32fdb9de3cde3c4fd83d9a221eae9832a42631b2b178a3d46f1b2a56d1a82978fe32fc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\ads.ejs

Filesize
1KB

MD5
d7f2205fb3ea4fc29629fd16cc13e42e

SHA1
ac4addc19bdf3f56a2b2aa0b8e5a2b2d459b209f

SHA256
828df948e8dd1e0fc2a88511fd1f59568a97fc2c3626152e574e5f31c89ff5e8

SHA512
6ff7cbfb366642d6b1ce5ce15f335b27a8f500341bb059f6037d50409c071d9ef8a735c447a876bd986f4902e377a773b9e41e09d7d433b8365a5049a689bf3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\css\index.css

Filesize
20KB

MD5
9338a403220d934986f5dc738419174d

SHA1
33d0a93608f28900b4771b49d88259b2f70350e7

SHA256
2f281d5eb03f52a46514089fd0b0af408f02613a8fcef8d506dc01f590651d7c

SHA512
cd92d15c6ee9d6d9ed78fa073406462d5f3b33cc9c198a693fa51f53889ba9f5ef2a498ea3f033ef7cad73b1248e4bad9afcad8246f5b98dcde3435399dca508

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\icon.ico

Filesize
11KB

MD5
372b8e595552272d8980d7ce68a22a45

SHA1
3458abecc3172f86c0a42f889402a700964a7bdc

SHA256
9a6b51f26c9efb993a02f67582477d9b524b029af5d6b1bea046840012dc110e

SHA512
bb712405ea0c0ec66add82abd04ca8f32e07bea7e4bbdcb2bce53a16caf8d9bf2a514ec8e647739e739f995931fc6d04d155e8b2f381fb93765024a4aebc1fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\background.png

Filesize
713KB

MD5
54d3046d693ef7dc0e06a32ff629e7a1

SHA1
1d14c54f2db92c94e467dc3b3f6480fe737ed830

SHA256
62a7ec1cb750aa28bcfdc93cebf1521f8cdc352992938652527aacb79618e57c

SHA512
b4e123d3bf4b21bdb1c73ab9374bad0e1090e5cfd0b758bebfd907d4f3736c9f4e87e73e693a85eed66bd0e1eee85fbcf1a152eeb83ea6f317e85022d67fca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\de.png

Filesize
274B

MD5
0c730750c8a99bc30cf20b83d235aea6

SHA1
8ea6cd3bbdaae43607b4882560c4e04ef8eeaf8d

SHA256
b9d2aced61236662459e3acaaeaf44ce7af28405847c9a54d42fa4ae344f045f

SHA512
2fc3251378520052892b529b8c3638cbc3dd9c4ac471dc20382930c103c886826f05969400d7d1054b066cc81d00813ba86532b20be646aa8910efec9dfc6c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\en.png

Filesize
310B

MD5
c2de03c4d117d87763d4e1e5e28482db

SHA1
bfbecbfba4c5a871894c6784da913fa495a2aa3b

SHA256
e423db68a40835ac299155e365864461e37115a96f996091d5af026103d753e2

SHA512
628f47a91c2605a66dda06430f26d8685384136c0d04bc3146dd033462ef7def71c7d9ddd43cf3d07e892a400d089faed938a91317a94fce4febfd01183e1301

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\es.png

Filesize
370B

MD5
ff0df90a5a69c16ef24fab173a89ee4f

SHA1
02b14de1912f54b2b0630346c2cfe75a8da6d5b9

SHA256
c79f2cdfee1e6666b8180b7ee33d1f06bcffb113e602e8ec47b668d4db4f18d9

SHA512
4387449064aada45fba5e933304c5f931c29187acc025d291f1a758c6b2453085faa42693b2395fb08829b62187577988149514e133c2d4c58d6a2ed851f7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\fr.png

Filesize
284B

MD5
d03e36af77543804318d6a5e220724ea

SHA1
58f8df12d68e055019dce59a93afe17207d68bd8

SHA256
9914c4861965f03acbbc077509a8dbe76471a4b3c26eb3932427f9972236edb5

SHA512
8b10141b6411d05c4f7f7a1e3139fb0e7a8223c470b5f6a2ab84e07c482d39a56820b3e3a867263321744e2d5272bf9fabc81bde61fbb7e79e2ef31a37cacc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\it.png

Filesize
279B

MD5
b9673fed0ded2c7a6a3e2572b60ebb5c

SHA1
b4c6de948d9d7fb396dee563804fb161dc541cbe

SHA256
7ed6102d8a617b6cc2f7fe101ce130b037bf4fe7cc41deb011430f8def81b14a

SHA512
0f5965e93a08ea0a4f2a38de0e9f4accef71dea85d56f07c771ca62a966ab2049d611b1749544343e4389cea203137cb037fa2b7bd420087acfd3ddec2fc52f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\pt.png

Filesize
806B

MD5
188d843e650bbcb429950217dfc0131f

SHA1
ec3a3cbab918dc69f797f96b718fc22e398771b0

SHA256
60d97aeb01ec6481d1c9f5be24082655c880a4ec947e42713168e3c36d6015b6

SHA512
8b8aa9535194304633d229161377c73e0b13fb757a2661620a4ebb33d0bf6bc7d56fe2456a062e7ef9f6224fc2aabeaad9d472b83c96f2643e4e44b9e46015ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\opera_banner_es.png

Filesize
460KB

MD5
71feb71eed2ab2a53ff3765f4a1e83de

SHA1
5dbd35ad7104691f4996311516504c844fdf23a8

SHA256
d624cb45b2d295fbbfd59d20c20a825fe73f5cd2b09d1e01f8da5aae1508aff4

SHA512
f30ec6e622106e05d02caec8f2464157348bf150b4c3cf33565e1bdd66c35dde542383c788b37c78c8a06876ece338dc65ecbd8f0020b1ae1bfe2e803150d78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\index.js

Filesize
5KB

MD5
959306e641b1474f109d59c7320d2663

SHA1
add0e58d53d96050af3a55b07bef4e2b3aebb443

SHA256
863203fb3952d5a921208ceff5cef705fc35bfb29519799ac5c1f8ca228fe437

SHA512
dcd41217bc980b5817456341fa07c9d7301f0188479850942042d07c0183068b621445dc6903367e3ce809afbfe52ee574c69cb9913da9175b3f1b1bcad1b5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\langs\es.js

Filesize
2KB

MD5
6e6fdf68120d784a17b10a8e1d87c2d8

SHA1
e6ef1aada60b098a9cbd60028a64a5f5aacf3407

SHA256
0bfb77caf7b42746b6738f4127ea215b43ed7d9e311b158d8776b22ae6a1e531

SHA512
be6b434436dafea7f545b208e525335d72013b9ac967b3a184598ecf06ed6fba1d5b6fda5ed59973f598648af3de4cbd1565622bb934300a238c733fe16760cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\main.js

Filesize
32KB

MD5
809b1a3f7d58f4b0b46a0b034b869df7

SHA1
1ec374e6f59b910ca6534c83cc606a1ea463d71b

SHA256
8f90bd5446d45e457bcfdb3cd4da2428d3b516ad07a3d72f1dee1cba4678b9dd

SHA512
00720a80126dd93737e87e4a9a3171083b9d342c34bb928d8b3c680b1de3e18bc90ae2189fe86b22c7afa4c8277bc79ae6150a06b6f6114b207399ab94512db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\langs\es\eula.txt

Filesize
1KB

MD5
3c09cb08016752513697717cb4524919

SHA1
4aaa2a8d3f1e759570252e0bf16b744b575fbb38

SHA256
6458dd3cfef6f596c6ba49bf5cb42429b8573ac9af021d6e0fedb8c2f89a3e5c

SHA512
4c866141850d40ba21b20cb96a2f7bed13afc6b0534fdb08e68381ea40ba072fc769c15cd416a0a5c6e71aa485a44d364327d215af7ba581340363e61809c11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\eula.ejs

Filesize
981B

MD5
0887c927cc2ba0250bea889fd5d40660

SHA1
8ae1b01d3c501a15cfeade573a13b93c44ae34d5

SHA256
df0dc42c4ec4e3dbed33e6fd855e977f3bfb4cc2a49a8402ead53bfb9f544d6e

SHA512
01dd4c0e622e95adc652fd06c8503864506cae7466d4114bd11938f69a5b97065ecedf2a9d516d485abaa33fc3442bcd9de46f6a00b0979c11b05951bf2183db

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\footer.ejs

Filesize
4KB

MD5
d6c4aec009f8a181f5f805169cbad491

SHA1
7a7263138772c78c8c4330a2ed6cfbd3092c8985

SHA256
a2da2ca46128fdf7530a27ab8345986278cda1b78d7a075ec0fb11b66474fa8d

SHA512
d0a2d60113cdce329303f9657b741317e2f5b691d248fa2131b6668e07e7db9a5292ab734456681f335b71c732e003009631113cf14f218e13aaad7d4e8bb4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\header.ejs

Filesize
38KB

MD5
eef60d35e9f75d3c7030d0574250e56f

SHA1
6d29148b90187fa1583652bc8799e65efa10f637

SHA256
3cf434b126e4369ffb8e9f4d489daee1aad9f47828850386984b3c752cdc7042

SHA512
529bf36dacd2fc808e63a8091a8aa92f5d3d39c23077bc72298bf052f1bdcd6fc05282608ce5337643d3c1a794bdde2b8d364f7deb0c4b7ae75810be3bdb165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\index.ejs

Filesize
880B

MD5
5cb43b3d3c087f4dfb7ef3604a39e757

SHA1
62796be76ccb921544aa6279dd0139b00450e24a

SHA256
88b3b17146349c92955cc88bdd70ef1fa414bf624d771a0b8ed0d7f2d40d76cd

SHA512
b5247488c6dbd4f682d27884f3b516df00ad6725665f79c2d4ea76c1a54d318a31e32c6f96a11fafc382d36097e50f505e0cba904e13b4d45afa96544401eb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\index.js

Filesize
4KB

MD5
45ed15c0c0a7ec66046343f4f3212a7a

SHA1
296de778426805a2bda8566c5b37f24c34a6c24a

SHA256
5f8ce9450962956086e6f19cfb2bd6c84f230a6264e3164f41e2d2c91ab61925

SHA512
4baa2d75426cde366088aec26907ab8fe9ca5eacbb3ea648e5864f807d83b1586dc00d0d4a9f4e06ca219505978139a14869fdac18e39faa47777e74d7621a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\install-options.ejs

Filesize
3KB

MD5
877f16609a32c46ff5f8eab3648b1078

SHA1
5a3d5785704f016235b96fdbe04a9de69b48e203

SHA256
f8981d7e2001efe11511d6779675bcbead2fa27d6557a54dcb8492ea958a1454

SHA512
c6df43c91537d13d75e1b2e1b35fc2b452f7d62326f0074c24e975e18a47d31bade8a9e84514091bd537b8cb016c60e87920249cee73370188be045c628a30b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\language.ejs

Filesize
5KB

MD5
3fbf51eb59e0f0b050f5abcd2fcd3dca

SHA1
90d676bc914c2bebf33464dd088952abbedd56f3

SHA256
9016b2792ecdd22276e1d1e4172b4e598478f5668b27beb005e2219d229f216c

SHA512
c5e04500ebdd922d989594e3a0822fa9a9557d749e60af86ab1e309847342431a606f5e604538fa5d5666535bc68c4f5fbeeb4cdda9a832384505aac1ba2d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\logs.ejs

Filesize
1KB

MD5
6fc7c3d8bac3259202cb981acf8b18b6

SHA1
f3963b01f9a2df4e9b0b989b4e7ea8f55198ddfa

SHA256
62e112e61b5c9c582f5a9aac790a9275be8a560d1edb93c3a6879330298e53fc

SHA512
7d719b9698344ba99d3d860e28421bc7cfaf2e9d80cfc6da472413800900aa64f055add8269553e9838aa998df4d6575c6bf0091cf6263a6ea0c2537c36b5df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\path.ejs

Filesize
2KB

MD5
21e1d48f90eb1017539741c7a74cf059

SHA1
7906534922134e26a5c59324aafad63e20bf10ba

SHA256
870496c864624ebce9da0b98ea830249897a2a2317f6a816751f0edb30aeb32b

SHA512
2cd3d44337c5e1b794a2233d25fef122a97910d7f7d32cb811c0fa3f84397dd4781e917ba3db0e024384439413925dd0ab73888d3d82119951b86192e807685b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408021508261916136.dll

Filesize
4.7MB

MD5
c422732ce5268fcdaa68ecc576c3fd38

SHA1
7fb88aa9641d9a70ec88da22b25f55914e6f958b

SHA256
a8c8fe6990398fdb6fef6c64d4b7648282580a14b923b2a7b3677a81300d793a

SHA512
8b8337b1137810936c1ff5a7e6a59ef0c9a60bb0928547aa6d70cb1a42ee554b1efe92177879e0ebc9b80f92c43c3f45848d1ac7a644203bca3bc8d04441c9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqD487.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqD487.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqD487.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1KB

MD5
4f8b038f653b7a38c33a445ea1d21ee8

SHA1
a3e0da46643510e3ca7ec971b34c9b614a76886a

SHA256
0b9325a3970736ac973ddda1dd20469fbad7a0860449c2ff5bf57947b38f782e

SHA512
10202178a07c9d641b74f959933a2e0fb936d95f5c394af742fdb389ed1a3cb5de6dbea385f334019581d53bc2198577f2f583cfc1cce92d8eb3111cb2f6aa95

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1KB

MD5
830830ad8423de744ea7c2483f4bd6fe

SHA1
a37d368829ab9aa0ef38847ba37eb9b197c52cca

SHA256
dd74c9100d9191ed0d37dc041ca332ac04d41526677db3ea1f435795b6620328

SHA512
151924af81fcb5b0010039d1a70d68b3777ae65601f31edc6dce12990a4f061dcd448d4fbf1f700bcea7b20579a96371885197100027f89b02a63a5cb4c6988d

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State~RFe590edb.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
523B

MD5
e62e7dc7492b76c7dd56e1918ea5d9aa

SHA1
4ebf1e6761c2fcf8816edc6c0e491cc0286405c6

SHA256
842375a414ae928fdc333bb3f28d422b093c384cc7e374717271ae09fc1e5450

SHA512
04143f2ea98e43e651779b6a8eb4e827aa83835babaef966a07875f4ec54591db2b3382d5eb8b2fa80abd760d35558af4a99935602f236ddf2ef683f5615ee0c

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
523B

MD5
96ebd98fae922cd6de0cb1a5dfe8a75f

SHA1
5cd5a4a81952b6eec24c75199f2e23a7965aa76f

SHA256
bd1e13c37c819cd3041170d2ae14cc2979b69523ae943e63503eb4e82ed469f1

SHA512
8f6767e5c711879b6bf01a9935000d7c57bb623e1ee8e611a91116aa49050ed06b7f5cdfa99ad232846641465a69308fb5381b3885ad23eef351d68c2710ddbf

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity~RFe588681.TMP

Filesize
356B

MD5
ecb1af6a125897b7e2f437f950c5299f

SHA1
cf1962c112827da8a058ca6798856673e83d1061

SHA256
d9b3c3df33d83a2c88c6febd788d515c8606205034984d6e0249ef68e986592c

SHA512
1c007b06b75758362dc2ac99bccf5a5c3e20074d12267d8e3a3fc2f41fa959fc325488233e5bf8a9b722664069354ad4ac4b294efff558b15720f8600ef30780

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/5796-931-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-920-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-921-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-930-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-929-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-928-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-927-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-926-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-925-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download
memory/5796-919-0x000002158F5F0000-0x000002158F5F1000-memory.dmp

Filesize
4KB

Download