9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d

Analysis

max time kernel
821s
max time network
825s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battly-Launcher-Windows.exe
Size

112.1MB
MD5

03696da629e834c395f699847326448a
SHA1

3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6
SHA256

9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d
SHA512

fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b
SSDEEP

3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Battly Launcher.exeBattly Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Battly Launcher.exe

Executes dropped EXE 5 IoCs

Processes:

Battly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exe

pid process

2504 Battly Launcher.exe
1664 Battly Launcher.exe
4340 Battly Launcher.exe
3276 Battly Launcher.exe
3448 Battly Launcher.exe

pid	process
2504	Battly Launcher.exe
1664	Battly Launcher.exe
4340	Battly Launcher.exe
3276	Battly Launcher.exe
3448	Battly Launcher.exe

Loads dropped DLL 13 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exeBattly Launcher.exe

pid	process
3464	Battly-Launcher-Windows.exe
3464	Battly-Launcher-Windows.exe
3464	Battly-Launcher-Windows.exe
2504	Battly Launcher.exe
1664	Battly Launcher.exe
4340	Battly Launcher.exe
1664	Battly Launcher.exe
1664	Battly Launcher.exe
3276	Battly Launcher.exe
1664	Battly Launcher.exe
1664	Battly Launcher.exe
3448	Battly Launcher.exe
3448	Battly Launcher.exe

Drops file in System32 directory 2 IoCs

Processes:

Battly Launcher.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Battly Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Battly-Launcher-Windows.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Battly-Launcher-Windows.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Battly-Launcher-Windows.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684937098422737"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 8 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{E9C9154B-1868-4A96-8406-E689728D1885}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3720 NOTEPAD.EXE
Runs net.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

1696 vlc.exe

pid	process
3720	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

Battly Launcher.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
3448	Battly Launcher.exe
3448	Battly Launcher.exe
3448	Battly Launcher.exe
3448	Battly Launcher.exe
3976	msedge.exe
3976	msedge.exe
4960	msedge.exe
4960	msedge.exe
2020	chrome.exe
2020	chrome.exe
5116	msedge.exe
5116	msedge.exe
2712	msedge.exe
2712	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
1768	msedge.exe
1768	msedge.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe
4892	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

1696 vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Battly Launcher.exe

description	pid	process
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe
Token: SeShutdownPrivilege	2504	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	2504	Battly Launcher.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

vlc.exeBattly Launcher.exemsedge.exechrome.exe

pid	process
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
2504	Battly Launcher.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

vlc.exemsedge.exechrome.exe

pid	process
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
1696	vlc.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

1696 vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Battly-Launcher-Windows.exeBattly Launcher.execmd.exenet.exemsedge.exe

description	pid	process	target process
PID 3464 wrote to memory of 2504	3464	Battly-Launcher-Windows.exe	Battly Launcher.exe
PID 3464 wrote to memory of 2504	3464	Battly-Launcher-Windows.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 1664	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 4340	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 4340	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 3276	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 3276	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 2508	2504	Battly Launcher.exe	cmd.exe
PID 2504 wrote to memory of 2508	2504	Battly Launcher.exe	cmd.exe
PID 2508 wrote to memory of 3304	2508	cmd.exe	net.exe
PID 2508 wrote to memory of 3304	2508	cmd.exe	net.exe
PID 3304 wrote to memory of 4920	3304	net.exe	net1.exe
PID 3304 wrote to memory of 4920	3304	net.exe	net1.exe
PID 2504 wrote to memory of 3448	2504	Battly Launcher.exe	Battly Launcher.exe
PID 2504 wrote to memory of 3448	2504	Battly Launcher.exe	Battly Launcher.exe
PID 4960 wrote to memory of 412	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 412	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 5064	4960	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1716 --field-trial-handle=1720,i,4740959935242975587,6620267208519062629,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --mojo-platform-channel-handle=2096 --field-trial-handle=1720,i,4740959935242975587,6620267208519062629,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 --field-trial-handle=1720,i,4740959935242975587,6620267208519062629,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "NET SESSION"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Windows\system32\net.exe
      NET SESSION
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3304
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 SESSION
        5⤵
        
        PID:4920
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3216 --field-trial-handle=1720,i,4740959935242975587,6620267208519062629,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:3448

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ApproveSwitch.ps1xml
1⤵
- Opens file in notepad (likely ransom note)
PID:3720

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ProtectTest.m3u"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff6e0046f8,0x7fff6e004708,0x7fff6e004718
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8595422595069873443,8443730699373841661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7e09cc40,0x7fff7e09cc4c,0x7fff7e09cc58
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3708,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4452,i,9335998851718710506,7402208664400594974,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:2900

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6e0046f8,0x7fff6e004708,0x7fff6e004718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5552 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12962859960495345483,128557324591565930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x2f8
1⤵
PID:5456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b81fc270fb428fef33f6e9fa81174b55

SHA1
3f4a4a0e880f6fb4ae60898d26cafdb62c1d7fba

SHA256
d0b9406d683213f8ae83312d3b970e34ebb1e014c67256ba593f6bb7a5a424dc

SHA512
69eb4bea3c41a8836841d686436c01941a92c04a8ee384e30b0c385837ad65340fdd89dd33db7a83da52a3b6104a4f2ac1bb8f76066127bbf15bef0d4c1d7d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
575e41233124d1484a9b46aa25dbbe90

SHA1
ccaa5c1318bfdceb32ee9adb1e9150d278222215

SHA256
21577e593ddea1aeae774606615947e476c725ccf3c6ceb5f6facab11358b350

SHA512
566da58c69dbd967d7e911387dc5711326d78694c534535c3cd9ebae158b853215952372bc57e4c7619efbf134782f9aa24d17302e8bcf711ccadeaaef7f2764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fe97e493be16ccb4355250f6d497e28a

SHA1
fc3c9bad16031093e277e1dae198263aef402c0d

SHA256
358381c6e10dc50eb8970e0ae1fa95b8390e08b019bff1b6f2961f70f5bcc867

SHA512
b9d82c28ae5fe51b02bbf3adc11179ba8aea9c9f7a105a87c1a1722491d7eec173688f1b01f282e84fb939ec265a7a98bb7b14c0ca2c9f5450bb13f998e88c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
033194420a7e5c2dc09b710a2152d917

SHA1
82eb97c9012b1153937bc1ca4af33a9857b23007

SHA256
2888d4667e608c47aafb82e1c2d751b9d73a0cc03aaf5dbd3f53f8ea51b7e95f

SHA512
e1423f4cd63371dcfd579e1a36e3bb2b66de889be2789cd2d268a9f15920d3ee5c26844e77c55b80e12ad27feab525a0058aaef628595aacc90dc4ab5f7cd163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d13e3ec9f8244c548de17eeb9ab9637

SHA1
6c802c1672c8b6eabac03a916093e516e9033a00

SHA256
4f64679bd8fd09392ed427414e4bc930040ff643d16bf5da69cab45abf20550e

SHA512
1fdfa9a5a4dfd50a1583cfb563bff6e1d3d0910b34bfa87c9a15efd28e061cf5fbc223c02932d815cf7ea8e193d87f2971a4eb3456856fe01fc001cd7e47753a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b9e00752d766a07dc29fc54026744813

SHA1
bf43aadbdbcbd7acedf8579dabe02a8f1863bbde

SHA256
bdb018e0a9bac002b8948530ed36ecd38fc51eb3fd3306ca7cc783314153df4d

SHA512
9e93c6da345a554151738092f0fa6930a948d4fae5be951fcc48101d5e0815bcd400cca32cbfc9458431961f8680d1a64185778ee4f4474a1c94d04f689eeb22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a2207e1e3ec9aea07fdf1ab2dfdb89d

SHA1
4acf9d3208b93a28dc61a05f74f98360fa1ea6c9

SHA256
cb3f2db5ad9aa8cbeae1eabbdde671b78df5fc77af96e7b582d9ed4e40cba2b6

SHA512
10bd1293f3dd2ba0fb30d8ef1395588aa9d0c4e3c33b8cebbe3f55e681fc5cedc1111fa2912cdde6445581f9ef0348e925c1a7a2def882eca1d5c1a09d6d2ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aeb71c5e93b5f7fb6de6336803b9c563

SHA1
45717ca94d10a1756103ad9fd4b8ad0b73ff3ced

SHA256
8b23c59ada2b63edce26d0c3b019c924beb17b198401fcada90cf7f1e0875fc6

SHA512
1fc8844bb283cae42fa83d119f9a4d6cce28f6840a3c979800c75128a72574f298504da861f0434b8c650d7733a923a20cda302f3d67d90508aced8c4963c263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5894a414e59cc78a29b5e107d772afa

SHA1
030326e562f7cefb5d9ebea8962d1547cfb1d3c3

SHA256
1f505968823f94bb50dd9291867cc2265f9991e5c370abd75e52d1f84baf4fad

SHA512
8f0ccaaa5b5933284ae07dfaf6d5167b930025d5847ea8f949401d7a11342849bdc06cd59f11d80d560abafbbd91723127341346cc10eb6c3e319801df515ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06a692b1a4ebb745fccc1ca096d2ff3f

SHA1
4b02c8b03c3b9fad71af4f5325d933f3d209db10

SHA256
5cae82a5b6344bc32a6ea5cd2c3d2c8b233cbe32ebd54a908882402ddfc7917f

SHA512
96f5e3315bf51a0414d5b48a2a5aab9255f0fca907a8eff42e185326c9f5ea446865e46d9956c8e9e48a95ecb41a60c1094380d18180084eb68b0f66f23b0c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0d8fb65aa0803ada5065e5c86cb1940

SHA1
3e9c3d5bde44d01994dc9d22b82b4f2494c2e617

SHA256
cd4b7913fb66dbf25a3ac13e8bea2240e55efa178f56adb6b3db2922ffa1f638

SHA512
572dc692d9bc0b0fe11b01b54cdfb628d0643dc3a716551a049abe751004b623667be6d413831d12303cc30bd113e86141b44482b1efba0efbb3f7011e50005b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e69f8a9700b1ac2bbda67a7ea9084a1c

SHA1
5418813a0e41787a8665bce00a9777fdfcbc4ba3

SHA256
efd18a65f6556a576c73f8c9648dc42bbd600b45759ab96a36a460d86a8bbb3a

SHA512
59107d7493ef3370aa6dfaf06c1d3651c14a67a5ce5c1834764c0c17fceb43ebcb636655b3a2a4d88d59bc447e494faba420efc85986a268651e660db08aa5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
3af03585126d6e701d06e72d74eb66cb

SHA1
7a25178e49bc7b989d6d7840699243ce9f9898f7

SHA256
c0c8a02a4528e19b67d10f486798312d4817c078950ae883b9ed0abbebd53ff7

SHA512
dbd8319cfbdb9f70662d2a0810785a46fcbde1d2a0fe44bd36b2cb1657bb74b34a5cbd31906dd7d8d6f9c689195c7a22890ce2ff1b2059049e8c4f680c0a3ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
1454c202a5e82cdd5b9d1bf63a6db1c7

SHA1
c2f57f24a617eac04ddbf99ddab5c2a4bda8b965

SHA256
58614e2400d51ad7f2023e40212ceef931acec1c5f2025b2d67a786d23e82f7c

SHA512
e902037c0a27ddd3357b4a945d415e5670e255c24184fc81a7b9bc619f2dc855d32c0f9c98e05584faafb6709f13eb72cee580cc3843434d68c9e31a537686cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
bd4112b277f4ff6a8ffaa524634502f1

SHA1
fee475aee7ddf2180a1c247b8277a227ecfa751e

SHA256
355e79f3be254a01b8a0c5b422d7dd23cb1184e8e7f9ca8f5f945c4596ab0e31

SHA512
4540a98d2144854ca1765aa7ecc1f394104ce4efdc561b5056f043eeef934d1408b7dde453dc714e1c661a17819e1d97510af8fa7587fc02ecab451e0c30e371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fe39bad8d51ecc18cbe59417f2b04eb8

SHA1
7e03b1f05e39e6f356b1a9e0c73156bcf62ad754

SHA256
e9d522febbb8474d60a8cf50eb1dc2958fd3c58f93967ea8adfff058978a5d1d

SHA512
2042bb4ff2ce6525e472e28e6826cec9050799569989e58014eef08654e4fbfd44efc78dc0e41bc94a737915c892ab5c3ef07e9c656a1fa5612c261e8ed9319e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7fd94f6e1d59b5e33a3df4e74ea32fce

SHA1
ff77a394e5109f45d8c9af1b246cb06687b9edad

SHA256
00af9cb1ca21c499c645fd4ce0bc34be2c8c90f3e37fe96b75071da33acbb684

SHA512
335c82bbbc7fef1e7494ac7c1f4f50ceaa1467aa3e731f5663861b3ea47e5cd2a34e842812a8ff48bd88dcb3ae8db4ba1f9a88becb04ff759bdf5876cbe91e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\292675ea-530d-4f09-afee-281388af4646.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7dca52935050dd571f0901bfcb7f5140

SHA1
fb95e2c3039ca065c9a458051772895d1e85c157

SHA256
27ba527fb40545bc869a9b43b9a69a3d26c1962f75055740c50e6ce1fe8eb612

SHA512
b77d9f7995f048f76b55df53cddcc8032fe87873a14f77784c2352d3103c121baacad86e9f100206f6409de554ebaf1d83216a00971677b6609374dee2a516b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b054fd8a34a4120b98107095e410f75b

SHA1
1fc732d586180b56654179c98ed15c4b958ecc1e

SHA256
50cc32aa6ff558723d3c9fa734fe66b2e1b2a11c42232c42344258da254b8bca

SHA512
fc2d8fec191e54a994a4df3a1f8cdbf2be00a9ab79e8ddeb034215f441d124516f3508b293169fa3c1c19c3b8ba6deea100ba79f85ea4edd0eceefce6b55f0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
6932e2a31ea7190c097b1a885ac8ae8f

SHA1
4d681ebc11681c822c27eb797ae99e7ce3ec8ab8

SHA256
1fe32f9c4b44cb7120aac566386208f38ad36b10ec738fc89c5240381e9964f7

SHA512
d42a25782752f3c1db1729fa76f5874a09d1f5081777dabdbc9d05469783aa98891d929b5cf5bfb83dc352c18176362c5efae2c963cba3c592a02d00ad97f445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e8e750de1c608e595beffe76abf37019

SHA1
e0bdb487174b477dafdd3d1ac0de7bd7f04688f8

SHA256
465d30ef0bc4969f9897cf4b86977a2889a8bc12e44ab6a566c617b3b773472b

SHA512
d2a51a854e2bb3843122a0e7be8ae3625a54a6502c22703f54e0d7feb5e731458e9e03bf3fc871ff3ac07d9754214ba5322f0458455d05a8e0da50ef047f8375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.xvideos.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fd8d5fda515adc631ed54a851a5a43a0

SHA1
5e02656d24e5959ddad8d5c92e2eb56951ab533e

SHA256
74d0f46eb20841ddc1544f9efac04a68dbad5c512c4322bf02c2abd88e292cef

SHA512
128074c948d842b2e533690a22f13e1dd4901ea69839f76534b77623de0de5a239d77930047f765a09b80655a4d2371d9652fe67b2e0f406be516c9d81b81bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5807f6cb1a297444ff9a88bc8421340c

SHA1
b50f836dfa045d5ba8e7350bb0e049fa16821dfc

SHA256
e02a44a1bd731ad08f38717d9eb9842356240e55494dd55de72217cab1a3f781

SHA512
45525b1af7ba9e89a42d20539807e9290b6e634be058dc0641e7b22a2b83fcf5dd8afea7718501740ebe13db4e617ae516b50d9db0e4e5295f605af95b99b8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
94e321a72f92dab1fd34990ff559602c

SHA1
47302e45e989c947925f6757f51c84d7e5d7fa7d

SHA256
fe94de4ae052d3083c878271d25d2b9d40be177dfa10a042ce97c0ac17b5753e

SHA512
40d36f85aaa1999a0c39bdeb7987b4eb41a3dab5d1260202d1f47355f495a18fb858246b1dfda6e142cd11b91df4a07ce398d8e8175acfbf9bdfc10d416f2e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3cdd53db5ff68c4b3ff37c438d43241e

SHA1
dd9349648bfdff9833bbdea79b6a4ed3b1b03e5e

SHA256
859e1ce4e314692797c30acfa574d5785a9a53c719ec02aabb02d8938cbabf54

SHA512
be30c880e1fbd37e656184243fb9279bb0366bdf2f39e4cef909e43e95eb62ac3bf97e437db810c43a8cd7f2e559f339449f822732b5fc8bc90a39fa6f6e8172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eec9e1c6bf8db237363b832a3fa9437b

SHA1
8a676caa4af50f5026eee2d18673ea9ae6ce1610

SHA256
1e7bdb7f5b60f67e0684a1773cf58f8318e3c39f6b8097eae110bf0548c6753b

SHA512
5252ee64d90494186cc41e9410f87b54f05b4709fe6c26ab7a7fb1a692d175e7f36acf14844cfb51a4cf11b73a90a4e7790a86ca01257d34f0a548e0a0cdc453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a51d93813e5b8add575c99cc0c3240c6

SHA1
db4ebcd86c8fa7de84d9b2173e8913d61342e523

SHA256
8861ee0b3e44dbf8a5b5f4a689b8b36d49dda5e77afbccb854699afc47ec598d

SHA512
3dde26abe3345ae13675c717204d55f7d954a2949cb08b3220bed292e5df660a91897bd8b587ae7c14c2d4a10abcae8c20c91754f63fdf8b194f681bac0dd0a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d64e41b80c28d45ac2f81fa20dd8f79

SHA1
9b23ccd19d8ca1de80ffe72ce4b65feb1a22444d

SHA256
682a8f2c5fb48447c19374ca1a7fff84e7413e3664cc0bf787f307dd45ba8b70

SHA512
755843ad9cf677a3dcd1e706aadecc0943463dc0df2bbc16b27fb12c0150a17ee52f4c1c8e5b7abfd6a51c6c444603ae38ab629803254743b5a1c6613d9c4de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6dd0670c8ec0b5294132d8507440193a

SHA1
b33af9cd4050ba4d9294c543f50558a1b51b3e4a

SHA256
b9e36fee378d7843bdd469e51f3e9cefa3aa3fb425235e5190ed57da22eec80b

SHA512
cd74951f8762160a41e5bf726ba80912322a31794a4c8a7a10bd3da240a56ed70fed135e98cd4caf78ce0cfad0dd27f1edb04a76de9b9980007cfa213c26d5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a12b4635d977348950c5808ccf3b0640

SHA1
ce2dcf5aad539f1b9d5a6ce64fc1dec79b2823ff

SHA256
2a5ee16b42003320efafbf8714f1359699058519e66ea31ebd4e0e5e2f014c2a

SHA512
6850b41e2f0c8d6abf9d4c638a66d60d9fd88099113a675b015a2498a6f4011d437fd8dcca719064206fa00bde62ffe5601c181c635df1b036fcdaf77dcbc869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4418048c59c370f33db6f362d71d2825

SHA1
ad26434da3604ba0f71138ebae5bb9a3e5927cb3

SHA256
f55a3fa00b7755adb64edf6c8dbbfa2a625ba1c47e5deda2852cc3e8d6853b3f

SHA512
9986ecdb550c7043bc64fb0e50d96893d20aa6bf1e151110e4842378cfed7734351742f3e6fe145e1b63ad15eb830edc0bdc65ba771abfc7c4692324a989ccca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
39720054a666947d7ec17edadf31d9b0

SHA1
3cfb39e93d2674afda912826f907d3da8e852bc7

SHA256
c56492067045c4d21c3a9067b2c3e9e172afbe6728a60a6c5507890963f3cbb9

SHA512
cba6e834ca84205837b89abd60bf1259e3ac7b1d97881d73e3cd60d94ba16999ef1a37d45b8a5b59a5db669adf13abca3db983f2ccdb01363c7fa1b644b36a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
06b9d4485c25a449d05a51397d1b1a18

SHA1
a6f9f3efdf9af43f293c75f8094f049af609fe16

SHA256
d9999dd9e9ff486934096ac52ab022d97823d49f26cb1d43a88deb4c1df459e4

SHA512
3ff9856cdb057d823a49d6a4516c3c7b874251598013c21feffa611a857bf2ac166a93af55682706cca20ebc45496cdcca7a179b91dd270a40c8fb76ca7b1e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c6e2d27aa9be3f54eed919e56ff43c19

SHA1
dec448285f1dc6d2f53f868b9bcc2714baf76fbc

SHA256
1c93f04c179bf8f25f7014f0152a609e100849a9c79224afed974a1af254d5d1

SHA512
301f14b4aad6988106d004565590fd79260bb63df1cd7b18c44051e633f8886c8ecb2c08e647f91d7ae1cda15f6fee69ac14797649afe1ec9f96dc488f008d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c6c5c561c1973a03d3bb857fa4c837c6

SHA1
04769d73f30436703d705250a9eee05d9e4fbcb3

SHA256
ebc821dc6d144bb21228ae5ed69f21b94a97504f47cce1485f50fd292517a4f1

SHA512
3a9fc300b4258f1af40ec20cb7d99e7f8bf22263c731000ee1c77bb097326548aa19759fe207a46e7f6b6c629593cb67c33849c303e78a79a2a5338d6f051c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e3d83a0fca0a222f3c232cb8799244ea

SHA1
3ab2e96dc918d85bbde1c16f140d78ca1f9a59aa

SHA256
269ebda1c077313072fe5dc47113e657bae28e1575182b1b4d17a8f38b680f25

SHA512
ddf52498fc16964d3f9a0f891117e2b1f09eb470c5893494dbf8ed7ec6f9298747ff78f369d9a0105d7941e63f5fb84c981061d33af62c44e62907255179e52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
603793938565e41be0fac52148a86872

SHA1
c51aef7cc24aa6fb502ad3077c7607f7021d0148

SHA256
c0e4d00887a98f9f8776292e06b10b861ab7e5f7367cf6daed755e41a52608c8

SHA512
9759d43befe7a938e7bcc344aa71cdb42e3df8f0eb59d71deffc0953b044dbbb12531e070657bac9f82e6c8763740afa997b7699bb99b3dc8550f5e06125f23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
265885e84fb37b25fc18859565187adf

SHA1
3d475537826224261dce38d830cac1ee89bb6c0a

SHA256
ae48cae618afc7fc6c97c4d73d23c1a6cc68ee87692152bcad281e21dea2a778

SHA512
c45936b01ebd9cf17ecfb9db230608c949029d77e896887154f3269dc579ef06bfa06e1dbb7b16154a88a5d2c7e20ce43bf249c4ccedbb8d87b5a9d00c488e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4083f1bfc8a66b679f059756d1ad1072

SHA1
96a319e39819966efa6241922c6686d11371351a

SHA256
10df4128e2d82c059a8989bd2875063c250992b9a4b1ec15aab4081b94bce865

SHA512
eead685a9661a4b0ce27b6a80082e34dca10fc8905cfb6963007210ab64a07b9720cc5b61535849862c618e3e0189cc00a26aae42f424316a6b9b52fe29f259d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
ae5a29c129fa5ea484abb2fb9ffbe1f7

SHA1
004959d5630454d0d6dd91628bc79053546ed655

SHA256
e79c8f4a076dd14dd6473e9e18b25616f2e25b3dfb044c5e1f54fb2628a3c639

SHA512
ebc9574052dd6d172bc674633958e6e4e0d3f2080356bde528d7d3167200960edf89aeef818ae9017ee5fc054604b0df30fc96d693c37d315812cfe43ce7f415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c60d237c1288f89af6d70294a5e03e63

SHA1
c96d9772df809e7b9e65119e4259f56abcaf818e

SHA256
179985684a266cbfd1d16cc6417e6c2bc9eb92ca359a64253568dafcace750b3

SHA512
e231e6bc7e58b8b24e07d85d0c7575474c6bba684d7e27eab925ee6c8fdb8fb25b2dacb4f51620fe3f9859e6ae624a303389508c03f4491cb6d031ce59db4463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe605c1e.TMP

Filesize
48B

MD5
4be5e74c9f76b760b0cbc473c0998a3d

SHA1
1ad50818a52059dd759446f2084416764923307e

SHA256
a905603b9317dc46ebfba6bbdcff7f9dff3548d7b1b433ffc30db013ed802cdf

SHA512
fc9fe0f4504e8aea0445b3fd6b4d082ae6a7df4a3ce45b8e5adab361ba7e4416b5285b4669318ef17f3e04f45063bce06c93bcc891abc1de5aac97e1464614ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4718db2ee9f926a6c34e0c64f843687

SHA1
a7915d2b9772e7c24eb7a17ae406fed4bbf4ccb2

SHA256
8487374004f248c01bbb63fb91fb361f15bfdada1a35d9958fcbfab6868075a5

SHA512
34238bfbbf3005dffa119cb2987baef00cfac6f8117b836c7dde069cb02321369483f86c3190099b0d2d90796002ee202b14e27cbb48091d89a99677ca53d5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
49b6c4ac4babceafa23555d5c00b45e8

SHA1
01bcb8312aaadc2a81f6df8510767dbbf67978b5

SHA256
b29c04b94d4a27b7174008cfe52a94571d230ae95f18fa2ee8f7d25cb65269ab

SHA512
391b8b39d2492d1d9a42e4fab1614d5a979092ee4f8e6f88367ab699b7aa2ed3e33978a040c4e95209d64fd0e9baff39afeffcbd6d9cc2e114eec1fb79175e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
857ead255e4e23be59680938f7afc214

SHA1
21720b00fce8e5048c5d7311015ab09166fea8b2

SHA256
be4e86eaa26dee63cccf972c0a83444643f56bf1955e6a0496d06366122b3b4c

SHA512
e5f85b8f0175dc53e7c1f8e309f6bb940a74d9900a6003ee25b22142afd9f78b1429899dddaa9e84313dcbc91a83c07d366f2982ce582d535e540d991253e5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c6e927509ff88e3f6e40dca98623719a

SHA1
80c54b0846efce99df117d3b74902af1447bb5c8

SHA256
dda947d9fd1d1c631546d0150ee773ff763aeddf17c01738903d0f7b73a2f865

SHA512
6132ce1aa243fed83892421a6dcbd376fa6ccb03c0072d1920ffb6b674851f10922f72f766c061c2e61b26d0100ad245554d62dfb3f01dfeda24c47088cfc6b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ba8ae527fdeeff98572953ef506a1ee6

SHA1
3fedec82e624d997ca989376d315901354ef38d4

SHA256
089ca81f231757e2862c2cd07885654495dc450c53ee257cff2a18da20647c82

SHA512
62cf4bf5d9cf63f6999781ece4aaf9181e266193e704ae4a00e3e35141ea3813ce5f1a51af0c562aa86b68ecb8b22d5e28e1374258b7114b035590e222c828c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
d3751dc93d2368ddb8591b1dbb564746

SHA1
32cea92d12434e7b11b33f9febaa3288771cc305

SHA256
911e030ec44d13ddf671c5f14956f5e69dc8da8aeb2ca4caefe1b4633f297c68

SHA512
c5458907426f2210726adaa5d881af054941529ff6aa591e893d6d363da4dbc13b544792e6fd8d8de94e6b5952c90f6a1bb972c7c637a568a451532a1773919e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
58602f7c3a01db722629af5d25b0775a

SHA1
9e057e41356e70c7f04b9f4cb89ffc88eff91fc1

SHA256
3bc841f203dd8a5feded7e71605ad772030d623c61d3b53356469121402245ac

SHA512
54ca110a713bb1e30b9ea6540f367ade7a5b9bb28c431425ac3689f929a55225717a42ad363a0d389a4613537d8eedde477e0197a0d7d40e37dfdded017dc150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
025e08574511b840e678e44eeb4f0024

SHA1
9851d171f76a68d0820a69807cab7b42b80be6a4

SHA256
f9c82e5d332d13980c3c9f9481e719b56c347be35f4c5210f7f92eb72a4ba874

SHA512
31d2d482e890b8360ef0b9285ff03aa7024521cf120c71f2c68d3efbd6281d0636657ced8ecb8d39747b153b1207bc11e8aadc0ccde226c53e6d11bfe8055157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fbe9173d16a23fe0be92eb96fca260df

SHA1
9e0e04463234831c1dcf12db5ddcc22c199e5a43

SHA256
1f8051bef1b71c97cda6f6493f1f9dae1310af250beaaca51e6060c9f23d141c

SHA512
52a0f8676f28ffae62c6d0e2dd44e2b148339e611a4ca94e7e3f4638cd5cf954eb55c648a8025d5008d421a860e5b169883dcb6d46a51ad65d61641ea008f885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9776cdc87380f4e6f65514a82165724b

SHA1
4f558b986ffb95f28e2579e7673b9af870ae31a6

SHA256
8f9209ac5ed1756e41f61ff7e2a67161e5081e7e6d0b86b54ce83652b272d12d

SHA512
c1892895f437a0da2423783302309807d3b137f373fa8c515d3290982c792fe0e8f58d02dd068864ece722c92b88b5ce35055d06e71f5fa5f1c6a255059905e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bc6bd0f5ea33606c783915db15a1cb35

SHA1
5b49411c1893cd885169cee8987c1c6c0533e862

SHA256
1007250b9eea13d6fb5e4b7fd8ad4df92bffc242d4bba650a241a95d316f388c

SHA512
883142381eaa788c2c4cddbb5da38f97697a9acd6e720bb60a1574838915daae46136eedd772023b5ebb7029092dc3374ca7a140d6184c0a1e611ffb5fc1be91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
303af332476dc96b92dc84a46bf78945

SHA1
9e9c1ee4a6b229e1375ece753626496ab07f1549

SHA256
e08e034bf68919e5bb9c9c79a4cc1044986e6407ae395213cc5c9a8bbd342cdd

SHA512
1f0bfafd7122130c6346e223ed5cd19939ae17373d4b9b655b323053ff5bfeb2cb71a2687750f243d3c56d07eb482479393747259c99cbcb191f1ae2a344242f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ca07966a8720b86d3aa332190145a77d

SHA1
295f1f4264ecbddb281b23ed9065d7dfc015964d

SHA256
ab85f42b16cf102b525ebf4827dc14a0a898a920ed8a16bd79f54c0dde0febdc

SHA512
480468ebacbe539a98e01f92e609b57f109a466dde0394b07a9c739f94a99a6e1bf3637b4071ffdbf11d08e3a472a4390d0770e253924789db55aeace6f38152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6024b3.TMP

Filesize
705B

MD5
059b59040c79bfedaf05ba9587ff5e28

SHA1
f5dd5c30d374e660a7ac879c1764804688b462f7

SHA256
d70514d86458ecc31126c8c4efe01ce1ec0ab99d0ff58126081d655eeac09f79

SHA512
9a1b7d37e077130a2444f2055d3da26b6cf763f39aa60010aecbc8349cc02d373f84c282ea063815138689a0d40e70737be0cf5fad8e9be4b5cda628fa6d17c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b540be65948dc9e5a95ef3218fcfdb6

SHA1
345881543ba61ffbc84e51326931ee70c6250606

SHA256
aee1b0daef34ecc1f6612881a974a8fd72bc560f1236eee247622ba5db3d4005

SHA512
017bb6dedfacb428caddd915230bcfe1029a64f60934d1a79fc835f3eae9fc06789e137a90820372ae0df504c3fcd9b7ede9545cd8ed787d3cfa8e09ca2d851d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5d9b09e50b2b6b47968634f41282b32

SHA1
adb50b8807405e59c96c59088341ff2a56909243

SHA256
7e515af630bd0885bfa70fcc7ec25856f0ab032a97cbc1581d8c05e33288c054

SHA512
2cafddb37edf144dd090231234964b974f3c67cdcc8a82a6bc02c6eb79816f103d841d0473a20332357566e158729a2a88a10f1d1229859dc2333b8b40c06ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d062fdd69cc352b0f8914ab496685b15

SHA1
f529ab97b57513cbca63907774d94407a979f157

SHA256
feaa7e9d8c9f26b0c7c1595a75eda08d694b489fe9861cc2725f179f7085de7c

SHA512
a75df596d506a2c09d962a138c81b7af7998f9bc2cb88a1504c4f3d366ef1012b4bcbfa681e65133543b65b8a721ae15c5246301de6219b46f47dd46618179ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
425dd71d6ac053ef90354c9722e43b60

SHA1
1054fdc4c7cf9dbbd4a8d2a99b2bb490496b4705

SHA256
14ad005f5cab7f88534b6e8196ba8afd7718a765176c6dc6caa365a79548693f

SHA512
8edda872a0e63db1f4a831d25fcfa9075f20e62d438397e54b412046698f1b55266ebacc74bedd03d0cadafcabd5b7278d179c3a0dceb6142549d2c3a22bdcb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\D3DCompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\AppData\Launcher\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\adm-zip\adm-zip.js

Filesize
30KB

MD5
9b6da3cd4a4ce0963e80d0e6dc1a11f1

SHA1
fce6550c2231f60425661f2f7db99efff491cdff

SHA256
cb49867d6ffe8e7c08ad0e6466c86450b0f81910069ed1ad9d5b7b9c27367929

SHA512
38f325ced4315f7fd39f9ec885e1a35f8d5c49bfe9721c3ae0b54d040c76e7df3e6d557f76bb5783594b0fe5c15f9e73f8c7a21fee373ecbd97ed9220d3127ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\adm-zip\package.json

Filesize
793B

MD5
d54047857da5c5c0f798702eaf6bbdb2

SHA1
13268d9836a3e86768a55e94d9ae566083450c32

SHA256
4a972775a807ee9450338de8587428f444df10d7d383721ab6f60c1981562089

SHA512
fd3311c500231a24c3923e9833e9c39e9369c340fba01bb8c5930313be2f1bd7cb7cdfa9ecedd16418a2164a87dfef09f0a33fb55c01da2d38cacae9e9c0a1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\index.js

Filesize
4KB

MD5
d441fba9399d196f943308f66d215d95

SHA1
76557f8a00782c3503b62784098b7832256c136b

SHA256
4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b

SHA512
7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\Mime.js

Filesize
2KB

MD5
5a77829e31fd521878c9484a90ff107a

SHA1
73efaff8e2e9adb871396c15c076dbf28757949a

SHA256
9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9

SHA512
dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\index.js

Filesize
127B

MD5
f18d3eb05bbc4d65415ee72c4b5d4dff

SHA1
e2d3efd8917c4ff9cbe668474891269d3fedcb37

SHA256
7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9

SHA512
65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\package.json

Filesize
775B

MD5
41460dd956f1244d052cbe727cb6be27

SHA1
4982079e4fc60559ed7fa2c066bf71fc7b74d9b4

SHA256
a1dccf7b9e97739c70cfe4a205babae71016a576f4385a8d66308978f21e0d19

SHA512
4e273dcbe5b5bde34c1ba8c0bf35251037b058fe3eef5703e53027a53b9f6661db97411be2ae2e7b4353adf5d77bb389566a81258adb8f11cac679ee6450c978

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\types\other.js

Filesize
25KB

MD5
ce7fcb8480cc926c86d46e4b1fb6cc9d

SHA1
dbfc26ed679cce39b3ecb6bee5ef5968cea6408a

SHA256
ee0e65cdfde6e492be9c52e35bffcbe0e0fd9a5be1a18fbaa7cbbc7b9b406934

SHA512
c5c943a1722aa52c3f85f28189258ebb4e3ed025c98bfa0d7ce978de2587b10239c578d5d96fb63f85bd8ec16d7d156847268cc14421cb920832688984fc0cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\types\standard.js

Filesize
9KB

MD5
5119196e906ee770dfd3610bcfbd0587

SHA1
a21f9b1eba88b1af8d16231a5759ffb8108a645c

SHA256
70aaa6f9c1b7caf38db2eff138406911368729b8dfb478fe70078e46ec1824bc

SHA512
30d30134c1044d36bf4ffd93cb0b6f003cb702a14b9e006bbc9a18a7e9e6915f18c22eb0b8bcfb5cae6cc15636726e0d8ab59189610550140ac90e51f45c324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\package.json

Filesize
367B

MD5
381be2da7b731d7e9f68c149ef521e46

SHA1
11f4eabe7d5c1236c02c9c6e1ef2e8f58226a2e3

SHA256
c30372a8a6ef7a7cf021a48200d7ca770ca5ad68022e92c6d15bd27878dc326a

SHA512
0595738800f268106a61f3526448bb1c89ed37db1950d00b7fc1f1d2874cfcd1bf7454b49d757614543caf756407d6594e2246f68d6916db51553c95e22c4f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\lib\ejs.js

Filesize
26KB

MD5
e7286ffae51527e51efadb4ce65d1dd8

SHA1
2170a351835c1ff3ef58faab251e3d5ce5dfe9d6

SHA256
9ff1cb7fb0a7dbd822e04d35e50560a199926cc323b5aa11f1e89556d7b89814

SHA512
5a551b8ae5dc38eb4893acb2876046ebe27ed3852777b7e832173bfba8d5470b08495232811a82edd0662634bc6351e51d7d3509c87663900ca122a15e1d50e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\lib\utils.js

Filesize
6KB

MD5
c4ed9f400aaac2c0b2ebe7c7f5795b1d

SHA1
4e88b60293299d879774768f84cf38524c3d34c3

SHA256
d77d4660b6fd5131949906b67fa4456223c308bd13a88d7dadbd2e10e5e7ace4

SHA512
100faa0f015ba8001eff8dc435174dde0af2d8717976448a3202272e7d0edde3d149f0a0acc6469f8d86fa0b15b79237cc1ffd5efb9456e0bbb625e6cfd53242

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\package.json

Filesize
748B

MD5
c811f299cfedf923d32f6126894283b1

SHA1
4d25c24f5ff44f2963d08d74d474b03127c02ecf

SHA256
ba32b2005d817a23dc0e0b57c248b53b8b0316e8271fa433780750a954d56e69

SHA512
ce77756d8c128eff055923c6622f3b438a3eba87513fc6d962180b93762cb325c5b96c89e05e1df4a7ef227d35ad1de659d28c893742c5a1e8912b365b1a3fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\package.json

Filesize
530B

MD5
e102ea0d9f0e36be31e25b787c35ca2c

SHA1
022ea237f37e95570872a64ba6af1e2f63cb0dab

SHA256
9f66eafe35c475aaba1157c877406f448273c6e4811a1ef2fce10aa0d5eee706

SHA512
426e0af432f24562e548bf53ea972636c494f0c5b840b9e6affbc40f32fdb9de3cde3c4fd83d9a221eae9832a42631b2b178a3d46f1b2a56d1a82978fe32fc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\ads.ejs

Filesize
1KB

MD5
d7f2205fb3ea4fc29629fd16cc13e42e

SHA1
ac4addc19bdf3f56a2b2aa0b8e5a2b2d459b209f

SHA256
828df948e8dd1e0fc2a88511fd1f59568a97fc2c3626152e574e5f31c89ff5e8

SHA512
6ff7cbfb366642d6b1ce5ce15f335b27a8f500341bb059f6037d50409c071d9ef8a735c447a876bd986f4902e377a773b9e41e09d7d433b8365a5049a689bf3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\css\index.css

Filesize
20KB

MD5
9338a403220d934986f5dc738419174d

SHA1
33d0a93608f28900b4771b49d88259b2f70350e7

SHA256
2f281d5eb03f52a46514089fd0b0af408f02613a8fcef8d506dc01f590651d7c

SHA512
cd92d15c6ee9d6d9ed78fa073406462d5f3b33cc9c198a693fa51f53889ba9f5ef2a498ea3f033ef7cad73b1248e4bad9afcad8246f5b98dcde3435399dca508

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\icon.ico

Filesize
11KB

MD5
372b8e595552272d8980d7ce68a22a45

SHA1
3458abecc3172f86c0a42f889402a700964a7bdc

SHA256
9a6b51f26c9efb993a02f67582477d9b524b029af5d6b1bea046840012dc110e

SHA512
bb712405ea0c0ec66add82abd04ca8f32e07bea7e4bbdcb2bce53a16caf8d9bf2a514ec8e647739e739f995931fc6d04d155e8b2f381fb93765024a4aebc1fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\background.png

Filesize
713KB

MD5
54d3046d693ef7dc0e06a32ff629e7a1

SHA1
1d14c54f2db92c94e467dc3b3f6480fe737ed830

SHA256
62a7ec1cb750aa28bcfdc93cebf1521f8cdc352992938652527aacb79618e57c

SHA512
b4e123d3bf4b21bdb1c73ab9374bad0e1090e5cfd0b758bebfd907d4f3736c9f4e87e73e693a85eed66bd0e1eee85fbcf1a152eeb83ea6f317e85022d67fca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\de.png

Filesize
274B

MD5
0c730750c8a99bc30cf20b83d235aea6

SHA1
8ea6cd3bbdaae43607b4882560c4e04ef8eeaf8d

SHA256
b9d2aced61236662459e3acaaeaf44ce7af28405847c9a54d42fa4ae344f045f

SHA512
2fc3251378520052892b529b8c3638cbc3dd9c4ac471dc20382930c103c886826f05969400d7d1054b066cc81d00813ba86532b20be646aa8910efec9dfc6c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\en.png

Filesize
310B

MD5
c2de03c4d117d87763d4e1e5e28482db

SHA1
bfbecbfba4c5a871894c6784da913fa495a2aa3b

SHA256
e423db68a40835ac299155e365864461e37115a96f996091d5af026103d753e2

SHA512
628f47a91c2605a66dda06430f26d8685384136c0d04bc3146dd033462ef7def71c7d9ddd43cf3d07e892a400d089faed938a91317a94fce4febfd01183e1301

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\es.png

Filesize
370B

MD5
ff0df90a5a69c16ef24fab173a89ee4f

SHA1
02b14de1912f54b2b0630346c2cfe75a8da6d5b9

SHA256
c79f2cdfee1e6666b8180b7ee33d1f06bcffb113e602e8ec47b668d4db4f18d9

SHA512
4387449064aada45fba5e933304c5f931c29187acc025d291f1a758c6b2453085faa42693b2395fb08829b62187577988149514e133c2d4c58d6a2ed851f7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\fr.png

Filesize
284B

MD5
d03e36af77543804318d6a5e220724ea

SHA1
58f8df12d68e055019dce59a93afe17207d68bd8

SHA256
9914c4861965f03acbbc077509a8dbe76471a4b3c26eb3932427f9972236edb5

SHA512
8b10141b6411d05c4f7f7a1e3139fb0e7a8223c470b5f6a2ab84e07c482d39a56820b3e3a867263321744e2d5272bf9fabc81bde61fbb7e79e2ef31a37cacc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\it.png

Filesize
279B

MD5
b9673fed0ded2c7a6a3e2572b60ebb5c

SHA1
b4c6de948d9d7fb396dee563804fb161dc541cbe

SHA256
7ed6102d8a617b6cc2f7fe101ce130b037bf4fe7cc41deb011430f8def81b14a

SHA512
0f5965e93a08ea0a4f2a38de0e9f4accef71dea85d56f07c771ca62a966ab2049d611b1749544343e4389cea203137cb037fa2b7bd420087acfd3ddec2fc52f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\pt.png

Filesize
806B

MD5
188d843e650bbcb429950217dfc0131f

SHA1
ec3a3cbab918dc69f797f96b718fc22e398771b0

SHA256
60d97aeb01ec6481d1c9f5be24082655c880a4ec947e42713168e3c36d6015b6

SHA512
8b8aa9535194304633d229161377c73e0b13fb757a2661620a4ebb33d0bf6bc7d56fe2456a062e7ef9f6224fc2aabeaad9d472b83c96f2643e4e44b9e46015ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\opera_banner_es.png

Filesize
460KB

MD5
71feb71eed2ab2a53ff3765f4a1e83de

SHA1
5dbd35ad7104691f4996311516504c844fdf23a8

SHA256
d624cb45b2d295fbbfd59d20c20a825fe73f5cd2b09d1e01f8da5aae1508aff4

SHA512
f30ec6e622106e05d02caec8f2464157348bf150b4c3cf33565e1bdd66c35dde542383c788b37c78c8a06876ece338dc65ecbd8f0020b1ae1bfe2e803150d78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\index.js

Filesize
5KB

MD5
959306e641b1474f109d59c7320d2663

SHA1
add0e58d53d96050af3a55b07bef4e2b3aebb443

SHA256
863203fb3952d5a921208ceff5cef705fc35bfb29519799ac5c1f8ca228fe437

SHA512
dcd41217bc980b5817456341fa07c9d7301f0188479850942042d07c0183068b621445dc6903367e3ce809afbfe52ee574c69cb9913da9175b3f1b1bcad1b5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\langs\es.js

Filesize
2KB

MD5
6e6fdf68120d784a17b10a8e1d87c2d8

SHA1
e6ef1aada60b098a9cbd60028a64a5f5aacf3407

SHA256
0bfb77caf7b42746b6738f4127ea215b43ed7d9e311b158d8776b22ae6a1e531

SHA512
be6b434436dafea7f545b208e525335d72013b9ac967b3a184598ecf06ed6fba1d5b6fda5ed59973f598648af3de4cbd1565622bb934300a238c733fe16760cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\main.js

Filesize
32KB

MD5
809b1a3f7d58f4b0b46a0b034b869df7

SHA1
1ec374e6f59b910ca6534c83cc606a1ea463d71b

SHA256
8f90bd5446d45e457bcfdb3cd4da2428d3b516ad07a3d72f1dee1cba4678b9dd

SHA512
00720a80126dd93737e87e4a9a3171083b9d342c34bb928d8b3c680b1de3e18bc90ae2189fe86b22c7afa4c8277bc79ae6150a06b6f6114b207399ab94512db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\langs\es\eula.txt

Filesize
1KB

MD5
3c09cb08016752513697717cb4524919

SHA1
4aaa2a8d3f1e759570252e0bf16b744b575fbb38

SHA256
6458dd3cfef6f596c6ba49bf5cb42429b8573ac9af021d6e0fedb8c2f89a3e5c

SHA512
4c866141850d40ba21b20cb96a2f7bed13afc6b0534fdb08e68381ea40ba072fc769c15cd416a0a5c6e71aa485a44d364327d215af7ba581340363e61809c11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\eula.ejs

Filesize
981B

MD5
0887c927cc2ba0250bea889fd5d40660

SHA1
8ae1b01d3c501a15cfeade573a13b93c44ae34d5

SHA256
df0dc42c4ec4e3dbed33e6fd855e977f3bfb4cc2a49a8402ead53bfb9f544d6e

SHA512
01dd4c0e622e95adc652fd06c8503864506cae7466d4114bd11938f69a5b97065ecedf2a9d516d485abaa33fc3442bcd9de46f6a00b0979c11b05951bf2183db

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\footer.ejs

Filesize
4KB

MD5
d6c4aec009f8a181f5f805169cbad491

SHA1
7a7263138772c78c8c4330a2ed6cfbd3092c8985

SHA256
a2da2ca46128fdf7530a27ab8345986278cda1b78d7a075ec0fb11b66474fa8d

SHA512
d0a2d60113cdce329303f9657b741317e2f5b691d248fa2131b6668e07e7db9a5292ab734456681f335b71c732e003009631113cf14f218e13aaad7d4e8bb4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\header.ejs

Filesize
38KB

MD5
eef60d35e9f75d3c7030d0574250e56f

SHA1
6d29148b90187fa1583652bc8799e65efa10f637

SHA256
3cf434b126e4369ffb8e9f4d489daee1aad9f47828850386984b3c752cdc7042

SHA512
529bf36dacd2fc808e63a8091a8aa92f5d3d39c23077bc72298bf052f1bdcd6fc05282608ce5337643d3c1a794bdde2b8d364f7deb0c4b7ae75810be3bdb165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\index.ejs

Filesize
880B

MD5
5cb43b3d3c087f4dfb7ef3604a39e757

SHA1
62796be76ccb921544aa6279dd0139b00450e24a

SHA256
88b3b17146349c92955cc88bdd70ef1fa414bf624d771a0b8ed0d7f2d40d76cd

SHA512
b5247488c6dbd4f682d27884f3b516df00ad6725665f79c2d4ea76c1a54d318a31e32c6f96a11fafc382d36097e50f505e0cba904e13b4d45afa96544401eb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\index.js

Filesize
4KB

MD5
45ed15c0c0a7ec66046343f4f3212a7a

SHA1
296de778426805a2bda8566c5b37f24c34a6c24a

SHA256
5f8ce9450962956086e6f19cfb2bd6c84f230a6264e3164f41e2d2c91ab61925

SHA512
4baa2d75426cde366088aec26907ab8fe9ca5eacbb3ea648e5864f807d83b1586dc00d0d4a9f4e06ca219505978139a14869fdac18e39faa47777e74d7621a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\install-options.ejs

Filesize
3KB

MD5
877f16609a32c46ff5f8eab3648b1078

SHA1
5a3d5785704f016235b96fdbe04a9de69b48e203

SHA256
f8981d7e2001efe11511d6779675bcbead2fa27d6557a54dcb8492ea958a1454

SHA512
c6df43c91537d13d75e1b2e1b35fc2b452f7d62326f0074c24e975e18a47d31bade8a9e84514091bd537b8cb016c60e87920249cee73370188be045c628a30b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\language.ejs

Filesize
5KB

MD5
3fbf51eb59e0f0b050f5abcd2fcd3dca

SHA1
90d676bc914c2bebf33464dd088952abbedd56f3

SHA256
9016b2792ecdd22276e1d1e4172b4e598478f5668b27beb005e2219d229f216c

SHA512
c5e04500ebdd922d989594e3a0822fa9a9557d749e60af86ab1e309847342431a606f5e604538fa5d5666535bc68c4f5fbeeb4cdda9a832384505aac1ba2d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\logs.ejs

Filesize
1KB

MD5
6fc7c3d8bac3259202cb981acf8b18b6

SHA1
f3963b01f9a2df4e9b0b989b4e7ea8f55198ddfa

SHA256
62e112e61b5c9c582f5a9aac790a9275be8a560d1edb93c3a6879330298e53fc

SHA512
7d719b9698344ba99d3d860e28421bc7cfaf2e9d80cfc6da472413800900aa64f055add8269553e9838aa998df4d6575c6bf0091cf6263a6ea0c2537c36b5df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\path.ejs

Filesize
2KB

MD5
21e1d48f90eb1017539741c7a74cf059

SHA1
7906534922134e26a5c59324aafad63e20bf10ba

SHA256
870496c864624ebce9da0b98ea830249897a2a2317f6a816751f0edb30aeb32b

SHA512
2cd3d44337c5e1b794a2233d25fef122a97910d7f7d32cb811c0fa3f84397dd4781e917ba3db0e024384439413925dd0ab73888d3d82119951b86192e807685b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6D70.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6D70.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6D70.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
788B

MD5
f73beb77199841993da7d130af72fc36

SHA1
8e11ed897ad1805edee83c09408472c6bc00aa01

SHA256
3249196163d94d3f6866d1b3283d65e279195731438d22259f55256ba1c2f5f1

SHA512
cfc9e872d1dcecfb0663dfa2c2c812633f780197a57dffbe035616663291e71b0b00d0f461d50a5ca198d93bd22a71eca2734acfefbe8e558307019d77045484

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1KB

MD5
17098591505e74e6330e112305adbc29

SHA1
f21db458a22a94c8b77176e1911d842517502815

SHA256
cdc268c60265e4575aad63a85cbaea880fe05c39f8e41d20fed45fbc52e9fb51

SHA512
1923f9257dbab8fd7985b72e37ae346bc2d01c2ed01ea8331197e8993e3a9bbfa732aecc759aba3d9d0a3a9f898e16771a0ee2730658868269fe778ccfe3e9b1

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1KB

MD5
a4627c1741ceee746f173f39d0489a3f

SHA1
d17ace7586e6ab1340ba7ab702970944714a3e1c

SHA256
a4b5c8316d4f92e6065b1459a9c2c0adf3d1f6eaf2b34ff3ee6bb9311b35b3a0

SHA512
69cd27610b58b9a375fa7167ed1fa4608e70681d74eec0c22edbdce9bf70596e31b8d3f38871676eb70432ed1e21311dd73676d13c0dc92f659e3e3e5e9dd50b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State~RFe589bbe.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
523B

MD5
d19b072abec2da36d8c5c05b97be33ea

SHA1
69763f4e98860439336211fc5c2f6d3b2490183a

SHA256
96ff646e84e31030473fd5aa16fd2aee8afd199c8e0f4a3c4c09e977d69a6961

SHA512
0228d39f57df9006d0f22392a827f44bda7083d598fae52fcb55804e10493a3be23b0ab610091725d000a31e0e5c419dddab529a662a5d4f47dea8da2c5b9d7a

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
523B

MD5
f1d5c9778e041b537936304e767bcdd1

SHA1
a1652721b843a9186cca601637c78da479646817

SHA256
c439572a2858b1213ec7bb95c42e552b7e8a54a1e37ffd0279616823158cf083

SHA512
c21b29d90d11f6d4387d4f2ab9428b568f2a6550ef90c97b4356b150764964c4ecef68372496e5a0590b488e22bbb57acdbfaba9c6357c2dfa847f3f193a9e66

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity~RFe58fa68.TMP

Filesize
356B

MD5
ab0e28205821c98b1acbdef1efa80d3d

SHA1
4f4f0748fabce024f098d4175edb84f38ec9699e

SHA256
ba505a5b522adca919dc2af26cb4535b8f7769f4fca0f4120605d71d671664c3

SHA512
a092049b0d221a9d8c32819aef6dac84dc9da8ac18956ee65a77d4a431eb014671a5586c2a54eba33ccfb8cf6a7b2d73a3d3e39ecf5cb43bcae4c85ae6b83488

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f9e21bc719d23de5ee5d2a7c8717e16a

SHA1
1812d7412de0d5fb2221f2b923501ba7ef667b57

SHA256
79ab508ad4745c5b6cc8ce2e3531a9a5e5acfe7ad90194c0e902391497c46d73

SHA512
35dde243fba61f20b31b55541081a761b5d543bdf7a739e57a156fc29660eecba4031267455daf45818ec5b6495f406515234670fd3f7cb0d5c9ca550ad0dd40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
81f7cadf6533a89ed88fe31ccfd5d8ab

SHA1
95c82e9d932d7d00d8fbdf2412b9dfe12d187d8f

SHA256
dcb905cdb867eab1aabadd91416759f3a540e99fc19423f58205eafb6664dd45

SHA512
eccc28be013b8842b5c94729a54346eb52c87c864c928377a7c53f98300a64b020462e308bf33e7c167a352b1ecfe005ecaea37f68a5d3f8dbf0a30200b7af7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
dba5e92b945127c2d8aae1b519223b94

SHA1
a60e24c80129cd482088448c3788b03dc8af4e78

SHA256
f722ad7ac99cb760f2ea7d0aa74cea76152460142176ea900569b36c15f9086e

SHA512
3614d0c77fa03d7ce5e9153e1b2cda260c1dd2c705dab2601aa5f4d152a83062aba30629969e02868599f5fac6684768c6a1002dd9c8f1ea39be91b1afb2025a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d3016c4b7db2991376bec198f96dc6cb

SHA1
a70cc58b32c062b6387cc0b20c386a211fffb9d1

SHA256
9e86aa8e03907bd4c7d1f502b683cc5c1127cb140124ca0b1f309b0b7b52b6c6

SHA512
81cd9f585e4ca20f97aaed9df70a6b2b36b3d2e7a7df61e75c7833830468cf81f433060b2194e2402c2bf1dbcb4ba97063828ee77070fa4d5b0daa4790b0d69a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
132d5aa577288d76b6e203ec83ade157

SHA1
9607933a799dbb1ac764f2ee151b4426bb4ac944

SHA256
14a29c0b4c13fecc07c659fdc57bc244ca15ff92ed5a07ab9cc89e8ba295f377

SHA512
34896aafe26ecad5f34632ee3bda74e17fe0d326a25770270622bf2d2c9b899b471f43a611be5575b0390cc71ea36ce8a0e823a6996b17e0db5b5cdccb32b963

Download Submit
memory/1696-701-0x00007FFF71DD0000-0x00007FFF72086000-memory.dmp

Filesize
2.7MB

Download
memory/1696-703-0x00007FFF88AE0000-0x00007FFF88AF7000-memory.dmp

Filesize
92KB

Download
memory/1696-710-0x00007FFF6D1E0000-0x00007FFF6E290000-memory.dmp

Filesize
16.7MB

Download
memory/1696-712-0x00007FFF81930000-0x00007FFF81951000-memory.dmp

Filesize
132KB

Download
memory/1696-713-0x00007FFF818A0000-0x00007FFF818B8000-memory.dmp

Filesize
96KB

Download
memory/1696-714-0x00007FFF81880000-0x00007FFF81891000-memory.dmp

Filesize
68KB

Download
memory/1696-715-0x00007FFF81820000-0x00007FFF81831000-memory.dmp

Filesize
68KB

Download
memory/1696-706-0x00007FFF84990000-0x00007FFF849A1000-memory.dmp

Filesize
68KB

Download
memory/1696-708-0x00007FFF848F0000-0x00007FFF84901000-memory.dmp

Filesize
68KB

Download
memory/1696-707-0x00007FFF84910000-0x00007FFF8492D000-memory.dmp

Filesize
116KB

Download
memory/1696-716-0x00007FFF814C0000-0x00007FFF814D1000-memory.dmp

Filesize
68KB

Download
memory/1696-705-0x00007FFF849B0000-0x00007FFF849C7000-memory.dmp

Filesize
92KB

Download
memory/1696-704-0x00007FFF87A90000-0x00007FFF87AA1000-memory.dmp

Filesize
68KB

Download
memory/1696-699-0x00007FF6B6FE0000-0x00007FF6B70D8000-memory.dmp

Filesize
992KB

Download
memory/1696-700-0x00007FFF88B20000-0x00007FFF88B54000-memory.dmp

Filesize
208KB

Download
memory/1696-718-0x00000236AD7E0000-0x00000236AF04F000-memory.dmp

Filesize
24.4MB

Download
memory/1696-717-0x00007FFF7B9E0000-0x00007FFF7BA05000-memory.dmp

Filesize
148KB

Download
memory/1696-702-0x00007FFF88B00000-0x00007FFF88B18000-memory.dmp

Filesize
96KB

Download
memory/1696-709-0x00007FFF80E40000-0x00007FFF8104B000-memory.dmp

Filesize
2.0MB

Download
memory/1696-711-0x00007FFF814E0000-0x00007FFF81521000-memory.dmp

Filesize
260KB

Download
memory/3448-625-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-637-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-627-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-633-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-626-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-636-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-635-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-634-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-631-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download
memory/3448-632-0x0000014BACC90000-0x0000014BACC91000-memory.dmp

Filesize
4KB

Download