9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d

Resubmissions

22-08-2024 06:55

240822-hpsdeaxcjm 10

22-08-2024 06:51

240822-hmkksaxbmj 10

22-08-2024 06:13

240822-gyy2wasdph 10

Analysis

max time kernel
150s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22-08-2024 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battly-Launcher-Windows.exe
Size

112.1MB
MD5

03696da629e834c395f699847326448a
SHA1

3529afa76451ed5beeeb0bb4a31f7cc8bc463aa6
SHA256

9d8763451c2bd900dbf10e3cdb16132ec706b8e13dbd563aa15835d5b2d8cc4d
SHA512

fca0ef778b3ab13cf01e3d39d4c7eb4a587f600ed8d5ab10a03a3061178609dc13a75f6cc736ec27ed9f40a2a554030217cc91a8bf982d42f460585102f1969b
SSDEEP

3145728:SJcuNt6i+X0MdTUPo+YFawtU4odzp7emMT:qcuN7+QYFjmPztemE

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
5088	Battly Launcher.exe
2196	Battly Launcher.exe
2780	Battly Launcher.exe
2244	Battly Launcher.exe
2304	OperaSetup.exe
484	setup.exe
2628	setup.exe
3444	setup.exe
744	setup.exe
4732	setup.exe
5456	Assistant_112.0.5197.30_Setup.exe_sfx.exe
5548	assistant_installer.exe
5568	assistant_installer.exe
5160	Battly Launcher.exe

Loads dropped DLL 22 IoCs

pid	Process
944	Battly-Launcher-Windows.exe
944	Battly-Launcher-Windows.exe
944	Battly-Launcher-Windows.exe
5088	Battly Launcher.exe
2196	Battly Launcher.exe
2780	Battly Launcher.exe
2244	Battly Launcher.exe
2196	Battly Launcher.exe
2196	Battly Launcher.exe
2196	Battly Launcher.exe
2196	Battly Launcher.exe
484	setup.exe
2628	setup.exe
3444	setup.exe
744	setup.exe
4732	setup.exe
5548	assistant_installer.exe
5548	assistant_installer.exe
5568	assistant_installer.exe
5568	assistant_installer.exe
5160	Battly Launcher.exe
5160	Battly Launcher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Battly Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Battly Launcher.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Battly Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_112.0.5197.30_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Battly-Launcher-Windows.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{CDA64A06-016B-40BD-B329-6083A8866781}	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
4780	msedge.exe
4780	msedge.exe
4972	msedge.exe
4972	msedge.exe
3716	msedge.exe
3716	msedge.exe
2968	identity_helper.exe
2968	identity_helper.exe
5160	Battly Launcher.exe
5160	Battly Launcher.exe
5160	Battly Launcher.exe
5160	Battly Launcher.exe
5544	msedge.exe
5544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe
Token: SeShutdownPrivilege	5088	Battly Launcher.exe
Token: SeCreatePagefilePrivilege	5088	Battly Launcher.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 5088	944	Battly-Launcher-Windows.exe	82
PID 944 wrote to memory of 5088	944	Battly-Launcher-Windows.exe	82
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2196	5088	Battly Launcher.exe	83
PID 5088 wrote to memory of 2780	5088	Battly Launcher.exe	84
PID 5088 wrote to memory of 2780	5088	Battly Launcher.exe	84
PID 5088 wrote to memory of 2244	5088	Battly Launcher.exe	85
PID 5088 wrote to memory of 2244	5088	Battly Launcher.exe	85
PID 5088 wrote to memory of 1964	5088	Battly Launcher.exe	86
PID 5088 wrote to memory of 1964	5088	Battly Launcher.exe	86
PID 1964 wrote to memory of 1860	1964	cmd.exe	88
PID 1964 wrote to memory of 1860	1964	cmd.exe	88
PID 1860 wrote to memory of 3976	1860	net.exe	89
PID 1860 wrote to memory of 3976	1860	net.exe	89
PID 2244 wrote to memory of 4972	2244	Battly Launcher.exe	90
PID 2244 wrote to memory of 4972	2244	Battly Launcher.exe	90
PID 2244 wrote to memory of 4436	2244	Battly Launcher.exe	91
PID 2244 wrote to memory of 4436	2244	Battly Launcher.exe	91
PID 4972 wrote to memory of 1256	4972	msedge.exe	92
PID 4972 wrote to memory of 1256	4972	msedge.exe	92
PID 4436 wrote to memory of 3740	4436	msedge.exe	93
PID 4436 wrote to memory of 3740	4436	msedge.exe	93
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94
PID 4972 wrote to memory of 3620	4972	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\Battly-Launcher-Windows.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1636 --field-trial-handle=1640,i,11817346973647556427,2530320109709811761,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --mojo-platform-channel-handle=1876 --field-trial-handle=1640,i,11817346973647556427,2530320109709811761,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1640,i,11817346973647556427,2530320109709811761,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffebc843cb8,0x7ffebc843cc8,0x7ffebc843cd8
        5⤵
        
        PID:1256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
        5⤵
        
        PID:3620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
        5⤵
        
        PID:3900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        5⤵
        
        PID:4240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        5⤵
        
        PID:4572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
        5⤵
        
        PID:4796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
        5⤵
        
        PID:4056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
        5⤵
        
        PID:2724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
        5⤵
        
        PID:2544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
        5⤵
        
        PID:968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
        5⤵
        
        PID:5840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
        5⤵
        
        PID:5848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
        5⤵
        
        PID:5992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
        5⤵
        
        PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
        5⤵
        
        PID:5196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
        5⤵
        
        PID:3896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7036 /prefetch:8
        5⤵
        
        PID:5536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7140 /prefetch:8
        5⤵
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:5544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
        5⤵
        
        PID:3060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
        5⤵
        
        PID:2268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
        5⤵
        
        PID:432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12646523213067490027,17508508690143305968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
        5⤵
        
        PID:6064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://battlylauncher.com/claim?code=undefined
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebc843cb8,0x7ffebc843cc8,0x7ffebc843cd8
        5⤵
        
        PID:3740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14182993364536653550,16762864158402835706,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
        5⤵
        
        PID:2876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14182993364536653550,16762864158402835706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Battly Launcher\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\Battly Launcher\OperaSetup.exe" --silent --allusers=0
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe --silent --allusers=0 --server-tracking-blob=Y2I5MGNmMmQ5ZWE3ODJlNDZhYTBlMTQ2NjAwMzI1ZGJhODU2NmZiZWUxODFmZmI0YWI5NzdiNTRmZjljNzZmYzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWJhdHRseSZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1pbnN0YWxsZXIiLCJ0aW1lc3RhbXAiOiIxNzI0MzA3NTc3LjEwNzEiLCJ1dG0iOnsiY2FtcGFpZ24iOiJpbnN0YWxsZXIiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImJhdHRseSJ9LCJ1dWlkIjoiNmY2NDE2NDgtMGU3Ni00OTAzLWEyM2YtYjZmMjQ0YTUwODJmIn0=
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Modifies system certificate store
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x72ffa174,0x72ffa180,0x72ffa18c
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=484 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240822061939" --session-guid=eb5ecc47-297f-4ac0-941f-b71228424e98 --server-tracking-blob="NzhkMTE2OTM0YWZiNTczYzc3Y2E1OWVjZDc4NWYzNDE4ZGFjMzBiMDY1YmI5MTA1N2ZhOTNkMGIzMTc2NzYxYzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWJhdHRseSZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1pbnN0YWxsZXIiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMSIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjQzMDc1NzcuMTA3MSIsInV0bSI6eyJjYW1wYWlnbiI6Imluc3RhbGxlciIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiYmF0dGx5In0sInV1aWQiOiI2ZjY0MTY0OC0wZTc2LTQ5MDMtYTIzZi1iNmYyNDRhNTA4MmYifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E805000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS00981109\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x71baa174,0x71baa180,0x71baa18c
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0xa38f40,0xa38f4c,0xa38f58
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "NET SESSION"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1964
  - - C:\Windows\system32\net.exe
      NET SESSION
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1860
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 SESSION
        5⤵
        
        PID:3976
- - C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\Battly Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Battly Launcher Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2820 --field-trial-handle=1640,i,11817346973647556427,2530320109709811761,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\b7355631d8340063\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
ec8de318f2ccd5a121cc29e812ffda23

SHA1
77e0b8aa1a7ab27a076e45127d29081987260c6a

SHA256
627ce40b7dae1e558b92d36a21b823f5a603f60c96db7060b7f2ccebe8d36986

SHA512
f8e4e5b20a180e870948ebd2f99e707c850dca25b6927d64cdc3b0d271c80677e8edf4c29856b9194b73d74bf9345029475972a33504dd6ddb9cbcfbf72a86a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\b7355631d8340063\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\b7355631d8340063\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1KB

MD5
284438ac8adba4c743e80add93304d64

SHA1
813453c78477c9c0298deb90d780e95a74f8be90

SHA256
f13513ab5046c68e4c87b37251f97eb5e853ac35df10f10a65eb3032cb09c221

SHA512
ad78902e68ddc5810514b9484d03e2464ce48c4b6721a14ebe5feceb75f66f05a2bad84ccef0ed67c8cb20e97b1e1c54c29026d91dd9621fc58ea76ec11aee5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
25KB

MD5
a3eee7b1a705507648ee013f01eda06a

SHA1
c73272a849ad0d75fa3b6d826ffefad60c2bf9fd

SHA256
fec4bc11cebc824f76b47499965c90597531f89716646903e606c477f40cd169

SHA512
f1d895f303542802738aafc0aa74fd02b75c0379a282eb9b45d200f9c467323b149a24a6d5241c398eb6d7081049be1f85f7359f9da28f86a322a52622246642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
329e7ed1163b6c72dc1cbcc4934d3b52

SHA1
6104e0c9e576f36f10afd8a26ff4fa2613c9c790

SHA256
9603ec98a1dde4df865114960c550bda0fdb24181eb36f1784d9266b8ca36967

SHA512
ca6bd72bf057a2822abf0cfa29673b44df8677290e73910af68cad7e5deba9314c318133ec396b7b87f12d39f01848035a944a41d9323a625ef37c87c3423549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e267edfa954bc9fa589cf433aa4d5d36

SHA1
481858f6c791d88d1fbdfce26a31377501eec8d8

SHA256
661fc0396dc5eac83a9ec8139c413817e375fb022f8e7343910e30b9e763a171

SHA512
ff4501210223a9296740eb50823a1c60c66f998be707430f61355ffd443184b72d39621a668aac2d7ce8cfb40354bc008159cf60c73fa39e0b0acbe3e9051fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e0419dc1ec8d39606b79b93eb8d8785

SHA1
1a5be6f6731ea45b4377540e495441d829b0d861

SHA256
9fbf48ca27e96565f7289519c9d583b5b9900a685154c7b5f272687077a7a9c5

SHA512
0c46d89c9fe7855252354936c9a789f825a83a4c822ead3e4afab6db43759c1a2696d491ca97a1990c304817d978f0fc031eb87cfc37286e9bb8bc44c2799249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b33447709d571658a2b181b6be6db6da

SHA1
04a1fe0b4ddec83356a580502e675f436d27efd4

SHA256
690242c659597217e4eb5e2d6b76700ba162c8c11f1349cf9bea5943876623be

SHA512
8272464cdc0689624a4ae5d64de0a500f941c5ec3e43abb789601256e5b640ccb694af723aeae931bbd98fdb0a14420760c20308dc396faac0a8988d5cd7b336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d23de8eee662b089fbcf71b3af8fea6a

SHA1
6d79aa8e91e88f821b95abe344178f991152ec78

SHA256
0c1da31e95be76643e95fbfbb99225656e56df85ef532789df33bb68f6c77c4d

SHA512
b5594ff6fe10180212e1cb57496e009f42f12540191b104b00c64e38bff809c2a94e1b751f8a38bfadfaa7c587cfe695b6e612f49e17c95076e92bd7a46eb212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e6144cd563f5a70e77c1f37c3fb14020

SHA1
b511830aa4831079bf34a1303caaab9a922e0fac

SHA256
365de81119e61595880758f0df1ea490567dc15d2195bb2cbb02bf6a9fba55bb

SHA512
20f30d6e49fe921acf95715310a60fda1e6bd7d46c667108e3a09fcd8b6464c44f948f7b02d1a7057eb8ba40d6f15112b83fe635466ad427c3f6952125c31869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0632fd2f0072cd397e19c4d176153275

SHA1
a7bf9a6df5397988ffa09c6b6d2120857e19595b

SHA256
872b54cc2c4eb2cd03239d3bc8dabe95afc82838d5f3688495adefb8fe5d0610

SHA512
0c50a92f4c7fbe7f812e00fa0418d538a1f7d0b51e89462178161d2bc1b6e6e92c54d160f8705b835ff091b07f8000c127158d41e1c3381766afffebd70b819b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596557.TMP

Filesize
538B

MD5
37714c514b756edbc114c844eef85c51

SHA1
c405c24c7ee487c10c9272694bf0405ad9c19268

SHA256
af178dee7df432e04da8ac3bbbe3a23c58f66734c0dd44fc5f01948d9303f93b

SHA512
419351cef87fcf389fdc5b875b11c998a45b3f24c15689a424831d2b6ba742d1f76cfcd9707f36b92bb01a6517541067f3330eab721f2094a0243e077474bf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bb328c61-e09c-483e-a8e4-a71d8b20e16c.tmp

Filesize
5KB

MD5
98285f5f2891328cf9da46594d6d43f0

SHA1
492032ecb0df9869e49e12e39aa7f1a6cdf8442d

SHA256
823254f338fb6b63cc6c8cae55bfbbac5ccc3999f166ac24b63d84cd456388f1

SHA512
abc7ba0df643a669e6f4c80668087104ef10552d158e8d7a800a6bb75dee76719e1ba62fe099e8a6e2b3f97f4c94ae2c413b931ca127ea278feb6fee8c96799a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a0e9cddcd5f5c81873d9b711cfaab311

SHA1
0c19d449e4e374d249000212c736669c8de147b7

SHA256
d232de35bb888473154af9de3c9645b02b10122c487b6178645ce1662efb5377

SHA512
4df66f051ad58844300e654c39c914b64cf1f34abd61741148d796de167547031f2fe9340657173e4fbbdb7b4b3632aa3e3e2202595c50a1b6f6ea81e031b293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d72ba68c604aa93b91203c2b7901336

SHA1
ca28c8fcc84c997f527e788d5a697fda0ae3d75f

SHA256
ab7a6a0c68073da23ad3a02df9b978aaee6e989107a27ea765d686a0dce68904

SHA512
40fde7380e5487bf2f49e47a1dd049b59dff2bf7f4bdc4f72c15e0ce5ac59e9b3e6c3f936043827ecaae94f663195052bbf72df0d9e9a3916677fd7c6b114160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1cedc7a4baf4040b4a2536d08d2f5a7

SHA1
2b4177426eeeaff52ae7c84549fa2e60d56740db

SHA256
a5d0efbc97ffa88c6c467f3d588d8fb8927f016eb54b5da65cab0d4e08d57bc4

SHA512
f809a0118655ede0ad45835eb22bb96bb80b2c041b3d0e2377b6a2cff2ea14ecf1df7caa2e0f252e4cd7cf20fbd80fb00446ea1e9014e83c01f6f78d0882a621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7806bfd219f90b5942e8bb39b12bda83

SHA1
913fa2cc629e0dada06eaf5c76fbf0ad64b11f61

SHA256
fd7c989e6b15a7bca40db1a6ffdda8559ca3450ae1977b0c8ede5870308fb40a

SHA512
4c01e5eea9c97cd7473aa11653ea223a9b89db644597b96c31e9fae108919f2edf39b697d7c286a57f3373e4ac773b34fe3efb78ccd13198e3ca0af0af1d3a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408220619391\additional_file0.tmp

Filesize
2.6MB

MD5
1bf64fd766bd850bcf8e0ffa9093484b

SHA1
01524bb2c88b7066391da291ee474004a4904891

SHA256
58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491

SHA512
cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

Filesize
5.2MB

MD5
44908c157516d82119d84a3b1c4a31f7

SHA1
dea19891d14b4e3598844f624c919b0dc5ce236f

SHA256
be21539218a31ff278f218a172b9972f4d8978a281387acdadf9a25b86e30b1a

SHA512
5a83d45533202ba573941d041619bd7f17e997f352f73528029d1f07da9a26c4f50f1cf77c822f972b596fa75bd2eeb0bca8170d89343d8b590ba869be058106

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\D3DCompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\chrome_100_percent.pak

Filesize
150KB

MD5
b1bccf31fa5710207026d373edd96161

SHA1
ae7bb0c083aea838df1d78d61b54fb76c9a1182e

SHA256
49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

SHA512
134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\chrome_200_percent.pak

Filesize
229KB

MD5
e02160c24b8077b36ff06dc05a9df057

SHA1
fc722e071ce9caf52ad9a463c90fc2319aa6c790

SHA256
4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106

SHA512
1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\ffmpeg.dll

Filesize
2.7MB

MD5
bf09deeeb497aeddaf6194e695776b8b

SHA1
e7d8719d6d0664b8746581b88eb03a486f588844

SHA256
450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080

SHA512
38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\libEGL.dll

Filesize
467KB

MD5
3a5cbf0ce848ec30a2f8fe1760564515

SHA1
31bf9312cd1beaedaa91766e5cde13406d6ea219

SHA256
afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219

SHA512
bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\libGLESv2.dll

Filesize
7.3MB

MD5
c783045e4b7f00c847678d43a77367f7

SHA1
7f9192ce0b23ac93561aeec9d9c38daa3136c146

SHA256
3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8

SHA512
64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\locales\en-US.pak

Filesize
440KB

MD5
731c45f9f23957acc11b43d775758aaa

SHA1
12e66417a2dc0c5211ed67f026208ef02fcb40af

SHA256
02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2

SHA512
1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources.pak

Filesize
5.0MB

MD5
67bb5e75ceb8ced4c98cf0454933cb45

SHA1
c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd

SHA256
5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff

SHA512
fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\AppData\Launcher\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\adm-zip\adm-zip.js

Filesize
30KB

MD5
9b6da3cd4a4ce0963e80d0e6dc1a11f1

SHA1
fce6550c2231f60425661f2f7db99efff491cdff

SHA256
cb49867d6ffe8e7c08ad0e6466c86450b0f81910069ed1ad9d5b7b9c27367929

SHA512
38f325ced4315f7fd39f9ec885e1a35f8d5c49bfe9721c3ae0b54d040c76e7df3e6d557f76bb5783594b0fe5c15f9e73f8c7a21fee373ecbd97ed9220d3127ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\adm-zip\package.json

Filesize
793B

MD5
d54047857da5c5c0f798702eaf6bbdb2

SHA1
13268d9836a3e86768a55e94d9ae566083450c32

SHA256
4a972775a807ee9450338de8587428f444df10d7d383721ab6f60c1981562089

SHA512
fd3311c500231a24c3923e9833e9c39e9369c340fba01bb8c5930313be2f1bd7cb7cdfa9ecedd16418a2164a87dfef09f0a33fb55c01da2d38cacae9e9c0a1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\index.js

Filesize
4KB

MD5
d441fba9399d196f943308f66d215d95

SHA1
76557f8a00782c3503b62784098b7832256c136b

SHA256
4574224bdcf1a47aab456dbec7b485d7cb8bd62bea5295f85db622b3ebab0c1b

SHA512
7f11d59d870c0ae386b6c0ae4a65b2ab49445ce8b36528323bb2a03a8a55611c8e71d2c7439f0a57c69fb7cfdc2d05fde59e535e0da36adf24947a131db18a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\Mime.js

Filesize
2KB

MD5
5a77829e31fd521878c9484a90ff107a

SHA1
73efaff8e2e9adb871396c15c076dbf28757949a

SHA256
9482411a27e56e69e9ff5ae077b25f64c38768ae268ac07ab74a9896b582b6a9

SHA512
dc542b656f18818fc5caab6bebaf67f2f33691661196fd588eeba8bb8d1520ea61f76df314d407e0e23b405706889f0e73f0bc61871a36764d2c3564a44b1c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\index.js

Filesize
127B

MD5
f18d3eb05bbc4d65415ee72c4b5d4dff

SHA1
e2d3efd8917c4ff9cbe668474891269d3fedcb37

SHA256
7b35e6b3b981b498b62860b99063916772a7a199125866d4593db952ba1c14b9

SHA512
65316d6a06666e5acdb6fd293fcb737109a264fb6ed1174e7853f86b32d2b334fab3280d28535be21524fa15f86bc8f16b663461439d6bdf4ead0cba4b297eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\package.json

Filesize
775B

MD5
41460dd956f1244d052cbe727cb6be27

SHA1
4982079e4fc60559ed7fa2c066bf71fc7b74d9b4

SHA256
a1dccf7b9e97739c70cfe4a205babae71016a576f4385a8d66308978f21e0d19

SHA512
4e273dcbe5b5bde34c1ba8c0bf35251037b058fe3eef5703e53027a53b9f6661db97411be2ae2e7b4353adf5d77bb389566a81258adb8f11cac679ee6450c978

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\types\other.js

Filesize
25KB

MD5
ce7fcb8480cc926c86d46e4b1fb6cc9d

SHA1
dbfc26ed679cce39b3ecb6bee5ef5968cea6408a

SHA256
ee0e65cdfde6e492be9c52e35bffcbe0e0fd9a5be1a18fbaa7cbbc7b9b406934

SHA512
c5c943a1722aa52c3f85f28189258ebb4e3ed025c98bfa0d7ce978de2587b10239c578d5d96fb63f85bd8ec16d7d156847268cc14421cb920832688984fc0cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\node_modules\mime\types\standard.js

Filesize
9KB

MD5
5119196e906ee770dfd3610bcfbd0587

SHA1
a21f9b1eba88b1af8d16231a5759ffb8108a645c

SHA256
70aaa6f9c1b7caf38db2eff138406911368729b8dfb478fe70078e46ec1824bc

SHA512
30d30134c1044d36bf4ffd93cb0b6f003cb702a14b9e006bbc9a18a7e9e6915f18c22eb0b8bcfb5cae6cc15636726e0d8ab59189610550140ac90e51f45c324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs-electron\package.json

Filesize
367B

MD5
381be2da7b731d7e9f68c149ef521e46

SHA1
11f4eabe7d5c1236c02c9c6e1ef2e8f58226a2e3

SHA256
c30372a8a6ef7a7cf021a48200d7ca770ca5ad68022e92c6d15bd27878dc326a

SHA512
0595738800f268106a61f3526448bb1c89ed37db1950d00b7fc1f1d2874cfcd1bf7454b49d757614543caf756407d6594e2246f68d6916db51553c95e22c4f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\lib\ejs.js

Filesize
26KB

MD5
e7286ffae51527e51efadb4ce65d1dd8

SHA1
2170a351835c1ff3ef58faab251e3d5ce5dfe9d6

SHA256
9ff1cb7fb0a7dbd822e04d35e50560a199926cc323b5aa11f1e89556d7b89814

SHA512
5a551b8ae5dc38eb4893acb2876046ebe27ed3852777b7e832173bfba8d5470b08495232811a82edd0662634bc6351e51d7d3509c87663900ca122a15e1d50e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\lib\utils.js

Filesize
6KB

MD5
c4ed9f400aaac2c0b2ebe7c7f5795b1d

SHA1
4e88b60293299d879774768f84cf38524c3d34c3

SHA256
d77d4660b6fd5131949906b67fa4456223c308bd13a88d7dadbd2e10e5e7ace4

SHA512
100faa0f015ba8001eff8dc435174dde0af2d8717976448a3202272e7d0edde3d149f0a0acc6469f8d86fa0b15b79237cc1ffd5efb9456e0bbb625e6cfd53242

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\node_modules\ejs\package.json

Filesize
748B

MD5
c811f299cfedf923d32f6126894283b1

SHA1
4d25c24f5ff44f2963d08d74d474b03127c02ecf

SHA256
ba32b2005d817a23dc0e0b57c248b53b8b0316e8271fa433780750a954d56e69

SHA512
ce77756d8c128eff055923c6622f3b438a3eba87513fc6d962180b93762cb325c5b96c89e05e1df4a7ef227d35ad1de659d28c893742c5a1e8912b365b1a3fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\package.json

Filesize
530B

MD5
e102ea0d9f0e36be31e25b787c35ca2c

SHA1
022ea237f37e95570872a64ba6af1e2f63cb0dab

SHA256
9f66eafe35c475aaba1157c877406f448273c6e4811a1ef2fce10aa0d5eee706

SHA512
426e0af432f24562e548bf53ea972636c494f0c5b840b9e6affbc40f32fdb9de3cde3c4fd83d9a221eae9832a42631b2b178a3d46f1b2a56d1a82978fe32fc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\ads.ejs

Filesize
1KB

MD5
d7f2205fb3ea4fc29629fd16cc13e42e

SHA1
ac4addc19bdf3f56a2b2aa0b8e5a2b2d459b209f

SHA256
828df948e8dd1e0fc2a88511fd1f59568a97fc2c3626152e574e5f31c89ff5e8

SHA512
6ff7cbfb366642d6b1ce5ce15f335b27a8f500341bb059f6037d50409c071d9ef8a735c447a876bd986f4902e377a773b9e41e09d7d433b8365a5049a689bf3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\css\index.css

Filesize
20KB

MD5
9338a403220d934986f5dc738419174d

SHA1
33d0a93608f28900b4771b49d88259b2f70350e7

SHA256
2f281d5eb03f52a46514089fd0b0af408f02613a8fcef8d506dc01f590651d7c

SHA512
cd92d15c6ee9d6d9ed78fa073406462d5f3b33cc9c198a693fa51f53889ba9f5ef2a498ea3f033ef7cad73b1248e4bad9afcad8246f5b98dcde3435399dca508

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\icon.ico

Filesize
11KB

MD5
372b8e595552272d8980d7ce68a22a45

SHA1
3458abecc3172f86c0a42f889402a700964a7bdc

SHA256
9a6b51f26c9efb993a02f67582477d9b524b029af5d6b1bea046840012dc110e

SHA512
bb712405ea0c0ec66add82abd04ca8f32e07bea7e4bbdcb2bce53a16caf8d9bf2a514ec8e647739e739f995931fc6d04d155e8b2f381fb93765024a4aebc1fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\background.png

Filesize
713KB

MD5
54d3046d693ef7dc0e06a32ff629e7a1

SHA1
1d14c54f2db92c94e467dc3b3f6480fe737ed830

SHA256
62a7ec1cb750aa28bcfdc93cebf1521f8cdc352992938652527aacb79618e57c

SHA512
b4e123d3bf4b21bdb1c73ab9374bad0e1090e5cfd0b758bebfd907d4f3736c9f4e87e73e693a85eed66bd0e1eee85fbcf1a152eeb83ea6f317e85022d67fca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\de.png

Filesize
274B

MD5
0c730750c8a99bc30cf20b83d235aea6

SHA1
8ea6cd3bbdaae43607b4882560c4e04ef8eeaf8d

SHA256
b9d2aced61236662459e3acaaeaf44ce7af28405847c9a54d42fa4ae344f045f

SHA512
2fc3251378520052892b529b8c3638cbc3dd9c4ac471dc20382930c103c886826f05969400d7d1054b066cc81d00813ba86532b20be646aa8910efec9dfc6c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\en.png

Filesize
310B

MD5
c2de03c4d117d87763d4e1e5e28482db

SHA1
bfbecbfba4c5a871894c6784da913fa495a2aa3b

SHA256
e423db68a40835ac299155e365864461e37115a96f996091d5af026103d753e2

SHA512
628f47a91c2605a66dda06430f26d8685384136c0d04bc3146dd033462ef7def71c7d9ddd43cf3d07e892a400d089faed938a91317a94fce4febfd01183e1301

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\es.png

Filesize
370B

MD5
ff0df90a5a69c16ef24fab173a89ee4f

SHA1
02b14de1912f54b2b0630346c2cfe75a8da6d5b9

SHA256
c79f2cdfee1e6666b8180b7ee33d1f06bcffb113e602e8ec47b668d4db4f18d9

SHA512
4387449064aada45fba5e933304c5f931c29187acc025d291f1a758c6b2453085faa42693b2395fb08829b62187577988149514e133c2d4c58d6a2ed851f7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\fr.png

Filesize
284B

MD5
d03e36af77543804318d6a5e220724ea

SHA1
58f8df12d68e055019dce59a93afe17207d68bd8

SHA256
9914c4861965f03acbbc077509a8dbe76471a4b3c26eb3932427f9972236edb5

SHA512
8b10141b6411d05c4f7f7a1e3139fb0e7a8223c470b5f6a2ab84e07c482d39a56820b3e3a867263321744e2d5272bf9fabc81bde61fbb7e79e2ef31a37cacc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\it.png

Filesize
279B

MD5
b9673fed0ded2c7a6a3e2572b60ebb5c

SHA1
b4c6de948d9d7fb396dee563804fb161dc541cbe

SHA256
7ed6102d8a617b6cc2f7fe101ce130b037bf4fe7cc41deb011430f8def81b14a

SHA512
0f5965e93a08ea0a4f2a38de0e9f4accef71dea85d56f07c771ca62a966ab2049d611b1749544343e4389cea203137cb037fa2b7bd420087acfd3ddec2fc52f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\flags\pt.png

Filesize
806B

MD5
188d843e650bbcb429950217dfc0131f

SHA1
ec3a3cbab918dc69f797f96b718fc22e398771b0

SHA256
60d97aeb01ec6481d1c9f5be24082655c880a4ec947e42713168e3c36d6015b6

SHA512
8b8aa9535194304633d229161377c73e0b13fb757a2661620a4ebb33d0bf6bc7d56fe2456a062e7ef9f6224fc2aabeaad9d472b83c96f2643e4e44b9e46015ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\images\opera_banner_es.png

Filesize
460KB

MD5
71feb71eed2ab2a53ff3765f4a1e83de

SHA1
5dbd35ad7104691f4996311516504c844fdf23a8

SHA256
d624cb45b2d295fbbfd59d20c20a825fe73f5cd2b09d1e01f8da5aae1508aff4

SHA512
f30ec6e622106e05d02caec8f2464157348bf150b4c3cf33565e1bdd66c35dde542383c788b37c78c8a06876ece338dc65ecbd8f0020b1ae1bfe2e803150d78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\index.js

Filesize
5KB

MD5
959306e641b1474f109d59c7320d2663

SHA1
add0e58d53d96050af3a55b07bef4e2b3aebb443

SHA256
863203fb3952d5a921208ceff5cef705fc35bfb29519799ac5c1f8ca228fe437

SHA512
dcd41217bc980b5817456341fa07c9d7301f0188479850942042d07c0183068b621445dc6903367e3ce809afbfe52ee574c69cb9913da9175b3f1b1bcad1b5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\langs\es.js

Filesize
2KB

MD5
6e6fdf68120d784a17b10a8e1d87c2d8

SHA1
e6ef1aada60b098a9cbd60028a64a5f5aacf3407

SHA256
0bfb77caf7b42746b6738f4127ea215b43ed7d9e311b158d8776b22ae6a1e531

SHA512
be6b434436dafea7f545b208e525335d72013b9ac967b3a184598ecf06ed6fba1d5b6fda5ed59973f598648af3de4cbd1565622bb934300a238c733fe16760cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\js\main.js

Filesize
32KB

MD5
809b1a3f7d58f4b0b46a0b034b869df7

SHA1
1ec374e6f59b910ca6534c83cc606a1ea463d71b

SHA256
8f90bd5446d45e457bcfdb3cd4da2428d3b516ad07a3d72f1dee1cba4678b9dd

SHA512
00720a80126dd93737e87e4a9a3171083b9d342c34bb928d8b3c680b1de3e18bc90ae2189fe86b22c7afa4c8277bc79ae6150a06b6f6114b207399ab94512db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\assets\langs\es\eula.txt

Filesize
1KB

MD5
3c09cb08016752513697717cb4524919

SHA1
4aaa2a8d3f1e759570252e0bf16b744b575fbb38

SHA256
6458dd3cfef6f596c6ba49bf5cb42429b8573ac9af021d6e0fedb8c2f89a3e5c

SHA512
4c866141850d40ba21b20cb96a2f7bed13afc6b0534fdb08e68381ea40ba072fc769c15cd416a0a5c6e71aa485a44d364327d215af7ba581340363e61809c11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\eula.ejs

Filesize
981B

MD5
0887c927cc2ba0250bea889fd5d40660

SHA1
8ae1b01d3c501a15cfeade573a13b93c44ae34d5

SHA256
df0dc42c4ec4e3dbed33e6fd855e977f3bfb4cc2a49a8402ead53bfb9f544d6e

SHA512
01dd4c0e622e95adc652fd06c8503864506cae7466d4114bd11938f69a5b97065ecedf2a9d516d485abaa33fc3442bcd9de46f6a00b0979c11b05951bf2183db

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\footer.ejs

Filesize
4KB

MD5
d6c4aec009f8a181f5f805169cbad491

SHA1
7a7263138772c78c8c4330a2ed6cfbd3092c8985

SHA256
a2da2ca46128fdf7530a27ab8345986278cda1b78d7a075ec0fb11b66474fa8d

SHA512
d0a2d60113cdce329303f9657b741317e2f5b691d248fa2131b6668e07e7db9a5292ab734456681f335b71c732e003009631113cf14f218e13aaad7d4e8bb4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\header.ejs

Filesize
38KB

MD5
eef60d35e9f75d3c7030d0574250e56f

SHA1
6d29148b90187fa1583652bc8799e65efa10f637

SHA256
3cf434b126e4369ffb8e9f4d489daee1aad9f47828850386984b3c752cdc7042

SHA512
529bf36dacd2fc808e63a8091a8aa92f5d3d39c23077bc72298bf052f1bdcd6fc05282608ce5337643d3c1a794bdde2b8d364f7deb0c4b7ae75810be3bdb165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\index.ejs

Filesize
880B

MD5
5cb43b3d3c087f4dfb7ef3604a39e757

SHA1
62796be76ccb921544aa6279dd0139b00450e24a

SHA256
88b3b17146349c92955cc88bdd70ef1fa414bf624d771a0b8ed0d7f2d40d76cd

SHA512
b5247488c6dbd4f682d27884f3b516df00ad6725665f79c2d4ea76c1a54d318a31e32c6f96a11fafc382d36097e50f505e0cba904e13b4d45afa96544401eb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\index.js

Filesize
4KB

MD5
45ed15c0c0a7ec66046343f4f3212a7a

SHA1
296de778426805a2bda8566c5b37f24c34a6c24a

SHA256
5f8ce9450962956086e6f19cfb2bd6c84f230a6264e3164f41e2d2c91ab61925

SHA512
4baa2d75426cde366088aec26907ab8fe9ca5eacbb3ea648e5864f807d83b1586dc00d0d4a9f4e06ca219505978139a14869fdac18e39faa47777e74d7621a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\install-options.ejs

Filesize
3KB

MD5
877f16609a32c46ff5f8eab3648b1078

SHA1
5a3d5785704f016235b96fdbe04a9de69b48e203

SHA256
f8981d7e2001efe11511d6779675bcbead2fa27d6557a54dcb8492ea958a1454

SHA512
c6df43c91537d13d75e1b2e1b35fc2b452f7d62326f0074c24e975e18a47d31bade8a9e84514091bd537b8cb016c60e87920249cee73370188be045c628a30b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\language.ejs

Filesize
5KB

MD5
3fbf51eb59e0f0b050f5abcd2fcd3dca

SHA1
90d676bc914c2bebf33464dd088952abbedd56f3

SHA256
9016b2792ecdd22276e1d1e4172b4e598478f5668b27beb005e2219d229f216c

SHA512
c5e04500ebdd922d989594e3a0822fa9a9557d749e60af86ab1e309847342431a606f5e604538fa5d5666535bc68c4f5fbeeb4cdda9a832384505aac1ba2d998

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\logs.ejs

Filesize
1KB

MD5
6fc7c3d8bac3259202cb981acf8b18b6

SHA1
f3963b01f9a2df4e9b0b989b4e7ea8f55198ddfa

SHA256
62e112e61b5c9c582f5a9aac790a9275be8a560d1edb93c3a6879330298e53fc

SHA512
7d719b9698344ba99d3d860e28421bc7cfaf2e9d80cfc6da472413800900aa64f055add8269553e9838aa998df4d6575c6bf0091cf6263a6ea0c2537c36b5df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\resources\app\src\path.ejs

Filesize
2KB

MD5
21e1d48f90eb1017539741c7a74cf059

SHA1
7906534922134e26a5c59324aafad63e20bf10ba

SHA256
870496c864624ebce9da0b98ea830249897a2a2317f6a816751f0edb30aeb32b

SHA512
2cd3d44337c5e1b794a2233d25fef122a97910d7f7d32cb811c0fa3f84397dd4781e917ba3db0e024384439413925dd0ab73888d3d82119951b86192e807685b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\v8_context_snapshot.bin

Filesize
663KB

MD5
81870fb2f641c8b845e9c6d1a632f0b7

SHA1
fcd47d8d1232c189a1c4087bb03a015ce14c25ba

SHA256
875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840

SHA512
7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jywVpiXCBPKrhj2foFddYdfPdc\vk_swiftshader.dll

Filesize
5.1MB

MD5
0a071201e4dd76996e273c81533bfa74

SHA1
5c92c634027692c344a8e74eab8b4d5c3e049497

SHA256
08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee

SHA512
b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408220619389062628.dll

Filesize
4.7MB

MD5
d7b7e0f7865a3cc624e95cefe2bc205c

SHA1
1352733bfaa54292d1457d3f7a87069c00a1f56f

SHA256
94028494f0c28a14f21179ef4096e0c52f1d022a5ad65b070f0d8584b500b597

SHA512
e5bced68446f702de4236a6f11ec005bc5233915ff689693a1894afe7ea924ca6d6d8ae722b12daa0ee0b4e35223606a55f13b34db648bfb24e96a76e834ff08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfC526.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfC526.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfC526.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
1KB

MD5
8afb53295276ced98ad4b2deaa22de2a

SHA1
ca6f9999b070efab1f63213ba70f6b04cd653a06

SHA256
12796088bafd2854e1865593535917011bfe666f288f3c7a93a43858a365713a

SHA512
6f4c1747fe39c7d41ab07aefdcd703f5c8607c2f47eb8f19b3f006b88630d92181d0e448391c08e948ff22ab86e0a1f5b899c70aedad61f25c75ca8cc51b0efd

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State

Filesize
864B

MD5
d6801a590ed8b01aa6385eb947042063

SHA1
660f840046bcdfa41f59c6e6a16e2ca68cf2571d

SHA256
febd8ee8c418441778751b54245ec68ec7aa93e559d70197b2ec6dbc45cfe14c

SHA512
49a57b5d1796117bf9a22a54cc48bf866ff2a592c700e4064051e9c527fdbd5405d3862f30d9680b76e256f86dd4f9f07244a53b3cd6afc1ff4d8dd3087830d7

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\Network Persistent State~RFe58f48c.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity

Filesize
523B

MD5
867b87fcca985d444aa51a432e1df28f

SHA1
e40c2b803e15c79707b77b7e21f5fb84a0b09407

SHA256
227c432ec1c8daf776bb7a39fc649306d88d8940a14895b3ef2ae205d742a3ef

SHA512
42bf9bffe365f10253b0a0569086239491dc882cf90c3a1e0eb024f2ec9696500a316daba2e9e8d071022e0a226f9c40c2376c01b4eab235d5a626aca511bf0b

Download Submit
C:\Users\Admin\AppData\Roaming\Battly Launcher Installer\Network\TransportSecurity~RFe591786.TMP

Filesize
523B

MD5
2d2f7cd656ef29a80115a8939628de74

SHA1
45912bc3cf07ed8bfe5a71fe86933ac016afae6e

SHA256
812ca9d2ce21e3d186d136f41bef8626f5df082100f93b859483056f17db3d99

SHA512
eb455b445fce833c650d0c9ed0aa461ed8c034e37ec8f27eb052c3f7c0537e8cf411fa33a40e0ed8da1c1069953cde2298ca522c9773f70f1bfebb0e868f8d1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/5160-983-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-982-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-980-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-979-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-981-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-984-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-985-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-973-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-974-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download
memory/5160-975-0x0000017F11350000-0x0000017F11351000-memory.dmp

Filesize
4KB

Download