Behavioral Report

Analysis

max time kernel
31s
max time network
57s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
25-01-2023 11:00

Sharing

Copy URL

Twitter E-mail

Report Files Registry Network Processes Mutex Misc

General

Target

Instalador OJOLAND Launcher.exe
Size

66MB
MD5

310c7949dbe25bf1438101601c027a74
SHA1

a895af964e9dd140b12a7a758e78149ae9572a39
SHA256

f38b9d7f0e19fa967b156cba6e17f5fc126ef6310c2db176c60420a39b523a12
SHA512

e81024db1693aa245116b173b3733383c59aa0821caa6b6e4c65d2ef6be44c569fe26f3a1c107248c73ee77a53a7eebe640462c55d5b57e9fd345e375d477ee1
SSDEEP

1572864:MUvBpZSbXHI40LE9elZ0vfANzpXQDyz66e75iQFuUUTRs:Mof07T0Y9SZq5Q6rbFf

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE ⋅ 4 IoCs

Processes:

OJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exe

pid process

4152 OJOLAND Launcher.exe
1164 OJOLAND Launcher.exe
4760 OJOLAND Launcher.exe
160 OJOLAND Launcher.exe

pid	process
4152	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe
4760	OJOLAND Launcher.exe
160	OJOLAND Launcher.exe

Loads dropped DLL ⋅ 15 IoCs

Processes:

Instalador OJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exe

pid	process
2632	Instalador OJOLAND Launcher.exe
2632	Instalador OJOLAND Launcher.exe
2632	Instalador OJOLAND Launcher.exe
2632	Instalador OJOLAND Launcher.exe
2632	Instalador OJOLAND Launcher.exe
2632	Instalador OJOLAND Launcher.exe
2632	Instalador OJOLAND Launcher.exe
4152	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe
4760	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe
1164	OJOLAND Launcher.exe

Checks installed software on the system ⋅ 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

TTPs:

Query Registry
Enumerates physical storage devices ⋅ 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

TTPs:

System Information Discovery
Enumerates processes with tasklist ⋅ 1 TTPs 1 IoCs

TTPs:

Process Discovery

Processes:

tasklist.exe

pid process

4164 tasklist.exe
Suspicious behavior: EnumeratesProcesses ⋅ 4 IoCs

Processes:

Instalador OJOLAND Launcher.exetasklist.exe

pid process

2632 Instalador OJOLAND Launcher.exe
2632 Instalador OJOLAND Launcher.exe
4164 tasklist.exe
4164 tasklist.exe

pid	process
4164	tasklist.exe

Suspicious use of AdjustPrivilegeToken ⋅ 4 IoCs

Processes:

tasklist.exeInstalador OJOLAND Launcher.exeOJOLAND Launcher.exe

description	pid	process
Token: SeDebugPrivilege	4164	tasklist.exe
Token: SeSecurityPrivilege	2632	Instalador OJOLAND Launcher.exe
Token: SeShutdownPrivilege	4152	OJOLAND Launcher.exe
Token: SeCreatePagefilePrivilege	4152	OJOLAND Launcher.exe

Suspicious use of FindShellTrayWindow ⋅ 1 IoCs

Processes:

Instalador OJOLAND Launcher.exe

pid process

2632 Instalador OJOLAND Launcher.exe

Suspicious use of WriteProcessMemory ⋅ 51 IoCs

Processes:

Instalador OJOLAND Launcher.execmd.exeOJOLAND Launcher.exe

description	pid	process	target process
PID 2632 wrote to memory of 4312	2632	Instalador OJOLAND Launcher.exe	cmd.exe
PID 2632 wrote to memory of 4312	2632	Instalador OJOLAND Launcher.exe	cmd.exe
PID 2632 wrote to memory of 4312	2632	Instalador OJOLAND Launcher.exe	cmd.exe
PID 4312 wrote to memory of 4164	4312	cmd.exe	tasklist.exe
PID 4312 wrote to memory of 4164	4312	cmd.exe	tasklist.exe
PID 4312 wrote to memory of 4164	4312	cmd.exe	tasklist.exe
PID 4312 wrote to memory of 504	4312	cmd.exe	find.exe
PID 4312 wrote to memory of 504	4312	cmd.exe	find.exe
PID 4312 wrote to memory of 504	4312	cmd.exe	find.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 1164	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 4760	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 4760	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 160	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 4152 wrote to memory of 160	4152	OJOLAND Launcher.exe	OJOLAND Launcher.exe

C:\Users\Admin\AppData\Local\Temp\Instalador OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Instalador OJOLAND Launcher.exe"

Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory

PID:2632

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq OJOLAND Launcher.exe" | %SYSTEMROOT%\System32\find.exe "OJOLAND Launcher.exe"

Suspicious use of WriteProcessMemory

PID:4312

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq OJOLAND Launcher.exe"

Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken

PID:4164

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "OJOLAND Launcher.exe"

PID:504

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe"

Executes dropped EXE
Loads dropped DLL
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory

PID:4152

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1568,i,14030208203411223258,5157431009629584828,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Executes dropped EXE
Loads dropped DLL

PID:1164

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --mojo-platform-channel-handle=1800 --field-trial-handle=1568,i,14030208203411223258,5157431009629584828,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

Executes dropped EXE
Loads dropped DLL

PID:4760

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --app-path="C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar" --no-sandbox --no-zygote --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2020 --field-trial-handle=1568,i,14030208203411223258,5157431009629584828,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

Executes dropped EXE

PID:160

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --app-path="C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1568,i,14030208203411223258,5157431009629584828,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

PID:3568

Network

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

C:\Users\Admin\AppData\Local\Programs\OJOLAND\D3DCompiler_47.dll
Filesize
4MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
94MB

MD5
acc4d1bf7e7e0787000db3b3544af3fd

SHA1
0ab30b6abc05360bad155c3479c5dae6d8338d17

SHA256
1a8de43c810aa22621575c5eeb0d0c46c7553fbda412be7ce72f3106626c32b2

SHA512
d17fa31f6ae89fba9c778a77339f459c2c6ad2e5a38de9e3c66b8d4794a907cfa07d0a6871fe09e6f88fad06ff8c2cf00cdb441ff0da8bb5853d1c632525691d

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
54MB

MD5
d3abb2c19cf1cfdd3fd34b701033cd86

SHA1
64c57ca8e1fba7e06ac7b4a15334291180ee9bf9

SHA256
7f695c2b5f6a304682203e39853cec482f4cf8292d0934662e920988be50b844

SHA512
83346a560f80bb9f5042a64232aaaeafafb5986ed308a152ad7d9929d8fb150d1fa99ded4bed3019b72cc8533a5f949ec98723feb5a46f8242c4b12c3c6996a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
57MB

MD5
db52769648971061cba2584a46000395

SHA1
4114adb52bff1204ff80b2d480f7302d08009ad2

SHA256
88ae7091570ec0a06dd27ca2c0223517d152495337973a2807ce46fbdc1367f4

SHA512
378318c36980a58a6d1e4c54bfab570db79a4763a164a0548898a2241d6afebbcb83c9a7b168dc8861335a7dc7e23d6e980911be3e69df5a96d1a6fa6b818974

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
57MB

MD5
596d1bc1e3f379482ad93f8e03e352f4

SHA1
6426df83e3a2198dccb195ffa877eb25cfbb64c0

SHA256
c3ef5bbc480e3b97e284aad6beb24e04f24db7d01a27d8771db6ff8e2df36810

SHA512
7c094e74e09959fe19494418debb5f7cf1622004b344434ab4eb05fd0fd5db81db6d6e974904586c4c2460537cd3dca5a7b4d77ef8c6b84ad9200158b189114a

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
47MB

MD5
4c916551a559863f5076d68f189493e9

SHA1
c05d12590751799b9974886cdf749977e0e6ccce

SHA256
b3ec70b4ce5fba52445f4118a8b38d83cee7c2d974c3816550e671175c225819

SHA512
9caa1950f53212d55565e2509e544241cd9888f344cc574e3d424a858757992473255e8fbe443982510e6c8153f95127bd015b3d2d488287ec6cf6297908b180

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
50MB

MD5
f9268e5db113b9e0487124dc2230aa25

SHA1
6e29f7a686f242c18e4a215a19108e0171336145

SHA256
96e7c8cdcd3264dba5c7d24a886973f3931db7310da6f29fb020bdfee57eca48

SHA512
477207700b600fab305b2bc7099e54b292ce47c70c0be6e610bb68489f833a7e9d534202b6e9e6e7e2e4a54226bf6fac61b1b9464de394f14ad84d5796c6d982

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\chrome_100_percent.pak
Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\chrome_200_percent.pak
Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\icudtl.dat
Filesize
9MB

MD5
516f6b90d1539bd1eaeaa2fc32dadb92

SHA1
8017789bef98902cdc95c18e67b84378ddd293c0

SHA256
51edd31f6c5d298c662af320424b632172a31e3348cdbb201380636c95ded794

SHA512
db4b5fd7f8a0e0a331ffa7c574d011b059df8654cdc6ee4970f84fda20b88a3b8706f2605d91d19a6dd86d2702cc9542e026a054d28f85c51b676daa8d3f3bb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libegl.dll
Filesize
458KB

MD5
67ba5fb2aa561a93d6bd38f9e41112e7

SHA1
d6f964388180cd1222f0124b7c7db13270bc98a3

SHA256
ffa93602b9f03d51ad7d59da7304756e3d9962b26bbb8911dd9a06389ab1add6

SHA512
45b8bca05d1e4123b65feb1ac6c3bf3b5bcd41cd200604dcfed6509479f2fdb5367c14fd266c2033aa2e6e54b20f0af705fbc7653cc08e114119848fdb24b408

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libglesv2.dll
Filesize
7MB

MD5
0f0bb49a8c0bf998e26bbaa27e7a0139

SHA1
5a76ebe032de97289417805d191ca478ee029def

SHA256
d9b32f8e13bbcb632ba3d93a6dea3366c25ee8e059fa5d5bb62ecf2d3c5ce5f3

SHA512
8a145c3aa9725fbdb345c9531b50fb3c960b5d8555ff58d738d1017e9ae41b4062a25baf4385e5bec64f9e4ec41993445d9c3ba4d2ccdfea97843acbafaff323

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\locales\es.pak
Filesize
359KB

MD5
a638e3161bebaf58c501963efc4040ce

SHA1
fb53a4732620555e30e10e40e886ee45fc4d653c

SHA256
e2f3d548187b5b02c3be595927130f097ff29bdeef6c063980c90b298b1023c4

SHA512
9dc94cae924f4ea0b756145541e4dc70a283d84805d6f103fe7069b15c865730f632270b81a11facec17bf3c56986d337cebb1904922b09c150e3b3ae05e2842

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources.pak
Filesize
5MB

MD5
915f50ee09363c2e946fa60c3080d97b

SHA1
38038c4bee8780aaa89936534e5559fbc6aec953

SHA256
d1c062104f136edf33ad4d89460b2e4d9c1e463e792834ab91ef7d2a11953794

SHA512
c59543522ae69753996a9912a2dec751f16dab7175c2073864253f77087654d895d12191815b257408b7442d027b0717c6a0d4e5e0b8948a3e60543197c1f10f

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app-update.yml
Filesize
87B

MD5
87871cf726e3181c8179170011be7201

SHA1
04dc4ddfbde22ac4773b766d0f1ee2ac617f399f

SHA256
80183e9d909609bee80f70951158e5ce3bce8b0fb0bbc631abcc2d0f6c21ebde

SHA512
07dc6df01e7735503da0d74a9e7f45ff2f4221e1606013ada29c8e73f7e52752303c5f76c87a251fdc632b029b1779a3b75ee011ee959abe08291960cdba9923

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar
Filesize
10MB

MD5
bbf62ce1ebe6f679c1d5b801b9a7ee7e

SHA1
f99a8e4216a87dbeeda8274bf64bc2bb6dd53f45

SHA256
9fa8f39743099ff465e984eb1d326bdf9f618dad6b0d13992bfef4483ca6a71a

SHA512
d6eb93db2f8e6d32cacc4cdf230fefe30f78bc727d201a8cf6f8d670905faba5a0afe2689158c9a65bb613030d34e93879f863541d8d461ef9fcac189525f31e

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\v8_context_snapshot.bin
Filesize
716KB

MD5
7ea15faff14c6631ef7ef7899ec8235d

SHA1
b398fb7e8e3afa7886c483b054be4358aba5b800

SHA256
1717afb2f6958e37a34ab35b5b796ff2d9fa7d0d4828a405221ac3260b722973

SHA512
57e6fdf0c6c64f232fe6c247b955689bba09a9c2bd37124b3b4b419403ee1f1028b5eed6b1e3f96263cbc1762d3c2637e06ffb3a04891772d67487ee2fd8db45

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vk_swiftshader.dll
Filesize
4MB

MD5
db085989eeaeed1c28cd9c0ff3a2eab8

SHA1
f162cb5f4b3ccf9dedb92f9dd5844c3904f2777c

SHA256
2f2cd32d377593f79bb6a1d0fa06077e9c40f385350301d9ced749303048bbea

SHA512
477e3f9c3f46fb7402777b3901ffedb62086ff2882b8d5c8016c42e7f6a983d5e1b6e9e520a7932026da44b6e778c86963a375eb54ce22aa6ada4d1f1ebc3656

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vulkan-1.dll
Filesize
849KB

MD5
4e8506a68ecce3dd7d548fadf4449e17

SHA1
661fcb79cd8045938c286130962c28c21bb91000

SHA256
958a773d38f725f966b6f24cfe7606903e61ad63335455d1bbcac1618959a277

SHA512
d380f58f0daf5134d68248f0329ae25e6a5af2f0204b6d1f569ef969337b5f86ef293d9b446cc6345206c55917edc6f1de7567984c920751590e73dc5d1e97d4

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\d3dcompiler_47.dll
Filesize
4MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\libEGL.dll
Filesize
458KB

MD5
67ba5fb2aa561a93d6bd38f9e41112e7

SHA1
d6f964388180cd1222f0124b7c7db13270bc98a3

SHA256
ffa93602b9f03d51ad7d59da7304756e3d9962b26bbb8911dd9a06389ab1add6

SHA512
45b8bca05d1e4123b65feb1ac6c3bf3b5bcd41cd200604dcfed6509479f2fdb5367c14fd266c2033aa2e6e54b20f0af705fbc7653cc08e114119848fdb24b408

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\libGLESv2.dll
Filesize
7MB

MD5
0f0bb49a8c0bf998e26bbaa27e7a0139

SHA1
5a76ebe032de97289417805d191ca478ee029def

SHA256
d9b32f8e13bbcb632ba3d93a6dea3366c25ee8e059fa5d5bb62ecf2d3c5ce5f3

SHA512
8a145c3aa9725fbdb345c9531b50fb3c960b5d8555ff58d738d1017e9ae41b4062a25baf4385e5bec64f9e4ec41993445d9c3ba4d2ccdfea97843acbafaff323

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\vk_swiftshader.dll
Filesize
4MB

MD5
db085989eeaeed1c28cd9c0ff3a2eab8

SHA1
f162cb5f4b3ccf9dedb92f9dd5844c3904f2777c

SHA256
2f2cd32d377593f79bb6a1d0fa06077e9c40f385350301d9ced749303048bbea

SHA512
477e3f9c3f46fb7402777b3901ffedb62086ff2882b8d5c8016c42e7f6a983d5e1b6e9e520a7932026da44b6e778c86963a375eb54ce22aa6ada4d1f1ebc3656

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\vulkan-1.dll
Filesize
849KB

MD5
4e8506a68ecce3dd7d548fadf4449e17

SHA1
661fcb79cd8045938c286130962c28c21bb91000

SHA256
958a773d38f725f966b6f24cfe7606903e61ad63335455d1bbcac1618959a277

SHA512
d380f58f0daf5134d68248f0329ae25e6a5af2f0204b6d1f569ef969337b5f86ef293d9b446cc6345206c55917edc6f1de7567984c920751590e73dc5d1e97d4

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsnF4C6.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/160-349-0x0000000000000000-mapping.dmp

Download
memory/504-234-0x0000000000000000-mapping.dmp

Download
memory/1164-325-0x0000000000000000-mapping.dmp

Download
memory/2632-150-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-158-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-163-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-164-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-165-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-166-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-167-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-168-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-169-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-170-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-171-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-161-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-173-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-160-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-175-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-176-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-177-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-178-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-180-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-179-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-181-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-182-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-183-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-184-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-185-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-159-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-140-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-121-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-122-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-146-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-148-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-153-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-157-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-162-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-155-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-156-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-154-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-152-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-151-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-120-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-149-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-147-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-145-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-144-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-143-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-142-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-123-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-141-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-139-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-138-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-137-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-136-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-135-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-134-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-133-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-132-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-131-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-130-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-129-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-128-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-127-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-126-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-125-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/2632-124-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1MB

Download
memory/3568-357-0x0000000000000000-mapping.dmp

Download
memory/4164-231-0x0000000000000000-mapping.dmp

Download
memory/4312-192-0x0000000000000000-mapping.dmp

Download
memory/4760-330-0x0000000000000000-mapping.dmp

Download