Behavioral Report

Analysis

max time kernel
148s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-01-2023 10:54

Sharing

Copy URL

Twitter E-mail

Report Files Registry Network Processes Mutex Misc

General

Target

Instalador OJOLAND Launcher.exe
Size

66MB
MD5

310c7949dbe25bf1438101601c027a74
SHA1

a895af964e9dd140b12a7a758e78149ae9572a39
SHA256

f38b9d7f0e19fa967b156cba6e17f5fc126ef6310c2db176c60420a39b523a12
SHA512

e81024db1693aa245116b173b3733383c59aa0821caa6b6e4c65d2ef6be44c569fe26f3a1c107248c73ee77a53a7eebe640462c55d5b57e9fd345e375d477ee1
SSDEEP

1572864:MUvBpZSbXHI40LE9elZ0vfANzpXQDyz66e75iQFuUUTRs:Mof07T0Y9SZq5Q6rbFf

Score

10^/10

discovery ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Programs\OJOLAND\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, in

Emails

ooura@kurims.kyoto-u.ac.jp
victoria.zhislina@intel.com
openssl-core@openssl.org
eay@cryptsoft.com
tjh@cryptsoft.com
eay@cryptsoft.com)&quot
tjh@cryptsoft.com)&quot
john.boyer@abilitiessoft.com
&lt;daniel@haxx.se&gt
&lt;marijnh@gmail.com&gt
lionel.ulmer@free.fr
bbrox@bbrox.org
&lt;rob@ti.com&gt
&lt;mans@mansr.com&gt
&lt;christophe.gisquet@gmail.com&gt
&lt;skal@planet-d.net&gt
&lt;astrange@ithinksw.com&gt
&lt;pross@xvid.org&gt
&lt;peter@elecard.net.ru&gt
&lt;walken@zoy.org&gt
&lt;lorenm@u.washington.edu&gt
&lt;henrik@gramner.com&gt
&lt;BugMaster@narod.ru&gt
&lt;fiona@x264.com&gt
michaelni@gmx.at
bvasic@mips.com
darko@mips.com
djordje@mips.com
goran@mips.com
mvulin@mips.com
socovaj@mips.com
zoranl@mips.com
freetype@nongnu.org
freetype-devel@nongnu.org
breese@users.sourceforge.net
Gary.Pennington@uk.sun.com
&lt;breese@users.sourceforge.net&gt
jloup@gzip.org
madler@alumni.caltech.edu
&lt;breadbox@muppetlabs.com&gt
pommier@modartt.com
&lt;clee@freedesktop.org&gt
&lt;marineau@genie.uottawa.ca&gt
&lt;Holger.Veit@gmd.de&gt
&lt;bence.nagy@gmail.com&gt
bataak@gmail.com
rezende@ic.unicamp.br
jj@di.uminho.pt
c-tsai4@uiuc.edu
&lt;scott@netsplit.com&gt
&lt;dbn.lists@gmail.com&gt
&lt;provos@citi.umich.edu&gt
&lt;dugsong@monkey.org&gt
&lt;Todd.Miller@courtesan.com&gt
&lt;mike@datanerds.net&gt
&lt;maxim.yegorushkin@gmail.com&gt
&lt;saari@netscape.com&gt
&lt;cls@lubutu.com&gt
&lt;dev@frign.de&gt
&lt;iano@quirkster.com&gt
&lt;jamey@minilop.net&gt
&lt;josh@freedesktop.org&gt
&lt;doomster@knuut.de&gt
&lt;libzip@nih.at&gt
&quot;newlib@sourceware.org&quot
&lt;jeanphilippe.aumasson@gmail.com&gt
&lt;info@bnoordhuis.nl&gt
nicolas.roussel@inria.fr
hello@blakeembrey.com
&lt;mjg@redhat.com&gt

ooura@kurims.kyoto-u.ac.jp

victoria.zhislina@intel.com

openssl-core@openssl.org

eay@cryptsoft.com

tjh@cryptsoft.com

eay@cryptsoft.com)&quot

tjh@cryptsoft.com)&quot

john.boyer@abilitiessoft.com

<daniel@haxx.se&gt

<marijnh@gmail.com&gt

lionel.ulmer@free.fr

bbrox@bbrox.org

<rob@ti.com&gt

<mans@mansr.com&gt

<christophe.gisquet@gmail.com&gt

<skal@planet-d.net&gt

<astrange@ithinksw.com&gt

<pross@xvid.org&gt

<peter@elecard.net.ru&gt

<walken@zoy.org&gt

URLs

https://www.apache.org/licenses/
https://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
http://mozilla.org/MPL/2.0/
http://www.torchmobile.com/
https://cla.developers.google.com/clas
http://www.openssl.org/)&quot
https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS
http://www.opensource.apple.com/apsl/
https://github.com/typetools/jdk
https://github.com/typetools/stubparser
https://github.com/typetools/annotation-tools
https://github.com/plume-lib/
http://www.mozilla.org/MPL/
http://source.android.com/
http://source.android.com/compatibility
http://www.apple.com/legal/guidelinesfor3rdparties.html
https://github.com/easylist
https://easylist.to/)&quot
https://creativecommons.org/compatiblelicenses
https://creativecommons.org/
http://developer.intel.com/vtune/cbts/strmsimd/922down.htm
http://skal.planet-d.net/coding/dct.html
http://developer.intel.com/vtune/cbts/strmsimd/appnotes.htm
http://www.elecard.com/peter/idct.html
http://www.linuxvideo.org/mpeg2dec/
http://www.opensource.org/licenses/bsd-license.php
https://www.freetype.org
http://www.mozilla.org/MPL/2.0/
http://www.mozilla.org/MPL/2.0/FAQ.html
http://freetype.sourceforge.net/license.html
http://www.freetype.org
http://source.icu-project.org/repos/icu/icu/trunk/license.html
http://icu-project.org/userguide/icufaq.html
http://www.unicode.org/copyright.html
http://www.unicode.org/Public/
http://www.unicode.org/reports/
http://www.unicode.org/cldr/data/
http://jquery.com/
https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt
https://github.com/jquery/sizzle/blob/master/LICENSE
http://ctrio.sourceforge.net/
http://www.cisl.ucar.edu/css/software/fftpack5/ftpk.html
http://www.opensource.org/licenses/mit-license.php
http://www.tex-tipografia.com/spanish_hyphen.html
https://opensource.org/licenses/BSD-3-Clause
https://www.unicode.org/copyright.html
http://opensource.org/licenses/bsd-license.php
https://sourceforge.net/project/?group_id=1519
http://chasen.aist-nara.ac.jp/chasen/distribution.html
http://casper.beckman.uiuc.edu/~c-tsai4
https://github.com/rober42539/lao-dictionary
https://github.com/rober42539/lao-dictionary/laodict.txt
https://github.com/rober42539/lao-dictionary/LICENSE.txt
http://oss.sgi.com/projects/FreeB/
https://www.khronos.org/registry/
https://llvm.org/docs/DeveloperPolicy.html#legacy
http://llvm.org
http://www.unicode.org/Public/zipped/9.0.0/UCD.zip
https://github.com/chjj/
http://daringfireball.net/
http://modp.com/release/base64
http://sourceware.org/newlib/docs.html
http://sourceware.org/ml/newlib/
https://github.com/joyent/node
https://github.com/joyent/libuv
https://registry.npmjs.org
https://www.npmjs.com
https://joyent.com
https://nodejs.org
https://jelloween.deviantart.com
https://js.foundation
http://creativecommons.org/publicdomain/zero/1.0/
https://datatracker.ietf.org/ipr/1524/
https://datatracker.ietf.org/ipr/1914/
https://datatracker.ietf.org/ipr/1526/
http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/
http://www.mozilla.org/NPL/
http://code.google.com/p/lao-dictionary/
http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
https://creativecommons.org/licenses/by/3.0/
https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
http://www.ploscompbiol.org/static/license
http://www.gutenberg.org/ebooks/53
http://www.suitable.com
http://www.nongnu.org/freebangfont/downloads.html#mukti
https://dejavu-fonts.github.io/Download.html">homepage</a></span>
http://scripts.sil.org/OFL
http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

https://github.com/easylist

https://easylist.to/)&quot

Signatures

Executes dropped EXE ⋅ 5 IoCs

Processes:

OJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exe

pid process

972 OJOLAND Launcher.exe
1304 OJOLAND Launcher.exe
1744 OJOLAND Launcher.exe
1020 OJOLAND Launcher.exe
684 OJOLAND Launcher.exe

pid	process
972	OJOLAND Launcher.exe
1304	OJOLAND Launcher.exe
1744	OJOLAND Launcher.exe
1020	OJOLAND Launcher.exe
684	OJOLAND Launcher.exe

Checks computer location settings ⋅ 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

TTPs:

Query Registry System Information Discovery

Processes:

OJOLAND Launcher.exeOJOLAND Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	OJOLAND Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	OJOLAND Launcher.exe

Loads dropped DLL ⋅ 24 IoCs

Processes:

Instalador OJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exe

pid	process
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1956	Instalador OJOLAND Launcher.exe
1196
1196
1196
1196
1196
972	OJOLAND Launcher.exe
1304	OJOLAND Launcher.exe
1304	OJOLAND Launcher.exe
1304	OJOLAND Launcher.exe
1304	OJOLAND Launcher.exe
1744	OJOLAND Launcher.exe
1020	OJOLAND Launcher.exe
684	OJOLAND Launcher.exe

Checks installed software on the system ⋅ 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

TTPs:

Query Registry
Enumerates physical storage devices ⋅ 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

TTPs:

System Information Discovery
Enumerates processes with tasklist ⋅ 1 TTPs 1 IoCs

TTPs:

Process Discovery

Processes:

tasklist.exe

pid process

1500 tasklist.exe
Suspicious behavior: EnumeratesProcesses ⋅ 3 IoCs

Processes:

Instalador OJOLAND Launcher.exetasklist.exe

pid process

1956 Instalador OJOLAND Launcher.exe
1500 tasklist.exe
1500 tasklist.exe

pid	process
1500	tasklist.exe

Suspicious use of AdjustPrivilegeToken ⋅ 14 IoCs

Processes:

tasklist.exeInstalador OJOLAND Launcher.exeOJOLAND Launcher.exe

description	pid	process
Token: SeDebugPrivilege	1500	tasklist.exe
Token: SeSecurityPrivilege	1956	Instalador OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	972	OJOLAND Launcher.exe

Suspicious use of WriteProcessMemory ⋅ 64 IoCs

Processes:

Instalador OJOLAND Launcher.execmd.exeOJOLAND Launcher.exe

description	pid	process	target process
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1956 wrote to memory of 1340	1956	Instalador OJOLAND Launcher.exe	cmd.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1500	1340	cmd.exe	tasklist.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 1340 wrote to memory of 1136	1340	cmd.exe	find.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1304	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1744	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1744	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1744	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 972 wrote to memory of 1020	972	OJOLAND Launcher.exe	OJOLAND Launcher.exe

C:\Users\Admin\AppData\Local\Temp\Instalador OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Instalador OJOLAND Launcher.exe"

Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory

PID:1956

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq OJOLAND Launcher.exe" | %SYSTEMROOT%\System32\find.exe "OJOLAND Launcher.exe"

Suspicious use of WriteProcessMemory

PID:1340

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq OJOLAND Launcher.exe"

Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken

PID:1500

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "OJOLAND Launcher.exe"

PID:1136

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe"

Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory

PID:972

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=968 --field-trial-handle=1112,i,6713851067890337704,3074511959875342723,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Executes dropped EXE
Loads dropped DLL

PID:1304

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --mojo-platform-channel-handle=1276 --field-trial-handle=1112,i,6713851067890337704,3074511959875342723,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

Executes dropped EXE
Loads dropped DLL

PID:1744

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --app-path="C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1476 --field-trial-handle=1112,i,6713851067890337704,3074511959875342723,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

Executes dropped EXE
Checks computer location settings
Loads dropped DLL

PID:1020

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --mojo-platform-channel-handle=1640 --field-trial-handle=1112,i,6713851067890337704,3074511959875342723,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

Executes dropped EXE
Loads dropped DLL

PID:684

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

C:\Users\Admin\AppData\Local\Programs\OJOLAND\D3DCompiler_47.dll
Filesize
4MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
106MB

MD5
703ac878a6ac89046dda1ce8e89791e4

SHA1
52681d0fbc0d1a79d63f4a28354cb24c7ea21c3f

SHA256
6d17feac61dead17bb467c51934a8bc7781fa7a6edcdfb7b6594540169c6a201

SHA512
dce0e7e4527b6470b9ab6d9aa4452e0dd33d20dfec40c41a8ecee956a8f19604f79a7c420b2661d84b474dee9b481153ae140d6bbdf4eb30f9546b652622974a

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
106MB

MD5
c8806a5cbc46dc4d6d8cd0e015db1b34

SHA1
e03b2e024650751b0438b52cfecd12ae8cd7543e

SHA256
a9a8e8b1df0d9108a5b31cfbda5d9ea9235a9983c302e42d745815197aab52e5

SHA512
0b46ae865451f92a79ca6859c2aa8b1d1c7e105d0e1a7fbc64867f6a2e9bb13a5a5385769933d0c9fc72f427924094f3171986270347402649b441f2e5613cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
106MB

MD5
a74312fd8f5adf742767d4fbb07458ce

SHA1
1a262424a322a2cdff6e8eaa653cf797bc22cd7a

SHA256
ff0942a05212bbc871fa4846bcf338a32d42ab47266950f97858a1c3b411ecc0

SHA512
0e92a44b706651fb065fbd16e8c008ec413bd888fd4a4afee0593a9d97bd19097e3f259ee336c1f8816b477e10b2febe8bdb0fec907d57e67461699e6e9fa7a2

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
104MB

MD5
527f9049037d06307989ae7180bfdc73

SHA1
f9f39a39126bbcd28157f7b06aee41c633971b21

SHA256
56986460aa4090cb05b958725bbe880ac249998beae5a6c2aa8f2959bda58c7d

SHA512
751a3d62ce8a895854766e463d898c7d731bba4cbae7289362bfb00f6a55257752cedf77c1d6615534d607075c859823bc5870c6e215044e236d8704919ebf0c

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
62MB

MD5
c19459d1657ed477e44f199d7f0bce17

SHA1
e8d2764b877c3918f817e9d06eed8525220299e5

SHA256
783d7b003cd733510a89f28c20194edd510df2290f79f48cddb4ff26bf0502b3

SHA512
f2c526ab38aed939f313daa3065723e7c05cbd53d587d4c1c06221602b848c76021ba369c145e77caadf065aaceb178f5961e976df199410fac29127a6993332

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\chrome_100_percent.pak
Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\chrome_200_percent.pak
Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\icudtl.dat
Filesize
9MB

MD5
516f6b90d1539bd1eaeaa2fc32dadb92

SHA1
8017789bef98902cdc95c18e67b84378ddd293c0

SHA256
51edd31f6c5d298c662af320424b632172a31e3348cdbb201380636c95ded794

SHA512
db4b5fd7f8a0e0a331ffa7c574d011b059df8654cdc6ee4970f84fda20b88a3b8706f2605d91d19a6dd86d2702cc9542e026a054d28f85c51b676daa8d3f3bb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libegl.dll
Filesize
458KB

MD5
67ba5fb2aa561a93d6bd38f9e41112e7

SHA1
d6f964388180cd1222f0124b7c7db13270bc98a3

SHA256
ffa93602b9f03d51ad7d59da7304756e3d9962b26bbb8911dd9a06389ab1add6

SHA512
45b8bca05d1e4123b65feb1ac6c3bf3b5bcd41cd200604dcfed6509479f2fdb5367c14fd266c2033aa2e6e54b20f0af705fbc7653cc08e114119848fdb24b408

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libglesv2.dll
Filesize
7MB

MD5
0f0bb49a8c0bf998e26bbaa27e7a0139

SHA1
5a76ebe032de97289417805d191ca478ee029def

SHA256
d9b32f8e13bbcb632ba3d93a6dea3366c25ee8e059fa5d5bb62ecf2d3c5ce5f3

SHA512
8a145c3aa9725fbdb345c9531b50fb3c960b5d8555ff58d738d1017e9ae41b4062a25baf4385e5bec64f9e4ec41993445d9c3ba4d2ccdfea97843acbafaff323

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\locales\en-US.pak
Filesize
295KB

MD5
a2ed0e17819c287b824cae5c0ac03af7

SHA1
9694627f89cd65fbb511eacc6c785ab045525ff2

SHA256
c4a2c6a90945868a02ad14b3a994e94b123981d56190bd34cc3cb14f31f2270b

SHA512
a527351a1c61e6ed4e999c6549ec04b2096712644c4e1f28b48872c031c9f0a4bb118c0ceb40dc3a35315ddc7cf244e3c0c03d864a53d4a76f6dcf1b3889c109

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources.pak
Filesize
5MB

MD5
915f50ee09363c2e946fa60c3080d97b

SHA1
38038c4bee8780aaa89936534e5559fbc6aec953

SHA256
d1c062104f136edf33ad4d89460b2e4d9c1e463e792834ab91ef7d2a11953794

SHA512
c59543522ae69753996a9912a2dec751f16dab7175c2073864253f77087654d895d12191815b257408b7442d027b0717c6a0d4e5e0b8948a3e60543197c1f10f

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar
Filesize
10MB

MD5
bbf62ce1ebe6f679c1d5b801b9a7ee7e

SHA1
f99a8e4216a87dbeeda8274bf64bc2bb6dd53f45

SHA256
9fa8f39743099ff465e984eb1d326bdf9f618dad6b0d13992bfef4483ca6a71a

SHA512
d6eb93db2f8e6d32cacc4cdf230fefe30f78bc727d201a8cf6f8d670905faba5a0afe2689158c9a65bb613030d34e93879f863541d8d461ef9fcac189525f31e

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\v8_context_snapshot.bin
Filesize
716KB

MD5
7ea15faff14c6631ef7ef7899ec8235d

SHA1
b398fb7e8e3afa7886c483b054be4358aba5b800

SHA256
1717afb2f6958e37a34ab35b5b796ff2d9fa7d0d4828a405221ac3260b722973

SHA512
57e6fdf0c6c64f232fe6c247b955689bba09a9c2bd37124b3b4b419403ee1f1028b5eed6b1e3f96263cbc1762d3c2637e06ffb3a04891772d67487ee2fd8db45

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
144MB

MD5
978aa19073c5d119ce3477857ae2d3fb

SHA1
2fbf0487f9e0b69f280c51d55ee82801ae42fc0a

SHA256
2021025faf1c854534401f53150f3403a979ec1090638970e6ca391b42912ebc

SHA512
486f65f8c11e722756f62110f3f6c5b57283b91a3620094081b0c908aef1cb962d069c2a7041207254fc026c130f539baa19d690f2b5ad049c41d266fe894f93

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\d3dcompiler_47.dll
Filesize
4MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\libEGL.dll
Filesize
458KB

MD5
67ba5fb2aa561a93d6bd38f9e41112e7

SHA1
d6f964388180cd1222f0124b7c7db13270bc98a3

SHA256
ffa93602b9f03d51ad7d59da7304756e3d9962b26bbb8911dd9a06389ab1add6

SHA512
45b8bca05d1e4123b65feb1ac6c3bf3b5bcd41cd200604dcfed6509479f2fdb5367c14fd266c2033aa2e6e54b20f0af705fbc7653cc08e114119848fdb24b408

Download Submit
\Users\Admin\AppData\Local\Programs\OJOLAND\libGLESv2.dll
Filesize
7MB

MD5
0f0bb49a8c0bf998e26bbaa27e7a0139

SHA1
5a76ebe032de97289417805d191ca478ee029def

SHA256
d9b32f8e13bbcb632ba3d93a6dea3366c25ee8e059fa5d5bb62ecf2d3c5ce5f3

SHA512
8a145c3aa9725fbdb345c9531b50fb3c960b5d8555ff58d738d1017e9ae41b4062a25baf4385e5bec64f9e4ec41993445d9c3ba4d2ccdfea97843acbafaff323

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsdDC8.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/684-135-0x0000000000000000-mapping.dmp

Download
memory/972-83-0x000007FEFC421000-0x000007FEFC423000-memory.dmp

Filesize
8KB

Download
memory/1020-132-0x0000000000000000-mapping.dmp

Download
memory/1136-62-0x0000000000000000-mapping.dmp

Download
memory/1304-119-0x0000000000000000-mapping.dmp

Download
memory/1304-118-0x0000000147D12000-0x0000000147D13000-memory.dmp

Filesize
4KB

Download
memory/1304-117-0x0000000147D12000-0x0000000147D13000-memory.dmp

Filesize
4KB

Download
memory/1340-59-0x0000000000000000-mapping.dmp

Download
memory/1500-61-0x0000000000000000-mapping.dmp

Download
memory/1744-120-0x0000000000000000-mapping.dmp

Download
memory/1956-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download