f38b9d7f0e19fa967b156cba6e17f5fc126ef6310c2db176c60420a39b523a12

Analysis

max time kernel
28s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2023 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Instalador OJOLAND Launcher.exe
Size

66.3MB
MD5

310c7949dbe25bf1438101601c027a74
SHA1

a895af964e9dd140b12a7a758e78149ae9572a39
SHA256

f38b9d7f0e19fa967b156cba6e17f5fc126ef6310c2db176c60420a39b523a12
SHA512

e81024db1693aa245116b173b3733383c59aa0821caa6b6e4c65d2ef6be44c569fe26f3a1c107248c73ee77a53a7eebe640462c55d5b57e9fd345e375d477ee1
SSDEEP

1572864:MUvBpZSbXHI40LE9elZ0vfANzpXQDyz66e75iQFuUUTRs:Mof07T0Y9SZq5Q6rbFf

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

OJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exe

pid process

3480 OJOLAND Launcher.exe
2216 OJOLAND Launcher.exe
4800 OJOLAND Launcher.exe
4276 OJOLAND Launcher.exe

pid	process
3480	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
4800	OJOLAND Launcher.exe
4276	OJOLAND Launcher.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

OJOLAND Launcher.exeOJOLAND Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	OJOLAND Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	OJOLAND Launcher.exe

Loads dropped DLL 16 IoCs

Processes:

Instalador OJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exeOJOLAND Launcher.exe

pid	process
4084	Instalador OJOLAND Launcher.exe
4084	Instalador OJOLAND Launcher.exe
4084	Instalador OJOLAND Launcher.exe
4084	Instalador OJOLAND Launcher.exe
4084	Instalador OJOLAND Launcher.exe
4084	Instalador OJOLAND Launcher.exe
4084	Instalador OJOLAND Launcher.exe
3480	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
4800	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
2216	OJOLAND Launcher.exe
4276	OJOLAND Launcher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

4916 tasklist.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Instalador OJOLAND Launcher.exetasklist.exe

pid process

4084 Instalador OJOLAND Launcher.exe
4084 Instalador OJOLAND Launcher.exe
4916 tasklist.exe
4916 tasklist.exe

pid	process
4916	tasklist.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

tasklist.exeInstalador OJOLAND Launcher.exeOJOLAND Launcher.exe

description	pid	process
Token: SeDebugPrivilege	4916	tasklist.exe
Token: SeSecurityPrivilege	4084	Instalador OJOLAND Launcher.exe
Token: SeShutdownPrivilege	3480	OJOLAND Launcher.exe
Token: SeCreatePagefilePrivilege	3480	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	3480	OJOLAND Launcher.exe
Token: SeCreatePagefilePrivilege	3480	OJOLAND Launcher.exe
Token: SeShutdownPrivilege	3480	OJOLAND Launcher.exe
Token: SeCreatePagefilePrivilege	3480	OJOLAND Launcher.exe

Suspicious use of WriteProcessMemory 51 IoCs

Processes:

Instalador OJOLAND Launcher.execmd.exeOJOLAND Launcher.exe

description	pid	process	target process
PID 4084 wrote to memory of 4968	4084	Instalador OJOLAND Launcher.exe	cmd.exe
PID 4084 wrote to memory of 4968	4084	Instalador OJOLAND Launcher.exe	cmd.exe
PID 4084 wrote to memory of 4968	4084	Instalador OJOLAND Launcher.exe	cmd.exe
PID 4968 wrote to memory of 4916	4968	cmd.exe	tasklist.exe
PID 4968 wrote to memory of 4916	4968	cmd.exe	tasklist.exe
PID 4968 wrote to memory of 4916	4968	cmd.exe	tasklist.exe
PID 4968 wrote to memory of 1412	4968	cmd.exe	find.exe
PID 4968 wrote to memory of 1412	4968	cmd.exe	find.exe
PID 4968 wrote to memory of 1412	4968	cmd.exe	find.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 2216	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 4800	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 4800	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 4276	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe
PID 3480 wrote to memory of 4276	3480	OJOLAND Launcher.exe	OJOLAND Launcher.exe

C:\Users\Admin\AppData\Local\Temp\Instalador OJOLAND Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Instalador OJOLAND Launcher.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4084

C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq OJOLAND Launcher.exe" | %SYSTEMROOT%\System32\find.exe "OJOLAND Launcher.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:4968

C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq OJOLAND Launcher.exe"
3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4916

C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "OJOLAND Launcher.exe"
3⤵
PID:1412

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3480

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1760,i,10830103218856676466,5727151977158657354,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2216

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --mojo-platform-channel-handle=2084 --field-trial-handle=1760,i,10830103218856676466,5727151977158657354,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4800

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --app-path="C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2344 --field-trial-handle=1760,i,10830103218856676466,5727151977158657354,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:4276

C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\OJOLAND" --app-path="C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3424 --field-trial-handle=1760,i,10830103218856676466,5727151977158657354,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
2⤵
PID:3448

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\OJOLAND\D3DCompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
114.9MB

MD5
2bf8b174d495439db4f01ca789d40600

SHA1
d4dab017b81180dca92b6fd4de11fbc272a0e668

SHA256
ddbdea3651c59bf552426e50237a460d478b2559a1513cf0b1a0fefd07ac78a7

SHA512
4d81d0701f5eeda951d4d86bd6a71d157bf6d228050b31102c63b02cc969b6da66fe402aeb8527c50ecc618c9483383737406097c3d18c72db57ee4c55516305

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
113.2MB

MD5
7ab7736f393ff0d8b63fa4a151dbf3b2

SHA1
6438beef5f8e935b46a126b4532b5d7c4e9e45d4

SHA256
ec6600c4cd04cf7d40019413e5fd74ea74d083bc40137bc5e72506ec6ff6e8e5

SHA512
6c9e20bf504dbc2fb4526e2d508158599334f2082f7d47f43143c6ddc0635dd774c354a5d973dfb5840a0ffa6ae3c262e1ad7226a73d55211e141ef722d7ef0e

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
101.4MB

MD5
4e870345857cfd0bda32f2560cba3506

SHA1
2279ed1e8cf694c405aae234517907fba76d8c40

SHA256
312038b75b59bb27a0005ecb36add7c967cf69d3d8dbe057563e4013f3f0ac0b

SHA512
58abdd03eed53a5fdb9bb267d9cb884c34c972f6085c0cc709c2d1327a0cf9458e1af0c40488f39473d4e0c7c08383aa405d5c57b149fe09bc5908bcbe16aae3

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
112.4MB

MD5
5944928916dca1e329f966bbfa999c28

SHA1
abbb05121fef3c8bbbd337b61442e88af5979e7c

SHA256
ef3fd4e0178afb807932965785f1ba4d2b0ace6114da7f81e49ceebe568bb594

SHA512
8b5016363be19d3eae82bf148c4f38f5258f55aae73db204d874ceed027a31d638565e99c0b47cbcdafdc6830530a85c2a4185cbdef0a9694502d0957151b6f2

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
127.1MB

MD5
0d364a92e81f0e25cf4edc6ab59dda97

SHA1
1fcbed9f03b4d1cb1c0ba9ff3001c6f2f4dbc1b9

SHA256
be235c524c05045da8ca20d050dde3d94ad24238a5063c40e1058a1b9ec3f406

SHA512
4a06b86a4db63ea4f57db864345740f3925c677c396c4557303e44bf49c609af3fdac03e16ad3323550cb7be5531fa37b2ca5d7678bd34b75109ebf7794a74b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\OJOLAND Launcher.exe
Filesize
100.2MB

MD5
99ea5cf981ec591bac859306c4496482

SHA1
082b76e6ea0dfbfdfb8b2502871d0d8abc80d025

SHA256
c3ff21380e5a0d0700f5efe6f0f5884a7f99e4e675b1710b1cf164d99618accd

SHA512
df7efe4b8360b2845827cb511e91fb75f5edb5161dede70b615ca38a7399202c8e65c3b51c2ea80090dd0171e775f6d324bf4ddb9e72a0114fb19cf1cc538fe1

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\chrome_100_percent.pak
Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\chrome_200_percent.pak
Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2.7MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2.7MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2.7MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2.7MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2.7MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\ffmpeg.dll
Filesize
2.7MB

MD5
a232e79a4b0722a446c747769afdeead

SHA1
422a5e94c7461608dbb6811ecca76eececc0e517

SHA256
11cbc8daec3a686a7383c6efd595719436342a49c9d471521835d64dfadf7aaa

SHA512
19b34f4cc9a042c3651380be4855d76fef53611c63316982f86da77f2f11aea63f276e42d33a93ee147bac53b06f6df0f07282a68b166f24e80b20589bfbfc88

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\icudtl.dat
Filesize
10.0MB

MD5
516f6b90d1539bd1eaeaa2fc32dadb92

SHA1
8017789bef98902cdc95c18e67b84378ddd293c0

SHA256
51edd31f6c5d298c662af320424b632172a31e3348cdbb201380636c95ded794

SHA512
db4b5fd7f8a0e0a331ffa7c574d011b059df8654cdc6ee4970f84fda20b88a3b8706f2605d91d19a6dd86d2702cc9542e026a054d28f85c51b676daa8d3f3bb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libEGL.dll
Filesize
458KB

MD5
67ba5fb2aa561a93d6bd38f9e41112e7

SHA1
d6f964388180cd1222f0124b7c7db13270bc98a3

SHA256
ffa93602b9f03d51ad7d59da7304756e3d9962b26bbb8911dd9a06389ab1add6

SHA512
45b8bca05d1e4123b65feb1ac6c3bf3b5bcd41cd200604dcfed6509479f2fdb5367c14fd266c2033aa2e6e54b20f0af705fbc7653cc08e114119848fdb24b408

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libGLESv2.dll
Filesize
7.1MB

MD5
0f0bb49a8c0bf998e26bbaa27e7a0139

SHA1
5a76ebe032de97289417805d191ca478ee029def

SHA256
d9b32f8e13bbcb632ba3d93a6dea3366c25ee8e059fa5d5bb62ecf2d3c5ce5f3

SHA512
8a145c3aa9725fbdb345c9531b50fb3c960b5d8555ff58d738d1017e9ae41b4062a25baf4385e5bec64f9e4ec41993445d9c3ba4d2ccdfea97843acbafaff323

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libegl.dll
Filesize
458KB

MD5
67ba5fb2aa561a93d6bd38f9e41112e7

SHA1
d6f964388180cd1222f0124b7c7db13270bc98a3

SHA256
ffa93602b9f03d51ad7d59da7304756e3d9962b26bbb8911dd9a06389ab1add6

SHA512
45b8bca05d1e4123b65feb1ac6c3bf3b5bcd41cd200604dcfed6509479f2fdb5367c14fd266c2033aa2e6e54b20f0af705fbc7653cc08e114119848fdb24b408

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\libglesv2.dll
Filesize
7.1MB

MD5
0f0bb49a8c0bf998e26bbaa27e7a0139

SHA1
5a76ebe032de97289417805d191ca478ee029def

SHA256
d9b32f8e13bbcb632ba3d93a6dea3366c25ee8e059fa5d5bb62ecf2d3c5ce5f3

SHA512
8a145c3aa9725fbdb345c9531b50fb3c960b5d8555ff58d738d1017e9ae41b4062a25baf4385e5bec64f9e4ec41993445d9c3ba4d2ccdfea97843acbafaff323

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\locales\en-US.pak
Filesize
295KB

MD5
a2ed0e17819c287b824cae5c0ac03af7

SHA1
9694627f89cd65fbb511eacc6c785ab045525ff2

SHA256
c4a2c6a90945868a02ad14b3a994e94b123981d56190bd34cc3cb14f31f2270b

SHA512
a527351a1c61e6ed4e999c6549ec04b2096712644c4e1f28b48872c031c9f0a4bb118c0ceb40dc3a35315ddc7cf244e3c0c03d864a53d4a76f6dcf1b3889c109

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources.pak
Filesize
5.1MB

MD5
915f50ee09363c2e946fa60c3080d97b

SHA1
38038c4bee8780aaa89936534e5559fbc6aec953

SHA256
d1c062104f136edf33ad4d89460b2e4d9c1e463e792834ab91ef7d2a11953794

SHA512
c59543522ae69753996a9912a2dec751f16dab7175c2073864253f77087654d895d12191815b257408b7442d027b0717c6a0d4e5e0b8948a3e60543197c1f10f

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app-update.yml
Filesize
87B

MD5
87871cf726e3181c8179170011be7201

SHA1
04dc4ddfbde22ac4773b766d0f1ee2ac617f399f

SHA256
80183e9d909609bee80f70951158e5ce3bce8b0fb0bbc631abcc2d0f6c21ebde

SHA512
07dc6df01e7735503da0d74a9e7f45ff2f4221e1606013ada29c8e73f7e52752303c5f76c87a251fdc632b029b1779a3b75ee011ee959abe08291960cdba9923

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\resources\app.asar
Filesize
10.7MB

MD5
bbf62ce1ebe6f679c1d5b801b9a7ee7e

SHA1
f99a8e4216a87dbeeda8274bf64bc2bb6dd53f45

SHA256
9fa8f39743099ff465e984eb1d326bdf9f618dad6b0d13992bfef4483ca6a71a

SHA512
d6eb93db2f8e6d32cacc4cdf230fefe30f78bc727d201a8cf6f8d670905faba5a0afe2689158c9a65bb613030d34e93879f863541d8d461ef9fcac189525f31e

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\v8_context_snapshot.bin
Filesize
716KB

MD5
7ea15faff14c6631ef7ef7899ec8235d

SHA1
b398fb7e8e3afa7886c483b054be4358aba5b800

SHA256
1717afb2f6958e37a34ab35b5b796ff2d9fa7d0d4828a405221ac3260b722973

SHA512
57e6fdf0c6c64f232fe6c247b955689bba09a9c2bd37124b3b4b419403ee1f1028b5eed6b1e3f96263cbc1762d3c2637e06ffb3a04891772d67487ee2fd8db45

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vk_swiftshader.dll
Filesize
4.6MB

MD5
db085989eeaeed1c28cd9c0ff3a2eab8

SHA1
f162cb5f4b3ccf9dedb92f9dd5844c3904f2777c

SHA256
2f2cd32d377593f79bb6a1d0fa06077e9c40f385350301d9ced749303048bbea

SHA512
477e3f9c3f46fb7402777b3901ffedb62086ff2882b8d5c8016c42e7f6a983d5e1b6e9e520a7932026da44b6e778c86963a375eb54ce22aa6ada4d1f1ebc3656

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vk_swiftshader.dll
Filesize
4.6MB

MD5
db085989eeaeed1c28cd9c0ff3a2eab8

SHA1
f162cb5f4b3ccf9dedb92f9dd5844c3904f2777c

SHA256
2f2cd32d377593f79bb6a1d0fa06077e9c40f385350301d9ced749303048bbea

SHA512
477e3f9c3f46fb7402777b3901ffedb62086ff2882b8d5c8016c42e7f6a983d5e1b6e9e520a7932026da44b6e778c86963a375eb54ce22aa6ada4d1f1ebc3656

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vulkan-1.dll
Filesize
849KB

MD5
4e8506a68ecce3dd7d548fadf4449e17

SHA1
661fcb79cd8045938c286130962c28c21bb91000

SHA256
958a773d38f725f966b6f24cfe7606903e61ad63335455d1bbcac1618959a277

SHA512
d380f58f0daf5134d68248f0329ae25e6a5af2f0204b6d1f569ef969337b5f86ef293d9b446cc6345206c55917edc6f1de7567984c920751590e73dc5d1e97d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\OJOLAND\vulkan-1.dll
Filesize
849KB

MD5
4e8506a68ecce3dd7d548fadf4449e17

SHA1
661fcb79cd8045938c286130962c28c21bb91000

SHA256
958a773d38f725f966b6f24cfe7606903e61ad63335455d1bbcac1618959a277

SHA512
d380f58f0daf5134d68248f0329ae25e6a5af2f0204b6d1f569ef969337b5f86ef293d9b446cc6345206c55917edc6f1de7567984c920751590e73dc5d1e97d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshCD0A.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1412-138-0x0000000000000000-mapping.dmp

Download
memory/2216-153-0x0000000000000000-mapping.dmp

Download
memory/3448-175-0x0000000000000000-mapping.dmp

Download
memory/4276-171-0x0000000000000000-mapping.dmp

Download
memory/4800-156-0x0000000000000000-mapping.dmp

Download
memory/4916-137-0x0000000000000000-mapping.dmp

Download
memory/4968-136-0x0000000000000000-mapping.dmp

Download