485c10e2cdfb12719af452698a0dfc4ccc77a5fa875fe9ded9458d50493b657d

Resubmissions

18/04/2023, 20:38

230418-zezheafh7w 7

03/04/2023, 18:01

03/04/2023, 17:41

02/04/2023, 22:37

02/04/2023, 22:01

Analysis

max time kernel
25s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/04/2023, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RonaWindSetup.exe
Size

67.6MB
MD5

d68dc63c71466ab7473b8452773ee381
SHA1

e2b62184339c066f3958975e8d7e9c02f6185dec
SHA256

485c10e2cdfb12719af452698a0dfc4ccc77a5fa875fe9ded9458d50493b657d
SHA512

83ef1e09a2b5d859047ec92f275176a24b281febe34adf133066e9c508cb9b406fe0d50d04df0ee4dd146bd1ec28be1a3d3c931856ec641a1c290d08f018efb3
SSDEEP

1572864:/kn/bfPa1o9Yl/7JJ7Ko7bFZg6+Nk8YQMKRI+FMKNpBVPjIUyY/X:/KbK1o9YjJuyFZ9+mmRKK/bhVv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1940	RonaWind.exe

Loads dropped DLL 17 IoCs

pid	Process
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1544	RonaWindSetup.exe
1248	Process not Found
1248	Process not Found
1248	Process not Found
1248	Process not Found
1248	Process not Found
1940	RonaWind.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
524	tasklist.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1544	RonaWindSetup.exe
524	tasklist.exe
524	tasklist.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	524	tasklist.exe
Token: SeSecurityPrivilege	1544	RonaWindSetup.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1416	1544	RonaWindSetup.exe	28
PID 1544 wrote to memory of 1416	1544	RonaWindSetup.exe	28
PID 1544 wrote to memory of 1416	1544	RonaWindSetup.exe	28
PID 1544 wrote to memory of 1416	1544	RonaWindSetup.exe	28
PID 1416 wrote to memory of 524	1416	cmd.exe	30
PID 1416 wrote to memory of 524	1416	cmd.exe	30
PID 1416 wrote to memory of 524	1416	cmd.exe	30
PID 1416 wrote to memory of 524	1416	cmd.exe	30
PID 1416 wrote to memory of 568	1416	cmd.exe	31
PID 1416 wrote to memory of 568	1416	cmd.exe	31
PID 1416 wrote to memory of 568	1416	cmd.exe	31
PID 1416 wrote to memory of 568	1416	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\RonaWindSetup.exe
"C:\Users\Admin\AppData\Local\Temp\RonaWindSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq RonaWind.exe" | %SYSTEMROOT%\System32\find.exe "RonaWind.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq RonaWind.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:524
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "RonaWind.exe"
    3⤵
    PID:568

C:\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe
"C:\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
C:\Users\Admin\AppData\Local\Programs\ronawind\ffmpeg.dll

Filesize
2.7MB

MD5
87e93fd4312521881bc9739cf4e77687

SHA1
62a33cff725443dcf958df15c927661f9429aeeb

SHA256
98b1e8096f1be8d40c781d96f05cb19f7ced321bdee2b145cd6fd990b156f01c

SHA512
3bcdd88cdeb7dfdca8162401b7473bf454896f3889290ea18a3ed01b0da0bd66e12d0e2758c41a27c318a4e21f152e3927b371c0ae4d4d9a11fae0d3a7fb40dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\LICENSES.chromium.html

Filesize
6.4MB

MD5
c3528648bedbde1223a2faab1a3f9af3

SHA1
934d3c8f184258338ff380964ed89053ce69ac5b

SHA256
57b8e5a3f2cd62805001aefca035c7348b4d1abac157e6df3d798bb31f2ec3d2

SHA512
3e3cc0fd7a55f67ee0afff9696beef33bdc9524375bbe9d8e8f7660fd408c756c1156ca0b02ecccdc22799c7b8e74dbde012732ad6b3ebe0a3cfc54ff5132b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
87e93fd4312521881bc9739cf4e77687

SHA1
62a33cff725443dcf958df15c927661f9429aeeb

SHA256
98b1e8096f1be8d40c781d96f05cb19f7ced321bdee2b145cd6fd990b156f01c

SHA512
3bcdd88cdeb7dfdca8162401b7473bf454896f3889290ea18a3ed01b0da0bd66e12d0e2758c41a27c318a4e21f152e3927b371c0ae4d4d9a11fae0d3a7fb40dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\libEGL.dll

Filesize
468KB

MD5
3171b22e16fab918464fcb153e30453b

SHA1
523d6489b693de92ea94dc876421ccf4b139cfd7

SHA256
56ef67da075e2a182de2d94ae6017e3f9fd285113087dcb7755ee28023e5fe64

SHA512
9fca92325c59bb5dd5c41ebf32c90e5b731ab46d09365b6f3386d32848aa744fb12b083268f97d7b95a07a2cbf48ac702f2c97a1dd4afe357186fd385b66cfbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\libGLESv2.dll

Filesize
7.2MB

MD5
03a914c978b65af2549f5001c0688b6c

SHA1
2800791c2903f38542a7e181807957343747e6a1

SHA256
869e57011a299243d09159b29a804ec9c6ecb1b833ab2f0f8dd3860a30b83330

SHA512
b51dc6865487862be8fa364449c9b28bb5d86d1fe7dfce2d8f857af650b9a8c119cab2c1dd0db0d97a29687954942f95f9f335274510976b95eb25d6b520b09b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\af.pak

Filesize
353KB

MD5
464e5eeaba5eff8bc93995ba2cb2d73f

SHA1
3b216e0c5246c874ad0ad7d3e1636384dad2255d

SHA256
0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1

SHA512
726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\am.pak

Filesize
569KB

MD5
2c933f084d960f8094e24bee73fa826c

SHA1
91dfddc2cff764275872149d454a8397a1a20ab1

SHA256
fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450

SHA512
3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ar.pak

Filesize
624KB

MD5
fdbad4c84ac66ee78a5c8dd16d259c43

SHA1
3ce3cd751bb947b19d004bd6916b67e8db5017ac

SHA256
a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b

SHA512
376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\bg.pak

Filesize
652KB

MD5
38bcabb6a0072b3a5f8b86b693eb545d

SHA1
d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89

SHA256
898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1

SHA512
002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\bn.pak

Filesize
838KB

MD5
9340520696e7cb3c2495a78893e50add

SHA1
eed5aeef46131e4c70cd578177c527b656d08586

SHA256
1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39

SHA512
62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ca.pak

Filesize
400KB

MD5
4cd6b3a91669ddcfcc9eef9b679ab65c

SHA1
43c41cb00067de68d24f72e0f5c77d3b50b71f83

SHA256
56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6

SHA512
699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\cs.pak

Filesize
409KB

MD5
eeee212072ea6589660c9eb216855318

SHA1
d50f9e6ca528725ced8ac186072174b99b48ea05

SHA256
de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43

SHA512
ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\da.pak

Filesize
371KB

MD5
e58916a6af2805db6397624b8387e1c0

SHA1
f27d9a10796735de61bbdcb2684d89e6782ef640

SHA256
1108efa686a1f7e24380d405083acab23d5c33a9ddf562ceaad9e6c0b9f75b00

SHA512
9d9d49443722bdc206345b815665046fdecaefe2ab2a23af16daa57cc3ef5d273f0c95808e29b4c8457bcf5c473ed1097fe0917d07e33cb18ff6922b9a041a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\de.pak

Filesize
397KB

MD5
e0d3e944726b5669178fda09a80a2f3f

SHA1
b5f60c57f1fe58675c3b3e05e0de853c588218ad

SHA256
9641546e0c030b4817fc3f7d7fc71aad637ae3f0bfbf1e9c956dd1a53a7be7bf

SHA512
e6a52be58e13bf791a843c9511b6c0f8d923206359ef81305af249be85cac6b7583ddf13cf1071aff3772da59f6ecc9c539ab2453790e56ada873e755138da4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\el.pak

Filesize
712KB

MD5
e66a75680f21ce281995f37099045714

SHA1
d553e80658ee1eea5b0912db1ecc4e27b0ed4790

SHA256
21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f

SHA512
d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\en-GB.pak

Filesize
324KB

MD5
825ed4c70c942939ffb94e77a4593903

SHA1
7a3faee9bf4c915b0f116cb90cec961dda770468

SHA256
e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16

SHA512
41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\es-419.pak

Filesize
395KB

MD5
7da3e8aa47ba35d014e1d2a32982a5bb

SHA1
8e35320b16305ad9f16cb0f4c881a89818cd75bb

SHA256
7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c

SHA512
1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\es.pak

Filesize
394KB

MD5
2b7583747afa8b4382c96b02e33567e8

SHA1
314a18dde3cbbaebd693548c73525a3ac8f37be7

SHA256
6eb8265c9e704e409efae40bdbce5cf88e8285ad4425ccb7fa71335fa6ad55ac

SHA512
2cb7a152deb401b2abec03739f8cbd92e66b51cb2ff661f74e8e8491f9b466086a34f200cb5c6d66f1f52b6dca8841c3da2d1d880f03399f53271496bb66d652

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\et.pak

Filesize
356KB

MD5
ccc71f88984a7788c8d01add2252d019

SHA1
6a87752eac3044792a93599428f31d25debea369

SHA256
d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944

SHA512
d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\fa.pak

Filesize
577KB

MD5
2e37fd4e23a1707a1eccea3264508dff

SHA1
e00e58ed06584b19b18e9d28b1d52dbfc36d70f3

SHA256
b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e

SHA512
7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\fi.pak

Filesize
365KB

MD5
f5f176adae8cec52dde0a44dae03a3a9

SHA1
c4dcecde9aa3a93ec942587b44cbbaffc8e8bea7

SHA256
4e5a63b1e70f96da3e7f17660b511c3cdd67e630e7af29a400f24e395bc9ab4a

SHA512
4016afa43718dd8499d27a3ddcc3efc0031eaf965c6860bc4b274f3172deba17aec05b962fcdd0a808b01b858cf43a3fdbdf90aa3d292f55fa9b62571538da94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\fil.pak

Filesize
410KB

MD5
d7df2ea381f37d6c92e4f18290c6ffe0

SHA1
7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4

SHA256
db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a

SHA512
96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\fr.pak

Filesize
426KB

MD5
e3037594b18590d02837e4c4af7362b0

SHA1
8a7168a3573431db50fa7e43cd8ab9b61a1f7e3a

SHA256
6db92b75f3ccd6814aaa33f87099fde12177f79ac5483cafe3f2bfcf0b23f4d9

SHA512
24b75a411c796559d61e7fa52e60db46f9870487b782436f9e219ae06991490f8b051b3ff38e404e50e4e6f90b1ad7e04ebfa0aa9e42f107c28927f0f430d27e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\gu.pak

Filesize
813KB

MD5
308619d65b677d99f48b74ccfe060567

SHA1
9f834df93fd48f4fb4ca30c4058e23288cf7d35e

SHA256
e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4

SHA512
3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\he.pak

Filesize
507KB

MD5
7f6859bce77448a7d304a68fd9fc86e3

SHA1
a9e6471cc7c00c14ec3838d45ff7653316caf4fb

SHA256
2b553b86347cb0d023b1b4de3bf0594a70691dfec7278e55bb05a83866efc125

SHA512
6f689a9bb29d5b1ee23bcf53dd14b28e84596c91e8657c346ba0c848a03cfc25b3826666f13ad9e3a35b72de3b3ae67ea86893ddd90a762104b7d205f7e6c493

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\hi.pak

Filesize
848KB

MD5
b5dfce8e3ba0aec2721cc1692b0ad698

SHA1
c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3

SHA256
b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b

SHA512
facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\hr.pak

Filesize
397KB

MD5
255f808210dbf995446d10ff436e0946

SHA1
1785d3293595f0b13648fb28aec6936c48ea3111

SHA256
4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b

SHA512
8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\hu.pak

Filesize
427KB

MD5
2aa0a175df21583a68176742400c6508

SHA1
3c25ba31c2b698e0c88e7d01b2cc241f0916e79a

SHA256
b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72

SHA512
03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\id.pak

Filesize
350KB

MD5
b6fcd5160a3a1ae1f65b0540347a13f2

SHA1
4cf37346318efb67908bba7380dbad30229c4d3d

SHA256
7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313

SHA512
a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\it.pak

Filesize
388KB

MD5
3f70274c332b4b3a2fe0a2e8dfaa39cf

SHA1
d7d452884993428823227f5f217932e93571f586

SHA256
5a71f23e65aff5d3d8345bb4c3e828486a27fb05e3385b089b892ed588df9ed1

SHA512
a48114f026fe72d465447a6ebc4f3ae0aa7f4f77136e3fc1f080a0137b04b4fb81ff86734b81f240fc918639ef5abcde41875b32986ae2c42cdaf54c6486dcc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ja.pak

Filesize
472KB

MD5
4e6cc9965f7a8bad7505d95d4f50b3e6

SHA1
8b126d5da1ffeb210661957f184a0c33103e8e60

SHA256
180dae8282f0ea6d926632d36ea39e89e7c2c53c3d45b99946ef824040e3d3ad

SHA512
c29f4fffc8b385e936aeeb5f33715848678528f67b6892142a3a85b29104232cc87f52f1ae179e84e562b8d14e91a0187fc009d2dd813ad5775b8e5eeaee9c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\kn.pak

Filesize
938KB

MD5
fccd5d8ad5e1c774771b19dda55d9b9a

SHA1
fabbaf469e4aec44342a7e6f74b837cde2203b71

SHA256
47c77fdf73267865a025a54027865a8d67e26943264a43c6e794ccbd6eec549b

SHA512
c9dc6cf0ff5a4094cc07ce4881319778a076b44651b16a220940d7a587ffaa92b6b80f7264605a3c8e6dd780e9c3d8e4d403d01cd8f94e0122ac19cd4d636aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ko.pak

Filesize
398KB

MD5
c9344b5b436da62a3d18bf10e60c77c8

SHA1
68a969f9b6453fa13f9bc849befd6df0ce4b8e08

SHA256
e2ad6e0af9fa8fcc4dfbb37e89e171702052c758362875c81dfd466b12cf13a3

SHA512
6e166d0bc19abb9d2b4072516e20bf3f8ab7fc68dca74957e214e6d41b8ae114ed84472a04f42c0967e5dbfc204e0ee9c09d3c4cefd77dfb61979de72439ae14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\lt.pak

Filesize
429KB

MD5
64b08ffc40a605fe74ecc24c3024ee3b

SHA1
516296e8a3114ddbf77601a11faf4326a47975ab

SHA256
8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e

SHA512
05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\lv.pak

Filesize
427KB

MD5
a8cbd741a764f40b16afea275f240e7e

SHA1
317d30bbad8fd0c30de383998ea5be4eec0bb246

SHA256
a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086

SHA512
3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ml.pak

Filesize
974KB

MD5
1c81104ac2cbf7f7739af62eb77d20d5

SHA1
0f0d564f1860302f171356ea35b3a6306c051c10

SHA256
66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108

SHA512
969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\mr.pak

Filesize
797KB

MD5
5657d67f6d21b507aab24ff62b0d4701

SHA1
b685a327c525b7e42eece306984e6d88dd803a29

SHA256
671c3cb2a805a63a275ad608d37d0577c6a2813dd67fb6c2b70f8232323aac04

SHA512
637c60834edc6f31c80692274af05e3f78466cd5ddb2fd7c79315b0f54939f41f25c3b30c86fd10751d032def1f99cb853c3186128a76a3a82a6989eaf14a835

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ms.pak

Filesize
365KB

MD5
aee105366a1870b9d10f0f897e9295db

SHA1
eee9d789a8eeafe593ce77a7c554f92a26a2296f

SHA256
c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939

SHA512
240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\nb.pak

Filesize
358KB

MD5
55d5ad4eacb12824cfcd89470664c856

SHA1
f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673

SHA256
4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261

SHA512
555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\nl.pak

Filesize
370KB

MD5
0f04bac280035fab018f634bcb5f53ae

SHA1
4cad76eaecd924b12013e98c3a0e99b192be8936

SHA256
be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b

SHA512
1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\pl.pak

Filesize
412KB

MD5
8854aef2a3a62472a6085c8ee8c1ec52

SHA1
16ae447f8fa5dee9beb3622a338843ef51652bc4

SHA256
ac8387ebe1e37070d2de5eb2a6909602a9463957bad0cb4eaba1156d3eafd6e2

SHA512
b701d8b46100decbd47886f053bafb4d9898f48c15a36a5760447b2001900fe4088211c4445891da199af04f1d18b695703cfa3603a7a80ae3fba9c0ce9cfd73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\pt-BR.pak

Filesize
389KB

MD5
126eff8c773ad239b64a3d171729ee08

SHA1
d47175d9df435e16d9126eb8fe0f4fb27621d90c

SHA256
04f98b1ee125a1a749e0d1e61f69a58a5b7af897b4322454387f9ba165703fdf

SHA512
50a226a3a964a8ec83a74cec0d60306eafa3e123d43130cf9b6425ddf2d613f215a5698419de640d7c47171ab33e2e80bee1fc873ab2d9bffe20bbff0da77e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\pt-PT.pak

Filesize
391KB

MD5
7a20beb0dfa3aeb2629d000d8e5482ea

SHA1
8627a45042186d490e950ab3c34e962fc9dfb7e1

SHA256
029fe6070235dc6f38a2ab6ba8d290d4d84673ca908cdda8891707735bc69500

SHA512
ac70f35719618e0511e8c7b5f22a58813f0ec15f853631e3cc85efad13f2553112ebc0f81eb8fc22228ecb01c3ac477b69af5f0d567f042b6dee016bdc6e428b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ro.pak

Filesize
403KB

MD5
d2758f6adbaeea7cd5d95f4ad6dde954

SHA1
d7476db23d8b0e11bbabf6a59fde7609586bdc8a

SHA256
2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c

SHA512
8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ru.pak

Filesize
656KB

MD5
0907d70c073653e7b1a65ec411e6be2e

SHA1
d20d72467eeb08115fbfd2e68e5024cbc459fd42

SHA256
f8326292b47146f9c0a355a12d3d0c7c0a07849ffe71578e1ca3f2c756539bd9

SHA512
8bfa3d080151d39bdadd6dde07c8cc3f96df8c160e50e81025df64476aa4652f567f68f08c79bff188858518334c872c14cb58ba71c28094a535f9e8e9c657f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\sk.pak

Filesize
416KB

MD5
b7e97cc98b104053e5f1d6a671c703b7

SHA1
0f7293f1744ae2cd858eb3431ee016641478ae7d

SHA256
b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f

SHA512
ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\sl.pak

Filesize
401KB

MD5
ca763e801de642e4d68510900ff6fabb

SHA1
c32a871831ce486514f621b3ab09387548ee1cff

SHA256
340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de

SHA512
e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\sr.pak

Filesize
616KB

MD5
c68c235d8e696c098cf66191e648196b

SHA1
5c967fbbd90403a755d6c4b2411e359884dc8317

SHA256
ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b

SHA512
34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\sv.pak

Filesize
361KB

MD5
251682c6f4238bef8ab5471870a5454b

SHA1
2bf36466446abe39d487c61898d335901bbb09b0

SHA256
e1cbce672de3ba3a01272b9b763dcfd8229fba0883df2b4117ac6b0f9916c073

SHA512
de1e507b24e71f60c298253aacff49724b6a8c6336455d8dfcc6e939e53ed5e7a95dc5574e66a7fae38b6666446ac9cd83e5ad1b794b4ffa38d06052663c1f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\sw.pak

Filesize
379KB

MD5
67a443a5c2eaad32625edb5f8deb7852

SHA1
a6137841e8e7736c5ede1d0dc0ce3a44dc41013f

SHA256
41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd

SHA512
e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ta.pak

Filesize
964KB

MD5
18ec8ff3c0701a6a8c48f341d368bab5

SHA1
8bff8aee26b990cf739a29f83efdf883817e59d8

SHA256
052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9

SHA512
a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\te.pak

Filesize
894KB

MD5
a17f16d7a038b0fa3a87d7b1b8095766

SHA1
b2f845e52b32c513e6565248f91901ab6874e117

SHA256
d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e

SHA512
371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\th.pak

Filesize
753KB

MD5
a32ba63feeed9b91f6d6800b51e5aeae

SHA1
2fbf6783996e8315a4fb94b7d859564350ee5918

SHA256
e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6

SHA512
adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\tr.pak

Filesize
385KB

MD5
ca201fed1301187dbe9ed65b4ccd3547

SHA1
f904ea7325915401491e42610855f5769be28120

SHA256
46d2ac624470e5fb747b3d403581b1692892661aa474149067fd5acebc1130e5

SHA512
4c2913c4266d00acd446875e2c966c96065c13acca58de8d3151b445f759ecb35481d2013b46e099573b899d745dc54732fc3428251acbe4b0a05d3bd7a4c0b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\uk.pak

Filesize
657KB

MD5
c7286527971d88cc50659b8c00bdb7a0

SHA1
a0ef230d46d214ac469e2dc84f1d46d8f8d83eed

SHA256
52de620f977dffe77da843562d592ef41775af5dfc5f3be769739c050d049cb7

SHA512
e5573eb59a12c27f953c6132a993a9d5f76509f3e83528ccc51b80d33de9948c7932231965e55b7887ed88b4c179d9a0cbe9d41769d228c41c447d8c167915a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\ur.pak

Filesize
571KB

MD5
1ca4fa13bd0089d65da7cd2376feb4c6

SHA1
b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c

SHA256
3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f

SHA512
d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\vi.pak

Filesize
455KB

MD5
befc24124201bc716386fe618a3675ef

SHA1
15b4717c135be1292974270f5c36506a0ae76d71

SHA256
eb62bfa59587f59bdb48670bcd1a5cf884e3420aa3954718cb5e22750c182344

SHA512
1f443783f5da53d931fdb0853ea0b9993d3b3d305a559dccdb11048fa87ecba65b5dd8e03a7168d6db8911cbf9ee33639aca2e9fa67381f1c43d13db7d1a18f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\zh-CN.pak

Filesize
332KB

MD5
8f10fd388eb732a6b0eb02185fbc6e21

SHA1
2ebdaeeb7460e8d4c434380983df6ef5b2e9a48d

SHA256
b28272271f771e11edd01a119aca71430eff42d3ed640088c8e89a9c2910bd8d

SHA512
98f6a76b7b658a9deaacba03f22137ee887e72a73f423f9cc2113db67281ad12630aeb943a56d15780684bbcb34eecd6e7ef93a10c3f390cf1035ca7a1e16096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\locales\zh-TW.pak

Filesize
330KB

MD5
fbb2cc32d7e3de0618a783b819bf8711

SHA1
b6965efef25d9146061d2b990ebb0a23b9b703ad

SHA256
a2df611bc31135da1ddaacce772106ba5e60ce950d9837e958744eeb13b12e1c

SHA512
66acf52606bd5d0dba9933f9733e7f943ee7806cdcd6b01980e61a51e6bd228f3115417bcb00a6e049f77efa56148aeed5414f6573c86060fa2778f4f89ae54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
a25607b61da11ffc7def1bf5aebd12d8

SHA1
2d0d846f49437cc424263600ffd709621d695fa7

SHA256
587844d8e4afcf492fe17cd70bf60c175701726eda1ca0768d1c6913f0713bd9

SHA512
0abb12cedefb272b7dd7bb9eba14f569c28d5d0eba49e4212f54ee6efd36e7bd0398d2da37bafded9bfefbd5abda4481bce04f12848c50200a1cdeea20537dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\resources\app.asar

Filesize
1.9MB

MD5
e037dd64f4a61ba2fdd2e1a1454044e0

SHA1
4e5dbfff80c32cd8ea148b115b7e874289cdd729

SHA256
1b66ee832a0df4d4643e3caf5e6ac3a499de5018ba35df213d8bdd935aba08ee

SHA512
4edef1db852ad1f1e79f1c298493f3ec81e85e68a194e76d4f7dd56c3f990547acf91afa159832e911e679824db90fb23ac3c18ba5605a37c202a1b113131d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\snapshot_blob.bin

Filesize
158KB

MD5
a0c15be6ca6ac3e64a9c40618967918f

SHA1
e16310dc5599fc5eb5a22c8af0fbe12b943ed604

SHA256
ba80660764b93ed858490896d75e6a7e83acbfd346b1e459d78cff1c9b228fdb

SHA512
13d53a7873d03cd136df77828ed44538017dd268d863e184ec80c26c4ca129d04ddc3af0ca6a589eb531da14ea5a742667e5d65bf88c2ee2f4c3b46889b9eea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\v8_context_snapshot.bin

Filesize
465KB

MD5
73828e08c1432e49a17416bb7dd2abb4

SHA1
83167a7dd282aef3ad8be66a2c168a6e15706616

SHA256
91fab2bc8a09cc544625bde8d6e9568619a2292aea1192fb36d804bc7adc19cf

SHA512
27ed3c1bf35128af87f8a45f999560991d162976360e2b4fbc980fd93373050432a9f0a3db88924529d2284a173772f555b9c4ffe80f46ecef7976a3ebae9ac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
0fc9322c9591192cdaa748757486ed6c

SHA1
aefbbb381d09d1f48d52d45bb26b088977a67d41

SHA256
3a59877511ff66096b3e5bfae39487d6001c657216b6495aac11ae5ecd2e723a

SHA512
0927ccf56ce60d2cd7825e0c42c17adacaba184de86d6ce8c1902f5d693c98ca9ac0a3c052ebab70ab1e310e4d6a591a703ede14cdc75a8d25a26710b96480a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\7z-out\vulkan-1.dll

Filesize
899KB

MD5
c1f13770551b9c9793080d34681c27a8

SHA1
c9e704646dbd3c41d455677c5c651b256dab1fe8

SHA256
2224ee42a19eafd2959c5a722222a411acbcf15b08f7e8cf8970c455737ffa2a

SHA512
643fa95cbfd8f57100eb9f7ed845a43ee3b87dc92bea563cafa191c7b000ed39e6bfe20374a54a4fe2158761a88b17afd9d679a71dea0d06b790ee5cf2f11511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\RonaWind.exe

Filesize
154.5MB

MD5
bf1c8883c15bca4b7ba6a5bb44012f2f

SHA1
9864ce59c85603bab48f58a56894fd892cecc505

SHA256
da2e4fb15f6f4059a5a8e9ce9f336781de574305c83cc76ded47c0f6d356c246

SHA512
82df03fa71f946704696f5116760ede96901d08265a3155269b3e0522d9f124e35b7783708c2369587594ef10ed1f12e3d229c5d6a993ee8868eba41a77f5ad9

Download Submit
\Users\Admin\AppData\Local\Programs\ronawind\ffmpeg.dll

Filesize
2.7MB

MD5
87e93fd4312521881bc9739cf4e77687

SHA1
62a33cff725443dcf958df15c927661f9429aeeb

SHA256
98b1e8096f1be8d40c781d96f05cb19f7ced321bdee2b145cd6fd990b156f01c

SHA512
3bcdd88cdeb7dfdca8162401b7473bf454896f3889290ea18a3ed01b0da0bd66e12d0e2758c41a27c318a4e21f152e3927b371c0ae4d4d9a11fae0d3a7fb40dc

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1EAA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1544-621-0x0000000003A00000-0x0000000003A02000-memory.dmp

Filesize
8KB

Download