5ac959e5dee9884512f4a34623bbad2c08be427669015b917a750f7cbfbb0a75

Analysis

max time kernel
17s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rainmeter-4.5.18.exe
Size

2.4MB
MD5

e2d2743839d187982e9c602575efc48c
SHA1

e5b6808770e6bca105c1616e31015160725f855e
SHA256

5ac959e5dee9884512f4a34623bbad2c08be427669015b917a750f7cbfbb0a75
SHA512

941936885ee61bcda2d0623a660d5532adecd66d7ee506650d33c5236e15f01dd0689ebab2ebf4f1935bf48f88d0c2579af800602602542521fe349b291d9878
SSDEEP

49152:mQ5YRSuP59wVHUY1jLjTwtuXUaLEikcepufsJvHtgomcyC5eieKalFvv+Xg8V:m7Ss9wVHUCY8TIPC34eieKa/8NV

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk	Rainmeter-4.5.18.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	Rainmeter-4.5.18.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Rainmeter\Languages\1057.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1066.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1029.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1041.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1042.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1048.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\2052.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\2074.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\FileView.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1025.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1044.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1051.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Disk\2 Disks.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\InputText.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1038.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1049.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\3082.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\@Resources\Background.png	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Recycle Bin\Recycle Bin.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Rainmeter.exe	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1035.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1032.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1060.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1026.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1033.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\SpeedFanPlugin.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1045.dll	Rainmeter-4.5.18.exe
File opened for modification	C:\Program Files\Rainmeter\writetest~.rm	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\FolderInfo.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\ResMon.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1053.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1058.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Google\Google.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Network\Network.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\RestartRainmeter.exe	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\PingPlugin.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1028.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1031.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Clock\Clock.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Disk\1 Disk.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Welcome\Background.png	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\AdvancedCPU.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\RunCommand.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\AudioLevel.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\3098.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Rainmeter.exe.config	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Rainmeter.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\uninst.exe	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\Welcome\Welcome.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Layouts\illustro default\Rainmeter.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\PerfMon.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\iTunesPlugin.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1054.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Defaults\Skins\illustro\System\System.ini	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Rainmeter.VisualElementsManifest.xml	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\VisualElements\Rainmeter_176.png	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1030.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\VisualElements\Rainmeter_600.png	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Plugins\CoreTemp.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1036.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1040.dll	Rainmeter-4.5.18.exe
File created	C:\Program Files\Rainmeter\Languages\1055.dll	Rainmeter-4.5.18.exe

Executes dropped EXE 1 IoCs

pid	Process
3808	Rainmeter.exe

Loads dropped DLL 5 IoCs

pid	Process
968	Rainmeter-4.5.18.exe
968	Rainmeter-4.5.18.exe
968	Rainmeter-4.5.18.exe
968	Rainmeter-4.5.18.exe
3808	Rainmeter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 17 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit\command\ = "\"C:\\Program Files\\Rainmeter\\SkinInstaller.exe\" %1"	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.inc	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rmskin\ = "Rainmeter.SkinInstaller"	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\ = "open"	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\DefaultIcon\ = "C:\\Program Files\\Rainmeter\\SkinInstaller.exe,0"	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\open	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\ = "Rainmeter Skin Installer"	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\DefaultIcon	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\open\command	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.inc\ = "inifile"	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rmskin	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\open\command\ = "\"C:\\Program Files\\Rainmeter\\SkinInstaller.exe\" %1"	Rainmeter-4.5.18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit\ = "Install Rainmeter skin"	Rainmeter-4.5.18.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit\command	Rainmeter-4.5.18.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3808	Rainmeter.exe
3808	Rainmeter.exe
3808	Rainmeter.exe
3808	Rainmeter.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3808	Rainmeter.exe
3808	Rainmeter.exe
3808	Rainmeter.exe
3808	Rainmeter.exe
3808	Rainmeter.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 3808	968	Rainmeter-4.5.18.exe	90
PID 968 wrote to memory of 3808	968	Rainmeter-4.5.18.exe	90

C:\Users\Admin\AppData\Local\Temp\Rainmeter-4.5.18.exe
"C:\Users\Admin\AppData\Local\Temp\Rainmeter-4.5.18.exe"
1⤵
- Drops startup file
- Checks computer location settings
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files\Rainmeter\Rainmeter.exe
  "C:\Program Files\Rainmeter\Rainmeter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Rainmeter\Defaults\Layouts\illustro default\Rainmeter.ini

Filesize
698B

MD5
7ed3f1a420c2ba65345af28455a754da

SHA1
798075c46eded535f7a3191b38c5c6128dbfb4af

SHA256
97030b68fafaee7bb69eacb3c737ba0ca0d75b70e805166494b34fc589f1b7d9

SHA512
fd3c12386c671089f7f7ac23450318c64cf69eae908fafcbc264c9d7f842482efdb5667f18c0cd7bd015715d06e43260c394a5ebc9639526eae504614e89aba5

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\@Resources\Background.png

Filesize
1KB

MD5
751ae72195e782cf91732d0e89138582

SHA1
13a3f32b1b34b61a8ea51efb9098ffc82925dd5d

SHA256
ae72127580a6401f4b3cba621267fcb4d13f0547b7ea00d2748a3a3892cb54de

SHA512
00f821d05e77e5a8bd9cfcb7ac3f963a9dc826521aa9192801d8ea38d085651f3cccc4ab306b58d6310d5445b36645849a4df9adbf6befedf17a785e95424ab4

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Clock\Clock.ini

Filesize
2KB

MD5
a23de9c5c90b698420fc8b3517f36598

SHA1
8f872f02bdd7be04d340c4f1d0a97f795cd66f6e

SHA256
45b2d5644208a29e7e90cc74e130c0fb77c35099e9dbd17ffc010080a3ef1d8d

SHA512
c8030bfbde83fab6ebaeef2a080b55cfa463ece91732e79b0c11ff204bf86715095fe128cbbf76d4cc4029880ec97ba6a7b6f14561bdecf790d3d4359e74176a

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Disk\1 Disk.ini

Filesize
3KB

MD5
bd443770cbb26712f476fa3d41ab812c

SHA1
12aa90188125460708af5fa135cff7f1985c6408

SHA256
1e243b7ec358bc79d65da9d5446758cfd567847cf7fea6ce128f4947d04d7346

SHA512
48e1efcd309d9ea9e780ca7873a2996ee3cbd7bacc6f30b6f017df7c76392d34ca3dd847e5d2b4e36bb340ba8e9a8f095efa8a5e0fc5c11b4f73586356cf625c

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Disk\2 Disks.ini

Filesize
5KB

MD5
7215e77b41579b66126d8d010ab6894a

SHA1
47462528453382376fab2ee6985fe6347ffbfc6a

SHA256
3106efa019016e9d84d0ee4e484f45ffc4311617d3ef3ddce74393a6e41952f0

SHA512
b9abb0081838cde464b6047af7f8f6ca983a33c37e32dbd0e43c64e943389051b5daf195e7843dece36dd295bbb6a05be7dec27af810ebb49c31e164b7ce2469

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Google\Google.ini

Filesize
2KB

MD5
f04f5cd3c064a53966592193b7fe372e

SHA1
5a88c6723efae9fa3f684c3fbcd48079fcda3ea5

SHA256
d5088ede9c2366864572a95cbc87afddd3dbe0adc9d890b640646acd1dd401c2

SHA512
f4ce218c7828bcd9ddc53b2781a7aa21bc151671d373c884dddccaa3d9c74cb93d9f3ea0b5649ea6d5f6f75da2e8fe36fd875c7ccb90b7cb2b6368a425cdf96b

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Network\Network.ini

Filesize
4KB

MD5
af773a3edb7ab7dea85efd07894d672f

SHA1
218d83135747d9600c00bce410098e202f3999f4

SHA256
5d19b527cec19026ccaf130cf54dbf5716c2877d08076a57658c37ded698e803

SHA512
9cf52adb75bceee2ec6990498807830eaada7c3e44a03c06a06b384271bdac5b42c595bfc6698a5df557fec38842755cc54f62a77b40474a02ad9a3f32dc362b

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Recycle Bin\Recycle Bin.ini

Filesize
3KB

MD5
0a1fe3462f5f9e3599d5bb33b157f74a

SHA1
cfdc3dcf0fc6683fb2bb7a491be83999a6442640

SHA256
0ff9e0d8cf8d2a902e9fcda78857ead00b3378815c2f342b1e1b5cd7eea39a10

SHA512
978fb567f717fa4853c2cf22bbab987ea1354eed0c762877d53183227847c504cdbb39f0850a829e5fddbfeded2599b65e73df8b8401ced106bd6eb23e6d5ef4

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\System\System.ini

Filesize
4KB

MD5
e7c252045282bcc9b1e5675865d8408c

SHA1
2d035d8c608afd1cdcbaa931b1a170de06e60910

SHA256
a2298019b2774ef5f7fa1d22d08738f36e7749ea125bf441a6b8bad23b960826

SHA512
8444337335973db2a6578d49332ccbe5b2e151aac8428b9f6da92f184af91c782a4b6e15164162db85dedcaca3524804ef31a2da90a359e88af9e609f3ef01c5

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Welcome\Background.png

Filesize
1KB

MD5
27c60fa5b6e8c9545c885f108f501a36

SHA1
58439914234e29a6e8973328dae945ec2fc569ce

SHA256
3aea0caa797e487abb0901648773251ca52f14b680a960baee080f263d2dd9ec

SHA512
26f6a7057f31aab9b88ed5fd779e83e82d32205eb568c46f4fbe93a79182e1f09e00a06d842fea180c2ee469510ad08e26fb8cd08228e3ad6f037802b2b965d1

Download Submit
C:\Program Files\Rainmeter\Defaults\Skins\illustro\Welcome\Welcome.ini

Filesize
3KB

MD5
9fd985ded033fa0fcc86c222e8e4370d

SHA1
83615886c788f272078fbbe02e1f8af87ca1ef4e

SHA256
6b710c75c1bfc4046ce0bdcde3c4f920aaefe1ecd4fa186d3bdfee12af897707

SHA512
4165e953773328557f42f1f8a29f0b566bcd5c347b8d5e9586ba09f2a4283a64e6f0ae6aa0ea0ba2b6ae8b0598ca4fed7e6878969eed371a1e6fe6dd23695c3c

Download Submit
C:\Program Files\Rainmeter\Languages\1033.dll

Filesize
13KB

MD5
2ef22e0172e13db7c128c0155bf10b00

SHA1
a81ae49635bff063048cb4c1fa6962da553a57f8

SHA256
62dab5892dde4b2cb899273fb205c1770fc2fabca282e51b65e5fa60218cab6b

SHA512
c09c4acffdfd5dc0ef6704f3b337a4865cc9932f12b142113a1b5dd403bf1d952b9bff793a2fe368f26c0bf2626e0c1766252e0b86170f9f8c22221fc6750d86

Download Submit
C:\Program Files\Rainmeter\Rainmeter.dll

Filesize
2.6MB

MD5
0afb12e3671b0da30df98ec58b43b0a9

SHA1
8fcce8e8ee9ca49956ec6099125affae23ae902a

SHA256
de168bd99a3581139456d86f0cd2dc30561ea95fedd6185c1f1e517bc42e38a7

SHA512
301c62f870d29c1787a28f252c6ec936e08b097ced9e3c164bc6e02bf3009e6db5853c0a7c879329fd7beb941272327ffd091e11d6c2915633cc4084e7c895de

Download Submit
C:\Program Files\Rainmeter\Rainmeter.exe

Filesize
464KB

MD5
cfebe658f8284913b48c5163cfbbce33

SHA1
43759d3ba4d1cfbb3433a154bdc6e772343d7298

SHA256
4bfa907726195157705978372217cee1c99e12493b093aafe30fc31aede16ceb

SHA512
26086ed53744f015f5f45d4f04cb908a6ca1f114079c1aefce740c0255a9fb321871c54aebe34561dccb7c0eb44d350b5a79514ade1f5ef3f47456df8975bf25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx3347.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx3347.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx3347.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx3347.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Roaming\Rainmeter\Rainmeter.ini

Filesize
724B

MD5
ff38c9475be1cf1ecaadd7bbdaa37fae

SHA1
71da65490cc19d4a6c6a747450471a24c6456928

SHA256
3e23d58fe4abda8ec0b0b048aa66a62fc727eccfa8f2126ffed8c8d7994ff17c

SHA512
14a5f9bb4f00e22d43012bc34378d766b14917882b96700bfe3588a27a16207938c4a561e20fd682cf2994a0084832a8ee481ccf49b032a6389508b03439a723

Download Submit
C:\Users\Admin\AppData\Roaming\Rainmeter\Rainmeter.ini

Filesize
828B

MD5
b01e0c5e180ed70626c4456d9a70a526

SHA1
e0ea07166ac47587cc02011cb792b49458470d6e

SHA256
ba4107f9844b0d4053f48a8a1273774e5a634e3161aa71b5d66d497e05594ffc

SHA512
4affce4002b0d8ea30036f009d6d2a661cf94558a9b2023157258c4d98dde047388dbe90701f8a4a9f29fe269653e851bd24caa3eeccdf6cba28fe341a3c3102

Download Submit