e7d946fb6ff8608063f690b085ee96ddab8189911d78b57a8d2b0a17f91b0057

Analysis

max time kernel
92s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

omigaplus_Chrome.exe
Size

3.5MB
MD5

025d2a57b8d33a38cdf98b611d30ea44
SHA1

a76d482569bd69b24e5235beb51fbcdcaa670b60
SHA256

e7d946fb6ff8608063f690b085ee96ddab8189911d78b57a8d2b0a17f91b0057
SHA512

03d360712481dc90d073339991a0273fa23c64a68e9cdd423d8972e7339e9afcc1876abf4f2456344e1941d668644d42922d4c59a9659339c231756df1e8bce8
SSDEEP

98304:uEq/MbE1N+mde+hpyY77bE3B3RR6pK3n2Snk3:ikbE7+mZCYGWwmua

Score

7^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

eInstall.exeq8.exeomigaplusSvc.exeomigaplusSvc.exeomigaplus.exeeDhelper64.exeomigaplus.exe

pid process

1432 eInstall.exe
3040 q8.exe
2236 omigaplusSvc.exe
2868 omigaplusSvc.exe
1956 omigaplus.exe
2724 eDhelper64.exe
900 omigaplus.exe

Loads dropped DLL 34 IoCs

Processes:

omigaplus_Chrome.exeeInstall.exeomigaplusSvc.exeomigaplusSvc.exeomigaplus.exeomigaplus.exe

pid	process
1704	omigaplus_Chrome.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
1432	eInstall.exe
2236	omigaplusSvc.exe
2236	omigaplusSvc.exe
2236	omigaplusSvc.exe
2236	omigaplusSvc.exe
2868	omigaplusSvc.exe
2868	omigaplusSvc.exe
2868	omigaplusSvc.exe
2868	omigaplusSvc.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
900	omigaplus.exe
900	omigaplus.exe
900	omigaplus.exe
900	omigaplus.exe
900	omigaplus.exe
900	omigaplus.exe
900	omigaplus.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

eInstall.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\Omiga Plus = "\"C:\\Program Files (x86)\\Omiga Plus\\omigaplus.exe\" /autorun"	eInstall.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

omigaplusSvc.exeomigaplusSvc.exe

description ioc process

File opened for modification \??\PhysicalDrive0 omigaplusSvc.exe
File opened for modification \??\PhysicalDrive0 omigaplusSvc.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	omigaplusSvc.exe
File opened for modification	\??\PhysicalDrive0	omigaplusSvc.exe

Drops file in System32 directory 3 IoCs

Processes:

eInstall.exeomigaplusSvc.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\msvcp100.dll	eInstall.exe
File opened for modification	C:\Windows\SysWOW64\msvcr100.dll	eInstall.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	omigaplusSvc.exe

Drops file in Program Files directory 64 IoCs

Processes:

eInstall.exe

description	ioc	process
File created	C:\Program Files (x86)\Omiga Plus\image\default\monthdaySequence_yellow_mid.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\cmn\game_min.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\toolsIcon\icon_setting_48.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\dp_rename.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\ouilibnl.dll	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\check_uncheck.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\edit_skin.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\install_check_intermediate.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\protocol.txt	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\es_es\install_lang.ini	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\tobutton1.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\recent_item_bk.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\cmn\game_bk_wnd.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\cmn\game_system.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\toolsIcon\icon_setting.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\btn_viewmode_list.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\calendar_setting.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\deskbtnbk.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\progress_meter.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\dp_website.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\PageNavigate.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\popup_dialog_bk.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\dp_helptipex2.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\sys_imglist.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\Tip_bk.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\tobutton2.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\en_us\dp_lang.ini	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\pt_br\install_lang.ini	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\progressbar_bk.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\titlebar_highlight.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\check_intermediate.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\dp_desktop.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\style\install_style.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\gl_newwindow.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\TrayDownloader.exe	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\pt_br\dp_lang.ini	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\calendar_unlock.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\toolbutton_bk.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\bkg_light1.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\nothing.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\q8.exe	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\install_back.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\bg_tabside.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\bkg_mousedown.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\toolbar_tips_top.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\cmn\prepare.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\dp_helptip.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\uninstgl.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\es_es\game_login.ini	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\choose.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\installing2.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\number.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\language\tr_tr\dp_lang.ini	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\downarrow.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\install_check_uncheck.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\radio_normal.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\segoeui.ttf	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\CurrentDaySign_white_big.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\group_setting.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\notify_btn_close.png	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\eDhelper.exe	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\image\default\resource.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\dp_about.xml	eInstall.exe
File created	C:\Program Files (x86)\Omiga Plus\layout\default\dp_change_wp.xml	eInstall.exe

Drops file in Windows directory 3 IoCs

Processes:

omigaplus.exemspaint.exe

description	ioc	process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe	omigaplus.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	omigaplus.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

eInstall.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	eInstall.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\gamelogin.exe = "0"	eInstall.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

omigaplusSvc.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	omigaplusSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	omigaplusSvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	omigaplusSvc.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

q8.exechrome.exechrome.exeomigaplus.exechrome.exechrome.exe

pid	process
3040	q8.exe
3040	q8.exe
2692	chrome.exe
2692	chrome.exe
3040	q8.exe
3040	q8.exe
2676	chrome.exe
2676	chrome.exe
3040	q8.exe
3040	q8.exe
1956	omigaplus.exe
1604	chrome.exe
1604	chrome.exe
2612	chrome.exe
2612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

eInstall.exechrome.exechrome.exeeDhelper64.exe

description	pid	process
Token: SeDebugPrivilege	1432	eInstall.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeDebugPrivilege	2724	eDhelper64.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

eInstall.exechrome.exeomigaplus.exechrome.exe

pid	process
1432	eInstall.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

omigaplus.exechrome.exechrome.exe

pid	process
1956	omigaplus.exe
1956	omigaplus.exe
1956	omigaplus.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

mspaint.exe

pid process

1600 mspaint.exe
1600 mspaint.exe
1600 mspaint.exe
1600 mspaint.exe

pid	process
1600	mspaint.exe
1600	mspaint.exe
1600	mspaint.exe
1600	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

omigaplus_Chrome.exeeInstall.exeq8.exechrome.exe

description	pid	process	target process
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1704 wrote to memory of 1432	1704	omigaplus_Chrome.exe	eInstall.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 3040	1432	eInstall.exe	q8.exe
PID 1432 wrote to memory of 2236	1432	eInstall.exe	omigaplusSvc.exe
PID 1432 wrote to memory of 2236	1432	eInstall.exe	omigaplusSvc.exe
PID 1432 wrote to memory of 2236	1432	eInstall.exe	omigaplusSvc.exe
PID 1432 wrote to memory of 2236	1432	eInstall.exe	omigaplusSvc.exe
PID 3040 wrote to memory of 2692	3040	q8.exe	chrome.exe
PID 3040 wrote to memory of 2692	3040	q8.exe	chrome.exe
PID 3040 wrote to memory of 2692	3040	q8.exe	chrome.exe
PID 3040 wrote to memory of 2692	3040	q8.exe	chrome.exe
PID 2692 wrote to memory of 2724	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 2724	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 2724	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 2404	2692	chrome.exe	ctfmon.exe
PID 2692 wrote to memory of 2404	2692	chrome.exe	ctfmon.exe
PID 2692 wrote to memory of 2404	2692	chrome.exe	ctfmon.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe
PID 2692 wrote to memory of 1624	2692	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\omigaplus_Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\omigaplus_Chrome.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1704

C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\eInstall.exe
"C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\eInstall.exe" "-dp"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1432

C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\q8.exe
"C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\q8.exe" -install
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.google.com
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7509758,0x7fef7509768,0x7fef7509778
5⤵
PID:2724

C:\Windows\system32\ctfmon.exe
ctfmon.exe
5⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:2
5⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:8
5⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:8
5⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:1
5⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:1
5⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:2
5⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3284 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:1
5⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=1224,i,8079216587510947726,371601917933993977,131072 /prefetch:8
5⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.google.com
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778
5⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:2
5⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:8
5⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:8
5⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:1
5⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:1
5⤵
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3060 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:1
5⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1376,i,6881468420918577700,1396362655847402229,131072 /prefetch:2
5⤵
PID:2992

C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe
"C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe" -run -svc:"omigaplussvc" -svcdisp:"Omiga plus service" -svcdesc:"Omiga plus service" -oem:dp -oemver:1.6.30 -softuid:Global\Omigaplus{C39E9814-267B-4504-957E-9F3CC883E5C5}Omigaplus
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:2236

C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe
"C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2868

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:600

C:\Windows\system32\taskeng.exe
taskeng.exe {8A58B9CE-C2EA-481A-8768-29A5097FB569} S-1-5-21-3627615824-4061627003-3019543961-1000:SCFGBRBT\Admin:Interactive:[1]
1⤵
PID:1204

C:\Program Files (x86)\Omiga Plus\omigaplus.exe
"C:\Program Files (x86)\Omiga Plus\omigaplus.exe" /autorun
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1956

C:\Program Files (x86)\Omiga Plus\eDhelper64.exe
"C:\Program Files (x86)\Omiga Plus\eDhelper64.exe" -a:shellexecute "-cmd:open|C:\Users\Public\Desktop\Google Chrome.lnk|||4|"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
4⤵
- Enumerates system info in registry
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778
5⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1236,i,10898434786090004772,8204268604575370992,131072 /prefetch:2
5⤵
PID:616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1236,i,10898434786090004772,8204268604575370992,131072 /prefetch:8
5⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7509758,0x7fef7509768,0x7fef7509778
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1244,i,1095565532592840259,382401600952354097,131072 /prefetch:2
2⤵
PID:616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1244,i,1095565532592840259,382401600952354097,131072 /prefetch:8
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1308,i,16240031206422433818,15600126729163162365,131072 /prefetch:2
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1308,i,16240031206422433818,15600126729163162365,131072 /prefetch:8
2⤵
PID:2172

C:\Program Files (x86)\Omiga Plus\omigaplus.exe
"C:\Program Files (x86)\Omiga Plus\omigaplus.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:900

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\TestMove.emf"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7509758,0x7fef7509768,0x7fef7509778
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:2
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:8
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1968 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:1
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2164 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:1
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1732 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:2
2⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=984 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:1
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:8
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3428 --field-trial-handle=1388,i,150021361613927494,6317903156115652036,131072 /prefetch:1
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7509758,0x7fef7509768,0x7fef7509778
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:2
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:8
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:8
2⤵
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:1
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:2
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1308 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:1
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:8
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:8
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3724 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:1
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2508 --field-trial-handle=1384,i,17360257989323857186,8326526497688172771,131072 /prefetch:1
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1592

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
PID:1288

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
PID:1860

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
PID:2252

C:\Program Files\Microsoft Games\hearts\hearts.exe
"C:\Program Files\Microsoft Games\hearts\hearts.exe"
1⤵
PID:1692

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Omiga Plus\image\default\cfgwindow.png
Filesize
2KB

MD5
647b7a60381b4a7bce07080a6acb697d

SHA1
580d1dfd623078a8fd53257f9021a6f6bb9b97e6

SHA256
36594268b4c98be9cbe530594663e3921db72d9d58ffdee3374f55710cf89930

SHA512
bfd975b36fb8e22dfaa0cf1c27a16550d9d92852f01ab783f131974a4864783ee0b876e969d21f8445b3b8da912cb44336ec073141288a1ab67d41236e031ed1

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\change_skin.png
Filesize
3KB

MD5
7e64ec2693bcbb3f60fba31b050d300f

SHA1
dd2c0edf148500c013fafa8e2e5a0896aebe3b8b

SHA256
7884bce9023e596df843c8bef5e1598781f0fa6e490ae89179caddf4bee43318

SHA512
724cf00adfc7c8ff13ebf26a07ed2041878f25e66ef034650dd37d70663d1f3131248720bb27bb6ea97e3bb54207fb6430cfb098b8ae62e50191305136fd3d0a

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\dp_button.png
Filesize
1KB

MD5
2be3f85a6a207561492c7a25befe66d4

SHA1
50ff2fdd5551824c39ead061dda49d52a6738049

SHA256
b87a77885b8db646501dd12be27c155c00c35e43e8c333d570b6f8ee7606585e

SHA512
4fe95892229bd7faf39672c9f84680c14240db335903037ba2b50b3e59d58336908bd382b4beab6d87118793119177a5fef7a83e338e289979fb78720db817b9

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\icon_configCenter_cc.png
Filesize
4KB

MD5
009f0713b8a0c56e49b3a26cbb17e1ac

SHA1
0f2c634d16ff95c191a861970fb228f05d5303da

SHA256
8789c1d486590e19889d068112c4f09f9e87721c618ba4b0cc0326aa3b154211

SHA512
b13bcd6ef4cf1242069b598772941e7c3c4521eefbc859694dd49952c801873a63b9984c29a5c55a436697e2bd4e247e6a94f3f35702500fe4a599dddc5e89dc

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\install_check_intermediate.png
Filesize
959B

MD5
6a4bf192de04be7ff4f7cece8a3ce197

SHA1
dda1f3a3ab3c9424aea349521862cce28e3ca3d5

SHA256
2e578e8639d310f2413babe0e0776461fe270495246ba8ee5dd7becae567e78a

SHA512
2fdaf127822e9c542a45b5c6f2896f9a0273b9009967a50c66fc94b74dcc45a60208aa81765bc2c20c71be06b6462a863d82b3ff699739c7e5b5e63ababd74ec

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\menu_bkg.png
Filesize
658B

MD5
7c03f0c195290ee01d51a5a39531de99

SHA1
f930e0f901b0d7aefd17097d66321d65a0d86567

SHA256
dc8398c640170244056376f5d594acf3781dcf6a780000d3cae95266e526b31b

SHA512
86d0f36fa7c3e63831bca06f406b010a0e46ceeb0c1515623636250fd0eab6106204d24f6090b28acddf889949ccd98a64807e8db3c638b565dfd3ef4de87a0e

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\menu_item_over.png
Filesize
2KB

MD5
d48ebbddc14d457a3b713b30065de29f

SHA1
8acb6349d5bd7ccaecd205a36dda0698bcea31d0

SHA256
9fe120841521766347bc17845ced2eb44b43e21c5ba7e1265922f89d5f1860ee

SHA512
7c8f7cdd7ec7a028be0f5574baf235050e8dfc0148496da1b990f3a920599519ef0cbd0e61ce29619825a3d15c46eac9566f76e8f3d05079c5f6a94bc65e80ea

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\radio_normal.png
Filesize
4KB

MD5
efd1785f6e991c656859b1fad433f3aa

SHA1
10eb181776ad7a9cd4290806f1cd47ffcf4c9038

SHA256
1940d8c5979e29e7e8f3f08fa4cf1102b7098a33e4a368c7ea60cc81a55713a2

SHA512
928d05325a85958ae9c8b5e6690e8badf0826b088af674b870dec8e99d78c7cb67a474a533144b51774ea1f5be9949b4ca7a0b06c8e578b47e91ec71483e7861

Download Submit
C:\Program Files (x86)\Omiga Plus\image\default\radio_selected.png
Filesize
4KB

MD5
46d2bbd4a4a4223e24baf8116ccd8283

SHA1
c42c70bb15d10a7bea999a728f66063e82fcba08

SHA256
b6ce36e4a87ef85a6215b05d4ea270ee92b45d7a165e068a0db2b490288a87de

SHA512
cb79bbc3468b2983e326267eacdf1de478829757fb2f8b2af0485c9ecc6a8549d226e98ebc0e9938db522c51045f03de14c526152695a71d1c23554370627f9f

Download Submit
C:\Program Files (x86)\Omiga Plus\language\es_es\install_lang.ini
Filesize
32KB

MD5
46f9b7f7504fb5ebca0a92bcd53945ea

SHA1
ee54476492cf1258d7b0a4557fb85b4cc21928c1

SHA256
7e2a2470b8bf4ee8bc6b8878821e86da65be4a997a553679f59a42c47c203cae

SHA512
620da74578dba65d874e83bec42f8e7a09db043a6c9e4d760fead4fb5c9d78aaffe3acae9e5a3372598d32d421144a3b21fb4fb073c99aba7d42942d1cc9811d

Download Submit
C:\Program Files (x86)\Omiga Plus\language\protocol.txt
Filesize
4KB

MD5
af7c050543c7a61b66c22f6a6aac2ed5

SHA1
922a3af9785c2a289390730e546a2951b745f306

SHA256
3379f0f682f7c3023a0845b58ac1f4e58df911b3f2bd26a89d0e53ee48ff437c

SHA512
d7fa342a28557cc81c30558600b28f3a0765576199279a326cc1b49da2ab3ce0075061ca60d65e8a074ec4a2848e3adc90b998bd4da176858d2f27aad0be243e

Download Submit
C:\Program Files (x86)\Omiga Plus\language\pt_br\install_lang.ini
Filesize
30KB

MD5
434ac016cf9569c8a1fa9e1430d3269c

SHA1
b386710bfc9f9f75e81145b28589a7f42875808d

SHA256
01adcdcf93d2e4c63d4d88c8551ccbce7660cada2677ea83b1d4f327fcb89547

SHA512
7fe8527c55748eb17e83d979012b74d95f8edcae97ee4d8f296632690ce526658f8db1d35af968d5b6b4b88e2eff41ec1de84e44f34e47b425977684e2bed799

Download Submit
C:\Program Files (x86)\Omiga Plus\language\tr_tr\install_lang.ini
Filesize
28KB

MD5
4be0c4f99f4691ace1e2b4d7082105b7

SHA1
c88746fe41b17ceaf721e4d8a6601788d1c91970

SHA256
4a48a2be7b467dfd794cdc59510d336104f1c5af6c44174e02293d5d9aa2d0ba

SHA512
14523e7a02d016a45e81258ed69b69b226b8acc5945727f7f2aecc55062d2ce3b05930a0d4118d715589dbbd385de06f81636c1ceeb879e4e93e8d2e93e24139

Download Submit
C:\Program Files (x86)\Omiga Plus\layout\default\gamelogin.xml
Filesize
3KB

MD5
f09999033ce2270c51fc5528fade4d4d

SHA1
878fb07bb3e02279d366f233a82c73352c75dfa2

SHA256
9ecf0aa113faa48501ec0bc28f15ca65a1c0c73e8236f5d816dad69a29132b88

SHA512
9d3705350fdd1dd50ef4e6adbc8a94e64c3f9b11d8d3285f841a4ad0ba15213889416be048b44f094e72dc227b04b53d3611d1867677a329b3da270a12cb0187

Download Submit
C:\Program Files (x86)\Omiga Plus\layout\default\install_msgbox.xml
Filesize
4KB

MD5
1ae96341433f3b798c69a951b5829085

SHA1
de14c96c76d786c5f82f2d8bbea3dcd40b248787

SHA256
30ccfea252f86a8cef7fa759bf0aa9c09ea72be128392d821194383384c24722

SHA512
fc17da3ab3c83c11f6825ac4f4e8f8c3f14824c479d8b048a306dbc3f71bfdf30842a113c2a71523218cf3becedb83c35c4c8b04b1fc3e46ba2109a948e58843

Download Submit
C:\Program Files (x86)\Omiga Plus\layout\default\uninstgl.xml
Filesize
2KB

MD5
1ee74a33ede1536ffdbd8c9743086108

SHA1
40396743f408745d504ccae9cd522b550c541890

SHA256
d67edd335fb7660b6d9529ff7dcba80ecacb4fc5cc5c675ac387bfd53189fe51

SHA512
6dd864f430dd51bceb9d603921bf198f72efb10a817d28c93c8d6075729cae532dbbdebbc2e63ea608644fca8457c85347445e0e551430d04031e86091280cf0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omiga Plus\Omiga Plus.lnk
Filesize
1KB

MD5
97d43e5b8d1edd92eb490b24eb5186a5

SHA1
881254e5769e6aecf4e27281641db73e31b3952a

SHA256
b2fda9a9e653cebb3cb06616224c57aa9a95c5abd82d995722ff775ef0fc7988

SHA512
92bedc65302e08890b9b0b5dabaa8d63f7e414b8dee99480fbd13c2b48643b0e1e24effa5e60177571bd99341849997e753091311c326884929ed9cce9ec82c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\190b7b1a-4f12-4c1e-8f7a-a15fa949b0d6.tmp
Filesize
140KB

MD5
91d96fcd27985560706c05bf1aeaa1cf

SHA1
a4e683566ed008a821a0b0ed1daf0a7830e6e2a5

SHA256
dd4f7aade91263769c5dd8ef0f45f8758cf556b51bbccda6009de2ba6ef00a8a

SHA512
04b8857e7af865bceb64fd5828e8fb1f664de9bd03c4d057ef643b36ec64cd53210a12e7f2c3d9bd27524eb2a45df8918459443f2363ef57139a85f89df0cbab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2db84d39-735d-439e-8870-3ff3678da930.tmp
Filesize
140KB

MD5
a465d2d76143cae70995722c04dfbc23

SHA1
7fa652458c25bf459898c54086f7260aeb37a9e6

SHA256
037baff2066952b11fe08c8b1091d1b634e7f4d90195e6830f36664fe539b758

SHA512
2287a5f2d64f7b1908c01735f7bf479ac19f3298699266f41ee33cd2e1ce19d75fb71691c3d526967195e2499ac7d25808922c5466ace7c61572a14f9857548f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\47211b69-bc8f-4fdb-b0c3-94b62b486f3d.tmp
Filesize
141KB

MD5
23ab0f249e33654aca56bc5305ceb015

SHA1
6b0029015f4b703f0602e19e2af6b80b4784c680

SHA256
999ca3bf6ee6324359a2417d9a18c64799002e93058409add5c6c3e6fd5c89e7

SHA512
ca0e7418357b3a19072ded8bc421f3c7f0c5f78cd17b5cab8b78f868645c303b6f7cce95423565b4da6495b0876da77f12254870a4cc3c14e328f1fea9757d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\59264432-65b1-4b24-a669-22bbce0e2e33.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8a1c26de-fc81-42a4-87ad-44d60798d331.tmp
Filesize
3KB

MD5
382e95c491449a58fa64911b31ac0525

SHA1
590146f19245051c692e646e3751d30469d17fdc

SHA256
cb806cb0bc13df707899638d6610465c63c6e289aa995de9dfa63ca48e2f1d0e

SHA512
c7b2aca688218dba21a69007f91f2a44a0e2ba0c432344ef70403d796c148a22f51b7d0344d77ff15b04ec9f4a2bc29e294b3afc489106a82c164f29dbc77a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
cc224701d3988dd5549f5d4adbf10fe4

SHA1
bf7837f102c82b785f087208d907c86f3de96bb4

SHA256
ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21

SHA512
da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2279e443-1eef-4233-a526-44a721282049.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp
Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4cfd86756f21f4841a18a1d42d9e92bb

SHA1
43cf7d429f4790eb361b5534a9327d3c5e403e2f

SHA256
36740ef2c74c592531f562162d9ec66fdbebcc79aa919d712077a08a0e85bba5

SHA512
4d05579bc901065beab88b0d8d31cd82b2c29feccc171664b96f307a3c2cf9710f39f414a1e83e7359da2b2f36fd8358899fc9bccdbbccb43229728a31d97ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b11e3f2c474d2acb7ae904a89550ed97

SHA1
1f380ed1a727110d6a79f8b695440285ed16b646

SHA256
69e96231aac779fa37a44d0aa9a2ca3e2298bdb5a4f3f2f4e90f8817b3d1512b

SHA512
3e5f5a516f4fa6afc4e0480b3e4f17aad34f48cf4f266c3986d1a82c3f2bf72267d514441fb8b75eab38133122aa358f83eaa4dd74dbd15b3e99400faef61bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ea42a056075df90756adb92e118481f8

SHA1
4eaaacffc7dca2dbb84fe6158e640da49cb03f35

SHA256
f45c05e2713f00d12cbeade13fad1ac12085faebddc7d6495d0fde556be345e0

SHA512
6875bea445bae5778a05ccfa63cdc14ff535a4b20d05404d134b052d81550c0cc6dd5e0bd12b772c77583dc5847e418cc865a737e10921b577439f605297d56d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000016.dbtmp
Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000013.dbtmp
Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000017.dbtmp
Filesize
16B

MD5
d8c7ce61e1a213429b1f937cae0f9d7c

SHA1
19bc3b7edcd81eace8bff4aa104720963d983341

SHA256
7d3d7c3b6e16591b894a5ce28f255cb136bb6c45f5038c3b120b44b413082e35

SHA512
ffc1854cccbd5a5c1740df9d3ba48994d48ef9a585bd513f00371c68086629d45ee293336af0f27ff350614f68ee660890920773f9ebdf1c327f20a620860a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
ff38f41906b3fffdcd18d4019c1b6ecc

SHA1
39f01a8e366bbd70f8fceeaab4425eb80d661270

SHA256
c1e7fbf7f4851d05dd4d107ad32a66f1e0dc5434d72975729d4ee606006df1c3

SHA512
b76194d615b82c65d6777c61dc48cee76edd479fb7afc18fdc2355f34cca88cfef726cb4308b8426ec71fa2b173c3baa4d255a3954173d2b9ee4720551469e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
b4ef07d0f7805b26accb44e838e7d6ba

SHA1
a621381c49a56af2030bd7439c8932cc0c4f8dc8

SHA256
85a320ecc1d969b9b48c6efcf92d8288bc035f8384455db535ff5e43b43a661d

SHA512
5def42091d948e5962bc02e6c5f0532cf2936dd49c5508d367f74f20c89abd6cd9ea91cea6842758a27e889db7733409e24875ed25eab82544f668b5e94d2b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
10ae9fc8737055d9bfd0c45cf2520bd6

SHA1
5b8cc7094ff93786d859b33b6c87b7d6bbeebd4c

SHA256
50448fecfa46243689452f96700ac7315d360c7a4031439e4e57ab606c2e8d7d

SHA512
f6b1765ef76c328d66dd0fa7757d30c0bbdbc719baee23bdaee82613aaf30907617614c79eb425d3e68b8fbeab43d50504f7875259e00bc2f1bb885f490484f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\DeskExternal.exe
Filesize
1.2MB

MD5
bae003f14fd92bc74c06b1d76e6ef9ab

SHA1
36689e9478a2c4c4900455c09333762a672e81ab

SHA256
10e80ee8ef65c7ee5e48c4597ee8cd1d69319d18212841881a69b82b48c27584

SHA512
1dc2962225424ff2b15a6d3ece5f671145acb2e8ce2675184be25cd6d1215328f57be356b41b4d54ed47fd739218053201a5a3eba7a3149e1fc72b207836e40f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\TrayDownloader.exe
Filesize
192KB

MD5
732e5cf12c1d9b81558cd9d0035be5fe

SHA1
56c6534a559d364d891e531f61be1f4137796fb6

SHA256
eeee9c6be0836322928742f5d2791165f00541c69b4b2b988583b6a7cdb69396

SHA512
2b3a50badbefc4e9ac8e4e3b7887e79821c29668dfde4e5da39d4e8349bb1c770aa3bb2ad45a555ca37056054fa502b12ea69f7438a4719b3eb18e2156397750

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\dp_settings.ini
Filesize
79B

MD5
5a5326aa6cc710d571709c1824086c0d

SHA1
a333bc7146d9bdd242b14a1cb69dab94540b74ad

SHA256
6a3b338ec97f10990bd63b14086813431e561bb7c4c0a4a07c699e6c5fca79eb

SHA512
ae1b065566834ee3c5f63cee4948eb5bd4bd7288c6fe0640c85cd5f1e6f7917fd48122648168a3eed414b95e1de522316a032232d3710fd95df5a0dbf6edb389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\eDhelper.exe
Filesize
31KB

MD5
2a2f3c1fcf68493005b72497845d3761

SHA1
85e3919e0999f868663fa74863d549e7c17eb471

SHA256
ed87b05487a5642a3c7854bdde78d4afd7560277f5ff039864918e2726634dcb

SHA512
74e7918d7ea0aa07336e8e96eac889e197189f8b7d7cbcc1c170dc1a66df0ae69f962a9cfdb2dfb8a2bebe981ff12a4e8455ee92727e255eafbcb2f064d4b343

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\eDhelper64.exe
Filesize
83KB

MD5
22bfeac54b47db14378451d04058e373

SHA1
891b81838da82ad0d20505529405bd40c8f0c24a

SHA256
ce3df1d93d7a17db775066debae7c2356c8e7ac5a4a7a3f9ec419e8aba4f9345

SHA512
97392ba675dd84cb025c1ff785bc41381e12bbb5b77ac47cac8e54098adf7018a7582b74647b8735b0f96a420f0ecc590018c971e67a233ee7e923ef6bd99731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\eUninstall.exe
Filesize
1.1MB

MD5
5f89d831103caef842dacae315d768b8

SHA1
29e8c7819d0c45f23189a875fe15e32286631e67

SHA256
e989139a6682956e2f128cdb846dd02e3821d657cc6d59720bc6463f254b7102

SHA512
ad4d87ec6b2f4753c74d38e9244b7c2d7a3ee093e19a376e8f433e8cef3db2cac996b05d06754304ad0de4a91ea4c838cb3f1db94176a06aff3237e62b99da22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\ebase.dll
Filesize
665KB

MD5
919f3557e75b5019a3ba72d5182ed611

SHA1
5fd75a2ebb0f94587c99b027a19680a46604e3f1

SHA256
9bb382d9467e49bcbff9bd5489a67234c399e8b436093c7efd903fed5ee8cc8f

SHA512
c2271cf39792bd77fadf672ad66dfe49fe656609c972caf2b1b78a7fd773f72ec6dd8f5c3bfb44c4280f8a24ca86c0036793038661d5808217852afe1e781ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\edeskcmn.dll
Filesize
191KB

MD5
70cf9c20ad12acc8fd99deec62c63074

SHA1
964dccd6933f4593132be6d4dc1aeec016679137

SHA256
7ffa1477b3e93d80a02244064ffe4b4a8737b0a63be23225d6fef3c9d2183e1f

SHA512
a3a2d9b94fd569e4befbcee91c8e0c37cb5c5fcdc3aad95f67e2f2185093022578cc408e3f6459c1030671f6cf3d99ffae04aae74422ac718bf28f3b76133c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\app_icon_16_16.png
Filesize
625B

MD5
5cc7d5e1701ca1668ebb0ed3b8dda919

SHA1
609c37ec7de4e4d6804cbeafea27a922e30579e1

SHA256
4d4773b13cb3f344d77a283708fd5df929658f79e63ebd8e9991317d2c7a5150

SHA512
91f69124ce3fff65447928b01cffc3744d0c68d6c2e1e5ef8736d0404a3ca7baa963fe685f6da306cd2b259a17fd192c59bf93e8340381554bfad5579686284f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bg_menubar.png
Filesize
2KB

MD5
69c0a5b908935e91570f710f2c1c5dfe

SHA1
91892a1672e0b883259392878ea45e2d3f73b3f4

SHA256
1257b2116c97de2360eefd3b6d206642c9140643a9162658cd3644e1f0194e96

SHA512
d7e77585f98e1e37b6de8eeb6d1b17c1aceb5770ceadb8212951d2facd1b00a54a66fb664a58c137780665c43523d577fec02ad8d2cd425b74fcdabd8fcc766b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bg_over.png
Filesize
3KB

MD5
60c8096172f6df0926d3f3871e62140b

SHA1
995237a9819714e4e6ea4f08c8a704ba7143593b

SHA256
3545c63c0b273eb23e7a37414b0c897ca9712e74888a30a69941ad5c3080c38f

SHA512
0800f66aef5e3aad05167ce2ecdabc7e5c0e1490284d6e42a8e7066e1affa1db43efb092ea9bcc613375c796ed273521466a186a699f6efb8b11cb1bb25bc3bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bg_pushed.png
Filesize
3KB

MD5
2a82a6481fc455ed599d353aafec9ff6

SHA1
cd7adf010ae8c337ca099d6247b72aa7f4f6e2b4

SHA256
5ecde0bb07d238030ec3a1ac3f437f71900f60633075216fa9423e2cc9d3b8b9

SHA512
c6b382662d5208703492d8897d3d7cc8a47cb74f2046c3bde9c1028ff8203187b50faaff2de59248081bf7841ebcfc170cfb6557c5efc140233dbd371008d6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bg_tabside.png
Filesize
13KB

MD5
1c0dd5ffbe578c721d44e51eb38e29b1

SHA1
f359103aa117e270f66f23af2196aa7da6d58046

SHA256
3df8c53051e3886edef69d388424df07941aa7f3dba89afd6dad167bdf1a3699

SHA512
0b2556b45698d0cea24e6a697558038512c84995871ffed1138c3dae29075523625d110b852c144ce5bcce99bfcfb10e587980e79faec8d9e15598cf4ba1fc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bkg_light0.png
Filesize
3KB

MD5
99cfbfd59d5003727d39b6889a3349ed

SHA1
108924d64f5133ce87c29d2ecee8e5a538d8d5b1

SHA256
81ab33e17f80bdde4d2afe4f90e66be325939070a4085e1d2ad26491dbe96f55

SHA512
199b72ddf033e7dba759027a3c6e1dc6e75e265e3a2207e866b230b95c2e0c870bf08df621331c8cf8e656c43b2d7511b4761499212a74d58ea1836cd4a76179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bkg_light1.png
Filesize
3KB

MD5
db07caa534010fdfc1b27e03bda3d127

SHA1
bc6fb401992290fabdf2a4bba09f07f31da1ac7a

SHA256
c2f0866a678b15a09078247723a83e21f548e05a489de2512785c80db4ec77e5

SHA512
8bb08fbe630f8c80868dd84a49ee17304f3e9e9bcad264c66fe9cc065807a92454d09a1f97410dd9c2a6ff4c3148eb9cb212265bd9b264ac9089ae3f4c8c0e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bkg_light2.png
Filesize
3KB

MD5
7dea688071ddb3c2c5ba6c818f1ab78f

SHA1
a3e34da3da18907ada714f1a9c2abae19f7225ee

SHA256
f5f253a906f047c2b9db626d8d91230e9c84bae1176d2e61286a2a995c739e6d

SHA512
0f414a729d888ac0c30d112df0dc1de4bbc290cf3e84d24dfdc665854cd4de55e0969a8073bde69d9060d989263c2d218fce70283e2184125ed18905b840314b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bkg_light3.png
Filesize
3KB

MD5
bc42c029e02266c6f4a2f187b0673e1a

SHA1
e40f31e2f4a95f3d8792371b41e95ec28ebfe8c1

SHA256
a43ecfce7e6930468cc6d4521fa1e344a7833586752ee307db3679d7d494fc47

SHA512
4d2fccbff6048a86c19ecf5987660366cb380c139120db179e726c339ea8a8016b0f66349b10f3b3bdb64833f8cb4abadbd01b0fea00f8996217d701636b2731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\bkg_light4.png
Filesize
3KB

MD5
4799ba83b517b35e771560f92e82a7b7

SHA1
a03bc7f19a8a0ec4d7d4c2ca489c44581009aed2

SHA256
51c07702fa24d8e4ad669655c475e6cbc199bbdf2e911e902ef505e2c843958e

SHA512
01e9ec6666f3e11e7a9673ade630e4e7b2c88f2857f0d824e1ad978b870ab5a7e89155b2491159b547ad4a93b02609ecb17897fcebcd1d55d36a654cbf909674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\pic-error.png
Filesize
3KB

MD5
4ac4a7c7eb03a32592a9759f80ed802d

SHA1
07b9e7842b07d66462a68973be3ca767397ab8e6

SHA256
ac469d05888c4f0ed07519edbcdef6b3f5251b72fd583b7d4852a815a3cf5f45

SHA512
b1133e3497ad9e2b97214f0a3acbd842afefc0645d4e46fdf3a03af408c9860ef1e2224cc11b89058c2ebc47e6cacfae09d0bc3a622da45c6410b0f049480212

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\pic-info.png
Filesize
3KB

MD5
9362b0e5c5721afbca5f0fc068228026

SHA1
c3becdd50becf3412e6c990400ca30dd7b5acebe

SHA256
41ba1259ee5cfa5fd6ce97a102fd0d9dbd42294c7ae0eb19854aa8515d0b4d85

SHA512
c34214d5d212456ccc6ffeb5bd8e70e463b21b7ff2a44c7c3ff2f77c2119610f6c1d77dabbd8ac91a06493d87190af139044ab5a384c0a5373169685040c6534

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\pic-question.png
Filesize
3KB

MD5
262d3f4a3234024b946331f6b9cccc1b

SHA1
5e73aaf5e97123a5eddbf3f07d5664c0b281dbee

SHA256
3cbeda0b264948566c741e55cc0da6d8ed1f615a1533609cc612f750af2cc16f

SHA512
d680ba731daeb4af6cbf58e26b62075335cc86e7337abe80963c6299c7137ad2d22a20a700adb9736e5edc76941be5f9cc06f4634d804a167eb57e944b613f08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\image\default\pic-warning.png
Filesize
2KB

MD5
5f935545a51ff168240ce0b520252ed3

SHA1
670b9ef7f70f408ab88f8e696f7ecbc71c4f97ac

SHA256
b8776a761807843ec4e40b7b6f5c16522e1a5a30e307fddd72c6811902336a45

SHA512
8431bef132af3452206c421a0e89efc9193bc51b77e282b0971f57c4f1dc9723f686c8feb531a92eb056bd8d7748f65e2160d6474c61f394b2be4c9c1f4350c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\en_us\dp_lang.ini
Filesize
15KB

MD5
ea2e150e1a9f4a04fef87554ddbe3717

SHA1
aa2317dbc6f36355e318d69b315113da7d8f8640

SHA256
92062671d9163edccdcabbe6d21a922da55a42b7afbd7e75a796a0ca5a484e55

SHA512
2cc9d720b07ba362e03f5987d8f5c8dbf556932a4859d576cdfcc58d38587821fce3196ffb82e58d224d727757c81a2031871e3046aa99c95c9de4aec850cd57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\en_us\game_login.ini
Filesize
1KB

MD5
3d585ed099ba82de4d830855051e3793

SHA1
5ca6b6a0c56c46cb6f23f9ad7a39fd08fb2c2137

SHA256
3f74a33db855a871ced582ac6796851176d9e3621e88a308c94ed80df3ffec1a

SHA512
33afa6b73f2bdcc7e2eaa83ce9bad985f920a3f7be4ef1d088f654cffdae4a7f0becf9ce14c09138f09c8d2c3c940df1003bd3752eb266dbd3f51f0025e9a588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\es_es\dp_lang.ini
Filesize
17KB

MD5
219a8cb939faac5e929e02c6348681d6

SHA1
602115673c814f844991079e312d18007ae170e4

SHA256
ce91bf9895a7d3f6f1faf2ee1bf25db4680b2c66fd8e58db6b89a92a2a32b4ed

SHA512
ba3ee0e6bc0dde92b631a94e13b9a63f8f30e9bedac29b7522cfa55840d7621726d9bef476f4a69df6bdbfb37362fee7c46607805602f8534d8ae7db956470bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\es_es\game_login.ini
Filesize
1KB

MD5
5a25a19e499d2284b6f5846174cec4be

SHA1
d7f20abb3f907d27c3a37fcdc692f5c1e4005c9d

SHA256
b9960d5c6ae2a01cbb98f57d1cabd8f4f40c05121155f9eaee594325737da572

SHA512
691c37687322b8c41b0f7e7d12f6eae9b35d132e7bee267703782cc7a157da1edb25d1505e3d0277fbd5d7d8601511685afa06905143ea99a4c358811c36081a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\pt_br\dp_lang.ini
Filesize
17KB

MD5
ccfa9c8e91517be8d4236e84accb7da1

SHA1
1d24d664907c033aec96351342a3578b00b163e2

SHA256
d01d45b346189357f7cf755329405c7cdd211b44bf36acdd9c04e3a928d820dc

SHA512
32354832a3f0d1f9bd59d77abda8f112b89c9015b57126bb5e0cc4dc874cf79bb92e54683bcaf80daaa1d02e66d97a9d39f478fd055b105b4f831d5426d33f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\pt_br\game_login.ini
Filesize
1KB

MD5
a7e53d814fea9e02eca8d966bfd61490

SHA1
cc0bd97b58e6b9e622c63d2a0cf52148ca951d12

SHA256
39d063c99a1baa32ac58f7792446b5b4a86e790fc75ac0397c02ba200f9047fc

SHA512
72a2ed836cadcacc039a46c1e87381ecb0a0f987956818f645f26d6f5a7d73fa9625849554551236342ff50d9e8d1a3dd57ad30b68bbec032a214bbd2ed04da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\tr_tr\dp_lang.ini
Filesize
16KB

MD5
8feacbb7333c7887d6e97a9b1f484457

SHA1
fc2809fcfd8956ac8c92d47d895db507b6d9d400

SHA256
9b00135d037d27a082f869544f928242153a3b7d861c9c1894a5be3a19dfc2de

SHA512
f6e1a23a1a4d0b52672e002a121dc25bd4fcebcac4ab8083c9837d17483e9e5328851603500d10b226eaf346228780408d55b040fec33dede6abb5ffd66e71ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\tr_tr\game_login.ini
Filesize
1KB

MD5
457215fa41425e0e7ff0942c8988ce92

SHA1
fb51811c43835e161265529e8cbfb5539d7159eb

SHA256
b577749c80e9b380b23ff34a85b3496b9a8373d54963459ecf7d3c210af5a376

SHA512
619a4fdb0f0347d7a698612358f74368ebe25a8b6d6d731cf47d4a76b97c00a6bbcaadfd324f834462d388be024c453761474f32fb10d3648f98d19d8e75d4f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\language\zh_tw\game_login.ini
Filesize
982B

MD5
e24a53a6d0585b512b93972dbdf86e42

SHA1
e9f578dbcc3cd2e1dd0734749c12e4f1605a1e7e

SHA256
bb7fa222b3692dc273224c0115596070ba4542672587f8290b9d9bdaae0223a6

SHA512
7d4bb7d6230c8b587d74bf9c926167fe1d894d8e903dd373abdf9a4282582d36078698ba7575b7a192d1972b62b19e647cbdd05e3700f5744aa37be06b707dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\libnotify.dll
Filesize
58KB

MD5
0241c8fc663f19d9c8362593a41115ff

SHA1
1a6000a6074572e6ac44a84b98b81581cc5bba8c

SHA256
cc8da44ced3839e5a49456553f4ac0cdf498182923f14df7c0ee9605242af6c2

SHA512
4add13728b79d5480dd5ce867487f439d729452d98cff75aef401b01eae9b0dddb1f4644f8db9e112a7b6389ba1966374b430df8cc531fd6c0ab7fa5f83e2f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\libpng.dll
Filesize
177KB

MD5
3c0eaed2b0d81a1528444734a9550082

SHA1
d29136e3498948260dd92f9c41a4a9c06b5b411e

SHA256
54dfc5965065162a7cefd31468f8d2066da54caebc8ccea265c0fae04b14f078

SHA512
2b5d58d33041f5728eed09db9e2d9616fc333b4afb05d096292bc8f6f51f8587670951a9e581e05ec4cfd2767004c2afac50d98b0db0e496b610416af0cc901d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\omigaplus.exe
Filesize
1.3MB

MD5
3029d07a857e3dfcdf67d2c556e237bd

SHA1
ef27f52b115dd703519ca7e534c902930391302c

SHA256
773c983377ce5eb0934a84065213cf6f6284bf82c38129bc422abd64a0d41fc6

SHA512
cacd6fbe27e1785dbcc49af7e035911798111ec2714d488f397c8d929718e6ff1576cbc69bf11e320bbda5a8699c02b206a22ec94720579d24cdacd6e270346c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\omigaplusSvc.exe
Filesize
415KB

MD5
b4584a7b21d869322e0cf6df10ce4413

SHA1
508ad42f6c3fbff2d165a888b25d088adfced447

SHA256
91ce96a35a456d0fdd2455434473fa2f6df1caf5037a9275e418cba604870a38

SHA512
7611b54f37abda8ad8ac915cbe684e922bb8a7e88abaaef9c74c5c015eb6c788b6c05c04fe19c677638e021d2dc9827811fc78fcd357e2672ab5f6e215b84c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\ouilibnl.dll
Filesize
1.3MB

MD5
f2b9a0c60135594f4d880a8adf12690a

SHA1
05709cd0c94c6f0dcbcd99620e9c8be0a9ccbd15

SHA256
fa2a30c087a6cab187cfbec69a5466c0074b66125970fc4c78d7e641fa4e61ea

SHA512
0ee458b4dca7f3c824b60e3618ea704edb65d1084157962aedd1a5c04cc3395b8e98d1de0d82c48e0a2f94dd1658c180b56038a9777cf9a81911cfeab78a82c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\deskplus\sqlite3.dll
Filesize
598KB

MD5
c9efbe8556ae394c2189db94a0dfeb92

SHA1
165d5a2065adf0de0d71b7238dd63c8ac2dfd4fd

SHA256
95f828fb8115a1494011be6eec4358095f398a9bb3861398806228a2fd5c043c

SHA512
6e56210e3450018e19180c7ec41c083d536a3728f5e520f156e787c582ffa3c8bd0afa2f121be2b655b8ea7ac9f96968af3c80fff904f2eb35241a7ad7d88cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\app_icon.png
Filesize
2KB

MD5
8862c52e3d8bc21d570168933747fec2

SHA1
33f2d7fd5511f8dd2686064c301adcf2ce5d1dc8

SHA256
1e5377c6e74db4e35e2a94902e5bfee638802a9fc14f644d0540cf2944446f47

SHA512
7c21f27b4f204f1b1af9cf6b9f67bad47b7dbe2245c98c49b395dfe492b31a99ee671bb3a8094acbbb0440580a0e9fce1298a0f1a5b0dec5c3e372e8b762fee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\combo_skin.png
Filesize
2KB

MD5
bb98cfe215ad6e646d99e95faab598dd

SHA1
c2d83d10e3048668822a0bfd329485800f884c6f

SHA256
f6681dae889598a4e9d54628f08fa51fa054b8db88825e02f0de2007cb667241

SHA512
a8dc7a6d9c2b79f948f6bcaacbf465e073271349eed0b74e5942e80e501c1abd1ffa5dcdaefe3658db1487cace5b6543a98b374369be991c551c0b296f067b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\edit_skin.png
Filesize
1KB

MD5
d6d537b78a87756ec62269bb466d3b98

SHA1
e12931e9b2e9f4622a7029d2c2b440fa7b311ad3

SHA256
8443c32770a7c3a34aea3c8fe7c943917b1f92fec7183e0d590f3628adec3391

SHA512
98da4b91cc58e096fdb49be3fb672ff2c56dfb7198ff1b9c6f539bb1381b752a432d2991f48d6481edd6df684071dad47d4579b57440b36c71c1a77879109ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\install_back.png
Filesize
1KB

MD5
b4417fa9dc7ce01d83eef1e60c4104fd

SHA1
ac84be11dbe3d3abebeefa1d189e87808a606996

SHA256
8a118d13a462828dd39d8cfc82cfaf3cd4260e3ef4e525dc471d54ef593ce3fc

SHA512
8af4a28f51801e05f84e8e3fa42f02fcc3c8acc8932a75ea7d97486db31ac164b33b55f0a6c4272829e6fb9053357b9bdda0caf4b299375d56ad0d121025b892

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\install_button_skin.png
Filesize
1021B

MD5
42a94c34ffbd7a423895c5a291671ee1

SHA1
cae6145ede0d855e3ab020fad84a51d74e2a59a4

SHA256
549373b1c21d393492a6914911975550b58a7a2591250f4b26cb2afdbbd612cc

SHA512
b3a4a4f5ed5fbc15da402d0fbf86d70dd4010f8997eabdbade26b5f0425b575221a9760a114a02e2a31b58c26e5f161a8235bc9acbd96ed31e9babf94ebaeec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\install_check_checked.png
Filesize
1KB

MD5
92a0cafd860beda59bf1c7b406d48ee7

SHA1
19d53d784ae6626191c8bc4f8d51b2a6e37c288e

SHA256
58839cbcd20b0008c01e546b45c081fbe8677a82da2a744a57201b6b8df70ec0

SHA512
f53c894aa495f6ca929b93f850b5b032090c49f14193bb2db5cfce971e706701b79b4c95ab6a1161122780a75cf0d299d09ac184eb0f93bc2af19982698af09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\install_check_uncheck.png
Filesize
691B

MD5
008dffdf59bec336fc3109361668743f

SHA1
5cfb974c738dcd18534ee758bde3ebb6c3348b04

SHA256
6254878e79cb6ff1d82a514fe30bce19c3cb37f1e45921487b6cb047c529a30e

SHA512
cfa39659bf2993ca922761fb652c872d128cdac8e2793643e2c993eea6d5a0fc62cc2e95292fbf0226c667d6c98f46300bf6452de942166c7bbcf447fd927ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\install_logo.png
Filesize
6KB

MD5
a3f85fca47fec8c11c5a468ded4277a2

SHA1
6e666b6873c35a11970562ee217233125f06ba0f

SHA256
7a99dc2258aa3778194081638cd592201547e21b31c3dc3ac1ad37b9586989ed

SHA512
351896383a145edea20c69ba513736045ffd9c85fcea5614ca039246255b50babd1d75a6d17e360b7fab1b5695df05e278f9ac3f501204d4cfa4ebd7b366f629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\install_resource.xml
Filesize
5KB

MD5
2fcaa82afec766befce9ba52f016b672

SHA1
a7d91a7b3bca853d88c4b59a9a1e3f0a823c55b4

SHA256
31e9235c33e55761dc2a90fe96d3152213ca8cf93042ccafe9dff67898772914

SHA512
3568f1067aba16c9bdc45f12e0693d93f69ee5c6b1657ccef9d7c622e9d561affb566793613cb05655b6aa299cc48d13b8e68d9ae972e562c94c86353e3c7f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\patch_file_icon.png
Filesize
4KB

MD5
f3458c65f253dda5e0d8faf0ba24d1f6

SHA1
2c5c789611ac3d79e6b103c0f9db13f95c94a69c

SHA256
16a5c0907a4c2d63fdc619cf0dc8e63975f05d4fdaa0bcf836c34b1ce7e51151

SHA512
da7a9a21e861cc3241387b5a833fcd1e5972b699c4eb3e97f88a9595b9fa5f3a8bed9ff29953d9ae547385cb99b94ba1ff6fea30e03d28b4ba04a00eef2f9618

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\popup_dialog_bk.png
Filesize
1KB

MD5
3ad5adae9a64765cc57814e0a1322290

SHA1
b9bffec17cfbc8ecaffd4709992b26f14d2c242b

SHA256
5c3956856a038b8d4ef783441ee4bc54c61d8571721fb3c54275e00cd92d3f82

SHA512
e3928a5373058b9506ac5e5e43b80e9c9c4ed56080eaa318a0eaaae0e09e3b4eb2d86a2f55f9223cac16fbcd29959d53a35bd841dcc25e06ac5de32173cca548

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\progressbar_bk.png
Filesize
829B

MD5
82c7c23612e8ba864c4b162dfb3d10fe

SHA1
c9c956700d83c7b55de9e29c98c2cdfa348e1152

SHA256
94aea5a07486357a6b1f0fe5f83dc9e441d06d5c70246c79158e84de97882e23

SHA512
9c26c627a140b6546570925a06c78cc648941ca3116bac5f83bb5ab95c32f37f836d7748d1e6c2a4b9ec8180130161c4118aaced68876095e9b171bf06015355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\progressbar_image.png
Filesize
1KB

MD5
7b2b5ae4e812cf70c4efbeedd80077f0

SHA1
26c117571a2e7ff29bc3f9b651bf7695b998e623

SHA256
88286d534e73820e0980d44dad347ebf08fa2a075f116ceb47315479c137324f

SHA512
b7198e25d36d8604dd29a7ca0ce4a3dcb4d20dbd06df1bbd9ccdc5e96f8d72d367fd057abbd993304230d1872249fdce7bfffe0c387cd5679ae93fea630f8581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\image\default\sys_close.png
Filesize
2KB

MD5
93405293b6a0c642dcaf2358296c3a12

SHA1
a2ca7fd50f7fcadb46740fdceaa1a5769ddedaa7

SHA256
12b72248a6da82b9c4884f753f96e9c9f550744c4a92c862b9b8e0db3b0df400

SHA512
e2fbca7a549ec83f1f33e4fcab0ad5b1131d7c58f761ea55fe77051024e35130edbcdb311acddcb369825cdc274f1a0fd68bb4ef661156f28f94e693a3145bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\install\deskplus.inst
Filesize
1KB

MD5
d7211bc84a4f66246f88d6d020996f53

SHA1
ebab98f21b272df97e5605f2883c5f5fddd758af

SHA256
abb4288cd7b61b2388fa169483edd8864b0e19801f82f765fc525e9e18e66329

SHA512
067cf6cda5a421051561c63661ed1772862e74a3e6696f24a4caedf4e5f949de3e43676d022cba549a72a9c3fa1ba33fd0fe15fcd9018ac5ee36ca82db5d1f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\language\en_us\install_lang.ini
Filesize
27KB

MD5
9f10e4a84b98fb16396cb41dc4c0cc6e

SHA1
66889b83b927aff437ff586ab74ae6e08c875e50

SHA256
bd8e84eea63c17a08194cb2cfb972fd75abd60f407fd3cec06eb450a637c42d1

SHA512
17bacf891b058ae58181c6a5ead4c8499c1f18ffc2bcf0893df40c4d76966135be4d38a54bdb69dfc07bd70db7dddd21f54be7bd3c7fcd3a94ed5ab36f3606bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\layout\default\DeskPlusInstall.xml
Filesize
4KB

MD5
3c0ccd6ef18872bdafb039ced44e0ae5

SHA1
60b86edd4dd45fbab1111f169c357a91faf64a40

SHA256
c7160a2eccfafe84e6e635ace0f269dc8bfaa5b5e9dbfa4b459549ab894fd32d

SHA512
b9d3675f05432ee2fd054efe8bdb91f09e97ba176cdc27dda841996a8301ccb2d8c9191e44c0331796d9f63f1dd4385eb30099af4dd3f346ae3f24189e57d594

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\layout\default\languageSelect.xml
Filesize
1KB

MD5
7a1724c9abefe9294c57aeeb41e7f490

SHA1
41bdaa38f3cd881b5fa6b5c60608dfafc95cc9d7

SHA256
9f7fc08f524ed6463ba46ea1974f4f80eff2c28fb59cfadfaf58ddaee0262656

SHA512
62534c3cd74de8b0265de3f56d8fa01ca477554244a50942886fa96a457e8c4b47960420e00f1f549828af38074902274cc678a3e935d7f4bc025c23155d48f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\main
Filesize
12B

MD5
e64b5acc74af1fbc2cf7b63feaa5658c

SHA1
b2e66eb95b6af3bd4be95c71fa880d0f9a433a73

SHA256
7b90d244a79faf50d38d5cf93b3e9956d54509119f61c6ddadb2c83439da059d

SHA512
e7de260fe1810452020520f09d7f92c81f1636e0ea600a87f48a2bc270aedb348ef07bf3f0e8ce39f690bcc10bc79e60b169aa984cb4b5e1db74ff5098114ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\q8.exe
Filesize
1.3MB

MD5
8f44a9771a8d88d97727713bd399c0cb

SHA1
c5144dde2891bf674ca3c18accc904092b23f825

SHA256
de545c4a38879aca49a251adfdb08eea08067ea84d2d79740b46da5faf0c9997

SHA512
e86f65e8be96694c6d22a5358ce15fbbc595178284d05d4bc0f3106317020058d984e86af0132b06ccae43ab2bd68f4b2abbf52927319985e5f90096b9137527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\segoeui.ttf
Filesize
505KB

MD5
6581cfaeee8057734a3f16d37719bfb2

SHA1
4ead8cc9d4d07eb9e081cc072cbbb15ca11670bd

SHA256
38be0d2b58bbd3249f5af9bbe1fa0b38fee587441ab0c1850d1dda1c0766a8c1

SHA512
1734888e9c6858b5f28dcfbec5b9ae7170f5d4eccd5d5a3316aaceefc60389d09a8cedbe8be77ca0470ca7534e89b79b00f2b6264b90fc4b6d003bc1860a64c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\segoeuib.ttf
Filesize
486KB

MD5
eb36b88619424b05288a0a8918b822f0

SHA1
8773d022d2681d63d27896c201cec3e2fcb613c9

SHA256
9878074a1a534929577a388ccef39c852328c692fdd9ca3fef45eb000fe5f591

SHA512
de776ef31dc0e3df6ca07f38d1de108bac440682390bdfc56f2dd7c5eb96d94332f4a4660de91c32e91791faa3915c0b02aa3a3a1f7a63312559ec3ad4c08eee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\style\install_style.xml
Filesize
5KB

MD5
f6213e05abd4ce0fdf9f3d0be91fb773

SHA1
9a97d1ec30b5b618e6e0787888884d2d96c35470

SHA256
fc4efde7433d9aa5e0284942b1757063f6fba27ff14ff55e76bb39cfc8d7c5f4

SHA512
c8ac247babf0360d4b622b90eb1d4990591161103678fd47a4d850901f249f7364a6b03c8b1b1897fe7fd02fe169be060166cf54767dc9084f539a2e519f3c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Omiga Plus\icons\PublishSync.mpeg2_92bcac6141169df486076fa98878a609_16_16.png
Filesize
665B

MD5
0c7ba54a882d61d4e84639a41d217c93

SHA1
a0d080e7cd86c9c57c4c818de1dbd14468633359

SHA256
e60bb5b20d8edf5cb40d0fa4c56e1baf582df5a618e6e3c56df065f0d1e18d65

SHA512
9fb0f0bbca3f8d5323a340e555ae0f40cc387db57663d4eef61ea2896778a57081551be93525004d3805296467ed0994184964178e818de5f4697fc2ea224179

Download Submit
C:\Users\Admin\AppData\Roaming\Omiga Plus\icons\PublishSync.mpeg2_92bcac6141169df486076fa98878a609_48_48.png
Filesize
3KB

MD5
b040031759938e75096d3b61e12a8ca7

SHA1
974cc7e1ee7c5cd9d0cc3860b4c16b19f70af205

SHA256
adc1bb80d46429c1bbe823acf2024a9d0b4a9c1679bef00f5352bd4f1a31e7a9

SHA512
ea9a0c8838c59d998306c02f0dcc07082e12927ce87e0464a539b1bb228f31584b1bb8d25d1c30e88952e94fc1e750ad2a77f9fc21dfb0d190b0a59a2f2a16f6

Download Submit
\Users\Admin\AppData\Local\Temp\Omigaplus\eInstall\eInstall.exe
Filesize
1.5MB

MD5
a333469820bc01ee38acafee090de0c2

SHA1
7c43a60bea514767b6af067480c50a95cdf19cde

SHA256
4b00b2896ee3b08979021dbb6a12271029f23830d4b5daae0f3b8cceee89f624

SHA512
98e0bb0b2f2d737ab992aca13a7da6b343d3b84053bd68e83ef13064a1511ffa06cca802ea5a67e24d495ad8d65ec2ba8f058af7f500e9b91109ed6f168b8389

Download Submit
memory/1600-1585-0x000007FEF7F10000-0x000007FEF7F5C000-memory.dmp

Filesize
304KB

Download
memory/1600-1584-0x000007FEF7F10000-0x000007FEF7F5C000-memory.dmp

Filesize
304KB

Download
memory/1692-1998-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/1692-1999-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/1692-1997-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/1692-1996-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/1692-1995-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/1692-1994-0x0000000000760000-0x000000000076A000-memory.dmp

Filesize
40KB

Download
memory/1692-2003-0x0000000001FD0000-0x0000000001FDA000-memory.dmp

Filesize
40KB

Download
memory/1692-2002-0x0000000001FD0000-0x0000000001FDA000-memory.dmp

Filesize
40KB

Download
memory/1692-2001-0x0000000001FD0000-0x0000000001FDA000-memory.dmp

Filesize
40KB

Download
memory/1692-2000-0x0000000001FD0000-0x0000000001FDA000-memory.dmp

Filesize
40KB

Download
memory/1860-1993-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1860-1983-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download