e8784b21f05c7f91ae6082ae912ddefddf62bccf717c2a9f649f147eb28eadbb

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GDLauncher__2.0.8__win__x64.exe
Size

111.3MB
MD5

f631466f5bf6ae4cc85dfacadac1860c
SHA1

6d5d68e07a02fe9bad3dc5a964957fa104e2c2dd
SHA256

e8784b21f05c7f91ae6082ae912ddefddf62bccf717c2a9f649f147eb28eadbb
SHA512

c8c602b4bfda26e848c13be051340c3d15bde20f9124cde45f0be25a5b178315a273c031cce8bf92f1ffe27141ca9b8885938a3ea9cac4fb36aa23e3525d2461
SSDEEP

3145728:G1e4/oxfXnUMT8w4PAizShIsS3sclI879omN:34/YXhcPj6IsS8cGcrN

Score

7^/10

discovery execution spyware stealer

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1692	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	core_module.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	GDLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	GDLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	GDLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	GDLauncher.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	GDLauncher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	GDLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 11 IoCs

pid	Process
4372	GDLauncher.exe
5176	GDLauncher.exe
5252	core_module.exe
5476	GDLauncher.exe
5392	GDLauncher.exe
5532	GDLauncher.exe
5996	GDLauncher.exe
2472	GDLauncher.exe
5712	GDLauncher.exe
1776	GDLauncher.exe
4056	GDLauncher.exe

Loads dropped DLL 24 IoCs

pid	Process
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
4372	GDLauncher.exe
5176	GDLauncher.exe
5476	GDLauncher.exe
5532	GDLauncher.exe
5476	GDLauncher.exe
5392	GDLauncher.exe
5392	GDLauncher.exe
5392	GDLauncher.exe
5392	GDLauncher.exe
5392	GDLauncher.exe
5996	GDLauncher.exe
2472	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
1776	GDLauncher.exe
4056	GDLauncher.exe
4056	GDLauncher.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
6120	powershell.exe
5240	powershell.exe
6128	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GDLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GDLauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	GDLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	GDLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	GDLauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	GDLauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GDLauncher.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher\URL Protocol	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher\ = "URL:gdlauncher"	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher\shell\open\command	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher\shell	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher\shell\open	GDLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\@gddesktop\\GDLauncher.exe\" \"%1\""	GDLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\gdlauncher	GDLauncher.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
412	GDLauncher__2.0.8__win__x64.exe
412	GDLauncher__2.0.8__win__x64.exe
6128	powershell.exe
6128	powershell.exe
6128	powershell.exe
5252	core_module.exe
5252	core_module.exe
6120	powershell.exe
6120	powershell.exe
6120	powershell.exe
5252	core_module.exe
5252	core_module.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5252	core_module.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5712	GDLauncher.exe
5240	powershell.exe
5240	powershell.exe
5240	powershell.exe
4056	GDLauncher.exe
4056	GDLauncher.exe
4056	GDLauncher.exe
4056	GDLauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	412	GDLauncher__2.0.8__win__x64.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeDebugPrivilege	6128	powershell.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeDebugPrivilege	6120	powershell.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeIncreaseQuotaPrivilege	6120	powershell.exe
Token: SeSecurityPrivilege	6120	powershell.exe
Token: SeTakeOwnershipPrivilege	6120	powershell.exe
Token: SeLoadDriverPrivilege	6120	powershell.exe
Token: SeSystemProfilePrivilege	6120	powershell.exe
Token: SeSystemtimePrivilege	6120	powershell.exe
Token: SeProfSingleProcessPrivilege	6120	powershell.exe
Token: SeIncBasePriorityPrivilege	6120	powershell.exe
Token: SeCreatePagefilePrivilege	6120	powershell.exe
Token: SeBackupPrivilege	6120	powershell.exe
Token: SeRestorePrivilege	6120	powershell.exe
Token: SeShutdownPrivilege	6120	powershell.exe
Token: SeDebugPrivilege	6120	powershell.exe
Token: SeSystemEnvironmentPrivilege	6120	powershell.exe
Token: SeRemoteShutdownPrivilege	6120	powershell.exe
Token: SeUndockPrivilege	6120	powershell.exe
Token: SeManageVolumePrivilege	6120	powershell.exe
Token: 33	6120	powershell.exe
Token: 34	6120	powershell.exe
Token: 35	6120	powershell.exe
Token: 36	6120	powershell.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe
Token: SeCreatePagefilePrivilege	4372	GDLauncher.exe
Token: SeDebugPrivilege	5240	powershell.exe
Token: SeShutdownPrivilege	4372	GDLauncher.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4372	GDLauncher.exe
4372	GDLauncher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3836	4372	GDLauncher.exe	101
PID 4372 wrote to memory of 3836	4372	GDLauncher.exe	101
PID 3836 wrote to memory of 4872	3836	cmd.exe	103
PID 3836 wrote to memory of 4872	3836	cmd.exe	103
PID 4372 wrote to memory of 5176	4372	GDLauncher.exe	104
PID 4372 wrote to memory of 5176	4372	GDLauncher.exe	104
PID 4372 wrote to memory of 5252	4372	GDLauncher.exe	105
PID 4372 wrote to memory of 5252	4372	GDLauncher.exe	105
PID 4372 wrote to memory of 5476	4372	GDLauncher.exe	108
PID 4372 wrote to memory of 5476	4372	GDLauncher.exe	108
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5392	4372	GDLauncher.exe	107
PID 4372 wrote to memory of 5532	4372	GDLauncher.exe	109
PID 4372 wrote to memory of 5532	4372	GDLauncher.exe	109
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110
PID 4372 wrote to memory of 5996	4372	GDLauncher.exe	110

C:\Users\Admin\AppData\Local\Temp\GDLauncher__2.0.8__win__x64.exe
"C:\Users\Admin\AppData\Local\Temp\GDLauncher__2.0.8__win__x64.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
"C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3836
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:4872
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\gdlauncher_carbon /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Crashpad --url=https://f.a.k/e --annotation=_productName=GDLauncher --annotation=_version=2.0.8 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.5 --initial-client-data=0x518,0x51c,0x520,0x50c,0x524,0x7ff63286f648,0x7ff63286f654,0x7ff63286f660
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5176
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\resources\binaries\core_module.exe
  C:\Users\Admin\AppData\Local\Programs\@gddesktop\resources\binaries\core_module.exe --runtime_path C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\data
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5252
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -cp C:\Users\Admin\AppData\Local\Temp JavaCheck
    3⤵
    PID:4632
  - - C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      4⤵
      Modifies file permissions
      PID:1692
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -cp C:\Users\Admin\AppData\Local\Temp JavaCheck
    3⤵
    PID:5520
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99062\java.exe
    "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99062\java.exe" -cp C:\Users\Admin\AppData\Local\Temp JavaCheck
    3⤵
    PID:5492
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -cp C:\Users\Admin\AppData\Local\Temp JavaCheck
    3⤵
    PID:5352
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -cp C:\Users\Admin\AppData\Local\Temp JavaCheck
    3⤵
    PID:2340
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1884 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5392
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe --type=cs --cs-app=GDLauncher
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5476
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --standard-schemes=owepm --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --streaming-schemes=owepm --mojo-platform-channel-handle=2160 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5532
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --standard-schemes=owepm --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --streaming-schemes=owepm --app-user-model-id=GDLauncher --app-path="C:\Users\Admin\AppData\Local\Programs\@gddesktop\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2644 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --skip-intro-animation=false /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5996
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6120
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6128
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --standard-schemes=owepm --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --streaming-schemes=owepm --app-user-model-id=GDLauncher --app-path="C:\Users\Admin\AppData\Local\Programs\@gddesktop\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3604 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2472
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --standard-schemes=owepm --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --streaming-schemes=owepm --app-user-model-id=GDLauncher --app-path="C:\Users\Admin\AppData\Local\Programs\@gddesktop\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3788 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --uid=dibeihhdinofpmiennjkclnoidpjakanhclfmpmo --package-folder="C:\Users\Admin\AppData\Roaming\ow-electron" --app-root="C:\Users\Admin\AppData\Local\Programs\@gddesktop\resources\app.asar" --muid=45e35359-e062-d120-8dad-71ce818bbd6c --phase=28 --owepm-config="{\"phasing\":100}" --js-flags=--expose-gc /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5712
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --standard-schemes=owepm --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --streaming-schemes=owepm --mojo-platform-channel-handle=2952 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 >NUL & powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature -LiteralPath 'C:\Users\Admin\AppData\Local\@gddesktop-updater\pending\temp-GDLauncher__2.0.9__win__x64.exe' | ConvertTo-Json -Compress""
  2⤵
  PID:3620
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:5312
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -NonInteractive -InputFormat None -Command "Get-AuthenticodeSignature -LiteralPath 'C:\Users\Admin\AppData\Local\@gddesktop-updater\pending\temp-GDLauncher__2.0.9__win__x64.exe' | ConvertTo-Json -Compress"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5240
- C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe
  "C:\Users\Admin\AppData\Local\Programs\@gddesktop\GDLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_carbon" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2300 --field-trial-handle=1888,i,2201726017749864650,14426955603144027810,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x2f8
1⤵
PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f7346926915697082c21221bc6799103

SHA1
a5762cf0937a380a732e134a0f70738d2e302f13

SHA256
c0d590731ae088ce1b0867000ad12fb9060e5e933b9b18e0cd1ce7e5ba1aec1d

SHA512
ffcbe4fcb018f5cc4fc9270604a1791e9ae83861d8ce50a85a7a7c673f4a4a613f17bf02be08b7710d2319e1ccde814056b812d2526dec301a3afb716c12c895

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
73f2f5180a1d0bbd36d5e306003d517b

SHA1
f07bcab140e32563069285eaccd82ffe39fcbc28

SHA256
7bd1f1b0af4385e1925b05aa3691ee9706c086203e354bde44811e8479992b85

SHA512
ee02e4ee2bd7cc722135ef23c34e07fc11b224ba17b4b80b2103730c6de6a8fec5fd9399254aae8b32d1e93dc8c83a587e34625401c164ddc4528815761bb421

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

Filesize
50B

MD5
3609bfc49abee1e08dce0c3cbf20b94e

SHA1
3605022d39067d2b78576d927c71f03abbe997bb

SHA256
341ab686870f2d6864d5e072c5fd25a5039e6cb922a2c95f7fc96b63f2567b44

SHA512
8d5475f742090567d44669df0d6cd943a1179162e34fe10c194733790d00550626fc4db4340191010e04fa8ec42780b7c3dda4d45f0a49554a3acece10a752b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
06d16fea6ab505097d16fcaa32949d47

SHA1
0c1c719831fa41cd102d0d72d61c0f46ec5b8de8

SHA256
54e15de2bef9f651d7717e2a336ac6b2ea2b723e6f29d2b153d8fbbc89aef723

SHA512
03c00f1eebb51cec11703141ae9d9c3ac589f5495bc04d8a4b043714089a9d50bd3a520e4d72b4a4c99f5b9bf5f689bf2585fa5c7d4ddbe6f71cbba0172f593a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
2f87410b0d834a14ceff69e18946d066

SHA1
f2ec80550202d493db61806693439a57b76634f3

SHA256
5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

SHA512
a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

Download Submit
C:\Users\Admin\AppData\Local\Programs\@gddesktop\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaCheck.class

Filesize
1013B

MD5
8098d31488cd52db41f95188b9daed5e

SHA1
76988b607c667c86211fe1dfe57ed4aedacc5691

SHA256
c607f5871610bf9240c75f4abe947469496570b380f670e9d8d09f9c785978b5

SHA512
e2b4c54e78daba4a04d17915eded43a3f59a744108cf28baf4c22545d807338a39de052d69243ce610981b930e49790ba8be0f7b370e042a9526ef09e2b9fb78

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pcdcqwrp.yhy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\LICENSES.chromium.html

Filesize
8.7MB

MD5
fcb299831276a7c8bdeb036142da1c25

SHA1
bf6990abb92ab627b7f2e7aecbd5a58b86d2e09a

SHA256
6daa3cd398e5380222c6b6bdb4d66a4b4273d4bb74d6bf53495a5722f03ac0dc

SHA512
1e31ac0b6836d24488e32d04b5028ac2a9e00ebd8e29aaf742d9e0cdb50d5a9d4f7bcc3919b22a793552d31aaed2104415268f14e903754bf25a86510fbc98c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
f59294d4012d69b80205b8e1830a5a7c

SHA1
34d3a480f6799cf904aba944511383f31c24d3ea

SHA256
c15d5cadfaa022c6cf37ed34a81e2f2e7cdca1b8e017a2576702e9fa80b03e75

SHA512
909c4598adf539d685e0ceeac7aa64dfd6c765eacc0392d1f5c48d2bb26154f973c1c499bf69c07c502244a5694611ef06d0e634ff09a4140321638e9f1e45b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\ffmpeg.dll

Filesize
2.8MB

MD5
3a874fa432f621b517c8c562fdb3e150

SHA1
6b43833ca5ec931824086cecb878a83aef0bde9f

SHA256
87eea23eafd23fe15a500827cb1a8724abcde2b711737b5ee12a038ebd9a0176

SHA512
2953eb4cc66bd2089a67f138e95810d494e4b826be4b79227936c625809589259a63e19adcb9be8e2d90ffed31f9ca0f18324669de783a6ec7255e94a1637f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\libEGL.dll

Filesize
477KB

MD5
9961be7be92a37f982a586a1b5893a72

SHA1
301abdd2226e5369e02ef0fc54358cd9069657f7

SHA256
d9b7daf09b891407f5fa0a406853d370a654cb145a11012195be33ee616c1acd

SHA512
7fa6f83203bd92b7e525940e9deed8968c5dd4dec7c82192acd1ba239c0b1686050dd294eb6a08439e6a81f019b77cd2d17679383a6628b795671e98a21a1d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\libGLESv2.dll

Filesize
7.5MB

MD5
2718694e3a8b2ba7ac7ef71c7a0ef4aa

SHA1
7ba04084be9d853c7c4f835a7f714425794c3523

SHA256
ae39ba9c938a17b90445fdaaa184e710ea405e21784a6cc9caa10320a49c6cfd

SHA512
2e1594506ecd3035f31e134eaa2eeb1d98b12f0917f0dd153bbb8a6931d4438bdaae7d96770c1c1aeef9af4bfaae3af524fb9ea6c2f785530f579d12d70256dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\af.pak

Filesize
464KB

MD5
862a2262d0e36414abbae1d9df0c7335

SHA1
605438a96645b9771a6550a649cddbb216a3a5b1

SHA256
57670eae6d1871e648ad6148125ee82d08575bec5b323459fc14c3831570774a

SHA512
a789a4cad72106a5c64d27709b129c4ae6284076f147b7c3fcb808b557a3468b4efe3ede28033f981335d5eab986532c0497ddd6ed24b76189fe49366692ee73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\am.pak

Filesize
756KB

MD5
4eaa15771058480f5c574730c6bf4090

SHA1
2b0322aae5a0927935062ea89bd8bd129fa77961

SHA256
b05dcb8136751aee5eced680a5bad935e386bfce657dd283d3ec00ee722fd740

SHA512
b67e7dd24eadc91d4cd920f8864cfb23a9c67b2cecd54ec97e01705636604ce504dc417d6af1c53f374b58eddf71a12bb82248bd8fd68307161d4833342681a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ar.pak

Filesize
829KB

MD5
2b2dfafb0d258c1d2b58e51ae1ee9ab5

SHA1
2a538491ff4023d29bdf2a053447c6016138d9f2

SHA256
ea49bc2ceb6b185030eaa0ee0155feca90e632390417299113b02fbe365ff731

SHA512
6b629ed83edfea1b1ff3c379009332e413c420de651a24160fae859e1e0948fbebab99c9da714df6dfad3b9e472dece7bee95815ceca428183f4ac0bd6d42ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\bg.pak

Filesize
861KB

MD5
0e8005b17ac49f50fb60f116f822840d

SHA1
f2486da277de22e5741356f8e73e60b7a7492510

SHA256
50e4f6b9c387adf4baba3377c61d99326cc3987928d8d60b88d1ac29352820ea

SHA512
5df18bbeabd56e70d4c5a80dee5b7ce48259000665941634937e556e3b3a1c6403aa45c410f6f755607549c9dd35d722987b447c50efca51228ffeca4628756d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
c8173f0cc63ca9e02c07abec94892b53

SHA1
2688b199cc40bb2082247fa451eac1304608e48b

SHA256
e6adcfb4f3b3bccd4a27edadc168b503c36551cd6b27fb24043efeb21f691ce5

SHA512
3d2317430722dc15c5d938fa55235af1caa03dcff7a574b44d37d89e7cf2c94dd2e84518b3eeca4a5a8dbec1b99d94aed97429aaf55c63998002d50ce9cb5019

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ca.pak

Filesize
524KB

MD5
d193a3ac614f64f4754c9df5cf00e880

SHA1
0da0f7c1a4048074f6fe9d70704aa93ff75e42f9

SHA256
4ecfa3785ab52564e0bd7dda04d59a30163561588a04f3bd1b1b71de051d2c53

SHA512
e85d18951f9a1a86514d577f9b19a4b3727523c15b4ccdd17217f6fdf69a0e774a36874108a05de1be3dcee1720b0cb19eced2d3283f57f41f5f9c5e233e1c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\cs.pak

Filesize
539KB

MD5
70f320d38d249b48091786bd81343afc

SHA1
367decdcdad33369250af741b45bdc2ca3b41ab3

SHA256
1c9448ea3aefce1a7e1491e73af91af772d8b22d538676a2beab690558e668fa

SHA512
02b08ed9261fd021e367995551defaf4b4f54c357409a362f4d2470423644913375cac444f62153ec2963a84880a30a36f827dbfacdd76a6222838c276cf5082

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\da.pak

Filesize
487KB

MD5
0e4207e2cf5741a8968617df9174a681

SHA1
bf9b7558141ad30bbc921992e48d48cd6d6ab475

SHA256
438d2b1fd396c2108ca3902f69eeb372219edd5d95fe70970d8ee9e64556c9a4

SHA512
4ed8368013912c408f7e5f7b4f6f1748834e5506307b92f4b669c557efd27363a55b4e2918eb7707e798878c9492b765f24ab9c90e843f54e8641c4646bc72da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\de.pak

Filesize
521KB

MD5
141045fc1f94f93e82db06db4f7321c8

SHA1
d63d226c531a710359cb65f4e6aa190f593b4d54

SHA256
47253e2fcf0e4691f29b3ebbe8f888a97b28d6aeaf73ab000857a6b8d0907ff3

SHA512
85c27fdc9a2cb9310bfbb05d0bcd668eb2156a37765d8fb59496739f6f1eae12afcbaadf5eea8f2db2ad8c8a0602f83500bff9cb71a429174a80bee16ec10118

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\el.pak

Filesize
944KB

MD5
16bcd10bc81dd8a5b3ad76c90cfb9614

SHA1
240395860971fb9205d28602d4d4995007ee5c75

SHA256
6a06d1d6b566214f7c3b693052beec488f7aae5ceeca26781a5d66fade39388b

SHA512
353a26b21848f4dd30b3aa1f4196b23571e177893ec6912db4570493664ed987e688fd66c04e509ecc58233476ebe59453260bc3569136f275fcd681ae54a174

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\en-GB.pak

Filesize
424KB

MD5
a1aa885be976f3c27a413389ea88f05f

SHA1
4c7940540d81bee00e68883f0e141c1473020297

SHA256
4e4d71f24f5eea6892b961fcda014fc74914c1340366f9c62f0535e9b94ae846

SHA512
8b6d67e09fbe7a2152a71532a82c1e301d56cdde34b83a9f17d9f471e258b255d5b2d4a0c39f38581da3a31cec24fb403156a8e493560d7206e1ec3db7e68b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\es-419.pak

Filesize
515KB

MD5
088de6d12071ea5cf8d4a618ed45e7d5

SHA1
f12a76d18b84b17906f5f8cfc78cbb370b026b09

SHA256
d1019c780e836e0c30fe01928d23ecdd0ca04ed8ee886adb3428e3683e4ed6ea

SHA512
8da7326cf99cce53d7ccbec0c177ff9cf6dc0009431d6c89b3e8f0475bbcd0dac4c888460b535c1070ced62f1bf1c614bb0fbe9c5583e66c42f30d6e025ed7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\es.pak

Filesize
515KB

MD5
d584992a0670c5771147c01266d17362

SHA1
d6e70e43585564d520e4b1777fac0b1e7bc6ed37

SHA256
f6a01c26bc18dcf701e1d4b6ff76602f14c4bb9adf9dd176c9107d5aedb4503f

SHA512
39db436a05955a3ad3b54ace4f2f0e8a313797d3ae8eda9cf1cab6f2ea1edba0a82c30f3b589b8c5399ed06e9fcf4ce9059d3d5a07472f05ab1f0819e42d5b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\et.pak

Filesize
468KB

MD5
e7ea23d6304d5d600d884f4e3b3cb2d7

SHA1
99fbef7eb1bde7df398cce9faf6c7c357769334a

SHA256
292eb18ec61502b0e952b447f73a66143c56dd95f170981945e5aab53a6b32b3

SHA512
23dfa1161d11faf440241b1f48f2ddbc8ec086a8e18da351734656551f0f54fe4c94b490c0d3ecc378a3de7f7713a1626a7a6c21da2500b9597b44fd08197d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fa.pak

Filesize
767KB

MD5
e2bee9eeeac231de237100fae0aa77c7

SHA1
5e5eeb59656e2f8f4f62bc618966d38cc06a385b

SHA256
7a856070430e3cfad15b96b153b1cb483cca9a1b9a43453df3707b09c748a3f2

SHA512
5593c4a48e679f0f6283c3bca69838f581b6f928cc7170737778458393b6b85fab0e6ca390bc5da840f4b79de9e638015bf341c1a95e8f99770886f5354ecff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fi.pak

Filesize
478KB

MD5
a9fc339d49ea069bd81380ae1fa0ef11

SHA1
5f376072f38e94e252d72c5660d8120a41d73469

SHA256
e6454458dfbe150112c37f8b02f8c72c593af22e8be16980ebc854ad113fb763

SHA512
3bee6723485a9eae4aa9bfd4e7fb490ce7a0aa12cbe41443b8bd28a26fe552cd31f4a1487bd98c6bc7774df1ea16b1de94ed0f52af59baf9e17b3db815404c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fil.pak

Filesize
541KB

MD5
cbb431da002cc8b3be6e9fe546cd9543

SHA1
19fbf2715098fc9f8faba1ac3b805e6680bbcca4

SHA256
ab107369d45e105a4cb4f2f6bc8da2a8c1b6c65d5e94a7ab3e703e619c083dae

SHA512
3cabbfd021e5814587dad266c4f5c9f624e9d9278f22658dafd65ff2ad2bdc5f6df8a8672614b296cea826819211e12f8e77f183007c0a79075e2f0980b99911

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\fr.pak

Filesize
559KB

MD5
59e1e573153a209c56ae3bcb390b898f

SHA1
45f8a5469651c032c453b14bd68c85cdd6c75fc2

SHA256
976622fb851378f57f81423e5625e40d0753d7a5e34caed2c39e4b130a3427b8

SHA512
91f1b88ffb9f3362fbab7d607a68c4ca65e6b89fef7de0c986067ef7fd013c0ce35bce328ff3546cb7aafc296993e46a908ac506bb6a141088cfbc5ead948ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
a9e6d8e291ffec28551fccf4d1b06896

SHA1
adc9784433fbf2ee89bcfe05baea21beb1820570

SHA256
716ea0433e19edb5113dc8a25ae67c2587bc17c7fb63a93ac473bdcef8f72d34

SHA512
3a60002dc6a9008cac78bbc050fc36d1053bfbd21ecf4d0579b2780985d4e7a7aec94483d8b0b8dd7a899b8435d54a27bba68917a23945431183eda021722697

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\he.pak

Filesize
672KB

MD5
ec16b50e6575cd6863df282847cac3b0

SHA1
a59e089951c3a5dcfac165774c68651055b829e0

SHA256
c3955c97b6998f1806f8871fd3137f6f504bdd091f8bd1ff5ab8cd089474ae8e

SHA512
3c640430e3391be156aab26f6057e966348dff50ea946a02db947e2316d3a915c29f329faa26725a90af4d06ead7c7fc28cfa7573033b2b9546fd8e4d2bb7ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\hi.pak

Filesize
1.1MB

MD5
18bdd1d8d1d5c6a5fb2678abaa1ef6a9

SHA1
e40602e86e758a518ec70bb6a9cfa23107955301

SHA256
1f49622ec6682c90e03fc42c319074565cf9d3532a2a4e3798e2f6cc159b2e8a

SHA512
c859118e7c1be0642ba9bb1112a98a8fa7114a00711f578971a55aab7254b1ee9bb3899c852b79a002596f29e02f487267aca7033e38cbfd14c90b2989b9595e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\hr.pak

Filesize
521KB

MD5
d80178f9df2b72a24a7dc58b5aa13229

SHA1
cda864bbfc6935cb4e3e30a6eaeabbab5264d01d

SHA256
e442d083c32d752d1ef2225d84a4f1a91efab768e86fc63a7ed22c10fbf7e520

SHA512
c08380fc0c415a529a035e6e9c0eebc719766c656a3d9e3a782f21b4fef320688e1d11de8c3a5d0e59a102c9fbadcc960478a17c534500e137f4cb0e697ec9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\hu.pak

Filesize
561KB

MD5
0b62fc2b60b8a92dc506550339766139

SHA1
abf0b1ae99ae40d87f86ee04bdba467674fc1039

SHA256
6ca150d0fc35492bafb411bbc520f3b34da6399969fa9685ae74201623882560

SHA512
aab6058e2f41282ac5a9394cdcd503efdeb6b9eb8b9a64cc1215e31a806e60a34966b6823f91a97bfb81656d91ccfef3a226165811e6f4208fa436e1d04c1242

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\id.pak

Filesize
462KB

MD5
6a406a9adb5c25e35c6838828ef30c17

SHA1
2a1ea1dcb75217ace04254644845cd038df6a980

SHA256
af63384cf7d1d39e57decd823dff7538ab2b1e7e36e9ac61238477f7889d1d46

SHA512
ac7afa288b768a730027db0780b0f7c9f42ef990e4e22751ef1dc85e4841579a6e252293fb04d61b0cb591ccaa5c74d37bbd380afa15308c80ea32070019a361

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\it.pak

Filesize
509KB

MD5
e0e5580e8882f0eae4b5b21e6c7828d4

SHA1
51e32e51458b5839112ed9dcaf500403c45ac1cd

SHA256
a7f555e7e797e1de1a66cfca8c7b709b0e542ca62e7de96e034701fcef316d0c

SHA512
1a2a4948a5538158e6dab7ca7b3b780ec7a66a0aadb889fd451e07b32336ea08b88b5d57759e335fa967f3b4bb1282e952b97e496d798758159c70eed2e5acb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ja.pak

Filesize
622KB

MD5
dfd5ab27c326a1e1f87943a3079a2af2

SHA1
3aaa73a6668e1249e4d51c8fa8e0c6868fde9da6

SHA256
8260f4c9500b64d541386a8515fd0c9ddef82e3f044951b7b51a33ad81c1128f

SHA512
d701674fb6e19bcdf297b19a9fe3b81c7f446019a8c2fd3e90e19294765b1e8ad4f0e40e4bac65b2db313a4f83eb050b5871ee4d74f9ea372208b7abd76c524f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\kn.pak

Filesize
1.2MB

MD5
59e6642f09ce97cfa4a4173413a1b036

SHA1
777a96a4aefbe138f26c8697e66633452285eb2c

SHA256
58d16195170f76e40e18ee0ac2e10e1b73bcfd083821158927a7d67a51bcbc42

SHA512
66deb67a4ce1914f5f27bb6423e5be62e05d0a36320accbe653572a437ce033ed5d26858a62d8c57476b34e1718d580f34ab44a3886d8d22d17f642d70f0138e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ko.pak

Filesize
526KB

MD5
cd2310448ba6689cc73d0b2e6dd2791f

SHA1
7827179d3fb98a5abc2ad38e20d942b83b397235

SHA256
cba6b7633cce796407821264e176a6266f80c1799ade16bf16893d68144236c6

SHA512
c3069bab640ae43856330bb8b3a0e0a4ca058a68a0fc03b8efc0ce1dc2b517f11380fbc641221e29b4a527d685ece72107fb83cdb9b539390eaf6a30c21bf36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\lt.pak

Filesize
564KB

MD5
edb2c872a4fec5367cbe68035ef0ecc7

SHA1
b4d42bcc83c98dda1ea2ef962d097f6fb3d25c71

SHA256
1bd385b780f3d13d41f8cf782a322e37be889aee273ffde3d8959e0ebcaabd0b

SHA512
dd801a1aac2242e3f532e968b4c9639a2c8bf3eccc17470d9aa8bd6730ae4be3e7276fb782c7908bb6f87d3ade20a40c644b9db5d2201d96d91fd95ebdf429c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\lv.pak

Filesize
564KB

MD5
393c296fabe0c4c64a7d6b576d7d2cf7

SHA1
16c0605e5829cde9738e1cd3344a59b74fa1f819

SHA256
91642c04de64f88a5c49b4eeaf5d627554e60d56fc40e7cd58cd2601b0d3dbf2

SHA512
067cccb059d4526c104880a26ebf04c7e2498c49c5641abdc91785e859bc0be1475ec58cae9ad1eb076f26fb9215ac246155e123baa13c06a05e4f22a002c2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
b690b0f01954735e1bcea9c2fb2ac4e4

SHA1
8d98860e202b15a712822322058e80a06c471bb8

SHA256
83d187cd70048f4129fa65ba148c74a04a47ee1f14218e7c85b36fe83e87b5e3

SHA512
786f08019a0917d0b3f29aa2d1885db6a6f995990fd8faaf41a9630f8347b4d210a844cc6690a41b4af37d60e11f41fd2675df1a01bab5915e20cd9bc69b4541

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\mr.pak

Filesize
1.0MB

MD5
f26bc5673e02a93212220d71cf1bbac2

SHA1
8d0ab40fc2b35b75f99538951acfbf6a348c73a3

SHA256
0877f2e75e0b9f5e709f0a0bf7cc793a02ff5bbb28bd6a8b6b6012760c1bbff3

SHA512
9f3a629dfa116cd92892d120f0fdecc5f57043dad232311bdc8c218ae9317f49e655b8b8dc8399639231f2321013190a667d22b6b2735bbcbc375c438dce9aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ms.pak

Filesize
484KB

MD5
d22cfc1b78320157685839f14253fa1d

SHA1
0cfcb5c176d708e26bbca2427be611ce6609eb93

SHA256
c7b56e9ca2f75b4414c13144ff4deee1459c2a7cde79730d863ab234cd4c2f8b

SHA512
2eed40c50a63e362dfe2f172d16e4545f5b19c673e71db674bb004e4e6a4cf793ed4a44ee80d86b05aaa6cc4356c207476afdedc2b35017421ea9b9fa6ebc81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\nb.pak

Filesize
471KB

MD5
bf9bfdfab1479bb52254329d7aa229ff

SHA1
cd9ff35321731b839ea6e5f31f5de0bfb475666b

SHA256
96747543d9b2dbfb4482d4c24d7818d366545b2476633ad4fec8cc958ab760d3

SHA512
ba8e62d0a87c532ff46f2129724dd2f1bfdebd99c2606e0b9608cd07841776faeca15d04ec6241020c232d4c07809d718f40cf4ad9231d6a8996d55973486629

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\nl.pak

Filesize
484KB

MD5
b525894276852be4ab42ab7044fa164f

SHA1
d3d035522265718def8125f5c4a1d3e74832dc2a

SHA256
c7a18764ca908ec7f66c48cae2be06fef95213d7a5580b45f9bacee474456167

SHA512
36b11f1df92df27b007fd640b589c6b7b30cd889bc297635bdaa40bfcb4332ff20911edfd23ce74c1c8963dd658f77bf4b9af50d3c281717f58eb23a598783bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\pl.pak

Filesize
543KB

MD5
7b5d41611b92b24ec8b36b66feb11f9a

SHA1
3d6c36f404c29d59a24970585931860453f5c88a

SHA256
69e16e41f5fe7fa18557b938874f20cda6879f3cc616ead9a815c1381fe94158

SHA512
16ba52cc799132e4525d220ed595d3969d4cecf163ccea6b62fe2211003b0cc44090c4d384e9cc4e32800181b7f7e0810da5a0d2c908f4625ff8382cfa3c177e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\pt-BR.pak

Filesize
510KB

MD5
8dabbceb430a6bc190ee344541fa8e2b

SHA1
44c7da04bac8c9ee67c8d6a0eeb491cf7ffd2479

SHA256
6d54f87f6c8b5e01bd0da9a961236344e95e85c3dc55fc92a34542777d6f6275

SHA512
4d36d527f1769501d1fce208738028d5ba142716a6243798212d5a2403dc5c950dcb3399e571cf3a11b1f35d845a6ba6798c38074d0ed66c894b1c18ab800159

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\pt-PT.pak

Filesize
512KB

MD5
4816d83e54beaa2f94c671d56361c04e

SHA1
5cae66c0b7079d778ac87ad48777afd85b172d2f

SHA256
a903ca2a8e52f987e23d040de7403b58d925a6c39668d3bc0822fb2aadd34cb1

SHA512
0d3a39e1205ce9366818cb51d38db035b80448dc1e2d2d6bbd7d5df693641582043b45b4a78bbf2334159616187dc85a51e623bb6878b1498d9bc7acd2a6ffab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ro.pak

Filesize
531KB

MD5
938e62fca60d7b54e9c54cdd1f745f06

SHA1
5a61a1ef3ae855ff436c5d7f45b6ec271a5228aa

SHA256
82e69f505222125ea62f8e90d8030d82a1bd49871192cb4274a8fd9d0e03d577

SHA512
d3f43881fc951c961cfb34babaa6eba2aa9175865dc07542dc529ab1c11d15703c03a7e8193c004b004d13f0a0672bccb2fcdd1cd88f32add159c337281d6d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ru.pak

Filesize
872KB

MD5
9ef6fd52dec5613f9e80204a84c7f2ba

SHA1
fbb8c9db815126fca3c62c810432a71b6965f2aa

SHA256
d0068b9ddf8a9e6a5b1186bd0e00ed9f09224ed56ba7e653e2d54158d938c6f2

SHA512
0fb442ef86f75ca2cf58a677bd25ffb7c420f98250fac7f5f25e2272d4e7dc505a5f3eb3665b62bec189496154b05a1462b6f17a0e9aeafc1517b71e2d813953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sk.pak

Filesize
548KB

MD5
fd001b1b02597bbf16baf3f0baf3c6e4

SHA1
e4c703fc115e02833fe08caab1e62775b5812473

SHA256
f9cd222838721a618c23c8f6493bc9699c795c0063998f1a8d506b4b7a297cdc

SHA512
0ee991da6b8ba1bcc3cc27abc645af43bb93edddbf182496aafeeb401d71ae10716335ee0197f1987c21b3abb441aaac968b9a76e75ae77fcba4cc48847f5b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sl.pak

Filesize
526KB

MD5
ff14d5f9484350396780bea7f3bc64ec

SHA1
de097f12b70b552824de69141d6ee1969275eca4

SHA256
b174c4c49654f7d65d223568c700bfaace74238447ae63171787236ce2aab00e

SHA512
011bcc3980d21e0900d1da334a28b72623b22b527a4fc3d96a8f78fb055dc87cd1433a63d8b4414a0a86cf2ded5833a395214910b17433a0545e04d1ce4875b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sr.pak

Filesize
811KB

MD5
5d70a218b7dcccab0406fa9239ef800b

SHA1
cd231758f84a0d56545d0a234a58757a18a58d0c

SHA256
a2bc6b064ff1f7b15707f61bd76ddd9d889bd982c4182e9e74272d39c6235c85

SHA512
ef6f71e0d9782b5ed6706d9226c1a7fb5a4323b8dc8de25737c7dcca87d04c16b545372127670de312079be993823f565de1aaaf5ad833bec5baa0856c19b0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sv.pak

Filesize
473KB

MD5
a813b566c9e630910e6ca946defb7202

SHA1
2e25d2479715a572c096ce19b8dfd7a6da5339eb

SHA256
48a71912e4843b03358fede7176b2e57ced83d3a1344a92b989886374dbded62

SHA512
b348404135e147cef93c246c826107f9df170b294e9d0cbf576d2812d0ff3d2b7794ab5aba55cf729fcf7135a495d2ff591db62fa61e2998290ff02538a0e48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\sw.pak

Filesize
498KB

MD5
9808a9df2da0844b1ce1a2a4213c48d0

SHA1
541f24f006ddb3361ff1e5015f097ab799120fc4

SHA256
1949953d638f266ce74d84c020174c074780166b880e7c2ec38bc6047bbb8ecc

SHA512
66b256e02ce11ea0273cc5bfa78e56faf8b250208d1e868bf4af77cbefd1c891708573d63873a5d02436f884544a6550176afcd3a8220cd35d64b88987e94404

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
d50aa6815b63aff8c443622cb8bfd849

SHA1
fd247855e6e428109e7bf2e0018580cc6e0663c8

SHA256
6348cc2d385b9808fdf1b815914dbfb26f552da4d10f85b2613a5e6e9f95b8fa

SHA512
620e2f9ab9998c68d667e32ad9bbfa2569f7a60fbc2a67d7492c6c215af2a1037708e38b4ed7932074d29a140581fe0ffedddb362133a941966044b98eaa50db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
d262c33a8c2b4949dff36cc1980e5f05

SHA1
e1ad725c388c4a1a386b4ab6170601863c943c29

SHA256
09ab1ac2b69f868539d4f2e59dfea8c3c2f418a5455777e4c91d13c5ee55ab4c

SHA512
0202f6ac32878926422d542ea96b0bcf8b168f8ec6b928121c368711856fd5f4781a24b15851cdb5892246b355d0dd37504d4599b24e9fe8a723b8dfbfeed29b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\th.pak

Filesize
1003KB

MD5
a4d1594635d26330ace7054bc025b76d

SHA1
bc4874a6a3b1d1886f05858ef2f653ab3520451c

SHA256
f06a45f0395c3e42e42c46de2c19a2a104661b47be6f9ee97f8c68b05706ef1e

SHA512
731485b139ba0ed80dac5e582ec36f53a805a867ad33551741b805e851a9d2356fb1894232395d4fdb200defc988bcf6d51e58834b542c398c1012e389953a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\tr.pak

Filesize
509KB

MD5
193f0c0a8218f05657e2590ea4ee6004

SHA1
dd3ffd7f67f72de879903a231271c20aee56f695

SHA256
676d46d19d1673eeff4f5e908aec3b53a6273c440e69e7d655ced6c70531cb9a

SHA512
28606d710d44c9a82c2849fa5ef989bac1afab53cdea99a825f80aa41dbd38a9ad6f0f44935f45439922ca2bdddc89c61f8ffcb999aa13fa45558551d5216e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\uk.pak

Filesize
870KB

MD5
83e5f0092b6d72403b60fe0e1e228331

SHA1
989ed480b7ef55dfc9ccfbef1a5b9b0e104693d8

SHA256
29d68d90512ee9952635c7e074d5ab210531d93ae24c11a8f91bca20b685e9a2

SHA512
9895928ee516db7d4395b2788135a814031b9ba45e3a837e633bc253b08d6f380e4078d4d3fd51ae37502a39ff45a0166969fb62365e890f4960a51040b20941

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\ur.pak

Filesize
761KB

MD5
29403f3d5c8f6ae2a768de2fbe8b368e

SHA1
da83015565980ea1a24f5493be6311f06427269e

SHA256
2520ba8471c840aa075075524c4ad2bde10f43fa7a1b623aa14555180ecd30ef

SHA512
a0709280adec39633ca19daf9f8bac6c17a999101246778a63cd9e172dbea2f281b20ce197290c4af6c7601ee7956da42f17e31461a1bd8b8a4bce3c36dc87b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\vi.pak

Filesize
602KB

MD5
e088be14dded779f50feabc4906d5ae7

SHA1
0eeca2c7ea82a03b6373c84adf1a890f29e18b05

SHA256
25aeee59775ae38b21a091107022312fc228f96dbea906042bf3626b7cf86b98

SHA512
af9d1e415a6d06c28df9abaae1f337bf4dd3e323dfd5560df5fb35d01c6801b9145072ee85ab4c524c489fb6cdea956ce327b8c4f6820197d76fc2f33171ca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\zh-CN.pak

Filesize
435KB

MD5
d1145f2dcb13c5ba797df5a0792553c8

SHA1
e8d9604300d6413fc896d252a0261be2dfdebfbd

SHA256
6a9a1f5b7674da36f20cb76af7e3e75e9e56873539e8a3b32895ebba439af83a

SHA512
f54adffc7d40866fd53dbb238687116d46354f79580877b5d4d93840494e604deaeaeb7e825f6a00d020f3c58d1fb9df8af667feb64c86f243ecab57765623e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\locales\zh-TW.pak

Filesize
430KB

MD5
1eb532e97b84db33a50055bbd7d36200

SHA1
7aaf0560a16a9754059871a000d237964f3ab0c8

SHA256
6a43c8fac5a0ce7c7a21b30ac7bc2167488e17c81c76c00f0b92b49e9e46e469

SHA512
c946d82bd6ced6e61b35acaf7ace1a61f226c4891caaeeeec9ce4a3ab45e6f43c35dbb388d6d5fa925ed020d7d10f951fa2048269d0585ad3b723f5ad8f4eabc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\owutility.dll

Filesize
1.5MB

MD5
651be77b72f07779b26f2e2df4c95324

SHA1
3285a850ff632659cebfd3be8e3e65730b483b1d

SHA256
9ce3065cdc8b581a4dc33ebc98f6ea98933e75b87e262834c21c46dfb3bd5048

SHA512
020ca2db9147df510013beb6fb0ab1b8cf491e5505d2040c35f66c29b8858dd787361dd092a2b13c817eebae57690a9020f5da310452a4c21762826d2fe758a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
b5392415d53abf8bfd55923a09d22086

SHA1
f1dc1dd77a762e541885c34b492734263791c5ed

SHA256
87dfc68cc6d5626e9c27e49c540878fdec2851ff9546932ffde65fb9e7ba61c7

SHA512
b4e837a5fd7a39bbf88cb8ff71d49bacc898ac18ba9b3da505e9d6e6d436c4388dce5ae7a1856a04624dce237bebfc442f489a866aff30d85ab29b35228371fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app-update.yml

Filesize
133B

MD5
fb01b9479a97014234fbffba6dbd7811

SHA1
677cca903beae0ba830e569bfead4f1a74f52bc6

SHA256
d7358a93f52b95baa21cd49d81bf22c3edcc2169f9d1728dd70a7af0af212f4a

SHA512
e805b927e30cdac3d5a0f65a15d2b91dc6a511c05e08cdce676a9faeacc88f86ffbdf8de6b63060b71edcb2f8fb85d3d627d37a8b5f0aba45bebf0655f61be4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar

Filesize
48.3MB

MD5
406895bd9e48ced24ca34d798ed28fba

SHA1
5e33f96154197ed7e97637dea393b62728b11c80

SHA256
25abe148bd1297906b68d68ca5a2ce3f4f9e278b5032186576a243e950874ef0

SHA512
6550ad4d677674d5c2b67f6add96b00ac1bf224b2433283d5ec5d1836233079ffb6c8f23e458751c68c9bcec27a041ae48c98e2ae8fa3ea1fc7f1fe849f0fd55

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli-win32-x64\bin\sentry-cli.exe

Filesize
7.3MB

MD5
2fbcfe6059c7faaad6dadb56992f7996

SHA1
1a0326c6d0740de9035bc8899e4a249189f01c3b

SHA256
9f2ac1933960708f89817cdc7898074563f796713b0bb94f5eadbc832dc31189

SHA512
64939837ec34b39a3b31d8e424229e1e408c7a6448bd02a11e755e17c74edb6a582165e6e0ab6fa504c7cbb25f69095ba72ad84dc435026d0ebdbf73d475c0c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli-win32-x64\package.json

Filesize
365B

MD5
63eedeeba75050dd53797741216e353f

SHA1
24c27f37773717471bd65dfd65950066067df06a

SHA256
8f1a9b77f30b23a9570fcfee61c36ce1ef72ecd75966ba9e1dbfa33847a80303

SHA512
8012dfd3f4733838930cdac0b7d49005eda6be6d5ae832e7149c7790d3074feacaf4367e9fbb2996a49d4da72a2e38d85410b3bb10ebc8c1945f419e5791002f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\binaries\core_module.exe

Filesize
26.1MB

MD5
5427ce634d9d9ea2fe94ce0c947124f5

SHA1
5e693b9c95a829ce6c6d1b0152b370fa3ddf92fa

SHA256
e4291191bc1dd8f60310694869fd9437710f3059ac726377a07fadf9bce70e9f

SHA512
cf5f1e59f12fe2db60bd056ab60da9db8fe28852656a60df9a75767fae3b6ebca1c505cf13bcf2b3bd78e0f2ad8a2842103d83c9588de7097665d206237548d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\resources\elevate.exe

Filesize
115KB

MD5
94faad96bcc3c1e083b57eb67b7eb92b

SHA1
521bc7befd021086ee1dcc8a33d5358eb81281ff

SHA256
a55770be41bb05c4b422b53defc4a36d2fd5dede970eb199625ad4c1efb37c3f

SHA512
7433fbd9ea712fdaad2b144c6aeb70bcf537545c64f4c3a27098cb5bd833ef3712a206711fe1244b1e9c5b2e358ecd53e30462af18afa563d4de222e12f1f568

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\snapshot_blob.bin

Filesize
270KB

MD5
d20922aefcad14dc658a3c6fd5ff6529

SHA1
75ce20814bdbe71cfa6fab03556c1711e78ca706

SHA256
b6bea91727efb8c88e7c059856553d3a47abd883e60dd60efc01b04dc6eec621

SHA512
dbd63a9f01feb3c389c11b55d720b5d689558626041fb1dd27ded2be602e5e2a8d210f785fde025d7b9959f81de3df7fef06981269b58be564df05aec190dd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\v8_context_snapshot.bin

Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
97f3eb7a38e6e9ec6757f320170d6171

SHA1
38f3165cb5243b38c33c34d88171f8a5f5668221

SHA256
79d822c157881b46c1136b14fd5164da9c528f0b1f2f0cc5ceed4b5fd4060c9f

SHA512
ca3d6dd07b848a045fc8976c058a01ce6ecf8ac0f2e121531435906ab66610fdd574fd1125dce4cc2a2f884000f32b54604a6b67f708c0feb14fff1291ab6996

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\7z-out\vulkan-1.dll

Filesize
935KB

MD5
d8bbc2f245dfae4094db4b9ce77bc3af

SHA1
654efbff9894120f6f1030a47a96074c838e88a9

SHA256
56d3cc80ca50f32cedf0a720d6bfc38647566e39630e1907d76e3995e4651492

SHA512
7ba6322b23e987f7908dae01fc277c5573bd85e219afb330fe2de1b7be281febf9908ad21957c0600f2b1d4a7aec7f00e54ec22d59b95ba573a6b077daf7b24f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4BB0.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\1f217810-dc7a-4ced-91e3-94e8db04c53b.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Network\Network Persistent State

Filesize
714B

MD5
f4502decfb2b41f359f6e4bbc5ac4976

SHA1
038ca91aa4a0aeb69c73b694aad7b27cffc740e1

SHA256
004eca87b320aee5306357eea62a1686d5ddb054754a6e18a3be6dd45fe34b14

SHA512
a5346475f70fbc7fdb2b7a1b7ef95462bfecae1033aa567380afaf8d7e1694f86e41729ea3e3b1ac066eb061ddcef026e6355d6e2c48b54a0e3fc47d3fcf1736

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Partitions\__owepm__\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Partitions\__owepm__\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Partitions\__owepm__\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Partitions\__owepm__\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Partitions\__owepm__\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Partitions\__owepm__\Network\Network Persistent State

Filesize
582B

MD5
08ab47644c66237b8bca435c4878051d

SHA1
0e197c9fab1c6f47889a44e267e9aa861346b751

SHA256
6d4a341717b9d462eee4fa69b540e5532a271132e40ec0b60239ab588eebd0d4

SHA512
65bcf8f99eab670df8801a4da879227c50805e67a37fcc993c85925cd98ebd81d109a4b87f869cc3b8d289c927857d535219be4258927861e00659558d6e8c65

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\main.log

Filesize
3KB

MD5
bcc138b6c46a0110331daaf3da236409

SHA1
932b645f6350ea475c058ea1f5a59f097ebce830

SHA256
d8e1c77903907aeb1e0ffac0a04d7499b5da706af6589a195d1a188c90e40277

SHA512
0b23f043f94c041d27b1282f9f788bb85826dc432c4eae0cc17644a9b1ebf368b2b9f3579469b2c97637502dabd2880115da2fbf873cfe781edaa181dd4af0c2

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\main.log

Filesize
64KB

MD5
a3635fc8576fbf95455a64cc8c20fdbc

SHA1
aef786cd9e294776de91c1e43aeff6306c964c2f

SHA256
6971b5adcd437d32ab54027f50b7c470317ed1f45e7fe121828ff628ea5b3721

SHA512
2e84560845a5b7fe9dc946316d6723036aa237b55c26ad3370bf78192d76e18cb2898c966509b1d6461f238a9ff3acd0153d6675a5005e6374f8f94f37d51d32

Download Submit
C:\Users\Admin\AppData\Roaming\gdlauncher_carbon\sentry\scope_v3.json

Filesize
7KB

MD5
51cf2ebe065578c685ba2c1392d03c61

SHA1
a1287dcf607a050b43a6c789921415909872655f

SHA256
079ccc772468349e98c59718987fc13d4c0f57f19f8d2cdf456e7365a2d02600

SHA512
3a3f7f4fdffc376741cd05e863ea5ad33efd9744784305e2f5324edf08b9adcac6a92bc98361cfbbb65bdf88315f97474628f15f7dcd810843189752384e8fb4

Download Submit
C:\Users\Admin\AppData\Roaming\ow-electron\dibeihhdinofpmiennjkclnoidpjakanhclfmpmo\packages\jopghajpapbfooofklncedoalpgiaglgjaokpkon.owepk

Filesize
689KB

MD5
ec246653caf61f960aa12339b1cb8de9

SHA1
686ad90addefc37baefd256caa4646fdc2d4d10a

SHA256
4929d3f0d2bc97b7237211cfe0b0eae7aadfad30a8135012365d71b8e2599e3f

SHA512
ab9f9be8cbe7e67978d6836e7b3792a1c4c1ef1720d8b98ae87fb24cdcdea442780aaa1e46a592880305addfaff2d7d659e26c9856bc37d9f930b4c1e0488125

Download Submit
C:\Users\Admin\AppData\Roaming\ow-electron\dibeihhdinofpmiennjkclnoidpjakanhclfmpmo\packages\jopghajpapbfooofklncedoalpgiaglgjaokpkon\1.0.15\ow-electron-utility-plugin.node

Filesize
607KB

MD5
1655baa81ad104125f7b67cfe727fd75

SHA1
00c56f079a9d5df4e8d26c94337382a02d971870

SHA256
4afac59e7b1e7339117ca9cff131f6c9408f739406d18343b9694e31654af589

SHA512
c29831964711df2f03645804266323ca9c06c03dadbaf0864d6c6f5b6d3661d8ad1f5d2d528e7c7808faf450a7c1fde3ed65020360fa365fda6ec83866f76d30

Download Submit
memory/1776-1206-0x00007FF836F10000-0x00007FF836F11000-memory.dmp

Filesize
4KB

Download
memory/2340-1192-0x00000180ED8F0000-0x00000180ED8F1000-memory.dmp

Filesize
4KB

Download
memory/4056-1331-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1333-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1322-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1321-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1327-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1328-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1332-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1323-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1329-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4056-1330-0x0000011FD4ED0000-0x0000011FD4ED1000-memory.dmp

Filesize
4KB

Download
memory/4632-1136-0x00000202AF9D0000-0x00000202AF9D1000-memory.dmp

Filesize
4KB

Download
memory/5240-1288-0x000002B575EF0000-0x000002B5760B2000-memory.dmp

Filesize
1.8MB

Download
memory/5240-1290-0x000002B5765F0000-0x000002B576B18000-memory.dmp

Filesize
5.2MB

Download
memory/5352-1179-0x00000135CE5A0000-0x00000135CE5A1000-memory.dmp

Filesize
4KB

Download
memory/5492-1164-0x0000020986540000-0x0000020986541000-memory.dmp

Filesize
4KB

Download
memory/5520-1150-0x0000014405280000-0x0000014405281000-memory.dmp

Filesize
4KB

Download
memory/5996-894-0x00007FF8371D0000-0x00007FF8371D1000-memory.dmp

Filesize
4KB

Download
memory/5996-895-0x00007FF837D40000-0x00007FF837D41000-memory.dmp

Filesize
4KB

Download
memory/6120-1077-0x00000184CBFB0000-0x00000184CBFD4000-memory.dmp

Filesize
144KB

Download
memory/6120-1076-0x00000184CBFB0000-0x00000184CBFDA000-memory.dmp

Filesize
168KB

Download
memory/6128-972-0x00000257EC480000-0x00000257EC4A2000-memory.dmp

Filesize
136KB

Download
memory/6128-990-0x00000257EC9A0000-0x00000257EC9E4000-memory.dmp

Filesize
272KB

Download
memory/6128-992-0x00000257ECA70000-0x00000257ECAE6000-memory.dmp

Filesize
472KB

Download