8ed9a032b5f21c4b12bb76dd191e08af6943083c0619fdb07a8e2fff2c2bae03

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ExLoader_Installer.exe
Size

21.3MB
MD5

650a1cce61876f1a3739e398c720893f
SHA1

377998a6fb0d5ff55cec8a015cd7c7cf10f555d3
SHA256

8ed9a032b5f21c4b12bb76dd191e08af6943083c0619fdb07a8e2fff2c2bae03
SHA512

495306321bafc3d85bce9978423828e24d0e71a82d08833cc2b566af5f78a550e72d1962890bc5fb252ef44f103b8fbc6ad90490607d797ea6376ae37e0a7f20
SSDEEP

393216:1GHm3pVO/Gz/goYI4qq0EyEv1B35t1is3z1fr+4fLnjUmung8P:gHWVO9oyV3n1bz1z+WHFcgY

Score

7^/10

execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation	ExLoader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation	ExLoader_Installer.exe

Executes dropped EXE 2 IoCs

pid	Process
2652	ExLoader_Installer.exe
3048	ExLoader.exe

Loads dropped DLL 25 IoCs

pid	Process
1524	ExLoader_Installer.exe
2652	ExLoader_Installer.exe
2652	ExLoader_Installer.exe
2652	ExLoader_Installer.exe
2652	ExLoader_Installer.exe
2652	ExLoader_Installer.exe
2948	powershell.exe
1180	Process not Found
1180	Process not Found
1180	Process not Found
1180	Process not Found
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe
3048	ExLoader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
26	raw.githubusercontent.com
27	raw.githubusercontent.com
28	raw.githubusercontent.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
22	api.ipify.org
23	api.ipify.org
24	api.ipify.org

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\fabric_second.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-file-l1-2-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\resume.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\translate.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\fabric_first.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\app.so	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\audio\windows_notification.wav	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\cat-1.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\edit.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-string-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\vcruntime140.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\admin-panel.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\advanced.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\upload-sharp.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\food.ico	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\info.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\store.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-rtlsupport-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\cookie.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\day.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\macros.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\filter.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\swords.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow.webp	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\users.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\warning.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow_alternative.webp	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-util-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\anime.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\telegram.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\summerstart.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\packages\media_kit\assets\web\hls1.4.10.js	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-crt-conio-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\god%20of%20war.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\collapse.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\favourite-added.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\arrow-down.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trash-can.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-crt-math-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\space.ico	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\calendar.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\complain.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\new-year-star.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\medium.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\simple.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\rain.webp	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-libraryloader-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\libmpv-2.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\flower.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\heart.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\plus.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\settings.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-timezone-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\msvcp140_1.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\icecreamday.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\arrow-left.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\circular-divider.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\stars.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-crt-filesystem-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\zlib.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\0.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\library.svg	ExLoader_Installer.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2948	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2652	ExLoader_Installer.exe
2652	ExLoader_Installer.exe
2948	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2948	powershell.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2652	1524	ExLoader_Installer.exe	28
PID 1524 wrote to memory of 2652	1524	ExLoader_Installer.exe	28
PID 1524 wrote to memory of 2652	1524	ExLoader_Installer.exe	28
PID 2652 wrote to memory of 2948	2652	ExLoader_Installer.exe	29
PID 2652 wrote to memory of 2948	2652	ExLoader_Installer.exe	29
PID 2652 wrote to memory of 2948	2652	ExLoader_Installer.exe	29
PID 2652 wrote to memory of 3048	2652	ExLoader_Installer.exe	32
PID 2652 wrote to memory of 3048	2652	ExLoader_Installer.exe	32
PID 2652 wrote to memory of 3048	2652	ExLoader_Installer.exe	32

C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
    3⤵
    - Loads dropped DLL
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2948
- - C:\Program Files\ExLoader\ExLoader.exe
    "C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ExLoader\ExLoader.exe

Filesize
374KB

MD5
5f5c62095352d43aa3e0c44e523de441

SHA1
ebc3afb594a29bede8361b09de504d35dd6f082a

SHA256
7165426a7c1588e66f85f527eb7f8a78523d470a2b5b433239dd6806b4169d3d

SHA512
e920f6a28dce9c73f3906068aebd5d772a2ff600842d798a6f573a13f3b079b0dbcf5c14020c1e0ad0f589c9466699585b3ee55108b7ffa771c23f85251928d1

Download Submit
C:\Program Files\ExLoader\ExLoader.zip

Filesize
45.0MB

MD5
34045726b341dd224bf19919c6b80e7e

SHA1
678fcdeb1ee5213deb7ceeb5af465583b9039d90

SHA256
e53828c689d735a8a1326d07c03469a896a3b5c16d1a10e4e3e7c037355acc1e

SHA512
dc180863af50a91a6f9867b9c74a89a008340106a9494d11f60fbf618c26babf8e22cbb015207bbbaf29ffa545c6e8fec4f40640d49a380a6b367743626db98b

Download Submit
C:\Program Files\ExLoader\data\app.so

Filesize
14.5MB

MD5
6517cdd826d9a9b66fc8587ddd42ff44

SHA1
3a36a098e4dff4bdf0eebe71b1154112dc15259f

SHA256
65fe03dd979eede1f682a039164e5b12cde6a6a7fda792208b64c8ec4f562bd7

SHA512
be590e21ea104342546287c355054c463484f3daff1120d55dc53176851718478ce61c1e50299ef016b1e21228c89b35079106618c9e2d2c0ac41ff270497a05

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll

Filesize
17.1MB

MD5
38499916c7641526bc2d1f1161c67717

SHA1
f172cc1319ddb8548e4cdc39463026bdf9b6fb0c

SHA256
2c1a0df64a7e8d0d1d229b3d157a924ce6a3704ca74468d5675492e52926e78b

SHA512
b4bb5e761698d9a63215db2af114db42a20d3daea783e79069f54dcda7c4d6016a4e8b26629290b8a984e8dcad56299668ae91ddcd77aed35ec893f337c0b87e

Download Submit
C:\Program Files\ExLoader\media_kit\api-ms-win-crt-private-l1-1-0.dll

Filesize
62KB

MD5
d76e7aaecb3d1ca9948c31bdae52eb9d

SHA1
142a2bb0084faa2a25d0028846921545f09d9ae9

SHA256
785c49fd9f99c6eb636d78887aa186233e9304921dd835dee8f72e2609ff65c4

SHA512
52da403286659cf201c72fa0ab3c506ade86c7e2fef679f35876a5cec4aee97afbc5bb13a259c51efb8706f6ae7f5a6a3800176b89f424b6a4e9f3d5b8289620

Download Submit
C:\Program Files\ExLoader\media_kit\libEGL.dll

Filesize
461KB

MD5
0f61da7cea39e89861117f3cb4620dae

SHA1
9ca286bf6d5617eb38101d5e166edac29497c9c5

SHA256
b2590bd0692f0381fc45c20bf1c7f7f713c9ea19c7ea6bab62efdd1fadc4eaac

SHA512
7dc2bbce9808e00122ae0d960ad6b0156d201494aedf4c4c9e261f50986b72dd19b41d443138ffdf1b2e5b8e29614f0a1e909e4c867262eab311f6675618369d

Download Submit
C:\Program Files\ExLoader\media_kit\libGLESv2.dll

Filesize
7.1MB

MD5
d22c92bee4e7a14d6c74e7376eca7605

SHA1
0592d72d5e0e38e5cfd9a090309260962bf8c4d9

SHA256
620bb6e38d7ed6c760a0cf4a8eb6a8f64b259b96ff286551cd32cefc6c35ca39

SHA512
2aeec8ccf9db442a2b1e3b391e6c3e899de1266199e6ee6040aceeaf8931e1d10c55ea1ab9ebbd3cc662bf56aea698c09e38f75c7b3e8b0b27c02af63d36993f

Download Submit
C:\Program Files\ExLoader\media_kit\libmpv-2.dll

Filesize
28.4MB

MD5
3a6bd0dc9ab32d7b450f06bca2359274

SHA1
b2be6a73be23b60f1d23543363ea559438218c72

SHA256
d5f0694b08c124e785d858d00082f3e3b158dd9138bfc48c0382bf1eb443a5fc

SHA512
4c8133321833bc94c8a2f1ddc83523fd554d9699efa09d8dea6ef4aa9bbca0a4f041a10e4793b6424c8cffc4583e36c2a96039017f29465458a9a2e5510631ef

Download Submit
C:\Program Files\ExLoader\media_kit\screen_brightness_windows_plugin.dll

Filesize
92KB

MD5
cae2191d251cf0670181c1bafa8ff207

SHA1
6a6c5ed92197a2935b466de2aac542eaa5c237a6

SHA256
27de91b9e13262563c5e47e1803e63bdb563141efeee76b34646fc426d83a224

SHA512
1ca61f02e73966f21d1abbc7ef4a797ed9d547133aab65c21e26d588a0612d06d940d0fcf6fd938bc2175ada1231a502135c77a66c96aceb9123b5f3f8962009

Download Submit
C:\Program Files\ExLoader\media_kit\url_launcher_windows_plugin.dll

Filesize
82KB

MD5
150cf2a276ce0a1ccee052466de86e18

SHA1
a1cb5caf49307931bc15d39ff37d46b5d95b49aa

SHA256
c82837381d3bfca1c50b05e4cc559d02c445c480c41c021b6fbee63dc162d6ae

SHA512
54c018217d51ea7085ce899ba9f7803f09bc30e6a20ae4748c011704be2cb715a37b9e7ab70ad8d13f8204f75a233b2d67f027fbe4e993d39ef00ab8be9fe7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
183KB

MD5
95fd1f57da049790723c6011a8bcf9d4

SHA1
16a1dfd3dd92cdc8a80cd68aa66622a90d41846f

SHA256
5a9fe17d41938d555a4c3e53cdc38cde79ce54a6aced83ff65eb7628e353c49c

SHA512
da590979b848a7a59dc682fc97f39d6cd6f5defe55222c3e6b4fe0eba9dfae1cb943deedea294691fd9bf8bb03b62627e5961064f9a7d17f9acb4d3c2d744fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll

Filesize
559KB

MD5
c3d497b0afef4bd7e09c7559e1c75b05

SHA1
295998a6455cc230da9517408f59569ea4ed7b02

SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140.dll

Filesize
116KB

MD5
e9b690fbe5c4b96871214379659dd928

SHA1
c199a4beac341abc218257080b741ada0fadecaf

SHA256
a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

SHA512
00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
f1a23c251fcbb7041496352ec9bcffbe

SHA1
be4a00642ec82465bc7b3d0cc07d4e8df72094e8

SHA256
d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198

SHA512
31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

Filesize
13.8MB

MD5
9dd98b582f7c7abdb502ce89aa182b58

SHA1
c19a63f37f8628c01fafdf905fe7cdfeaaf114f4

SHA256
f86e82b9475317faeac418a8aba9ea8432cb0253956b30ed92005043d6c3b3fb

SHA512
e5d113a7e9a604a0e89101bb746c31a996806a1f51d9bd111fba30f7673c5b2f439b3b4493454bc9799788d871719a3c11d7a65f594714d1ee6dbfbebf11e9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

Filesize
14KB

MD5
29b2176e332fcad27b610e65b68d9b25

SHA1
41e5ce04d4ba90e0c0a0a04277065d4aa9203567

SHA256
80f2fb484f4bd47358e6ab0c0b8c0be903ebed49a6342ea6b6ce3c90a731582f

SHA512
0e7528b70ee2e024792ba91a535a1a6b93335e4b0845bf000d0e84ca05d68a28390b3d6e47a3ae11cacd6284e6429662597d53b5f2d041553e4c1b2c9b87df7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

Filesize
413B

MD5
fb1230bb41c3c1290008b9e44059dd39

SHA1
66493d0f8a6a112d8376cd296b05c277b111dca1

SHA256
2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292

SHA512
d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg

Filesize
93KB

MD5
babd1b019be8944f7ef6c64c8194bc8d

SHA1
702a50d3e3a0933db4dc1f37423bca3b5c52acde

SHA256
71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76

SHA512
6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf

Filesize
46KB

MD5
e57b6bc24b970a377574124e026a7c01

SHA1
00184aedd4ee4d2ca6b5c87cf41e78f64304c89b

SHA256
b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6

SHA512
c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf

Filesize
45KB

MD5
d10d77b03ba3abe6ccc1c142d9852595

SHA1
6108edf0cfb3d5f25e3c593949c301c5c2aa5f25

SHA256
3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44

SHA512
71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf

Filesize
46KB

MD5
df63e8855d04ab0e25d2bb6a0b1fabfb

SHA1
5512dc285f36cdf7da5ba5eabaca128ca3442537

SHA256
a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed

SHA512
eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf

Filesize
45KB

MD5
d969db6adb881f1dfa91a5b7ec0154d9

SHA1
d7b44b20eb246b0ff5c41147c0d0fb96fde47c48

SHA256
c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152

SHA512
2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf

Filesize
46KB

MD5
5177edfb54762b59df676052d11b363d

SHA1
fa18815bf4914b93d587c2758b65e234ad51b38b

SHA256
50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d

SHA512
7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

Filesize
201B

MD5
7f8d672a2849987b498734dcb90f0c51

SHA1
e53b9319bf964c15099080ac5497ee39f8bab362

SHA256
4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

SHA512
b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg

Filesize
1KB

MD5
e99140f842b471d330fc27cd73817c4c

SHA1
9957147463f586824b65bc7bfb121d33a9523a96

SHA256
0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae

SHA512
f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\folder.svg

Filesize
232B

MD5
50cecdece7b4bc925f5d0ee89b23f203

SHA1
dac0f01235ed5abd451b5ecd342686670a51a906

SHA256
be467574fdcd107ce7a0e7f7036a5c97a8073c77caafc3cc414da5335723cce3

SHA512
9ae7491302fcaa7426f944ec0658d05a32bf29601f8613828a2a00f9ebbdc66cd6b7f3d03abc9030e907ea057b623bc075319ccd2546430b92a3904e4cc4ef2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg

Filesize
151B

MD5
d47255b6d3e685cac4804eb58207d0b6

SHA1
7fe02211cf6b77f3971522a3b3888460491ae153

SHA256
29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640

SHA512
b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

Filesize
79KB

MD5
3577f702479e7f31a32a96f38a36e752

SHA1
e407b9ac4cfe3270cdd640a5018bec2178d49bb1

SHA256
cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

SHA512
1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

Filesize
798KB

MD5
da48e432fe61f451154f0715b2a7b174

SHA1
51b6add0bbc4e0b5200b01deca5d009f1daf9f39

SHA256
65ea729083128dfce1c00726ba932b91aaaf5e48736b5644dd37478e5f2875ac

SHA512
5af9c1e43b52536272a575ca400a9eee830a8fcecb83bb1a490515851bef48957d8de669b9f77b8614eb586838af23385e1afce622edb82a90ec7549f882d381

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.1MB

MD5
9cc0d19cf87a7ad0eb1064d40042812b

SHA1
81caa7d244a07f79947f7d35c61816f31bb7b147

SHA256
8d40c3ee7110217470a322ce85bbfb5aeda2ec123b057265c4f26da2f679ab1c

SHA512
0bc448545372bf841ffe0a49f5cd3b18e88d0cffe849bedb67bc8c500ede61c9c230aec44d4ff478abe4403ed06d978f0e82ec637f1afd5c80e6aaf40c0d3f1b

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

Filesize
229B

MD5
b56764d8e6fa109fa20f93525620937c

SHA1
9d7da366627506ccbaae7dc03b7b79d4b0be033b

SHA256
37099826bf2d4ede843224ce7c415134492a85089bc6bcf1d2b0bf67300209d0

SHA512
a1e693f9eb57fee6e00f5c32444e58c29bfa7ca3fd8f08de6d2ab58cb07d86066242c67a58e0a572e2417260b01ea5f7a91899a3aea3bc49666bbb02106c5324

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

Filesize
229B

MD5
0e8e8c597dbdc9c4eb21b6d098ccdd88

SHA1
bd67f1a3aade51b2068ba7eeb24c5e071c24d64f

SHA256
646d459beb45b42da3c1a62ec20a02deac2874598c7bf0c7d517bbde0419cd61

SHA512
bc63b6e910188782c355e72a93e12e870b6ca1a81e5a26ff22e5bf4dd8753e9f93b5a0d51a6c290f609703bdc94612e687beaa06963105c2c1f39ad1828917f3

Download Submit
\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll

Filesize
11KB

MD5
803a5d3313a8fc90bf910c1de612a842

SHA1
31abad62316756c0539c7cfe6b18dd11ec154702

SHA256
c91c0e3ba0513a54c6ed8ba7d6e144f419edc7d379c1b60f054ad7a6b15d5af3

SHA512
7078d949f4d42d332609fd437d4ea515650d35913eca44ff3d567950baf9113139e9422a14aa7af1f40cb31e8f8dc0716a07356a5de19bbd7b5f4a64cef130f3

Download Submit
\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll

Filesize
138KB

MD5
082977229409501dee7969aa49d03a80

SHA1
c8db44dca2a3f734980f70ea95a1009ad620e14f

SHA256
bc3bff0fd485e5622f6593b6fdd15a32f07f29cc3413cee79e374be0db5fe231

SHA512
da600f54e03b3d9d6aace9584529080e80939ca0e2dc926b07a23dc712d3b1e09c5da7cb5ac657641fc012ee5fa485e8cd204b4aa7188d440bcf49a0b5eb9ed9

Download Submit
memory/2652-435-0x0000000002530000-0x0000000003305000-memory.dmp

Filesize
13.8MB

Download
memory/2652-436-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2652-434-0x0000000002530000-0x0000000003305000-memory.dmp

Filesize
13.8MB

Download
memory/2652-433-0x0000000002530000-0x0000000003305000-memory.dmp

Filesize
13.8MB

Download
memory/2652-432-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2948-759-0x00000000023C0000-0x00000000023C8000-memory.dmp

Filesize
32KB

Download
memory/2948-758-0x000000001B570000-0x000000001B852000-memory.dmp

Filesize
2.9MB

Download
memory/3048-787-0x0000000002730000-0x00000000035B5000-memory.dmp

Filesize
14.5MB

Download
memory/3048-785-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3048-788-0x0000000002730000-0x00000000035B5000-memory.dmp

Filesize
14.5MB

Download
memory/3048-789-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3048-786-0x0000000002730000-0x00000000035B5000-memory.dmp

Filesize
14.5MB

Download
memory/3048-825-0x000007FEECE30000-0x000007FEEEF38000-memory.dmp

Filesize
33.0MB

Download