dcrat | 7c6a80e93e96d417b7eaf9260c5a645d8d45e4c6cf420dcaf482fd480e80ad4e

Analysis

max time kernel
93s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exloader_Installer1.exe
Size

27.5MB
MD5

8feb32f1c24e913222ffe6245ea49e86
SHA1

fb93436b7c32bddfb807fcbf07a4434b7bf79a3d
SHA256

7c6a80e93e96d417b7eaf9260c5a645d8d45e4c6cf420dcaf482fd480e80ad4e
SHA512

7b75d76bc079e0fd3acf56cc569bfeac5fd3fb180844b243235c5ca04e53b9f96182c087531919f9437b3d9bd857d1678cea4476812b88b95f54bd56ec0c6b9c
SSDEEP

786432:qHkEWCyHVn1sF4Bw7XqjBk2LZNopfjZqGWHeQZqQ6:qERKFpXqxqf1qGMenQ6

Score

10^/10

dcrat discovery execution infostealer rat spyware stealer

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

Process spawned unexpected child process 18 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4220	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3980	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1092	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1340	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4404	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2716	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1392	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1644	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3220	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2976	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	216	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2856	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1560	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2992	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1512	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1484	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	760	1636	schtasks.exe	97
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2860	1636	schtasks.exe	97

Command and Scripting Interpreter: PowerShell 1 TTPs 17 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4996	powershell.exe
4024	powershell.exe
2148	powershell.exe
4536	powershell.exe
3708	powershell.exe
936	powershell.exe
3680	powershell.exe
1072	powershell.exe
4596	powershell.exe
4436	powershell.exe
1368	powershell.exe
3928	powershell.exe
2220	powershell.exe
3496	powershell.exe
4656	powershell.exe
1404	powershell.exe
5056	powershell.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	Exloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	ExLoader_Installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	portagentintoMonitor.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	Exloader_Installer1.exe

Executes dropped EXE 5 IoCs

pid	Process
4000	ExLoader_Installer.exe
1532	Exloader.exe
3912	portagentintoMonitor.exe
2772	ExLoader_Installer.exe
5572	RuntimeBroker.exe

Loads dropped DLL 5 IoCs

pid	Process
2772	ExLoader_Installer.exe
2772	ExLoader_Installer.exe
2772	ExLoader_Installer.exe
2772	ExLoader_Installer.exe
2772	ExLoader_Installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cmd.exe	portagentintoMonitor.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cmd.exe	portagentintoMonitor.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\ebf1f9fa8afd6d	portagentintoMonitor.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Panther\UnattendGC\RuntimeBroker.exe	portagentintoMonitor.exe
File created	C:\Windows\Panther\UnattendGC\9e8d7a4ca61bd9	portagentintoMonitor.exe
File created	C:\Windows\Tasks\portagentintoMonitor.exe	portagentintoMonitor.exe
File created	C:\Windows\Tasks\9d73afd7aa0078	portagentintoMonitor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Exloader_Installer1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Exloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5772	PING.EXE

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	Exloader.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	portagentintoMonitor.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5772	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1512	schtasks.exe
760	schtasks.exe
2860	schtasks.exe
4220	schtasks.exe
2716	schtasks.exe
1644	schtasks.exe
216	schtasks.exe
2992	schtasks.exe
1340	schtasks.exe
4404	schtasks.exe
2976	schtasks.exe
2856	schtasks.exe
1484	schtasks.exe
1560	schtasks.exe
3980	schtasks.exe
1092	schtasks.exe
1392	schtasks.exe
3220	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe
3912	portagentintoMonitor.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeDebugPrivilege	3912	portagentintoMonitor.exe
Token: SeDebugPrivilege	4996	powershell.exe
Token: SeDebugPrivilege	1072	powershell.exe
Token: SeDebugPrivilege	4596	powershell.exe
Token: SeDebugPrivilege	936	powershell.exe
Token: SeDebugPrivilege	4536	powershell.exe
Token: SeDebugPrivilege	3680	powershell.exe
Token: SeDebugPrivilege	3496	powershell.exe
Token: SeDebugPrivilege	2148	powershell.exe
Token: SeDebugPrivilege	3928	powershell.exe
Token: SeDebugPrivilege	3708	powershell.exe
Token: SeDebugPrivilege	5056	powershell.exe
Token: SeDebugPrivilege	1368	powershell.exe
Token: SeDebugPrivilege	2220	powershell.exe
Token: SeDebugPrivilege	4656	powershell.exe
Token: SeDebugPrivilege	4436	powershell.exe
Token: SeDebugPrivilege	1404	powershell.exe
Token: SeDebugPrivilege	4024	powershell.exe
Token: SeDebugPrivilege	5572	RuntimeBroker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2772	ExLoader_Installer.exe
2772	ExLoader_Installer.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 4000	3584	Exloader_Installer1.exe	86
PID 3584 wrote to memory of 4000	3584	Exloader_Installer1.exe	86
PID 3584 wrote to memory of 1532	3584	Exloader_Installer1.exe	87
PID 3584 wrote to memory of 1532	3584	Exloader_Installer1.exe	87
PID 3584 wrote to memory of 1532	3584	Exloader_Installer1.exe	87
PID 1532 wrote to memory of 5052	1532	Exloader.exe	89
PID 1532 wrote to memory of 5052	1532	Exloader.exe	89
PID 1532 wrote to memory of 5052	1532	Exloader.exe	89
PID 5052 wrote to memory of 1440	5052	WScript.exe	90
PID 5052 wrote to memory of 1440	5052	WScript.exe	90
PID 5052 wrote to memory of 1440	5052	WScript.exe	90
PID 1440 wrote to memory of 3912	1440	cmd.exe	92
PID 1440 wrote to memory of 3912	1440	cmd.exe	92
PID 4000 wrote to memory of 2772	4000	ExLoader_Installer.exe	93
PID 4000 wrote to memory of 2772	4000	ExLoader_Installer.exe	93
PID 3912 wrote to memory of 936	3912	portagentintoMonitor.exe	116
PID 3912 wrote to memory of 936	3912	portagentintoMonitor.exe	116
PID 3912 wrote to memory of 4656	3912	portagentintoMonitor.exe	117
PID 3912 wrote to memory of 4656	3912	portagentintoMonitor.exe	117
PID 3912 wrote to memory of 1404	3912	portagentintoMonitor.exe	118
PID 3912 wrote to memory of 1404	3912	portagentintoMonitor.exe	118
PID 3912 wrote to memory of 4436	3912	portagentintoMonitor.exe	119
PID 3912 wrote to memory of 4436	3912	portagentintoMonitor.exe	119
PID 3912 wrote to memory of 2148	3912	portagentintoMonitor.exe	120
PID 3912 wrote to memory of 2148	3912	portagentintoMonitor.exe	120
PID 3912 wrote to memory of 3496	3912	portagentintoMonitor.exe	121
PID 3912 wrote to memory of 3496	3912	portagentintoMonitor.exe	121
PID 3912 wrote to memory of 2220	3912	portagentintoMonitor.exe	122
PID 3912 wrote to memory of 2220	3912	portagentintoMonitor.exe	122
PID 3912 wrote to memory of 3928	3912	portagentintoMonitor.exe	123
PID 3912 wrote to memory of 3928	3912	portagentintoMonitor.exe	123
PID 3912 wrote to memory of 3708	3912	portagentintoMonitor.exe	124
PID 3912 wrote to memory of 3708	3912	portagentintoMonitor.exe	124
PID 3912 wrote to memory of 1368	3912	portagentintoMonitor.exe	125
PID 3912 wrote to memory of 1368	3912	portagentintoMonitor.exe	125
PID 3912 wrote to memory of 4536	3912	portagentintoMonitor.exe	126
PID 3912 wrote to memory of 4536	3912	portagentintoMonitor.exe	126
PID 3912 wrote to memory of 4024	3912	portagentintoMonitor.exe	127
PID 3912 wrote to memory of 4024	3912	portagentintoMonitor.exe	127
PID 3912 wrote to memory of 5056	3912	portagentintoMonitor.exe	128
PID 3912 wrote to memory of 5056	3912	portagentintoMonitor.exe	128
PID 3912 wrote to memory of 4596	3912	portagentintoMonitor.exe	129
PID 3912 wrote to memory of 4596	3912	portagentintoMonitor.exe	129
PID 3912 wrote to memory of 1072	3912	portagentintoMonitor.exe	130
PID 3912 wrote to memory of 1072	3912	portagentintoMonitor.exe	130
PID 3912 wrote to memory of 4996	3912	portagentintoMonitor.exe	131
PID 3912 wrote to memory of 4996	3912	portagentintoMonitor.exe	131
PID 3912 wrote to memory of 3680	3912	portagentintoMonitor.exe	132
PID 3912 wrote to memory of 3680	3912	portagentintoMonitor.exe	132
PID 3912 wrote to memory of 4824	3912	portagentintoMonitor.exe	150
PID 3912 wrote to memory of 4824	3912	portagentintoMonitor.exe	150
PID 4824 wrote to memory of 6036	4824	cmd.exe	153
PID 4824 wrote to memory of 6036	4824	cmd.exe	153
PID 4824 wrote to memory of 5772	4824	cmd.exe	157
PID 4824 wrote to memory of 5772	4824	cmd.exe	157
PID 4824 wrote to memory of 5572	4824	cmd.exe	159
PID 4824 wrote to memory of 5572	4824	cmd.exe	159

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Exloader_Installer1.exe
"C:\Users\Admin\AppData\Local\Temp\Exloader_Installer1.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2772
- C:\Users\Admin\AppData\Local\Temp\Exloader.exe
  "C:\Users\Admin\AppData\Local\Temp\Exloader.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\MsBrowser\Vx997p6vGUg04xzxeAcESnDiVN8Gcg5sqGf.vbe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5052
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsBrowser\nEl2vF4guCMTSRHkNZXvpfhn3fBmtJtGAkyt3w3p.bat" "
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\MsBrowser\portagentintoMonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\MsBrowser/portagentintoMonitor.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3912
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:936
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:4656
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:1404
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:4436
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:2148
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:3496
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:2220
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:3928
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:3708
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:1368
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:4536
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\sysmon.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:4024
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Tasks\portagentintoMonitor.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:5056
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Panther\UnattendGC\RuntimeBroker.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:4596
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\winlogon.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:1072
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cmd.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:4996
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\MsBrowser\portagentintoMonitor.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:3680
      - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ZeFd4AWQUv.bat"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4824
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:6036
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:5772
        
        C:\Windows\Panther\UnattendGC\RuntimeBroker.exe
        
        "C:\Windows\Panther\UnattendGC\RuntimeBroker.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5572

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\sysmon.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4220

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sysmon" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\sysmon.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3980

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\sysmon.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1092

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portagentintoMonitorp" /sc MINUTE /mo 7 /tr "'C:\Windows\Tasks\portagentintoMonitor.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1340

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portagentintoMonitor" /sc ONLOGON /tr "'C:\Windows\Tasks\portagentintoMonitor.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4404

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portagentintoMonitorp" /sc MINUTE /mo 10 /tr "'C:\Windows\Tasks\portagentintoMonitor.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2716

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Windows\Panther\UnattendGC\RuntimeBroker.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1392

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\Panther\UnattendGC\RuntimeBroker.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1644

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Windows\Panther\UnattendGC\RuntimeBroker.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3220

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\winlogon.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2976

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Users\Default User\winlogon.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:216

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\winlogon.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2856

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cmd.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1560

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cmd.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2992

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cmd.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1512

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portagentintoMonitorp" /sc MINUTE /mo 7 /tr "'C:\Users\Admin\AppData\Local\Temp\MsBrowser\portagentintoMonitor.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1484

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portagentintoMonitor" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\Temp\MsBrowser\portagentintoMonitor.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:760

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portagentintoMonitorp" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\AppData\Local\Temp\MsBrowser\portagentintoMonitor.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
293a5e452e148112857e22e746feff34

SHA1
7a5018bf98a3e38970809531288a7e3efb979532

SHA256
05e48657fb5340817f522c955b379cfb639977480af3ab1414682e9bf6616551

SHA512
7332f2b22f4ab64bb67c1a493f7cf2b378e311d5be6c6c99339210d4e9022c17f01a698333cd679a0776cca23460e28ec88c2ccfcf50c732ee218ef25ab19049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
e243a38635ff9a06c87c2a61a2200656

SHA1
ecd95ed5bf1a9fbe96a8448fc2814a0210fa2afc

SHA256
af5782703f3f2d5a29fb313dae6680a64134db26064d4a321a3f23b75f6ca00f

SHA512
4418957a1b10eee44cf270c81816ae707352411c4f5ac14b6b61ab537c91480e24e0a0a2c276a6291081b4984c123cf673a45dcedb0ceeef682054ba0fc19cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
61e06aa7c42c7b2a752516bcbb242cc1

SHA1
02c54f8b171ef48cad21819c20b360448418a068

SHA256
5bb0254e8f0220caab64dcc785f432820350471bfcdcb98240c3e0e71a709f5d

SHA512
03731f49999ec895370100a4dfeee674bbe5baa50d82007256e6914c323412eef8936b320d2738774758fbbfd76d4c3d391d9e144e65587eba700d98d0362346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
377c375f814a335a131901ed5d5eca44

SHA1
9919811b18b4f8153541b332232ae88eec42f9f7

SHA256
7a73ac126468f3a94954656a0da1b494b18b6f7fc4ee09beb87573e82f300a10

SHA512
c511dff1a34a5e32cf0ce2c56aa3adf71bd51e9a5afc7ae75320ac7563ebb4571f6ac5cd771fa52e9c7966112431bbdd20e4b74e1a125c273bc835f127b599b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
e8ce785f8ccc6d202d56fefc59764945

SHA1
ca032c62ddc5e0f26d84eff9895eb87f14e15960

SHA256
d85c19fc6b9d25e2168a2cc50ff38bd226fbf4f02aa7ac038a5f319522d2ffa4

SHA512
66460aec4afee582556270f8ee6048d130a090f1c12a2632ed71a99a4073e9931e9e1cc286e32debffb95a90bd955f0f0d6ec891b1c5cd2f0aae41eb6d25832f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
5f0ddc7f3691c81ee14d17b419ba220d

SHA1
f0ef5fde8bab9d17c0b47137e014c91be888ee53

SHA256
a31805264b8b13ce4145f272cb2830728c186c46e314b48514d636866217add5

SHA512
2ce7c2a0833f581297c13dd88ccfcd36bf129d2b5d7718c52b1d67c97cbd8fc93abc085a040229a0fd712e880c690de7f6b996b0b47c46a091fabb7931be58d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe

Filesize
25.4MB

MD5
51d5e87ae7bc99d3acc39daa20b03431

SHA1
7320a8cd779bd18f572422aa53b241fadeae6a34

SHA256
07f61f7c87bdeacfe34388001489136c563f55891d1a7e4481048b0e26e888a4

SHA512
273eb5f5c93df9885ce2bcdc35df234a1f99e13af7b904d7e9a257b5e75a9a38b95f2ee4bc27a4cb069718cde57804aea45cc79223b34aa211a3a5604189c7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Exloader.exe

Filesize
2.1MB

MD5
13426247a492c85bf20046b7a026e6b2

SHA1
e21e674a3327005f8e46b4bae38b6272f7056754

SHA256
ab226f7b338a704a1343dfa476952e9d19c8621a96ee47b15b332a34e749584a

SHA512
cdad7db8f9f7e2e29e4497a04666ca5a0a78b37f2f8ecf4795eaf83cb72c4ebb559afc408e217019a5f797cbfb4e70eaae4b5aa7e04758fcbca13f6395308a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsBrowser\Vx997p6vGUg04xzxeAcESnDiVN8Gcg5sqGf.vbe

Filesize
231B

MD5
6b23100127f6c72107e0e184de3fe37b

SHA1
9a4a73f323cb43a8a46bbe02543aeb83e55b4378

SHA256
18fd703ec287ef5186b6117fcce8bb261e063b9e1ab3596ffc52dbc9f7aaf9ad

SHA512
6b8a8a0edf6dedef6f46ff90a9bc8be97b22dc4921dc842caacafc6fd515550c8fd586df09db011e11c32597ca84e92f06866916d211fc3f7199def47414860d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsBrowser\nEl2vF4guCMTSRHkNZXvpfhn3fBmtJtGAkyt3w3p.bat

Filesize
84B

MD5
e0e1875a0332d8a32bcfe9518733fa11

SHA1
bc9d7c54433d924b5775601ab9a6a2e274f32f18

SHA256
3c53525ea13c13593ccf8afd438caacf22b335447470bafd2edc6fb558b49a54

SHA512
1411ea32be3789c5b2561876d1251187d494c334d0a2643b30a5dbc3e17cfc1233b7d7aabcd4b42b8f33d47de382f90dd3570fb420874b0d826a4b86cb457bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsBrowser\portagentintoMonitor.exe

Filesize
1.8MB

MD5
eaafeeda68b54d3fee1027ad70851ceb

SHA1
602017682f89305d82d69dc80135df337d9cc330

SHA256
87740815e35062cc764dd770497f2e8b0497ace5201bfd0ffcc7138dfce51b88

SHA512
6622411603526cc05095d1c92b5629408387e6a789b1ce69f951435df7531a183544309f8abc35ebeee25ed25d117abefaeb705a6981c13d24161e5bc2f1e2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
183KB

MD5
b51f61c70894e92875d5530d0f553067

SHA1
6cfe241ad503445443463faa5f869e0ec9cf0cb5

SHA256
0cb547550924bc73727d60885a82df098ead1eddb37f39b32dd46eac8e83db27

SHA512
e8ed6fa9f10dbad7cd7e420aecf655079cb04d59229b8c014eec2cdae545de16566f8c784786dbb98e2c12f3f3bcdbba2d78445fed14807ec154bea0ce653ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

Filesize
13.6MB

MD5
7df61aef9229d290236334ab4e05533a

SHA1
a8191541becbd4e13bd2d92366cc836dfcf2fefe

SHA256
83f290ed77bb39945aa08b12ee81ef6914369939f643cc6194df544d9a683c23

SHA512
2036735e5c698e1cace8e7a5bc653e1f2e5d1b9c84c75dd7868807abfdce417727cc2ba12c13599e5c9a8460fc6d95e53fbe358329b4752ece105efce9421388

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

Filesize
14KB

MD5
e6ee07a908803b70dcdf31271bbc05bc

SHA1
4328b159cebeae8594bda27a63617e2cc7626bfb

SHA256
5bc7d9a70129040cb1a99067d26a8a74f1679b345ae7e7fbd6c71d26a97e2688

SHA512
53293ee1c663824b3170b994209ad034024df9d77fb782b13a9c104c8dd89316c2fa18fc3b7e106260b3ef3e4d9a54b8b110aad52f5defd01abf5a370a4855b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.json

Filesize
13KB

MD5
8dab30c01916d845d7082d8581ba1f7c

SHA1
22199b0c399d02b9142b505889411477f52fe5d3

SHA256
8f6ee8c6aee1d574d5c0bbb03e1f3287e8d940514dda839c80f6c8b124e9494b

SHA512
3fb37d3ec427b4f0d8da98e1dea0abf8f4092c651619d9c7513d14198a743d874425b8e20e73366707bf63b55957ef1cdee7398cb5262d509eee0e4fd0e733ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

Filesize
413B

MD5
fb1230bb41c3c1290008b9e44059dd39

SHA1
66493d0f8a6a112d8376cd296b05c277b111dca1

SHA256
2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292

SHA512
d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\NOTICES.Z

Filesize
84KB

MD5
cc8e60c916be3da7094842ab562c72ad

SHA1
832640264ed689fe0b8f9dc37f5c770a1a56f446

SHA256
d091fd114aadc99d4391d279abc5ac2fabb184ab8ba945e1317551f252c64c50

SHA512
408f5a3f7947fccec015c4b85221e7b857970bee1914361453dea67c4477eb43e2e6bf3bbd8cfa2502d6236b1b981fd006f5ffa82e5ed4a5389c5c5aaf110f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf

Filesize
1.6MB

MD5
e7069dfd19b331be16bed984668fe080

SHA1
fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

SHA256
d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

SHA512
27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\AbominationPissed_DE.wav

Filesize
131KB

MD5
b287fcc8278972ff72b8e46b481c4ab7

SHA1
71a91ebbcfb6debe7673a0b59079c5e90cb2ede3

SHA256
c87cb5c9c64b5798769af14563e268080ed82c7c8a1958f6fa1c1b5e7f10d2e2

SHA512
746f5d9232a06b5a415391dcc191902c7ec12465a22551342823da5880a16e9b9cb44da7052638fd0f5a2211ba8b97be6d835f5931bf34eb4fb1b96c6c529c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\AbominationPissed_EN.wav

Filesize
80KB

MD5
04de7b1fd5d0fce157b378ebede59df1

SHA1
97709ff9bef57080569f04f99efec6098cba3bc1

SHA256
3939fcaa3b0efd6d601da475abea862d9f7c078643f1063df51c83609cf47a6f

SHA512
31dcee1e7f1da84853bc8e41c108b1856020ea8da09bf2dd75b2902223f96540e148be9daa2e802358a5d78296ca5c90fa68c8f34f0a52b610f9bad446fff728

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\AbominationPissed_RU.wav

Filesize
156KB

MD5
5c4c79ff61bc28f30fc6b2a221975b98

SHA1
82bbdd2bf6c5bb2941788c0ea594c0185c6a17b5

SHA256
d5f7ea66bb3bc77de30b0b450b37dbac1dfa2f30b8108fce9ac2752ce9ad2838

SHA512
d2fe68b06c3852111cb03ac6b55cdccc6cf232aed1170eeb4709493e6b1e87a2b8b2c30223e502dacafb3a2d0b07b62a595086336cc42e63b83e8443244b5954

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\CSGO_hover.wav

Filesize
133KB

MD5
8d6e22bde35607fe3801e02fdb12b022

SHA1
9bfc38b58bca7b17e48a864ca2e0b312c86b146e

SHA256
aaa3f0f824d04ce5e93d1da17873d3aeb3c4d3a8fee25b7006851e4089bfadfc

SHA512
5623151380eb43a2191c639c940473114e47a579dd65970934ade8965ffe76e4b7018fa008e6412db91fcce6bc89aad9e3a4358e824f5caf0021ea58ab19c49b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\CSGO_press.wav

Filesize
99KB

MD5
5cf6f422f37b61b16f732e177c4a67ce

SHA1
3e227d262159caefd259921cdb888872ffeb8989

SHA256
880cc2be6f458bf853dba78caf06bd2b97bc4b06fea141599db74e95bbd59528

SHA512
b05219e87e9117195b3fb17a1075f4ef0c126de333618f1b87ef75813f3c6db40647ec53777d101bf1fafec99e275a8e9d048aeab5715b16e0ae2ec2f1293d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Fortnite_hover.wav

Filesize
137KB

MD5
b66b7d55b6eeb2ff344a1af41e42a27f

SHA1
fa6d73d1a35e6098748997cd8c259b4df00d1f9f

SHA256
3e3abb7e29d38fa4b0261ac78427633e8bf6ddf3708de5a45bbdddc2a9f4aa6b

SHA512
3bbde1d2426cc02fc2f034ff9276a23f2060a385b4fb4f6e17ff1b91b6ce904e807e9151c61b9133de3f5218a4dfdd8d0cdece9c2c165186acb92abe51f4b97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Fortnite_press.wav

Filesize
111KB

MD5
17112a672b04374113400b1c3c6a014e

SHA1
5214a72c0527fa73d25ce810f759cba05739b34a

SHA256
e0ecb5e92f1e13de05850d1f3894a54988e5f2c7eeded390f9040d2845aa4404

SHA512
e319aa4852835b3d039dd63db981f197bdce301710a20fe7719b7fcacad152067f5033a846f0b556385b6f84364e66af5edbd4a6f39fa2d751ed0437e314dc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Standard_hover.wav

Filesize
36KB

MD5
be6cc8afdd2ca2870982a0933cd9c8b6

SHA1
e3d9f678ecec58223e2d60636cbdcaf1b5d6d01c

SHA256
46d6ccfff99264aac49bf4545b0ceb9cca2a9ee5a60d13b7017161e481440189

SHA512
b58b789db7e6d65be7e5963387f7a8e095a2fd73d43400a6ed3c186babb880e541effa1f6265d4f89b8ebb7ebcff080dca656862cb19a5cdb67a5197c9fe6888

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Standard_press.wav

Filesize
64KB

MD5
f9a86f1da07c3dea7445f34ae4f793f3

SHA1
17e4f9d7d5ce2b209b513a3b1a6745adcd898d98

SHA256
fe7e148d5b80eaf49eb7564233b87679e53fa4e68371aa347f18c1886a99bff9

SHA512
2052873fba1482616e7be708f6328d708bc095b327416bae6c83679ef4e5f829e8d4667292868fb7ad8fbea52a54d069ef6a52f8ae603d9fabffab4c51336c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Steam_hover.wav

Filesize
55KB

MD5
2d9be331ac50c9a82af0ffc0678bd575

SHA1
c455196af8db5823ce8f6735ea4a4f70a595a2ca

SHA256
5f53f2d8499d27dd906587a6d0aad05d5c387ca2fc1c12f26c76aaefa690c7d6

SHA512
645210077b7110661982a76484915f6f6e63267de472db86a89e5ac8d65a790a01df8bfe807e8d309c3609ab009c1fb1e221799223c648465d22763e7ba00bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Steam_press.wav

Filesize
170KB

MD5
f8eab8f1b49b806f490f8716a8208190

SHA1
d5e7401f403733c071347616a2c0a069f74be52e

SHA256
e7c36644507ee52d11ad20e17a165bcb4bb7efb14c573cd29921088c03777241

SHA512
71a75f1e5fe3204caa70adc9d8c8a96155dfbe0b131afcc4bcd55908048ae314b81a84b54be21a1f99321e89cc4c77042bd0d0ad4033988af8d0042060631d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Windows_notification.wav

Filesize
568KB

MD5
bfad965214e05d9e1f6422b203ddc31e

SHA1
23b439523914e55321a115cc1debf6d12fd545a7

SHA256
90707fa427cc0dccb0a6a6cee40ee27cf516164342f6ca19adf496f068d03c07

SHA512
7c8cc4d06214053bfce98d4a5e860c966ac645952163e0f36636de3f97fee10cede49c7a174498548dec8de1ef0b3a0b4c3ab48e872505b8edfdfb7f57d849bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Agents%20of%20Mayhem.jpg

Filesize
111KB

MD5
c90f20fe086f92334e9c28617b074977

SHA1
e22c44b85f4f6ceb0fec2a568252aa181df258ec

SHA256
e24de8ea065066522543e0919697af69036f2a554746172c373cc2dc9b0ff895

SHA512
31c7143a1f76184e87847ebc63fbbcd77a04573d456f15782f55869ee7b5b9ee3b2295b06e5f581d7e4f46e67399b2c97890646df58ecaa05de25f44ea24a2c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Anime.jpg

Filesize
1.7MB

MD5
4f549243fc39cc27215f04565c625955

SHA1
9fbc2dcc25d07f85f9eebcb620392b7187bc8d92

SHA256
193017ea61d1b56fb0c834d8d7bfebb69fc84da0393e41418efa7abbe7cdd0e8

SHA512
519d1730a104fb70cd192d13d260c7cb0acfa7104e4b5dc4ae53a057ef05ccd8012f0a960e206ed5a9297a8df83fb1f6c408196019d4c440bf0a74c419946345

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\CatsDay.jpg

Filesize
85KB

MD5
c25749492a3f86516fd363eb33e48703

SHA1
6bd0604b25a74506a2bd9006ddadf7dce1ebae16

SHA256
751556778ef9e8ddcad5da225453b258b369596dc8e1e072f2d700cc1cbdf3d6

SHA512
de98588d60cdf5a6cb11cdbe60a79f77345ce428024ec888cef4605f3068a1a86e57fbfbe8f0187257037ec9c424df6aa8cf81ff203f9763201fd1731341e513

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Cyberpunk.jpg

Filesize
90KB

MD5
fccd45abac1b102ef9d852fb95241618

SHA1
b8362d3e44a50348f5e687d62e94ea1ea186987b

SHA256
2325390bce62c4bef9f0262222d2dd74f06c3033ad864de432337c75324e1f9d

SHA512
b250daaeea81011c844f7d1a93f7d6094de12074c6bc187d7051dba345e997c8d96d6d20bf725658e793b61569789d5fb5662d761dc20ba20b2fcc44a0289e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Fallguys_v1.jpg

Filesize
92KB

MD5
a795acdc99700b1d4a098b2caf3d39c6

SHA1
178595904d29c6cbd3efc5e71cab28628ea58cf1

SHA256
5bae893db8e438bc28cd34ebe0ec23c3826f1a942d0e336ce2395fe4a5ddabf0

SHA512
8896e458e201eb7faba10ceaf700a1dafda634e5ee36b8065bb8f33b83c06a706f3ab92a4f20560301410ef57871831a7fa014ca9798f58f131f7b36bc63746e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Fallguys_v2.jpg

Filesize
89KB

MD5
58eb944079ea4b055adf9f329de463d3

SHA1
33deef3dd78e844b4c3544e5afe39b1acfe7d757

SHA256
2e4a44fd6efe2b6fcce4966613b4f4e79c2040a79a914d8377e32127c49010a5

SHA512
6884f1b837d995283c44436885b3924d8740d795b4343ccd1ffe216b07290893abf6c8d5b10fa807565c443662915d54fe098ac93d648b940f0caa313d5cc69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\FishingDay.jpg

Filesize
56KB

MD5
53cf0a2de9e9f375a5cdc5849c19f589

SHA1
6d2e7dfadc38dac294be97bbc4e73b332127c5af

SHA256
19b182dc9d9580aa0ca41367618d877f1cb4e53830dafdda3b6298be0c001993

SHA512
35e9a5cd1735049c30c9a3b88b67359c7d58d9d56595bfb41166b24340ac1a0e5446a6c2d6e063afaa1fe905968b0734634658120f516068f5c65b9030939340

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\God%20of%20War.jpg

Filesize
85KB

MD5
d40d3b1641dda951397f85d91cc7da84

SHA1
605fe73ea3d21abd3de674152cacc77cabcf57bf

SHA256
bd9b8ebbd5e12f111b386111fbcae08f5545e6c8bacba466a33748ebbe7caf58

SHA512
18fa5dcb676a43e1ea2d7384f7fe34db2da738fa3b96f374b673fa935303c1226c72b2eeec65f2c96081e4da1a8ef742c60cef82a003510defc48e8bc91d3fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Halloween.jpg

Filesize
94KB

MD5
c0c6f2df1e2fadc671c336692128cf0c

SHA1
3865c8a27099040d2abdeaf896fdfecb032924ac

SHA256
e26c1ff60db6b37bd81794b68d2293c4f03eec9a6bdbe425bb9bc8a717d842f0

SHA512
4e49ce74d8d39d7773539eb105e559023c53d23ba1c87493008688f05d6230deb3dd72692922e73f83b8786025f387972af74cc0f9d49319116034c8cbfc0197

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Halo.jpg

Filesize
102KB

MD5
06822359be19fbe08382ad01c363aa60

SHA1
ef108eb6c41a37be79913599b5fe4fdc827a7569

SHA256
6a77bebbb47626eff779e583ee220d1dac117dce66b28d1173b9601f7382ef27

SHA512
3a7fa133e771e610ab99b29e7f5c0646a5b2026084777ac30eb1af1efd48fdecae3f6c11c0f4e3d251f0c0b5a0404dc11351b250cc3bb956a22b142dd83d2c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\IceCreamDay.jpg

Filesize
166KB

MD5
0df267f391a6eb5ca24ab83e734dc80a

SHA1
ab815a95ed9ba9f4e8bd5fea909f35be739529a7

SHA256
5217c55cabedce00a97332273478eb75f26b3237943c3f90f608976cdde195da

SHA512
519ff25ba063829121863b9ea0eb609de7fb78b60b9f8abd0e9121aa79085b78304b26c603cca7da62e3d45b0724942ae3ae6ebebd8ec7c42367cbcf77a7e8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\JokeDay.jpg

Filesize
55KB

MD5
6582a4db0e5c0570717565d12815d169

SHA1
b05f9a1cbb16149da1dde9e7b0a9fb3abb603f94

SHA256
b1b347856a7a93fc41c18291ecf2424abb03961439583c78a9b2b3c4520e9263

SHA512
33185d6f56209b8d713ca8f76fe505947836b116b65b01ca2e649fde42783cf35d606f5a6101be3b97602af89ce7787c42a2dc3af922eb7e325fff1d6ceb8fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\LoveDay.jpg

Filesize
114KB

MD5
5498653fb773e2fe9f6bba46b7fc2f1f

SHA1
811efcd09132744a0db365de942b306d84b651fb

SHA256
a1bef06e1dc9b472cb3db56828f8fe1f10af642ce0704218244a731b56f7d973

SHA512
71f3db241b23b996cb52c663ad46a4b5056b3baebd91f51dbf2a13c376e5f252fae21ba110247c4518dab1f3fef695c6bd879133f36bef497b3e76df67dd415b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\NewYear.jpg

Filesize
1.8MB

MD5
72d7cfd32904762e3e06590a08f6b752

SHA1
d1e9fab08630afd6cb06ee7b719338b00bceacbc

SHA256
b544f944a958b0634e6d975fc4990ad8e1a71fabfa383939cb71569332d246f3

SHA512
c1c76e8e5483f598fc540ead8e0cfb3a4ab7e537565056c1036a895ad48ee0b590b6a0a63c4f8aa2e1b221ffe98df6d0b6b85f176a1e307a4e733e7f63a220ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg

Filesize
93KB

MD5
babd1b019be8944f7ef6c64c8194bc8d

SHA1
702a50d3e3a0933db4dc1f37423bca3b5c52acde

SHA256
71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76

SHA512
6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\SchoolDay.jpg

Filesize
94KB

MD5
ff2c795ca73657308ff62023583bb7df

SHA1
79795d1a923fbd2b042a41d71c6e4daa71931790

SHA256
a4f459702e21c375a81e84ac85ec84aa463310d8aef505181c72c5274fb27a35

SHA512
08a11863ebd40f1b9740411fa79a3f49e37085db0ee0c864502ffa2a75398b7241b104dbb5b765d3a3b7932cd10cc28e096fe9bd920766a62be0cd43e2e95cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\SpaceDay.jpg

Filesize
97KB

MD5
cc86f6ad72336b38c9a94292a18d2a8f

SHA1
5c9d533d89c042d5492d2a2dbf5537d3f95488ab

SHA256
44e05f8b0a73889362368fff0e91bc5d38b1c33552e1a2c0f6967a99bfb4a252

SHA512
7b6c1e34784345ec9210d0ee593bb9cf9ade0be718bfe75b6d08efb0d7c82a5b9b4e408a78b1fa6605d4477060f7b6578d3bf981a116722b029d312ba48921db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\SummerStart.jpg

Filesize
94KB

MD5
d77e5703d7bd49bd5ed2dc837fcc93d2

SHA1
d745bbd9fe501412b7678dedf468a3d4ebb422e4

SHA256
7ebbec54b74af16436aa4e881e3cf723c1948e88f3189ce15c8d2e675ba7de78

SHA512
1fb1638544451632d185b1085590f73b93ea0f791f24ea833fff9828db77e6fb9fef56af703b0b6f7d3ba99a4c11e323d4fd63cc39c3b14ae3105b343d4e5aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\TastyFoodDay.jpg

Filesize
92KB

MD5
9f7ba227860a8d446f77f62888e4158a

SHA1
361e736b6ef44e6c496aedf7387845249c76a4c0

SHA256
d070946d773f126d824a26abbad730d2fbd146e1a9359cd3afd21960285d638a

SHA512
c2841305671590fcdae7d25abb17258be2cbd271ad1241e1a74206f12c583c75db64d706e87a0f99fe546a9c8bc63d382f93703ef358b384ccf349c3887acac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\VictoryDay.jpg

Filesize
97KB

MD5
eb92d94cd35b8d73ee977381750a96c3

SHA1
95b0dd83b136898b4afaa780f1c8375b31a7f7a2

SHA256
8bb4994de1217cb2cd1651449f030794388a2e1fc333d062d52e813748216ff5

SHA512
52d67616eab7856d2be52eacd7144c3e85f4a37daaafc293765911854504147dda6e61d93d2a17866e5735a4dc56f0246cd8a2d2ea8a9cd87bc3f45a2655d663

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warcraft.jpg

Filesize
98KB

MD5
0141badd4ae9147a4058fdde8f9c272f

SHA1
d8ced687bdb7be0fb534a62e28d1909b9e615e19

SHA256
f88b682b452ad60cf3803cefe5c5c992db9688d47e550d757fa9c2d2114e72ec

SHA512
3d5a0526c32eb28fcf3ce84d3c9abc446215de98c18599985bbacbba262c9c961566595cd374b69f0a8feae5b4ce4de616f8d411eb7eb71adb44929e6a8a6bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warhammer.jpg

Filesize
58KB

MD5
0a5ffe11b4d2f0d579e22a475047589f

SHA1
de35be4763c7bd9698ec627f025fc81fc9927ff7

SHA256
bc755a02b636013d2ec0bee05412ff7361675b0cd3dc5661a4d750d74e798346

SHA512
adf7696b4fb1a1201e744181b63b02e9f224a1791e954994daf8785c6752a7ab85b438816e67a9236c6275b2f7383eb6f50fe32e1e58b3a3aacf9fad1d49b92d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\cats.ico

Filesize
132KB

MD5
a60ad26735ed5f524fadc837ba409bee

SHA1
0c93146c29615c62b84da87ec5b9e8503ac0a51f

SHA256
ac38101ea1995b026d743575c7ecd82be22192c36f7f5fce336b6584a83b88a7

SHA512
bf20184fed223bfd5c470002a6d0a5d1222c5e24b9fb4c84318a406c0524f961a02d036e0bc3a9530e53b676ce9931f03dba9c8cf02d3aabfb522c045000e054

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\clown.ico

Filesize
132KB

MD5
ad1e1074f2e24099f2c1a41a42ee7ba7

SHA1
8b3db9e5fe4537dec069172e52d527223e5b1eeb

SHA256
01b0c0084fa9d536baec5468033154d9fc3028bbed55d0d3697d0aab8b13384b

SHA512
fd8a58519994bd773f86dd71eb90c519cf50f0e0dcdfa33af4dc5e5fdc7119b3cf240ba0654ac542d5b6ec0fb4647b819dfbbb338aa2c87940bddc31431b3f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\food.ico

Filesize
131KB

MD5
f3ce54818a6c18da1826ddd2f089c51e

SHA1
b0a39168c28afafd461d05522e6f964e7524d4fa

SHA256
e3187124e5e5b7b135014f6924893fedea29efb62c9955c5aefa2aa00610a97b

SHA512
19fd926cd4840a1fb7af64b7cb17bedd3f3e7fad861b2cdeef6b8589ff6119488f76dfd2ac27b8acf85d4493cbda06879c85f23db3d3c4a0f09f94899185d5cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\halloween.ico

Filesize
126KB

MD5
aa4603c868a63e56a5a3505daf9c63ba

SHA1
594dde5f2e3277653a6511e3e805a2da7f7fdd7b

SHA256
af71eb5c9170edbe968ed691a6be636a753e69ee46a82d528eadba33c2ca574a

SHA512
e0c7cc1196801749f790c72c5a75dccc83f2affdc77d74506e2f2079990be7d21368e7b9646f3f739e95691f7b799a16f8ae86a0b4a9c4fad02a96ef53eb2cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\installer_logo.ico

Filesize
100KB

MD5
d1f5ebe2b7fc80412af20dccdf6d10dd

SHA1
7172b11e58421e741fb49d1d83f05ea696135b78

SHA256
2f6d4d480ccb302d8c119695ffb2f33b0d446e0d32a050a8e77828c3393d2906

SHA512
c753790979241d978c300a6c22567f8c206d0807ec2c06c053aa39da94ce511626868e0a12a2b207c7d6bc790595cb75668c231ad82a6bff3b9568338d619ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\logo.ico

Filesize
141KB

MD5
362e23dce02f6439b99fc322a62cf7be

SHA1
dce93401f082b4464f697974727f90cb55eedd80

SHA256
3c4cf7e9644493d059da452a3af9c17a3be5c01db09c2da5d5d3d5a45468f2a9

SHA512
e1b36ce9feba258e3f2db9bba421546b96499273be37c36604f0c6afe04cc8e1f04d910f7d815ccd9040be1166dee9e5ef1c107dde08f578dbde44ee4e045ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\newYear.ico

Filesize
130KB

MD5
9f66fb548e4aee0089409e5b896fab99

SHA1
f340d4ded3da188aaae76a6dbbcd64f4c8678b13

SHA256
dda4f29c5f687ab63c547cad472f5ab9a5fa7bac816b36207c0201542dab6173

SHA512
df4071913a884bdc844e30dcbba317e052926e77da4fd17b903cb5975845f067786e508016e2a10cb7f9367f863537cbb91d7d0684601751ebc91f8455760040

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\romantic.ico

Filesize
141KB

MD5
1e574f7a6ea27150d9c2fd81b12f6394

SHA1
847699fa258885f644b66a25dad4ada094671ce0

SHA256
f01399c613a0b6451dcb8ee77c5d77a1755161bc0a5a403682b3607f6040fec5

SHA512
a235fc7f7cb4365e90ec59338334d606a17a77f101ab1505889e7f75c7258e7c3a63f9a93cf4d447bbca39ca207b8b0d221bc19afc71009a088f52ba9621f4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\space.ico

Filesize
137KB

MD5
af9a47926259005be2bc4e609f45c62c

SHA1
edb0a26d47980032531381a40766af1a44bddd01

SHA256
5dcada90aaff8f8076a966dd4a83ec4b087b437ca4d7a0a9519e277ee1528bea

SHA512
af3344daf59a5c0e2b2f140101cf47084be7a8ad04ae31691fffad809f3ca41f314cfc5be61d2e1e88b96703e30124da3ae430bd2ee88f529ca100978558c584

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\summer.ico

Filesize
135KB

MD5
cebdf3173e21a7c16d4a7d8076a11c0d

SHA1
c4c19af47f02faae7a6aa671affa087d11a9e96f

SHA256
14da5ad17b31761f6c9302a05b198a703e91bb6bf1a9ead708d4914fb4ed05ac

SHA512
22672e6b4a72ec4fffac142eec31a75f85a3eb89d8b66a9b82d775db6604e3ac329ee3976e327e463ca240bd83e221ef01bf0aef204dc3f58700c43e1a3e4069

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\war.ico

Filesize
126KB

MD5
b942f8a18c3cb3d9aace9b5892c66671

SHA1
1cc54e8947e36f2e64cb7ddd9fba785a60f93793

SHA256
4efdef75cd3a854faf44e5d0f25f62da8194c07e108b3b2679503c16f2805a4e

SHA512
4b49c72d6f994f575a9dd142dc8bbec2b13bcced27722ce2820910aa3023c5e9254ec8defc1809f899130f6c3d398b6adcc32e146ea1d02c94fac80a8928dc0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf

Filesize
46KB

MD5
e57b6bc24b970a377574124e026a7c01

SHA1
00184aedd4ee4d2ca6b5c87cf41e78f64304c89b

SHA256
b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6

SHA512
c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf

Filesize
45KB

MD5
d10d77b03ba3abe6ccc1c142d9852595

SHA1
6108edf0cfb3d5f25e3c593949c301c5c2aa5f25

SHA256
3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44

SHA512
71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf

Filesize
46KB

MD5
df63e8855d04ab0e25d2bb6a0b1fabfb

SHA1
5512dc285f36cdf7da5ba5eabaca128ca3442537

SHA256
a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed

SHA512
eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf

Filesize
45KB

MD5
d969db6adb881f1dfa91a5b7ec0154d9

SHA1
d7b44b20eb246b0ff5c41147c0d0fb96fde47c48

SHA256
c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152

SHA512
2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf

Filesize
46KB

MD5
5177edfb54762b59df676052d11b363d

SHA1
fa18815bf4914b93d587c2758b65e234ad51b38b

SHA256
50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d

SHA512
7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\0.svg

Filesize
1KB

MD5
3c82bc5493a92aebc9064551ea8d38ac

SHA1
b1019e3fe4397f7215ed8af2c0914159e986fbb2

SHA256
6046c1e9b8fc8cada4c4e063b031e164163e7c5723afd8c37d7df6c3054e1e7c

SHA512
126c5773e2192629eee40a611997f01c14bf598215d6ed33488b9d934ac41acfa83b99d7f373e0726a459dfee950011a0c24f97fbc600f5f96dfbb16ac7d9bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\add.svg

Filesize
568B

MD5
5a3230a0cfd5bef48c90b7c90a5d4f8e

SHA1
0f4058127c30aa7928a448e54195fffda531929d

SHA256
54bf4853ae737f99972b4aaad7bb1384e2731989e120609bcbb0be7c4b37e173

SHA512
cfad366c093e952541b85107fb12c28707bbc907a41fbf65c669e691c36e7ec2ed0357b4e5839f5142d1a44d2087d15e65ee10fb738658832fc32f4b1af52e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\admin-panel.svg

Filesize
1KB

MD5
3793c8581582f78f81e96a2d15e79637

SHA1
9abd494baf1e8263a87fa8ab23627b75c7b93e73

SHA256
0df749d94a0349477ff44e8c3d4a061246155a732583b6a73a5cd0dde3aa3dd2

SHA512
23cd27d9c9c171d9b104aa6bdcb369617e4e737a38ca2a6398e24842066c8bb43bbb5706b1a5abf0f8a775628e1f69563abf695e3ae9293acb44bcbff11decff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\advanced.svg

Filesize
1KB

MD5
11f3d49b01f6105d803b3d67e8a2d7a1

SHA1
866d313d44b62a7ddb75360b707bdc0ce3f76df9

SHA256
cc1b5cb898b7fd9c396c85359c651c3ec77b76d4502972caac0db0e1ad789477

SHA512
eec9f3e63fed93bf1a35c6063b3a35d432ef0325359de828535586681407e0d2cf78fbd4431c0ea1231496df979871e82cb520394e985ec4873af07e359bfd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\alien.svg

Filesize
1KB

MD5
e41fc939fd261093211ff58aae998a04

SHA1
f10d40b8d1967df4ccf342122c19289d88799693

SHA256
393e551487d68dbe48af9497c28b02ac7da38e6dbf63f7c00d166a7f614ef1f8

SHA512
182010b5dfc3e4bd7520c12937977fb602bf6e1ecf829e9e4419261a0f3e6db3b4ea1467dcd59b6db6264c9299e1b43eaa0d8d438a81b38dc43dd2ef18f6f7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\android.svg

Filesize
1KB

MD5
993f215e495ed4b81f97130f6d3f64d3

SHA1
bddaa387ab0705b06f033a1aaaa1fbfe29ef2f8e

SHA256
482828be19a5cc3e8b4cb68147a8d3713989619dbe52be82ac60d8cd0b4c46b6

SHA512
fa56ef8bfd8b04a1b58a50059163e4b6ed0c24de712cc2813fdf4f2ebed86a53dd00ea7b55cb0638873bb19149dd74c0cc2d17c9bf29437d1421aa0922e840ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\answer.svg

Filesize
540B

MD5
d7e36b8acea961b56059715332963233

SHA1
fbe5afd17f01e0f7e1cf7ef484130034f3d687fd

SHA256
384a3965448ee7e12eb408ef25b94574720b2ddfecf68473c3c09278deb2eb39

SHA512
13970fe8a0ab81d6a5343493c8d4d862a89035191f902f7544245c2767ae1937936698190814ed1ce55e20b023e95d2c96c7cea163a4f739387e19a3b49b10f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-down.svg

Filesize
339B

MD5
673eb4d7e133b2fa1372d7c036abf18f

SHA1
24895453cc62ad88211f2c8a7a4ecc029fb78afc

SHA256
21a868b97fd5beda44d05924451aa074c11a1a96ea5ba45ef11105cb290ff4f0

SHA512
3296ec1a21147e5637ae4d7fd67a7a6f96bb9baaa2719957800235a3e8524686dd048efeccc376865347b4092bb7833e504f914b9b5918818c3aa920ff7f4c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-left.svg

Filesize
292B

MD5
ba5b1e092c79bc5ca5a74b534a6356f8

SHA1
c0b784acf0eab0f9ac2469cb91380c3170527ee2

SHA256
fd7d1070085adf5c678b35cff5899aa600c13cdcc5fb788635a630ae6cd156ec

SHA512
138d8e5b5775c05a7f0c2f2a0ef3bb95d3bbbef643420156deac5bbf4cc43fcc28b1981402f7cf083e4f9eeb0538349ef050ba3997fb12efe2d2e0c4144bec9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-right.svg

Filesize
250B

MD5
caf3668c9e2b82819137f778b10f04f9

SHA1
a3713391b4ce86c084f1981851cef5e76afc71aa

SHA256
92b25cb5172f158b02e577ad36c7de69fd277378cfab9c8cdc7e639b16c03433

SHA512
0b9bf756c36026d853ba5809819f29c308ba15149debc75d04ac5cc2eff4f6c59f3a1da2ac50f268c7751243f96d3c3eb707a16ec0b1ac14fa49199a284826fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\auto-delete.svg

Filesize
695B

MD5
7e1bd86b2f114bb2c6ab973c96163ff8

SHA1
a50ce0109893d9deaa1e62e6dce20e31b20e8f04

SHA256
277e2549994f76a3539271719dd46fc0d06e72c303b4efe9e805f8c9d0c4ff3a

SHA512
c232ba5b153f3a8616767b1afe0e8c784f391af4b0521b5a509d2f311a0450ab06f68dc377636d6ed696f733e0b5f058ff08b305cc142a09f07e7febadcc261e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\back-arrow.svg

Filesize
622B

MD5
3127554ba77c0b0c6871b12540cc595c

SHA1
88cb8d41ba3da59b474e977a68b5fe0c806cdb5e

SHA256
d83d07f26c46717e11fb9ef3e3fa8256f8edd2f66571db73b6a7af69742524ec

SHA512
9666da34b8d01d8b1a2805329d07d5a9479c6952f06563ef10ca6888595d81e35ac3293ceb87784a18a28f30ad175d4e69eb7de48d03f3ba7ce341ac99672dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\bank.svg

Filesize
1KB

MD5
bf9a759efeccf88d1293ea9392eec741

SHA1
6bb175757b6f51cb684dbb8c77fa7e470f78e812

SHA256
0672537ca0cea9227371d3728fafbb6f90255386cd96863422fb895ba3cf3720

SHA512
8b396744afaa53fd17824dc6a36001cb592b0d7b9b1bc68f64d06a9f4cccb35554114541652c493097afe7c153e14a396f4f5ed8cd935bc8014970a98d27f80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\bell.svg

Filesize
997B

MD5
c67aa6948d2882144f34e73a6c1fe85d

SHA1
693d45f290ffeb039a6cbb1161ee2ff6689f5d90

SHA256
cdef11be995dc895a64a4cc3926d3a7bf980fa1a98e2b616c74ae016f9b8f29c

SHA512
6dff102927599b52c82ee8d235bcfc684826185251dfac4142d10cf6a61e7f2dbefbd98826987a75b787460781e3ec5c80842ad8e40dc0b5711b55f034731c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\bug.svg

Filesize
1KB

MD5
9d7be139a71ce10e807d2a1b04b587ea

SHA1
3532e7dde081bf670c051cf8a1c7234351e35688

SHA256
db1ff0d07f8add2a7bfb1d92089524665fd8be533f51c620df756b1aa0ad2b9f

SHA512
8c6a8d15fe9cd4c22be149c9c7a1015d3a26f0b7fb9e79eb4d1db172c44afbd844bf10697f5c886af4946cef3e2b4f86b6c1a0970063d356460c76902d34f8cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\calendar-alternative.svg

Filesize
1KB

MD5
a6f16ca0a775b85548c0ab584cadfc1c

SHA1
e8603263e13321dc9a0a8f5074bd2bceb7b9b61e

SHA256
ef8b44637573b2ded7956b36764578515436eccd35a597bbc4d056f082a0af8e

SHA512
fdff93b5f6cb897978ab8cbcb063d32632596f826c2e4a4b78cb4bcf53cb55bd138a78fba53f1d89e21702f73ee204da44af7f365b6949a0ff01a659a87bafb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\calendar.svg

Filesize
862B

MD5
6763d770f3af90634905102ebce6c6aa

SHA1
0782da706704c3250ecf24772235588285318dc4

SHA256
203b9b3acea3bc32f1b77a5043410c512c75e9961807b5cb021c4cc707963601

SHA512
916532fb3c1a99a3d6ae626814dd6621d7d1f4269dcde289c82dd539fbe61dbc825fdbb2513e86cf74ae5e1d9f3b23026bdc742d3ee77ebfa14aa2b8db4b26aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cancel.svg

Filesize
241B

MD5
85497ee294fef9feb9f061be10d7107f

SHA1
8ae0a473f3a031022ba24245907f2620d999bec7

SHA256
0d949074a7408c62371d3d7c599b9f154569116d8715365019627f34bb900037

SHA512
ba660b5e8196c7311681d582ee0c8a792f3e3c62d0eb041110e36d704fff221e9a9ba7289c2577b922e90cc03bd520d066236f1ab8f961c96979b64fd180bba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cat-1.svg

Filesize
955B

MD5
dda5d8ad7977109c39a717d54ef4c8f1

SHA1
b0de1cf7da2d842a58b91c3b6fe6f6f17b411444

SHA256
a973170eea7dc6acdc9b3134fdf1cb9f933926cc4a7e2561b7e97ebbc942f782

SHA512
69b52d8205bc99970f8577bc7a9c0a2238f1b1aea3115c1b0d4b05fd112ec2089df04851f072d6de7ff5c637e460115b5863e4546b14c0bbaa558aebab82d329

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cat.svg

Filesize
1KB

MD5
da519ecdce7d14eebf349e03c730a5de

SHA1
1294237b4b437da9f4f816bc9de833c3fd6d19a3

SHA256
607229e4a89f472fe9f09ef58aa5ecdd5d2e8a0a1c615870598a9af5733a0cd3

SHA512
0f80459f7b5860734a73e076f3ebc396afe8c64b83c57b58eb38a15432a3850be5b0437550fe469522628e476118457976641e9d05053d0310c99f78ecd7a4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\chart-bar-alt.svg

Filesize
503B

MD5
672ecdd013d7cd8956fc92d89b54d899

SHA1
d2b579ce3cd45359a2d00e07058cfc2b852ea8ed

SHA256
06c128ca3c4bfca98b1d3219de980deb428a5dd0f88d6de4787a40c56bfb832d

SHA512
088602da6370a1fd3e5630e6b07c8de80cd5b9512cf709869a2ad9ed320aa2095d28180399e0cb2e0cd5bff1918714e3ae0fe9afcf50433588afaf012f704855

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\check.svg

Filesize
277B

MD5
c24f66399270eb0fe85b287b76e1f0cb

SHA1
a152ece0430988acba0f402447d53450cce99c84

SHA256
649efa12e5c21b700afebd35a3a09719358acafc743fe2d44364282677af37d2

SHA512
1abbfa156dc145d8bb845cc7b6b3940f16083046503237ed0fb857f7dfb3fc6b8fff2dea59d6c4c5ea1085eccdb1002e9ceb054f5c574456e171bae71c8c961e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\check_circle.svg

Filesize
303B

MD5
0bb388952a9445daaf17fa821e64bcfe

SHA1
adaaf38d0bf04c5ad802384b0e27cf1363e12a91

SHA256
24433540f888e811571292a08fad179b8b81e2630ff535218f79fa407deed895

SHA512
f845f3c2cc9a563001ddc83ef908c4673522c7087ffeaa80860c62ae6b97c804c08f8040f37e22daa31acac818d23e18c02048cf53944228f32a28a40a54f721

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\checked.svg

Filesize
1KB

MD5
539d835e7eb96147a9c52529da32bf94

SHA1
02963318607d0556f7ac45c98b2bce140753588f

SHA256
63852cd8260bdc17fce231ec5df84d1a4db7c486ed7bedaf1d6210a967dc6dd7

SHA512
cb696a8705ec7d05d0548a935c4bfaa6f067ae9a3d02e67e12fd25a8906e648270a4ce43056e7233910c11f7e8d8407aeae0cdcfe863886ba9f185cc25219e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\checkmark.svg

Filesize
268B

MD5
5d43b638c6162414f4a9e920e61dc49d

SHA1
bba1628a99f0b8f9aff477de12b1360ed10dd47e

SHA256
ce7c824dbcf1848f684d968062a2f09bd833dea19d575fe3790e956132c973ca

SHA512
144fbe786d214f3a3aab0dd2f9edbe17b07e664066da1f5d4d61c2b3f5fec6ede5e6f63dd9377d4605a27dad25b4e9c126040d00ea446bd7dba8b06347f509fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\chevron-down.svg

Filesize
232B

MD5
4d7f71145f9fcc087f0a28db28452992

SHA1
684f8685d1d8afa8dc297c51e9c8e281c594cbd9

SHA256
b1e82d8b9df576b359ad8ac70c6c89911e22f8ca29bdacb19e5802abb01bae86

SHA512
53b44938032d5de7f212a54a0422c13326a1add6aa7c54f78baecf88ca372d7130ba77321a0034493aa80f72ffb1c54cac12d5ffa454585a786e4f8c29638e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\christmas-tree.svg

Filesize
2KB

MD5
a6c2804b3f3f593a193237f6481b3345

SHA1
c7612fba1c4cc105b696db535c7839182bbc8465

SHA256
14a1c9354a68f93d29ed72cd367707fc20043e1b802be8fd9677030f6f8c61c4

SHA512
b1b3253502ffca9f7189f2b2b2466d73d6adae6f8b77ded1831ec53a073bddf2bbd59a8e73f9c71b6884706f96c2e3d25a217547779e954e0aa69d37ec811251

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\circular-divider.svg

Filesize
152B

MD5
8012665f9b98ebc8f5f076bb9ec1582c

SHA1
bdc90f66412c891bf712811c1ce92673cbd8d20e

SHA256
ddbf0bda5eeab1b8351486b002b1ae9a4a6e2db8fc6b9e2c25d612628eecc631

SHA512
ec55fc92325d39a46943ebe2c0aa47c082148740caad4f7b719b79de1eb4d2f2baabf6f9f69f0a51e0317ab39166550a84d0ba3e053f2689eb3bd3d929f330dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close-circle.svg

Filesize
570B

MD5
085364fc515cc02710adee3b224caeb2

SHA1
91309d5263683f1e312a85ee4b44b9d67ace7753

SHA256
08593c7c901ae6e1bbc52be0701c3fa0e9bd5c1e61f61728d3fbac0d900e6da7

SHA512
7b94e0069ca3545c8e1635cd8b6d6b67a0cdd52cba151dae06a88d8f3a2e5ed7bbf971f6cae8fca3ec769f83f07b69fa247bb6be8bcd58a3db9ebef4f2934a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

Filesize
201B

MD5
7f8d672a2849987b498734dcb90f0c51

SHA1
e53b9319bf964c15099080ac5497ee39f8bab362

SHA256
4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

SHA512
b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg

Filesize
1KB

MD5
e99140f842b471d330fc27cd73817c4c

SHA1
9957147463f586824b65bc7bfb121d33a9523a96

SHA256
0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae

SHA512
f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\collapse.svg

Filesize
195B

MD5
ad6092934dc48be9d00331e6f21eb235

SHA1
29cd8e5478e432b386382caf6ac7b3537b108c33

SHA256
2e0eb48ef144b771903a2ee5096ac4305ef43c830d2905f46b0384a07f5f4090

SHA512
38254a977c1a74515ed6184b5ebb3b1b3125db4b713a2de69aee9dc54912a9e869fede36423548e9ebf8cfc66e6711738789ee2c33f6f3af74def779eb7e5afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\complain.svg

Filesize
2KB

MD5
b6bb3a6b10c02488ad600fe65829378c

SHA1
88d2e5351cd071d4e7bb8c774eb4f5f2e75dc9af

SHA256
993ef7cb65b7fb77e035421ca68c60438e46bfe7d4a0c6ae875fa20d9d4ec2dd

SHA512
7a9ed7a5d01143f09f271fd868c4aef92405e6e00f3b9ecf709485a767285281640c457c8096ad8a0108070f453fb3e1f965110407881ab492a89beb87e75b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cookie.svg

Filesize
4KB

MD5
620a242ff032fba0b630a33f751099e2

SHA1
ff5891c241df6b4589a8981dda340c030a8586c7

SHA256
03b331c7a13a6a045bbd4f2b178fd52f898049ec8dc9ed0cae8dcbf61aadb2c9

SHA512
329d6b1f8b33d1e2f50839230cee738556c86a9f5348be40e10c8682b017ed16e68eaa3fd6add4309b592b5eb196c6742d4fdada39802473dafe78165590ef63

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\crab.svg

Filesize
2KB

MD5
4b946e45950ca64628f4eecfb2edfb66

SHA1
881fef3e93f22250787bab38635b003b6912048d

SHA256
9fe50503fb15530bdd87bb0ac2cfecea217449d36df6fbc9bde4439d3cdb9bb8

SHA512
dddad2fb47d21f3a6bf6c62878942c45e909af5466266833909d0f80a88f100918e2e31d0f2055bd5aa2f4bc98da88689b9879f298904b1a6f18ca32ff85edf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\date-calendar.svg

Filesize
552B

MD5
cec1d858967425f269add29f85c0080d

SHA1
5e52bf28efd7367778183b0f6b6fb7832d7b9d70

SHA256
56844bd764b03446b865f0fa3bedf995ef06063e2306c88f7d289d707e676a6c

SHA512
884f976d49fd7898c66a3a394dea9594e78d88a08d3add65edad365fd6a12d0c9eeed710352471da089c9b629cdf35faa7283acfeb0d9e10baf3ee5603c0442a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\day.svg

Filesize
5KB

MD5
50f48d3dc89a7e9efee695176a4a05a4

SHA1
537e286fa920602678ad99b50cade0b63e4ba60e

SHA256
3a0dc43445129705331d59f44cb1da0df735ecd03afa7854ac6b8d86ca9aaa0e

SHA512
0e5750de343fa6f5f95192a0ac0e9fb5f7c3ae1221d1156bf4ddca00f2abf9016447d992215440ca2ba5adba7ce1114766c27a6695c63210d95b39f3b78a5b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\description-blank.svg

Filesize
657B

MD5
bf2c8a4289c9396bafd0ed3e2638f6cc

SHA1
a03f43665f69efab2c7c2501a55197f27f3922f0

SHA256
d0ffdcfeac8eba5286843ff1c7986787e9f241b4e999bf9d2f497ab69b59299e

SHA512
a5354777c26ea3bdac9271a3849d83d6d89d52b26e6b39b5683a966f5a17d332e4449e378766adf166d8ba30914a61038a162c1fe98f3e65af9b1db7b55be2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\directory.svg

Filesize
469B

MD5
5cbe7c691d5271ad409e22ab514f81c5

SHA1
b15e9f748d71036e862eeeaeaf7f70ee1b1c204e

SHA256
8d2f0bcfbe633144a227a88f8c3e16848e1569ae34cc998e9361da330cf27e5c

SHA512
285022dbfa69f96ccdff37225e64ce7b79e39b4db7b4c2bbbc4ac8a346d773286b8848a09fb17691b24495e009598362c831d0dc34c3ab8a0c825a5ef8e9a8cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\discord.svg

Filesize
2KB

MD5
ad17bef21884d1e218967e25e0591927

SHA1
dd166b164a4788ac201d86125aaf42750e1e5068

SHA256
4cfd2975d5fab3c39e716684aa203a220a90e9ecbf3a0259ee42e2dccf515032

SHA512
3384da9c3a602c456f1788ed527dcd52a9a303ac6568be0a8ce0fec1fc5899a052fbd45624b57113b28ba1e89549d7e2f818803208693a286959131094bb4062

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\doubled-arrow.svg

Filesize
516B

MD5
ae8035c2e498c755ba7afaf3c6cb5bcf

SHA1
66e03ec9b191d8014252f5f77e9ee0c27e4e4ae1

SHA256
452d056778560a036625f8f5c865c86ec7877eeefcd3288b9ca42ba3a39ae967

SHA512
eb00d53414172ddcf7ea16de36ae71bfe2c17d7f580e4538858ff18ad32f04ce83fea8e9768e36c92f0d2a1e9d5992db40cb583ea913bf62ab6e8eeb810b22e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\download-sharp.svg

Filesize
254B

MD5
6dc9206bf3c0452995bbd8bfecc1ffbb

SHA1
bbdcd91b2b5cb2b6744a5756fdcc3c4901d1a903

SHA256
2d6de4b0293507d4009384e78a8524427ea8a9bcf8382639a7212497f6360cbb

SHA512
becf931df39fe2f4ff2a03da057c43a9ce83d5f9dfe0604d5949d4887106ed738d846ab7ce5b12d868339cf77236a85d46d3edcfd3957b610eb174252febbaf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\download.svg

Filesize
538B

MD5
f50747938c143bc56ea61c5f4adf6a2f

SHA1
10969921312edd9747c453f15236d82176840222

SHA256
bd3207219df645a3f06665f087fb06721e85c4d7999a9edb73831c8998630468

SHA512
d11ef03d00f5e56497b0408b03a4c023f2b5b5f92ad547583379783c6d81fd03a651ceecd26990aa5709458b697e5288af7b1ef2443946bd2aad81f73f900d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\edit.svg

Filesize
895B

MD5
f260bbe2edc2e588fb17dcc4e3536d71

SHA1
0285ba80b1422f86fa249d2dd14c1bcfa32eae24

SHA256
fc98144f82f1c62ef49cec7271ec3b453d2cf447c588f83ee128124b1909c093

SHA512
0da3bca97e5079497d6c8253c87410509ee182a19bf7d46839839e6e430052e6f73015fc61159d858ec9a90323f21bfd07e0003bbb43d14866ec0d80562a5b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\error-circle.svg

Filesize
488B

MD5
b3b259b4d2b1972e1bb738ceb0ea1ba5

SHA1
e6e10af900510de03ba1d903768f9214cae85879

SHA256
6871eb850dd06db542efacfdb1cf5b27b9b2fbc8e6154ed0003a0ea4225ff466

SHA512
28841c1b98adbb4144d71c944d2d29a02a96ba5260c294f71cc0734ee7451d74785c6bea59a4874bc4e042c16cc4a88896e400960abc2420d1c55742084ffbdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\farmbot.svg

Filesize
4KB

MD5
ab8c146952cede527469c88858d284cf

SHA1
67448b2a9eea7001c15d6e95aed77bde90f0bc99

SHA256
b26c59accf130486c733486f2c1552c5dd0c5527770c6b5a07443644e9cc469f

SHA512
5e58290ce8173dc6ce82e6dc635f5cd885e8c4dc7ceb1520441d384a020839f571fb1dd540fd57b25da8d9401b3a01a7fe3c73a520f1e8110e2402f2e05f124b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\favourite-add.svg

Filesize
533B

MD5
e8b7b3d288ab2328b33657f7ba9a3e29

SHA1
04027c95834489c6b09d684ae04267afaa00c7e0

SHA256
f3ef6f54d23542653ba6c054fba6a73ebc6bbea008d3638cee41be07c3866260

SHA512
e2f6951903ff2f4cfab951861946f42fef7018b0e5572c996736d80eb4d7f5b0582d4bf30b9e54730dd7123e9b0cd06930042440d4a3ad2ed84b9611500d69cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\favourite-added.svg

Filesize
540B

MD5
21b9b0c79a05db19911dbfc40a20c05e

SHA1
6396d2c55632266f704ea7f703d889ff4c825674

SHA256
44b3ac4f97496efe50f79cc24aa11b8b027adef8a6e6a5f13aea4de47629b004

SHA512
b5806ea5fafe7ea04b9d59a16e1a7266b161f934b14d681960d31696d7f306b27915d43fdc4752485b5d2601405982a09efc8f4357792ca781ba134fe0b77ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg

Filesize
151B

MD5
d47255b6d3e685cac4804eb58207d0b6

SHA1
7fe02211cf6b77f3971522a3b3888460491ae153

SHA256
29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640

SHA512
b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

Filesize
79KB

MD5
3577f702479e7f31a32a96f38a36e752

SHA1
e407b9ac4cfe3270cdd640a5018bec2178d49bb1

SHA256
cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

SHA512
1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

Filesize
760KB

MD5
692337664e861ad322138061132dddc6

SHA1
8a99bc860eda0772f3b1f4a125fa4d474410e21c

SHA256
c12537022ef818991a7bfed41a76d8d6ae962ffbc0e6511ac762a5d0845e7f7c

SHA512
3e2e6adb651e37e530734f999634d7c101fa1c45ae380be8ad169bbfb0a047f2878ff6c8d1428d6b9e7301b447ab2f8839484322ddb3831984be71d442829a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.3MB

MD5
d663c9eb379f0dfa6115dd1e669b761f

SHA1
fa9fea1bb8a0db94a1f6f9679cc7ef5acdbdc6bd

SHA256
4bd4bab764eadaa9da230407be3fa9c0522b2bbc3dae60593beb9a0984f35138

SHA512
c154b5c2975797d2faa33a31a2612cdd446a149144a7d055323a0c49acfb7cd8dfb815640d68c5de61ce471c6038ff3390d44a801f9dc970b573ef2ecc67f7d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

Filesize
559KB

MD5
c3d497b0afef4bd7e09c7559e1c75b05

SHA1
295998a6455cc230da9517408f59569ea4ed7b02

SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

Filesize
116KB

MD5
e9b690fbe5c4b96871214379659dd928

SHA1
c199a4beac341abc218257080b741ada0fadecaf

SHA256
a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

SHA512
00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZeFd4AWQUv.bat

Filesize
175B

MD5
d3124d4ed05fe63c69fccd886b92ac18

SHA1
6bf2838464a3b57c8bf86f0fbf111faf5ca2986e

SHA256
4158f05c083fc96159d37bed823b91abf7f3cafb63fae67c1e204f0e03f88a71

SHA512
89e162c6dc5e3a1fe58bfb28aa1d01f02b67f6311235f5a817166ecd31a1703d17f7f8bc30e7ca9bb0f7f878a524e7adda75c0d0711b40041dc0e19c953d0409

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_21bgi5jz.boi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

Filesize
269B

MD5
6ffcd0b09aeea8373abdbfa8fd564e96

SHA1
aa0c47d8c5ea5a377c32fec8a4f78396ce097055

SHA256
551dbc57aa5aab842324e68437325a995868ba5061be69fc9101e8dd9e1b5a51

SHA512
5e5a723a775a42a885209dd57f994e543c9481fe0597ee2c381beb704f700b3a004140422dd45e32c0d5af2431905e45dcab5f1c8eebcc6cad048773dac80ebd

Download Submit
memory/2772-1226-0x0000017258EB0000-0x0000017258EB1000-memory.dmp

Filesize
4KB

Download
memory/2772-1223-0x000001725B000000-0x000001725BD91000-memory.dmp

Filesize
13.6MB

Download
memory/2772-1222-0x0000017258EA0000-0x0000017258EA1000-memory.dmp

Filesize
4KB

Download
memory/2772-1227-0x000001725AFD0000-0x000001725AFD1000-memory.dmp

Filesize
4KB

Download
memory/2772-1224-0x000001725B000000-0x000001725BD91000-memory.dmp

Filesize
13.6MB

Download
memory/2772-1225-0x000001725B000000-0x000001725BD91000-memory.dmp

Filesize
13.6MB

Download
memory/3584-15-0x0000000000400000-0x0000000001F91000-memory.dmp

Filesize
27.6MB

Download
memory/3912-1259-0x0000000002B60000-0x0000000002B6E000-memory.dmp

Filesize
56KB

Download
memory/3912-1261-0x0000000002BF0000-0x0000000002C0C000-memory.dmp

Filesize
112KB

Download
memory/3912-1266-0x0000000002B70000-0x0000000002B7C000-memory.dmp

Filesize
48KB

Download
memory/3912-1262-0x000000001B690000-0x000000001B6E0000-memory.dmp

Filesize
320KB

Download
memory/3912-1264-0x0000000002C10000-0x0000000002C28000-memory.dmp

Filesize
96KB

Download
memory/3912-1106-0x00000000008D0000-0x0000000000AAC000-memory.dmp

Filesize
1.9MB

Download
memory/4996-1283-0x0000026697690000-0x00000266976B2000-memory.dmp

Filesize
136KB

Download