Resubmissions

19/01/2025, 19:12

250119-xwyw4aslan 7

Analysis

  • max time kernel
    131s
  • max time network
    144s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/01/2025, 19:12

General

  • Target

    ExLoader_Installer.exe

  • Size

    26.4MB

  • MD5

    2d3bb824bab42e39818e768c1fcc0e43

  • SHA1

    09bc8adef1d4444c8d163a768f419f12f733b9a1

  • SHA256

    c8b7de3ce429150617f25529aa436d28497b642925b7ea384c30f529ce8bc23b

  • SHA512

    3cbe7b4c7e38d2a6095e2e471308cd6cc5f185dcf45d96a5a28c22d946606386d7da411150b9fc9a9a8bb66c204693025e346102b06780a4b2dd101ab7c5eff0

  • SSDEEP

    786432:+H+GUanu5iNGMl6TbCS1uHYdgysWUt15IrCxGgvrck1:+eGUYuENMTbhc4dgysNtXIabX1

Malware Config

Signatures

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 45 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 34 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1576
      • C:\Program Files\ExLoader\ExLoader.exe
        "C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Program Files\ExLoader\guaranteeslimitgive.exe
          "C:\Program Files\ExLoader\guaranteeslimitgive.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          PID:4500
      • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
        C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4260
        • C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
          C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe --silent --allusers=0 --server-tracking-blob=YzA2OTBiYmViOTEzNGM3NjhmMmNiN2EyYjZmZWRjYmJlMTkwNmVmOTBhYTQxMDM3MjlhYmZmMGEzOWNkZDQ3OTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwidGltZXN0YW1wIjoiMTczNzMxNDEyMi42ODkxIiwidXNlcmFnZW50IjoiRGFydC8zLjUgKGRhcnQ6aW8pIiwidXRtIjp7ImNhbXBhaWduIjoiTkVXX18xODIyNmEiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6IjdlOTg5ZWMzLTExNDYtNDMwYS05OTg5LWRjYTY1Yzg1NDY5NCJ9
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Enumerates connected drives
          • System Location Discovery: System Language Discovery
          • Modifies system certificate store
          • Suspicious use of WriteProcessMemory
          PID:2392
          • C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
            C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.35 --initial-client-data=0x338,0x33c,0x340,0x30c,0x344,0x749dcf0c,0x749dcf18,0x749dcf24
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2548
          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:3776
          • C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2392 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250119191524" --session-guid=3a7e2238-73b8-4d11-970d-2c8da320e525 --server-tracking-blob="ZTdjZmY2YzI0N2EyMGEzOTdjYjA4ZGY2MDdjMmNlMTcyMTgxNGFlMzcxMmUwMDJkNzNkMDgwZDRmNTRjMjA0Zjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM3MzE0MTIyLjY4OTEiLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuNSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJORVdfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiN2U5ODllYzMtMTE0Ni00MzBhLTk5ODktZGNhNjVjODU0Njk0In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4672
            • C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
              C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.35 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x7293cf0c,0x7293cf18,0x7293cf24
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:572
          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2812
          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe" --version
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:348
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.21 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x670ac4,0x670ad0,0x670adc
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\ExLoader\ExLoader.exe

          Filesize

          374KB

          MD5

          1e04c744d115e2c4eef7c3a37c62efc7

          SHA1

          076ed71b1c7e6ed9c7aba6da28a6c48e70f5bb98

          SHA256

          cf93cb22fa65e6f11bf2040dec522d8ea21fa85823f0dae9375ed3430aa4c77a

          SHA512

          bc01fc882d2e089819417a784ec9ce0cff5605749a59bbd609f9ea73d9e476167a7f0866ff133d14f0d77dd9014280f09ca0eb233d11c5c20e97b2d27633afaf

        • C:\Program Files\ExLoader\ExLoader.zip

          Filesize

          45.4MB

          MD5

          39106c9f46cb70314865a6465dc7cc0e

          SHA1

          8655deaf47a7d17489cc6ba59625eadcf77eca4a

          SHA256

          b2546bbb4a388e34c6e1ce1af2423fdce2e9ffbe55828f45d594a80eeccd95af

          SHA512

          0ef33513ecd6d893f10b11dd60864651e243d33f73690c40dd700440f016f7bf41ebc5a2a1bea1b65c78c542ec0222591406efdb8ca2da6035a0f4af9b25c96f

        • C:\Program Files\ExLoader\data\app.so

          Filesize

          14.3MB

          MD5

          cde527e578696b49eaea2abdb625c4ff

          SHA1

          bd9cdc5fad690ba06b4485763d8111e3fb77ea49

          SHA256

          ee480f3ac5dad7e7dbbbbeed1d3d3bba3d9e45825e8716e971918b2d7928e262

          SHA512

          5ac65486719c9feae439b760ace7504a42107bf6281f9416d34fe8c5b14576bc7116bf10646609a526c95f26b90bfa78bd5802171f5df33c3e9a9b50163f7a58

        • C:\Program Files\ExLoader\media_kit\libEGL.dll

          Filesize

          461KB

          MD5

          0f61da7cea39e89861117f3cb4620dae

          SHA1

          9ca286bf6d5617eb38101d5e166edac29497c9c5

          SHA256

          b2590bd0692f0381fc45c20bf1c7f7f713c9ea19c7ea6bab62efdd1fadc4eaac

          SHA512

          7dc2bbce9808e00122ae0d960ad6b0156d201494aedf4c4c9e261f50986b72dd19b41d443138ffdf1b2e5b8e29614f0a1e909e4c867262eab311f6675618369d

        • C:\Program Files\ExLoader\media_kit\libGLESv2.dll

          Filesize

          7.1MB

          MD5

          d22c92bee4e7a14d6c74e7376eca7605

          SHA1

          0592d72d5e0e38e5cfd9a090309260962bf8c4d9

          SHA256

          620bb6e38d7ed6c760a0cf4a8eb6a8f64b259b96ff286551cd32cefc6c35ca39

          SHA512

          2aeec8ccf9db442a2b1e3b391e6c3e899de1266199e6ee6040aceeaf8931e1d10c55ea1ab9ebbd3cc662bf56aea698c09e38f75c7b3e8b0b27c02af63d36993f

        • C:\Program Files\ExLoader\media_kit\libmpv-2.dll

          Filesize

          28.4MB

          MD5

          3a6bd0dc9ab32d7b450f06bca2359274

          SHA1

          b2be6a73be23b60f1d23543363ea559438218c72

          SHA256

          d5f0694b08c124e785d858d00082f3e3b158dd9138bfc48c0382bf1eb443a5fc

          SHA512

          4c8133321833bc94c8a2f1ddc83523fd554d9699efa09d8dea6ef4aa9bbca0a4f041a10e4793b6424c8cffc4583e36c2a96039017f29465458a9a2e5510631ef

        • C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll

          Filesize

          12KB

          MD5

          5add2f3b4fb318216e1a1f1c07403b84

          SHA1

          e9af34de44d70395c60502269e1b26d078996ffd

          SHA256

          529d1fea9b3ac94829c7dbca6918b287e0a56cc6638989af490740a5d87ac621

          SHA512

          619659c928ff09de644915a5d5ae1648f19a14eb5c2ac5c46fd76535269fd9d1b8ad2a9179e44d72c79ca76bb003eb65eb413bce0ca927ef824b6905d666c700

        • C:\Program Files\ExLoader\media_kit\media_kit_native_event_loop.dll

          Filesize

          37KB

          MD5

          17e0b1583660a96df08a845522dab46a

          SHA1

          0a360639f9b99642d2035630699533a589a60cef

          SHA256

          eb6ac7f66d533b837194045d5b0466feee318d4da0742c45b3e9ce77d1c1f4a3

          SHA512

          ae87cea5055f88d5afed82eb9cda64154596dbf7137440e20f7adb4e72eabe85d8fe5548384d2707bde16396d16445559a57937503baa655da0b68d664de8365

        • C:\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll

          Filesize

          138KB

          MD5

          e228660a72c691d8a06aa967ac23a08a

          SHA1

          4bd0cdbd71ca5c686cf1280463d0717362cc6613

          SHA256

          0a9d2ebf9ac59324287720b15dd982eb6ad7631f11ad5ee41b31234f5fa86801

          SHA512

          4b2aa77eb972bb642ecb1c0a49eadb160342172d987c0a3623fb146a3fed670cca531afcf69d7c22aa0234ed8ea0b35fd1e915c99fea999fe3e60b5f076dbc79

        • C:\Program Files\ExLoader\media_kit\permission_handler_windows_plugin.dll

          Filesize

          109KB

          MD5

          af6bdeed7336e694564ddb6b19031fae

          SHA1

          383e0128a8794c73bd4c3aa3307eafacff6c6e91

          SHA256

          06a0c6f5e428fdfb87d05d50f3f7b4bb1af630969b02f43e0f517df34c156aff

          SHA512

          fb0eb8251bb374ce0b5d2a922a4c1b3eb7ea343ab2866b1f57d53217f0dbffbfce15b292c7e6d65a1f3652a98d05e444bc91efc8064a8e77309138cfe3fb4eed

        • C:\Program Files\ExLoader\media_kit\screen_brightness_windows_plugin.dll

          Filesize

          93KB

          MD5

          8a76af8b126f25de94ee2c406db19d60

          SHA1

          1cf8dd5f443acd1c1db01661b57572c82886e260

          SHA256

          507e313f1ed3d8ca0e91e971cd7cd26d6e4abcf98b9d20f22e7e852ec8dbdead

          SHA512

          cbdb5f24c275135e57a1d4c4ae8e7b3ae5c224756c23df0be3f52455ea4f03f937af694ac1d7042a86bd993f5b6399e5ffebab4117a0aeca51f9c42dbcd38d42

        • C:\Program Files\ExLoader\media_kit\url_launcher_windows_plugin.dll

          Filesize

          87KB

          MD5

          85f251d3a0406c5387f77117e2823530

          SHA1

          dcce565217a4eecf8f3b5e1189d94baa11e6e39d

          SHA256

          fa685e4bbeaad4d123a2b78d1f43f7ba7a64cfc1aaac2bb863fe7b288807c840

          SHA512

          e29f2393b9d9a41d8a3115028e93f711ba26d5fc35d6b193d72c72b2087a4650286ea3adbe3bb0fd951f5f434404d802056a487f7c4da31db7ca0c7f3a8e69c1

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\additional_file0.tmp

          Filesize

          2.4MB

          MD5

          f197f4d2d50205236436fbbcf02e79b7

          SHA1

          e83fad0c2b93d023c78aed539709bebbeaf1c2f0

          SHA256

          caa17367382012f5bd23d519323470abdca96fc6e9ef2a89608bb92dd1c314c5

          SHA512

          fe332b56a021d029e443ef84b804f808fb469377e07527d875ce6ea018ade84ffe7de128f43094fcd8c6abcacfbae9ab886d3813afbc18edc637aaba49068e7e

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

          Filesize

          5.5MB

          MD5

          87f7ed90616d28b28a59f29b18a1f51c

          SHA1

          630db6efa8215bd982884edd6b24d623d4d23209

          SHA256

          55a20ef1ca035dd9be08c04ae88dde7b1ce4be664d3dcb63fb1b3b0d43b4fc6f

          SHA512

          0fdcee568ae27185f02cf2f70ce3f69ff25db238fe157e80004b8f8eeed8f0a7dcb19d35476f54619939b8bf29abad2acc7336f727006979d447c793808281cf

        • C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

          Filesize

          2.1MB

          MD5

          86c5002d5712ac3de23356bbfe8e7bb4

          SHA1

          6db9cd250069c22554b4af50ed9aa5008e5e8252

          SHA256

          1d68ae3b0df8e53bdf79a8a0d73bcb1d178a3c72af55da2572a59397210bdfea

          SHA512

          d7f107815ccc993501cf1283fdf4cb5ee3964ef292732a8624f06a3ceb40f7057011b0f2ae881423e2abd6a9e6afe84876966c85fc15ef9526f4da95749d91c1

        • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501191915239872548.dll

          Filesize

          5.0MB

          MD5

          6f809bbbe1275e1e71427ff63165fcff

          SHA1

          c2a1726e038fbf7c583b0bb5faac91829dac7ba8

          SHA256

          51d12738523cabf3b96b9bed29ff882a36233a59c97a01e691552c547f0d733e

          SHA512

          dad32cfc4d04540c00d5f184c2c1d9b96b391acf563818490426f5e6051722a81a8f35e73142d79599c2c557fc78de5680481c1b47749bcda99148cbd273c2a0

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

          Filesize

          184KB

          MD5

          1156779d6a1fe7eca6f4f70b7e159280

          SHA1

          df0058c5e0b2b6696d25e49cad5511a9d5fd9f08

          SHA256

          bab846b6030449f4c37af32c8119ffe595b5a3d0d924d5e99370dd059bac2767

          SHA512

          addd3a223a48697d9ea9d1e8ade91c70221c71dba64aa6c30877501acf17ab079d49d48fd7cab614df52b0f73eee771974ac64ca8e7a0c1f930a035e0fa7c2b9

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140.dll

          Filesize

          116KB

          MD5

          e9b690fbe5c4b96871214379659dd928

          SHA1

          c199a4beac341abc218257080b741ada0fadecaf

          SHA256

          a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

          SHA512

          00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

          Filesize

          4.7MB

          MD5

          cb9807f6cf55ad799e920b7e0f97df99

          SHA1

          bb76012ded5acd103adad49436612d073d159b29

          SHA256

          5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

          SHA512

          f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

          Filesize

          13.8MB

          MD5

          c2f599ae1b79da8db01b4c4501899d2a

          SHA1

          19865301d8a408aa003c0a133bac47951b9fdac8

          SHA256

          8ceb7f683d61427f9109f58719837bbe5ac599681e723c47a62f21c557e13475

          SHA512

          752e863162b4602453427ce2bb2feb55d6ff6a42350f34265f0f0ecda6401b5d403700ad47d3740da19dcbd6824188cd788c5b1a8834c27cb72917bdb054bdc6

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

          Filesize

          14KB

          MD5

          e6ee07a908803b70dcdf31271bbc05bc

          SHA1

          4328b159cebeae8594bda27a63617e2cc7626bfb

          SHA256

          5bc7d9a70129040cb1a99067d26a8a74f1679b345ae7e7fbd6c71d26a97e2688

          SHA512

          53293ee1c663824b3170b994209ad034024df9d77fb782b13a9c104c8dd89316c2fa18fc3b7e106260b3ef3e4d9a54b8b110aad52f5defd01abf5a370a4855b2

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

          Filesize

          413B

          MD5

          fb1230bb41c3c1290008b9e44059dd39

          SHA1

          66493d0f8a6a112d8376cd296b05c277b111dca1

          SHA256

          2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292

          SHA512

          d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf

          Filesize

          1.6MB

          MD5

          e7069dfd19b331be16bed984668fe080

          SHA1

          fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

          SHA256

          d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

          SHA512

          27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg

          Filesize

          93KB

          MD5

          babd1b019be8944f7ef6c64c8194bc8d

          SHA1

          702a50d3e3a0933db4dc1f37423bca3b5c52acde

          SHA256

          71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76

          SHA512

          6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf

          Filesize

          46KB

          MD5

          e57b6bc24b970a377574124e026a7c01

          SHA1

          00184aedd4ee4d2ca6b5c87cf41e78f64304c89b

          SHA256

          b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6

          SHA512

          c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf

          Filesize

          45KB

          MD5

          d10d77b03ba3abe6ccc1c142d9852595

          SHA1

          6108edf0cfb3d5f25e3c593949c301c5c2aa5f25

          SHA256

          3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44

          SHA512

          71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf

          Filesize

          46KB

          MD5

          df63e8855d04ab0e25d2bb6a0b1fabfb

          SHA1

          5512dc285f36cdf7da5ba5eabaca128ca3442537

          SHA256

          a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed

          SHA512

          eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf

          Filesize

          45KB

          MD5

          d969db6adb881f1dfa91a5b7ec0154d9

          SHA1

          d7b44b20eb246b0ff5c41147c0d0fb96fde47c48

          SHA256

          c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152

          SHA512

          2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf

          Filesize

          46KB

          MD5

          5177edfb54762b59df676052d11b363d

          SHA1

          fa18815bf4914b93d587c2758b65e234ad51b38b

          SHA256

          50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d

          SHA512

          7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-right.svg

          Filesize

          250B

          MD5

          caf3668c9e2b82819137f778b10f04f9

          SHA1

          a3713391b4ce86c084f1981851cef5e76afc71aa

          SHA256

          92b25cb5172f158b02e577ad36c7de69fd277378cfab9c8cdc7e639b16c03433

          SHA512

          0b9bf756c36026d853ba5809819f29c308ba15149debc75d04ac5cc2eff4f6c59f3a1da2ac50f268c7751243f96d3c3eb707a16ec0b1ac14fa49199a284826fa

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

          Filesize

          201B

          MD5

          7f8d672a2849987b498734dcb90f0c51

          SHA1

          e53b9319bf964c15099080ac5497ee39f8bab362

          SHA256

          4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

          SHA512

          b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg

          Filesize

          1KB

          MD5

          e99140f842b471d330fc27cd73817c4c

          SHA1

          9957147463f586824b65bc7bfb121d33a9523a96

          SHA256

          0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae

          SHA512

          f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\folder.svg

          Filesize

          232B

          MD5

          50cecdece7b4bc925f5d0ee89b23f203

          SHA1

          dac0f01235ed5abd451b5ecd342686670a51a906

          SHA256

          be467574fdcd107ce7a0e7f7036a5c97a8073c77caafc3cc414da5335723cce3

          SHA512

          9ae7491302fcaa7426f944ec0658d05a32bf29601f8613828a2a00f9ebbdc66cd6b7f3d03abc9030e907ea057b623bc075319ccd2546430b92a3904e4cc4ef2b

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg

          Filesize

          151B

          MD5

          d47255b6d3e685cac4804eb58207d0b6

          SHA1

          7fe02211cf6b77f3971522a3b3888460491ae153

          SHA256

          29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640

          SHA512

          b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

          Filesize

          79KB

          MD5

          3577f702479e7f31a32a96f38a36e752

          SHA1

          e407b9ac4cfe3270cdd640a5018bec2178d49bb1

          SHA256

          cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

          SHA512

          1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

          Filesize

          760KB

          MD5

          692337664e861ad322138061132dddc6

          SHA1

          8a99bc860eda0772f3b1f4a125fa4d474410e21c

          SHA256

          c12537022ef818991a7bfed41a76d8d6ae962ffbc0e6511ac762a5d0845e7f7c

          SHA512

          3e2e6adb651e37e530734f999634d7c101fa1c45ae380be8ad169bbfb0a047f2878ff6c8d1428d6b9e7301b447ab2f8839484322ddb3831984be71d442829a55

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

          Filesize

          17.3MB

          MD5

          225782e5d02f400a76b8fabe8a6f5cd1

          SHA1

          e54ef4f664a250808749be2ea9870607c20ace31

          SHA256

          b66713715a7aeaa2f88ba18838aa7c245556eaaeb31c82da3f5aebcb71a7715e

          SHA512

          9e88489361b36970a982329184b7afa9ef403ca86830427c60397e49522e5d38fc652ce4b65e79c54583a50ffee83fb138a02d638e015c9ff53e56164556be76

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

          Filesize

          559KB

          MD5

          c3d497b0afef4bd7e09c7559e1c75b05

          SHA1

          295998a6455cc230da9517408f59569ea4ed7b02

          SHA256

          1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

          SHA512

          d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

          Filesize

          48KB

          MD5

          eb49c1d33b41eb49dfed58aafa9b9a8f

          SHA1

          61786eb9f3f996d85a5f5eea4c555093dd0daab6

          SHA256

          6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

          SHA512

          d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0shmiucf.bst.ps1

          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\0652db59b612c8672229009806f5673c.png

          Filesize

          809KB

          MD5

          9aaa60a98d05e8e0512a855242a916c2

          SHA1

          b56f525e4ef9cd75f35b993ac2df527fdb5b5c55

          SHA256

          71f9cbacec79254dcbad11551d4009a69399c55006cf95aaf61e10ec7e88c287

          SHA512

          f6aa4110eb6c904b9ca6c6ea34083c01e0466ea050f9e9b968e70e1b21e7e138e9550223478b0c21b50cb0f7ec3d87b88b5ef8a751f5a26a3f146d89fed7ecca

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\0d24dd1f086263a27280394010d07076.png

          Filesize

          1.1MB

          MD5

          a924291fb4f8e3ca693fd97723a0b38a

          SHA1

          6e50dc6904b856453cfe35db4933d26cbdfff3a2

          SHA256

          8d12cac6dd8da28e270c339325d67a2e3aa3d5fdcb64d1ac0a6698e507573959

          SHA512

          5464c724977505c0b3b2be2dadcc98d85417766c252826795adcfdcca95acc39263b8dd533b1bc1a0630690769bd4614c037c93d506d76933a10d0a33af3198e

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\0e821c73b0efce519b102c9d41dd7e7e.png

          Filesize

          956KB

          MD5

          180ed9f7f1fb062ee013ed2d2db4baf4

          SHA1

          2fde78fee3388f37e3d963cf377b6cfe05e68719

          SHA256

          47c0f7eb3b1ccf939eedfad6de69b83efc606498c2a852c4e37e3c481b40890a

          SHA512

          3bc168dc925a71a05016072a41a9b90260900786cb54842096d29663411d11b46a0e531fa42e48f74b9cc48365597be6bbfc76372b33b85611001af5a58295c6

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\30c4239a9080415b9c0c3ee740280c85.png

          Filesize

          228KB

          MD5

          2cec65e6907d9409210d1182b1eb96ed

          SHA1

          2d1051ab31839c0c9ebd64f4ea53155f479686bc

          SHA256

          0a9b7449915e8e1d79de85d8606ae865149276ceec7ce736a39af96214768876

          SHA512

          81b1de5595c7e2f312889972a749b84d527d6abb3960d013b5b27362c8394e1fd2eb0e0a6bf8f6014233be8dce3a51f679215367d8e8bdd483720815d5174cfb

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\38007daad993d0a30d44c531b566e801.png

          Filesize

          517KB

          MD5

          43ac81d7267e7773bdf4f74886181d87

          SHA1

          04f95b2646f643bcab06a196a225d780342709de

          SHA256

          7db600461e0d1a07848c693a64b077bc5897c347a1c08a3c1e6d1d0bd3b51d1d

          SHA512

          726fbe9d7e8be0374b3e88feed8a1e395ab45263ad88f3dc94e7b4627b83c72cfbada8f1e2e9b8f279ba217b8c49d866bf1d9e43481fdd4a172073bd4d08bf70

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\47ddf14b8d6f683aa8ba1f577a8adda7.png

          Filesize

          451KB

          MD5

          758caed982c894b0f398adb7f659772b

          SHA1

          6ffe9317dcb094b5106fe135ae4389c535d731e7

          SHA256

          2010dcbda935556eb53f41a722744c2e23bb50cd05f1d9432e5461045812515c

          SHA512

          205b15bee0b60f090eb8022174da6991d35c801f3874f500fa64e9959db5136fe0ec25a241d6f5c2bbdff87a5bf68e0f92d8fa8517a37c350735f10ff99e5198

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\506dde2b310688ddc0ac06af6b03f454.png

          Filesize

          4.3MB

          MD5

          c2618593cbf3f483954c27734e7c91cc

          SHA1

          1fae4a3634d7ca370572d045bfe27a3879586a52

          SHA256

          910a0f8455a3c7a3b460a215892030bc99576800cdb9ba23406a24cf7a05ae60

          SHA512

          6fecd47b037262e7b5e806b55382bb052c793085f4966c8177bbbbd23bb3213f6aa341726636509550ab281568aec409a558da26d1034226f8f1f82b527313ab

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\53026486cd0c51ea325a2fdccb4338e0.png

          Filesize

          200KB

          MD5

          c750892215c7488392c5829d8a9f6dd5

          SHA1

          1276ad45446329138880b6cbbe6666b749f411a8

          SHA256

          74dee0ecb1f53276a7935f6c907cf2ffa987f17fd1eb36ea37765e0d4ad275e4

          SHA512

          bb2dc331cd4e25d295236645b5e61fc99831c902c5e1d23769984c546c3457c1141fee328b22871f1f3419a8381a60fef868b2f1af7eecfcdfd933bc896b04aa

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7342b431386b839b9ebd18c5f59182e3.png

          Filesize

          172KB

          MD5

          806f6146b3f8970b235fc628ac8b9a0b

          SHA1

          b20be9f495bf4656f4e9bf5e7f158ad7a91a7611

          SHA256

          8a7081f2bb71d80ef9e5562753fe74a4d58a850271c9194de3def3bc39ed7ba9

          SHA512

          30e28e7aeb47cc1010a4cad4a4c564805f74fada30ab190ce6a08f3413e8e89e51329ade2293411b645096656b1ed30067e175975e255e926e10ce5b6d4b5481

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7a0e47e68b4ecc51ec3c2477bbe4c439.png

          Filesize

          381KB

          MD5

          faa264ef80599430df4773babbc75cba

          SHA1

          f4e08ab89fb9364efa3c305584985e4a03c58019

          SHA256

          fc3f79c76e1051f2305cbdd78bdbccf6bb78144f74146604741de01a35feed05

          SHA512

          f063bcf41dd1ecf442f5412fd2fe282432bf17437972abc19e5d9bb52f496b425809f3bc1e143dc9a719c3c0b59b6ebbe23eec176fc93d8e7f588e75610019d2

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\827fde2fc81570ee2382ba66da27961f.png

          Filesize

          1.6MB

          MD5

          3b67dc34324a46beeb9c2968f5ed9256

          SHA1

          5ddc7617f5d09e97b43089dca59e82ed953a259f

          SHA256

          9997d0b23e68778ffb85b1f9efcf1f9ff9dee287ef44da71bc4688b2a74e927f

          SHA512

          5def7ae832aa74c44879dc5408f537e8558668fa8cf275fe097d2fad622ede3163885aab3c44771ab98735dce6597d274800571bb1f2ea1787c759e0694762e3

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\9412adb0dff4b919a3ce84d2710b4df8.png

          Filesize

          682KB

          MD5

          63a4203739931a9bba55648dede9d96a

          SHA1

          e606e0d4474cd69f7f696a0dde6770f66f2b0df5

          SHA256

          4a72e437c33fb86bf1513f1088a14516dea2e2c409126bf760c3365e0e3f411c

          SHA512

          46798c6d116100d44ce753ab08f704fbb2c0cc83d948560dff9752406855b71cc67f3fd2e5439a3d0e85e248f5a0daa32bd0afe20f7632186b7bd968df5d2867

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\94e0c3edc5ae7af1904de2471036d85e.png

          Filesize

          1.1MB

          MD5

          8ff54539db826cd25d454094534963ce

          SHA1

          8800e2660ee95e850282f2d0c58923bf3fd8134b

          SHA256

          a13ec435ae469a4c4379c149467de10ad11ab2333e47f1ffb09487caa7230eb2

          SHA512

          0e71cfcaf06f92c89cdccb44b240da8fab21e1ebe73bc6d401da379b4bf021de4051360e8b8ea979325a6c70c38daa6c56e2051d2b83e233641388d27bea7845

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\959eece144a5a6ce6c53a28f89270564.png

          Filesize

          377KB

          MD5

          f4d002685d9a194f1c8e378f31d34a7a

          SHA1

          eef3de2f726b0f4e5ae2a87406dd867e1c7bc0f6

          SHA256

          e326c12afae210d30ed9f26cc36d1c4e1e9c06ef820a6b601fce7019b5416385

          SHA512

          5c03adab5340dfe55b0430e5c9f888725f60f3ede15662c3f40df9fea4ca1526c47f34aaccff85be28c982a05203fd62f33689bd9c21cb829b962c08ef2c2901

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\9706625be9f704a156df8221377b5a36.png

          Filesize

          132KB

          MD5

          5b5a500cfd4ddf9f7dfb446668da148d

          SHA1

          aeb9c24a65235e6e70bc51fd6d12425dcf9cb9c4

          SHA256

          2622c99d9efe1d6cb35b0212ee7de3de5109d6df9695536bf2d0d52109f956ad

          SHA512

          59e07c665d648d2554400d16ece7735f7e9f5a13684627fbbcc3a8180acb884429b36ec410087603e9a9dd6580adab1348f589645c541e70492e0f271f98a9ca

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\a19d01944c9bdb6017cf86da8dcbe8ce.png

          Filesize

          1.1MB

          MD5

          f5a4dc1f02c29f80386d970d6cfdff86

          SHA1

          4ef613d075450c9784a138bd7dfd01463f4685fb

          SHA256

          18a7ac8e98cb7e7d593438ae1f026922a83ed35f6d70e56ffb76a4159aad6e06

          SHA512

          be2fa650d577f62dd8d87e3190a68f9a4448d2007df0412f571abdf02fcf3e6f68be78282ceda604cc7719d5d704b93e1834da1cfbac0b6d4b6fa5b714af8e6c

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\bc4454a839a50e2b5292e2f08f3a13a6.png

          Filesize

          296KB

          MD5

          cdf0f44b9be2be8d98d19d338c0a5b11

          SHA1

          4008a2006a775605caf245410cf9c346667e024c

          SHA256

          5b300cc2a308d9f5640d8ac7643d5a5dbbcb025e02f305402cbdc015d2a49781

          SHA512

          f56ec411ad4f6b6c547f99ccf4b12fdce8207649c48faa7ab37fc9aaa2a5092aa8b093c229467bd09c58c1cc3077c8a0bfb108e3c8eafed2dbbff0a40a1666fc

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\beaf3e36911441b70927ecb4884d360a.png

          Filesize

          309KB

          MD5

          67a50cf02f92461e18046c6c0e66fd25

          SHA1

          31ea768b478dbcfa03ee7fa8fdcb86a3369065b2

          SHA256

          a929a07eee2930e6cd8b8d5aa4845d440492b5d3e8c399929341af4cd1a9905f

          SHA512

          b717e91b12197a5d5e543d5d961b60a25b82a7ab1b46fdb1458590c90cd5c24280d33586764e1eb8ce0e020fb25f348a3cebf1eb849b7668ad8e792dd52d8bef

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\d0edd9f750e4f6152ab970a2a1270528.png

          Filesize

          429KB

          MD5

          3d66f520496d3a84063dcf3559dcf972

          SHA1

          e2ffeec965ecb249dd6ac1e45e5a0497adcb7ef2

          SHA256

          269640c56a282486a33fb40a8e57b078634f20eff22ca331f67fe30ad824a55f

          SHA512

          e06766b8600d592094b0efed97a5ec1d1451a963b81e913cf794f2f7e99296f16b6acf8e878b0d9be7fbed889b211e936b2546357daa5655b52dcd6d5ee56a73

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\dc1d9d6c23496fa03e06294579189ec9.png

          Filesize

          1.0MB

          MD5

          3afad9fcbd2a754accf46cdedd734556

          SHA1

          b19d8c500b12ab50c7025c3e263e541959ec5b92

          SHA256

          520aefa172c7e6b21dff426536fe11f438bef767f483ce26dccd18968b304cdf

          SHA512

          36ed54986e10a2ad9a910f184afed56998c4e7ee8a2707b432525df8184b5dc0578c9c9cedaf4808678bdb669b6772455ebd33762f380ce93aa21912fc45c463

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\dea813a4baa55dc739687421a5489890.png

          Filesize

          280KB

          MD5

          7850120a910edbcfd5362ecfab76fc2e

          SHA1

          f0945e15a27732b6b917b09300cc6b3267d017ff

          SHA256

          83afab61dd1e26c7bedcae74fc7128744579d2bfcd576ddee3d42fa0d72987d6

          SHA512

          78adc040c6e9b2bc2c202ab2e4dc4b9223e7df9e3a1bbcfbc97a227cf4c5b0ba42cbb8b65a1d4e8d497edeede09a1e6d3f57d314a4b4d9da9a1d3cccd396ef5d

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\df6c9d3b733211c3a6421d5be10ee362.png

          Filesize

          271KB

          MD5

          45bec10d0569de6d5d8088ca9f8bcb75

          SHA1

          8830c5b4a0242a0f34ab8d054df27e57cb45e714

          SHA256

          d62bc5d430072585637df740cf990449cf6e5aea47dfcab67d4960bee3cf8339

          SHA512

          2d299b523ada4113126fd45ec948bb314ffde55f03bd862d66de9a702a27cdbfd3c3bb3d96937b7b43743910d76eb17f98e33193473b31816e51879b7c3fd723

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\e83ed9fc67ab81954565a417c596c4ea.png

          Filesize

          1.5MB

          MD5

          a3f4e0adcb9bb53eb8a8c2e0cd3b957f

          SHA1

          1155c4bd814475622fb90443ae61e430ba9963ba

          SHA256

          0104cd8aa64f09635834a3c7440a6684e5344b82b883d2007014c60ce35c03e2

          SHA512

          449a42b4cf84597ab0b108e9a4ae83e717bc796985e7dffa8ecdea770fb72eee25ada4b2de0e41c547a11a0991eec47363f99227e14c9ddc24b249a64282fcc6

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\eb316ca9a4e2edcdc1881302277d7d5d.png

          Filesize

          378KB

          MD5

          d831293ccb3a1ffdf88639b6c180180f

          SHA1

          be2a0f420fa7b61053f16b59d0a63108e26e943a

          SHA256

          6f00699629bda1aabed500c80e95d99c93d6038d2e88459e86f023cb1bd219d5

          SHA512

          52028163d22816bc0a82a81654cba38128c1cdb58808a74f1e55d16bdb4143ac3e7db036cabb67c55bde705127db527e4848fc537166c904bcf89e32bb24522e

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\f3d3a164b4e4f4b3443d21469f3a7b4f.png

          Filesize

          283KB

          MD5

          78f4e28a3cf5170ed6d78f3943d98ac3

          SHA1

          24d2f2d73c715d978b7f656dcf982d30df53afb3

          SHA256

          bc7e7a2c7842c6aaa6531f84b91edfcc26a38aab1173c69e8b7ca2a5eb2b1ff9

          SHA512

          53b73968757138f98b0c7378fb0cbbf74bc7e870ee7cab867eb4965abfcf5f4d3aa7a68d6bc6c12d7c991f9f3513493d13ab72556a9d3cf77e80bbdddcf047d0

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\fcf071cb7a9868fd1477405cfc31f0f1.png

          Filesize

          193KB

          MD5

          1be4d35bb03410dc5814a391fb39093a

          SHA1

          364ba729f6a17b7196efe354c7f9ecfa70db81d4

          SHA256

          4282e98f7e8ba8d9f133f4c7d5d1f730263c565cdc4270e00ea9dc637761e584

          SHA512

          69adb08c57d0ffe2320a7c78d8dd3b7e18ef5aa7df7351b339f4fcebcd2f435070a32fc44f7de4668defb435d5107cdbc7d43fc8a9183dbc6a99e2b065557f3f

        • C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\fd7af4087d25fb9733b803ef1828db72.png

          Filesize

          302KB

          MD5

          78f8d650520bfa8699bf5bbedf0c45bc

          SHA1

          b0b25d6923fd39ced207b76eb9319bda3aeb70bc

          SHA256

          ad4b286b1760785ed35dda4a909242f2f218598bb3552391ee60821106c42415

          SHA512

          fe76107433dc1890c7e6968e7afb5213a1294d567c47cd9550589307bf053518d6dbe5266e962fc044eeb033b39aa4754dd9c9afb83cdd75a90f3b2286f5f34c

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\0.svg

          Filesize

          1KB

          MD5

          3c82bc5493a92aebc9064551ea8d38ac

          SHA1

          b1019e3fe4397f7215ed8af2c0914159e986fbb2

          SHA256

          6046c1e9b8fc8cada4c4e063b031e164163e7c5723afd8c37d7df6c3054e1e7c

          SHA512

          126c5773e2192629eee40a611997f01c14bf598215d6ed33488b9d934ac41acfa83b99d7f373e0726a459dfee950011a0c24f97fbc600f5f96dfbb16ac7d9bb9

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\game_icons.zip

          Filesize

          131KB

          MD5

          8d0582e911b916ea68f2b660790563e7

          SHA1

          316b0c2590aae22deeec58abfa73f92d3d9e03cb

          SHA256

          636d600a2df689bad2b082532757b7e697113f283e061e0e9e785e21c3e2e369

          SHA512

          970d8e6576a80ccda562fbb5934106856291b9c9f20ed76dcbacc40bfd3f2c8238a829d78de99d6d107623e4886855c1f234efcc42ffe8890cc08fa17d29a75e

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json

          Filesize

          3KB

          MD5

          d783076e34325d2dd3986a33fa02a4be

          SHA1

          9d05de091bac92793d4af84ba338961aee11781a

          SHA256

          aa67d20e8016ecc47e039db2838a2ec8d9b4affaa6426177c8166bcacd5671e6

          SHA512

          e07e9cc6a15816c34428896ac04ef697f1e3c63c4d847288051750c5a16d6cb828aade2f08dd9ab4d579e904bdb6f1370681e989c6656684bc9779bfca38caa2

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json

          Filesize

          3KB

          MD5

          5c039f38724f5b071a974414dbf225b2

          SHA1

          dc13282ed9c5c930fe30bdfee7713043af0609fb

          SHA256

          6f3dc023f94b7e1ca9fcdf97a08ba187771488356bd5d620a8983a7a1d023146

          SHA512

          e3b17e10a7ce63570d57811b93fb1515ad2ae847e5e4390274bbb4aaed98eecc2d551fe87c30ccb4a18b9dfcb7a83ddde9eec3913714917e80a871b09139aa4c

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json

          Filesize

          4KB

          MD5

          0aea526b1aed0c05954bf9d1436dc410

          SHA1

          11426a41a4b0806532ff778ed1e8ea50af1022c2

          SHA256

          d6e1b845b3ec8177d505fba428a007a19b31bc260a5e1e3687486b8a6e8a5742

          SHA512

          4f15a4558f2c79a5cee6ef1697762f325f25e7904a52ebe6637abbea4be00780f4ca53391231ea00a777defedc24b8e3306d814c7673c2126474259b97fcd006

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

          Filesize

          229B

          MD5

          c80b0d12c4f645ed05ae28759537ed4a

          SHA1

          85f46af7b0c5e76e4fd9aaefd6e40924f2cb9e45

          SHA256

          505841451bb5527799be1c69d04ea1e5139beadd38c326c39f855743474e5f2e

          SHA512

          e3d94325b063e227ad0c06ab6c9b2f6b0ab0b9987aba9e5749c32dd80b59d601a2a1d1830e7ef3a2d09f1e4807a23c2a1e78cc52242be5db5fe977110b7950f4

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

          Filesize

          371B

          MD5

          744d4eb7b89034d872919769a52f2001

          SHA1

          6508abc06beb409e1b440e8f94fda799bdc6df07

          SHA256

          5a7e91c6867899b4985613e2b135f3d8f73329862ffc783d0d537a9dd70f71a7

          SHA512

          5165f269f8d5673f5fc790541aa4592563bb3f71f4262e9c63b871590d5b2dafc18715c8e2867363f035972e5796cecc4bdfeff0013d6e48b4c210a4986eefaa

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

          Filesize

          902B

          MD5

          0a9ce004b99e1bb0a4ed6e54f5bc72e9

          SHA1

          3ad834efbb55e719675cd7130a9237666f60e725

          SHA256

          42a562447457516ec356035e3c51ec6ca309ea621a53257084166a54b4330840

          SHA512

          0022dc954dede00dc286a48d0ec73e54c38168df09fd5b54ae1869e44f55e3828e97a60c37d98a536a8911b21b08e7484a7f65d59b43f4077ba7595514e8966c

        • C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

          Filesize

          269B

          MD5

          f64fb0f46eaee310cec2a928294b44c8

          SHA1

          50f321398653d1c9ebfe2816b605583edc3633fd

          SHA256

          067c35e9beaa8893348a8997cea283e47e5c8bfdb3f3b17f864c962a06d2ed70

          SHA512

          91246223966f5d7d48d4071180239077efbfbb834b63048682ca7e917338d8d24151062a7c4c3103510266510b50805c970cf8799a8e69be162395d407c439ef

        • memory/1576-986-0x00000208B2440000-0x00000208B2462000-memory.dmp

          Filesize

          136KB

        • memory/1948-654-0x00000174DFFE0000-0x00000174DFFE1000-memory.dmp

          Filesize

          4KB

        • memory/1948-658-0x00000174DFFF0000-0x00000174DFFF1000-memory.dmp

          Filesize

          4KB

        • memory/1948-655-0x00000174E24B0000-0x00000174E3281000-memory.dmp

          Filesize

          13.8MB

        • memory/1948-657-0x00000174E24B0000-0x00000174E3281000-memory.dmp

          Filesize

          13.8MB

        • memory/1948-656-0x00000174E24B0000-0x00000174E3281000-memory.dmp

          Filesize

          13.8MB

        • memory/2880-1014-0x000002484CCD0000-0x000002484DB1D000-memory.dmp

          Filesize

          14.3MB

        • memory/2880-1107-0x00007FFB59C40000-0x00007FFB5BD48000-memory.dmp

          Filesize

          33.0MB

        • memory/2880-1012-0x000002484CCD0000-0x000002484DB1D000-memory.dmp

          Filesize

          14.3MB

        • memory/2880-1013-0x000002484CCD0000-0x000002484DB1D000-memory.dmp

          Filesize

          14.3MB

        • memory/2880-1015-0x000002484C4E0000-0x000002484C4E1000-memory.dmp

          Filesize

          4KB

        • memory/2880-1011-0x000002484C4D0000-0x000002484C4D1000-memory.dmp

          Filesize

          4KB

        • memory/2880-1157-0x00007FFB59C40000-0x00007FFB5BD48000-memory.dmp

          Filesize

          33.0MB

        • memory/4500-1677-0x00007FFB5A370000-0x00007FFB5C478000-memory.dmp

          Filesize

          33.0MB