dcrat | 3798fff79e09d26cb8233719f946cf49d90eaec3d6f580304a9f6818f4f0870b

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2025 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb4f2125a50a9b9c4dbab873e3390356.exe
Size

28.3MB
MD5

fb4f2125a50a9b9c4dbab873e3390356
SHA1

1a35bb722ab427ef7a739fa1366a302383569f61
SHA256

3798fff79e09d26cb8233719f946cf49d90eaec3d6f580304a9f6818f4f0870b
SHA512

73900fc52221a42f7c546a1b93e97cf40ebd299817985545355c837b40e6656b25cdd7685624b97a89a766b7410fbc855043125eba23bc145e0937d68f2bf261
SSDEEP

786432:QjEVGB9XHZHAkLva99FHEcBo7dZ7IndVXIAxlNIwmDS:QjEYnXHykGjXBo7zOVIyzNmDS

Score

10^/10

dcrat defense_evasion discovery execution infostealer persistence rat spyware stealer

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

Modifies WinLogon for persistence 2 TTPs 6 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Recovery\\WindowsRE\\TextInputHost.exe\", \"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\", \"C:\\Program Files (x86)\\Windows Defender\\ja-JP\\services.exe\", \"C:\\Users\\Admin\\Links\\fontdrvhost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Recovery\\WindowsRE\\TextInputHost.exe\", \"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\", \"C:\\Program Files (x86)\\Windows Defender\\ja-JP\\services.exe\", \"C:\\Users\\Admin\\Links\\fontdrvhost.exe\", \"C:\\Users\\Default\\My Documents\\sihost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Recovery\\WindowsRE\\TextInputHost.exe\", \"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\", \"C:\\Program Files (x86)\\Windows Defender\\ja-JP\\services.exe\", \"C:\\Users\\Admin\\Links\\fontdrvhost.exe\", \"C:\\Users\\Default\\My Documents\\sihost.exe\", \"C:\\Users\\Admin\\AppData\\Roaming\\Comdriver\\PortRuntimeHostPerf.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Recovery\\WindowsRE\\TextInputHost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Recovery\\WindowsRE\\TextInputHost.exe\", \"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Recovery\\WindowsRE\\TextInputHost.exe\", \"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\", \"C:\\Program Files (x86)\\Windows Defender\\ja-JP\\services.exe\""	PortRuntimeHostPerf.exe

Process spawned unexpected child process 18 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3616	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3376	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2824	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1932	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1236	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2240	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1000	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2464	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2004	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1344	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1392	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2108	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2008	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4992	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3684	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3988	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4048	2196	schtasks.exe	98
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4644	2196	schtasks.exe	98

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2088	powershell.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\Control Panel\International\Geo\Nation	x.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\Control Panel\International\Geo\Nation	Eblan.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\Control Panel\International\Geo\Nation	ExLoader_Installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\Control Panel\International\Geo\Nation	PortRuntimeHostPerf.exe

Executes dropped EXE 6 IoCs

pid	Process
4464	x.exe
4580	ExLoader_Installer.exe
1084	Eblan.exe
1908	ExLoader_Installer.exe
4636	PortRuntimeHostPerf.exe
2408	RuntimeBroker.exe

Loads dropped DLL 7 IoCs

pid	Process
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 13 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TextInputHost = "\"C:\\Recovery\\WindowsRE\\TextInputHost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services = "\"C:\\Program Files (x86)\\Windows Defender\\ja-JP\\services.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fontdrvhost = "\"C:\\Users\\Admin\\Links\\fontdrvhost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sihost = "\"C:\\Users\\Default\\My Documents\\sihost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PortRuntimeHostPerf = "\"C:\\Users\\Admin\\AppData\\Roaming\\Comdriver\\PortRuntimeHostPerf.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PortRuntimeHostPerf = "\"C:\\Users\\Admin\\AppData\\Roaming\\Comdriver\\PortRuntimeHostPerf.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	fb4f2125a50a9b9c4dbab873e3390356.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Program Files (x86)\\Windows Mail\\RuntimeBroker.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services = "\"C:\\Program Files (x86)\\Windows Defender\\ja-JP\\services.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fontdrvhost = "\"C:\\Users\\Admin\\Links\\fontdrvhost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sihost = "\"C:\\Users\\Default\\My Documents\\sihost.exe\""	PortRuntimeHostPerf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TextInputHost = "\"C:\\Recovery\\WindowsRE\\TextInputHost.exe\""	PortRuntimeHostPerf.exe

Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

Payload decoded via CertUtil.

defense_evasion

Deobfuscate/Decode Files or Information

T1140

pid	Process
1644	certutil.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\CSC67FAB207FB3C4AC8AAF98AFF52ADFB8.TMP	csc.exe
File created	\??\c:\Windows\System32\u1u3f5.exe	csc.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Defender\ja-JP\c5b4cb5e9653cc	PortRuntimeHostPerf.exe
File created	C:\Program Files (x86)\Windows Mail\RuntimeBroker.exe	PortRuntimeHostPerf.exe
File created	C:\Program Files (x86)\Windows Mail\9e8d7a4ca61bd9	PortRuntimeHostPerf.exe
File created	C:\Program Files (x86)\Windows Defender\ja-JP\services.exe	PortRuntimeHostPerf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Eblan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000_Classes\Local Settings	Eblan.exe
Key created	\REGISTRY\USER\S-1-5-21-4174397412-4125106315-2776226590-1000_Classes\Local Settings	PortRuntimeHostPerf.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3616	schtasks.exe
2240	schtasks.exe
1000	schtasks.exe
3684	schtasks.exe
3988	schtasks.exe
3376	schtasks.exe
1236	schtasks.exe
1392	schtasks.exe
2004	schtasks.exe
1344	schtasks.exe
2108	schtasks.exe
2008	schtasks.exe
2824	schtasks.exe
1932	schtasks.exe
2464	schtasks.exe
4992	schtasks.exe
4048	schtasks.exe
4644	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2088	powershell.exe
2088	powershell.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe
4636	PortRuntimeHostPerf.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2088	powershell.exe
Token: SeDebugPrivilege	4636	PortRuntimeHostPerf.exe
Token: SeDebugPrivilege	2408	RuntimeBroker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1908	ExLoader_Installer.exe
1908	ExLoader_Installer.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 840	4364	fb4f2125a50a9b9c4dbab873e3390356.exe	89
PID 4364 wrote to memory of 840	4364	fb4f2125a50a9b9c4dbab873e3390356.exe	89
PID 840 wrote to memory of 1644	840	cmd.exe	91
PID 840 wrote to memory of 1644	840	cmd.exe	91
PID 840 wrote to memory of 4464	840	cmd.exe	92
PID 840 wrote to memory of 4464	840	cmd.exe	92
PID 4464 wrote to memory of 4580	4464	x.exe	99
PID 4464 wrote to memory of 4580	4464	x.exe	99
PID 4464 wrote to memory of 2088	4464	x.exe	101
PID 4464 wrote to memory of 2088	4464	x.exe	101
PID 4464 wrote to memory of 1084	4464	x.exe	105
PID 4464 wrote to memory of 1084	4464	x.exe	105
PID 4464 wrote to memory of 1084	4464	x.exe	105
PID 1084 wrote to memory of 1060	1084	Eblan.exe	106
PID 1084 wrote to memory of 1060	1084	Eblan.exe	106
PID 1084 wrote to memory of 1060	1084	Eblan.exe	106
PID 4580 wrote to memory of 1908	4580	ExLoader_Installer.exe	108
PID 4580 wrote to memory of 1908	4580	ExLoader_Installer.exe	108
PID 1060 wrote to memory of 4596	1060	WScript.exe	111
PID 1060 wrote to memory of 4596	1060	WScript.exe	111
PID 1060 wrote to memory of 4596	1060	WScript.exe	111
PID 4596 wrote to memory of 4636	4596	cmd.exe	113
PID 4596 wrote to memory of 4636	4596	cmd.exe	113
PID 4636 wrote to memory of 3508	4636	PortRuntimeHostPerf.exe	118
PID 4636 wrote to memory of 3508	4636	PortRuntimeHostPerf.exe	118
PID 3508 wrote to memory of 4856	3508	csc.exe	120
PID 3508 wrote to memory of 4856	3508	csc.exe	120
PID 4636 wrote to memory of 4024	4636	PortRuntimeHostPerf.exe	136
PID 4636 wrote to memory of 4024	4636	PortRuntimeHostPerf.exe	136
PID 4024 wrote to memory of 3580	4024	cmd.exe	138
PID 4024 wrote to memory of 3580	4024	cmd.exe	138
PID 4024 wrote to memory of 916	4024	cmd.exe	139
PID 4024 wrote to memory of 916	4024	cmd.exe	139
PID 4024 wrote to memory of 2408	4024	cmd.exe	145
PID 4024 wrote to memory of 2408	4024	cmd.exe	145

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fb4f2125a50a9b9c4dbab873e3390356.exe
"C:\Users\Admin\AppData\Local\Temp\fb4f2125a50a9b9c4dbab873e3390356.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c "eblan.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:840
- - C:\Windows\system32\certutil.exe
    certutil -decode "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eblan.bat" "C:\Users\Admin\AppData\Local\Temp\\x.exe"
    3⤵
    - Deobfuscate/Decode Files or Information
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\x.exe
    "C:\Users\Admin\AppData\Local\Temp\\x.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1908
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Eblan.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Eblan.exe
      "C:\Users\Admin\AppData\Local\Temp\Eblan.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1084
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Comdriver\d2sdOUNz2l3mTj5MoDzrIajkHplSQWvXKmzVWInFFOZeZ2BgrbJztlDSX8M.vbe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1060
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Comdriver\N6AdgHroBA8xwm99sutzvj43bdFh6UKKZKcLC7ihYnoDNC3ex.bat" "
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4596
        
        C:\Users\Admin\AppData\Roaming\Comdriver\PortRuntimeHostPerf.exe
        
        "C:\Users\Admin\AppData\Roaming\Comdriver/PortRuntimeHostPerf.exe"
        7⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4636
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pw40a2ly\pw40a2ly.cmdline"
        8⤵
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3508
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5787.tmp" "c:\Windows\System32\CSC67FAB207FB3C4AC8AAF98AFF52ADFB8.TMP"
        9⤵
        
        PID:4856
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\j9NxhuBG9j.bat"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4024
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        9⤵
        
        PID:3580
        
        C:\Windows\system32\w32tm.exe
        
        w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
        9⤵
        
        PID:916
        
        C:\Program Files (x86)\Windows Mail\RuntimeBroker.exe
        
        "C:\Program Files (x86)\Windows Mail\RuntimeBroker.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2408

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\TextInputHost.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3616

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\TextInputHost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3376

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\TextInputHost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2824

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Windows Mail\RuntimeBroker.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1932

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\RuntimeBroker.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1236

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Mail\RuntimeBroker.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2240

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Windows Defender\ja-JP\services.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1000

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\ja-JP\services.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2464

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Windows Defender\ja-JP\services.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2004

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 7 /tr "'C:\Users\Admin\Links\fontdrvhost.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1344

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Users\Admin\Links\fontdrvhost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:1392

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\Links\fontdrvhost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2108

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Users\Default\My Documents\sihost.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:2008

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Users\Default\My Documents\sihost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4992

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Users\Default\My Documents\sihost.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3684

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "PortRuntimeHostPerfP" /sc MINUTE /mo 9 /tr "'C:\Users\Admin\AppData\Roaming\Comdriver\PortRuntimeHostPerf.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:3988

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "PortRuntimeHostPerf" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Roaming\Comdriver\PortRuntimeHostPerf.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4048

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "PortRuntimeHostPerfP" /sc MINUTE /mo 13 /tr "'C:\Users\Admin\AppData\Roaming\Comdriver\PortRuntimeHostPerf.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Deobfuscate/Decode Files or Information

T1140

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Eblan.exe

Filesize
2.2MB

MD5
7a9eac1277d69edafed92df3f3b886cc

SHA1
d2ba338e7ca4365cb7543903540dca7f6dedab8f

SHA256
4910593d469439376ecc16dfa9eddd7f97251d9ff19e6e490452ee1080e4979b

SHA512
130bd2f7aa065a0f2aa7d0a73c89f753519acf0b685ba8016a89c7ea26f8ee7747d5e702b73a81104c0508cd1fde36efc4ea643d488c6f04e39bc3f0f9b9b0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe

Filesize
26.4MB

MD5
2d3bb824bab42e39818e768c1fcc0e43

SHA1
09bc8adef1d4444c8d163a768f419f12f733b9a1

SHA256
c8b7de3ce429150617f25529aa436d28497b642925b7ea384c30f529ce8bc23b

SHA512
3cbe7b4c7e38d2a6095e2e471308cd6cc5f185dcf45d96a5a28c22d946606386d7da411150b9fc9a9a8bb66c204693025e346102b06780a4b2dd101ab7c5eff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eblan.bat

Filesize
37.5MB

MD5
c1afb8f0ab2cbe370dae0f19fd25b3b6

SHA1
bb4f72e89db2d11e3f925a1b7ed79fac26516b46

SHA256
3535cbd619592e82a1d506f33557267e2628823d31d506e3a54660204dc9dade

SHA512
1074b4b36e34ea7bc24741f7a55d2d238c32b19ecae97831f82ffb472d2f18f221361e6fdc3ca812f66496f06400d7755724f9f9f6d3281d4c1ad392d05f1f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES5787.tmp

Filesize
1KB

MD5
4e29a37867a6bb8a14cb2a7eb585b290

SHA1
4142f110f1d67e6a1ca207a140a461dcc76a3edb

SHA256
a585604ecf59afa2880e67cdf8d5be8c0a6fd795a1a28d2abb1bda9cee6aac06

SHA512
ccf5edb897172ac297cedd60fd63d12d7f8d5d4b213c457e0ece7e00b823a3233d2dcd71c1ae151bf08c960fd04b4e69bd59c205d7d8e0b2d06b0637cb8164c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
184KB

MD5
1156779d6a1fe7eca6f4f70b7e159280

SHA1
df0058c5e0b2b6696d25e49cad5511a9d5fd9f08

SHA256
bab846b6030449f4c37af32c8119ffe595b5a3d0d924d5e99370dd059bac2767

SHA512
addd3a223a48697d9ea9d1e8ade91c70221c71dba64aa6c30877501acf17ab079d49d48fd7cab614df52b0f73eee771974ac64ca8e7a0c1f930a035e0fa7c2b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

Filesize
13.8MB

MD5
c2f599ae1b79da8db01b4c4501899d2a

SHA1
19865301d8a408aa003c0a133bac47951b9fdac8

SHA256
8ceb7f683d61427f9109f58719837bbe5ac599681e723c47a62f21c557e13475

SHA512
752e863162b4602453427ce2bb2feb55d6ff6a42350f34265f0f0ecda6401b5d403700ad47d3740da19dcbd6824188cd788c5b1a8834c27cb72917bdb054bdc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

Filesize
14KB

MD5
e6ee07a908803b70dcdf31271bbc05bc

SHA1
4328b159cebeae8594bda27a63617e2cc7626bfb

SHA256
5bc7d9a70129040cb1a99067d26a8a74f1679b345ae7e7fbd6c71d26a97e2688

SHA512
53293ee1c663824b3170b994209ad034024df9d77fb782b13a9c104c8dd89316c2fa18fc3b7e106260b3ef3e4d9a54b8b110aad52f5defd01abf5a370a4855b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.json

Filesize
13KB

MD5
8dab30c01916d845d7082d8581ba1f7c

SHA1
22199b0c399d02b9142b505889411477f52fe5d3

SHA256
8f6ee8c6aee1d574d5c0bbb03e1f3287e8d940514dda839c80f6c8b124e9494b

SHA512
3fb37d3ec427b4f0d8da98e1dea0abf8f4092c651619d9c7513d14198a743d874425b8e20e73366707bf63b55957ef1cdee7398cb5262d509eee0e4fd0e733ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

Filesize
413B

MD5
fb1230bb41c3c1290008b9e44059dd39

SHA1
66493d0f8a6a112d8376cd296b05c277b111dca1

SHA256
2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292

SHA512
d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\NOTICES.Z

Filesize
85KB

MD5
91408e65c3243b8eed6c8e8d991a1d82

SHA1
f3ea62e66f6f080171f3325f7c4d5cbee365a0f8

SHA256
6873cc4ca1a29fd50ea191b9e54c1cd90ebd701c2cfebd1e62a619d867acf332

SHA512
2f6b967334be154a3434018d8d1405538d0f52465719c39b058a8673ce88f7087c111c87d4246b7004d266d3d8ccdbd4be68ac71c77c6757a3a862bdc7c84d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf

Filesize
1.6MB

MD5
e7069dfd19b331be16bed984668fe080

SHA1
fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

SHA256
d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

SHA512
27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\AbominationPissed_DE.wav

Filesize
131KB

MD5
b287fcc8278972ff72b8e46b481c4ab7

SHA1
71a91ebbcfb6debe7673a0b59079c5e90cb2ede3

SHA256
c87cb5c9c64b5798769af14563e268080ed82c7c8a1958f6fa1c1b5e7f10d2e2

SHA512
746f5d9232a06b5a415391dcc191902c7ec12465a22551342823da5880a16e9b9cb44da7052638fd0f5a2211ba8b97be6d835f5931bf34eb4fb1b96c6c529c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\AbominationPissed_EN.wav

Filesize
80KB

MD5
04de7b1fd5d0fce157b378ebede59df1

SHA1
97709ff9bef57080569f04f99efec6098cba3bc1

SHA256
3939fcaa3b0efd6d601da475abea862d9f7c078643f1063df51c83609cf47a6f

SHA512
31dcee1e7f1da84853bc8e41c108b1856020ea8da09bf2dd75b2902223f96540e148be9daa2e802358a5d78296ca5c90fa68c8f34f0a52b610f9bad446fff728

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\AbominationPissed_RU.wav

Filesize
156KB

MD5
5c4c79ff61bc28f30fc6b2a221975b98

SHA1
82bbdd2bf6c5bb2941788c0ea594c0185c6a17b5

SHA256
d5f7ea66bb3bc77de30b0b450b37dbac1dfa2f30b8108fce9ac2752ce9ad2838

SHA512
d2fe68b06c3852111cb03ac6b55cdccc6cf232aed1170eeb4709493e6b1e87a2b8b2c30223e502dacafb3a2d0b07b62a595086336cc42e63b83e8443244b5954

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\CSGO_hover.wav

Filesize
133KB

MD5
8d6e22bde35607fe3801e02fdb12b022

SHA1
9bfc38b58bca7b17e48a864ca2e0b312c86b146e

SHA256
aaa3f0f824d04ce5e93d1da17873d3aeb3c4d3a8fee25b7006851e4089bfadfc

SHA512
5623151380eb43a2191c639c940473114e47a579dd65970934ade8965ffe76e4b7018fa008e6412db91fcce6bc89aad9e3a4358e824f5caf0021ea58ab19c49b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\CSGO_press.wav

Filesize
99KB

MD5
5cf6f422f37b61b16f732e177c4a67ce

SHA1
3e227d262159caefd259921cdb888872ffeb8989

SHA256
880cc2be6f458bf853dba78caf06bd2b97bc4b06fea141599db74e95bbd59528

SHA512
b05219e87e9117195b3fb17a1075f4ef0c126de333618f1b87ef75813f3c6db40647ec53777d101bf1fafec99e275a8e9d048aeab5715b16e0ae2ec2f1293d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Fortnite_hover.wav

Filesize
137KB

MD5
b66b7d55b6eeb2ff344a1af41e42a27f

SHA1
fa6d73d1a35e6098748997cd8c259b4df00d1f9f

SHA256
3e3abb7e29d38fa4b0261ac78427633e8bf6ddf3708de5a45bbdddc2a9f4aa6b

SHA512
3bbde1d2426cc02fc2f034ff9276a23f2060a385b4fb4f6e17ff1b91b6ce904e807e9151c61b9133de3f5218a4dfdd8d0cdece9c2c165186acb92abe51f4b97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Fortnite_press.wav

Filesize
111KB

MD5
17112a672b04374113400b1c3c6a014e

SHA1
5214a72c0527fa73d25ce810f759cba05739b34a

SHA256
e0ecb5e92f1e13de05850d1f3894a54988e5f2c7eeded390f9040d2845aa4404

SHA512
e319aa4852835b3d039dd63db981f197bdce301710a20fe7719b7fcacad152067f5033a846f0b556385b6f84364e66af5edbd4a6f39fa2d751ed0437e314dc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Standard_hover.wav

Filesize
36KB

MD5
be6cc8afdd2ca2870982a0933cd9c8b6

SHA1
e3d9f678ecec58223e2d60636cbdcaf1b5d6d01c

SHA256
46d6ccfff99264aac49bf4545b0ceb9cca2a9ee5a60d13b7017161e481440189

SHA512
b58b789db7e6d65be7e5963387f7a8e095a2fd73d43400a6ed3c186babb880e541effa1f6265d4f89b8ebb7ebcff080dca656862cb19a5cdb67a5197c9fe6888

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Standard_press.wav

Filesize
64KB

MD5
f9a86f1da07c3dea7445f34ae4f793f3

SHA1
17e4f9d7d5ce2b209b513a3b1a6745adcd898d98

SHA256
fe7e148d5b80eaf49eb7564233b87679e53fa4e68371aa347f18c1886a99bff9

SHA512
2052873fba1482616e7be708f6328d708bc095b327416bae6c83679ef4e5f829e8d4667292868fb7ad8fbea52a54d069ef6a52f8ae603d9fabffab4c51336c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Steam_hover.wav

Filesize
55KB

MD5
2d9be331ac50c9a82af0ffc0678bd575

SHA1
c455196af8db5823ce8f6735ea4a4f70a595a2ca

SHA256
5f53f2d8499d27dd906587a6d0aad05d5c387ca2fc1c12f26c76aaefa690c7d6

SHA512
645210077b7110661982a76484915f6f6e63267de472db86a89e5ac8d65a790a01df8bfe807e8d309c3609ab009c1fb1e221799223c648465d22763e7ba00bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Steam_press.wav

Filesize
170KB

MD5
f8eab8f1b49b806f490f8716a8208190

SHA1
d5e7401f403733c071347616a2c0a069f74be52e

SHA256
e7c36644507ee52d11ad20e17a165bcb4bb7efb14c573cd29921088c03777241

SHA512
71a75f1e5fe3204caa70adc9d8c8a96155dfbe0b131afcc4bcd55908048ae314b81a84b54be21a1f99321e89cc4c77042bd0d0ad4033988af8d0042060631d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\audio\Windows_notification.wav

Filesize
568KB

MD5
bfad965214e05d9e1f6422b203ddc31e

SHA1
23b439523914e55321a115cc1debf6d12fd545a7

SHA256
90707fa427cc0dccb0a6a6cee40ee27cf516164342f6ca19adf496f068d03c07

SHA512
7c8cc4d06214053bfce98d4a5e860c966ac645952163e0f36636de3f97fee10cede49c7a174498548dec8de1ef0b3a0b4c3ab48e872505b8edfdfb7f57d849bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Agents%20of%20Mayhem.jpg

Filesize
111KB

MD5
c90f20fe086f92334e9c28617b074977

SHA1
e22c44b85f4f6ceb0fec2a568252aa181df258ec

SHA256
e24de8ea065066522543e0919697af69036f2a554746172c373cc2dc9b0ff895

SHA512
31c7143a1f76184e87847ebc63fbbcd77a04573d456f15782f55869ee7b5b9ee3b2295b06e5f581d7e4f46e67399b2c97890646df58ecaa05de25f44ea24a2c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Anime.jpg

Filesize
1.7MB

MD5
4f549243fc39cc27215f04565c625955

SHA1
9fbc2dcc25d07f85f9eebcb620392b7187bc8d92

SHA256
193017ea61d1b56fb0c834d8d7bfebb69fc84da0393e41418efa7abbe7cdd0e8

SHA512
519d1730a104fb70cd192d13d260c7cb0acfa7104e4b5dc4ae53a057ef05ccd8012f0a960e206ed5a9297a8df83fb1f6c408196019d4c440bf0a74c419946345

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\CatsDay.jpg

Filesize
85KB

MD5
c25749492a3f86516fd363eb33e48703

SHA1
6bd0604b25a74506a2bd9006ddadf7dce1ebae16

SHA256
751556778ef9e8ddcad5da225453b258b369596dc8e1e072f2d700cc1cbdf3d6

SHA512
de98588d60cdf5a6cb11cdbe60a79f77345ce428024ec888cef4605f3068a1a86e57fbfbe8f0187257037ec9c424df6aa8cf81ff203f9763201fd1731341e513

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Cyberpunk.jpg

Filesize
90KB

MD5
fccd45abac1b102ef9d852fb95241618

SHA1
b8362d3e44a50348f5e687d62e94ea1ea186987b

SHA256
2325390bce62c4bef9f0262222d2dd74f06c3033ad864de432337c75324e1f9d

SHA512
b250daaeea81011c844f7d1a93f7d6094de12074c6bc187d7051dba345e997c8d96d6d20bf725658e793b61569789d5fb5662d761dc20ba20b2fcc44a0289e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Fallguys_v1.jpg

Filesize
92KB

MD5
a795acdc99700b1d4a098b2caf3d39c6

SHA1
178595904d29c6cbd3efc5e71cab28628ea58cf1

SHA256
5bae893db8e438bc28cd34ebe0ec23c3826f1a942d0e336ce2395fe4a5ddabf0

SHA512
8896e458e201eb7faba10ceaf700a1dafda634e5ee36b8065bb8f33b83c06a706f3ab92a4f20560301410ef57871831a7fa014ca9798f58f131f7b36bc63746e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Fallguys_v2.jpg

Filesize
89KB

MD5
58eb944079ea4b055adf9f329de463d3

SHA1
33deef3dd78e844b4c3544e5afe39b1acfe7d757

SHA256
2e4a44fd6efe2b6fcce4966613b4f4e79c2040a79a914d8377e32127c49010a5

SHA512
6884f1b837d995283c44436885b3924d8740d795b4343ccd1ffe216b07290893abf6c8d5b10fa807565c443662915d54fe098ac93d648b940f0caa313d5cc69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\FishingDay.jpg

Filesize
56KB

MD5
53cf0a2de9e9f375a5cdc5849c19f589

SHA1
6d2e7dfadc38dac294be97bbc4e73b332127c5af

SHA256
19b182dc9d9580aa0ca41367618d877f1cb4e53830dafdda3b6298be0c001993

SHA512
35e9a5cd1735049c30c9a3b88b67359c7d58d9d56595bfb41166b24340ac1a0e5446a6c2d6e063afaa1fe905968b0734634658120f516068f5c65b9030939340

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\God%20of%20War.jpg

Filesize
85KB

MD5
d40d3b1641dda951397f85d91cc7da84

SHA1
605fe73ea3d21abd3de674152cacc77cabcf57bf

SHA256
bd9b8ebbd5e12f111b386111fbcae08f5545e6c8bacba466a33748ebbe7caf58

SHA512
18fa5dcb676a43e1ea2d7384f7fe34db2da738fa3b96f374b673fa935303c1226c72b2eeec65f2c96081e4da1a8ef742c60cef82a003510defc48e8bc91d3fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Halloween.jpg

Filesize
94KB

MD5
c0c6f2df1e2fadc671c336692128cf0c

SHA1
3865c8a27099040d2abdeaf896fdfecb032924ac

SHA256
e26c1ff60db6b37bd81794b68d2293c4f03eec9a6bdbe425bb9bc8a717d842f0

SHA512
4e49ce74d8d39d7773539eb105e559023c53d23ba1c87493008688f05d6230deb3dd72692922e73f83b8786025f387972af74cc0f9d49319116034c8cbfc0197

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Halo.jpg

Filesize
102KB

MD5
06822359be19fbe08382ad01c363aa60

SHA1
ef108eb6c41a37be79913599b5fe4fdc827a7569

SHA256
6a77bebbb47626eff779e583ee220d1dac117dce66b28d1173b9601f7382ef27

SHA512
3a7fa133e771e610ab99b29e7f5c0646a5b2026084777ac30eb1af1efd48fdecae3f6c11c0f4e3d251f0c0b5a0404dc11351b250cc3bb956a22b142dd83d2c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\IceCreamDay.jpg

Filesize
166KB

MD5
0df267f391a6eb5ca24ab83e734dc80a

SHA1
ab815a95ed9ba9f4e8bd5fea909f35be739529a7

SHA256
5217c55cabedce00a97332273478eb75f26b3237943c3f90f608976cdde195da

SHA512
519ff25ba063829121863b9ea0eb609de7fb78b60b9f8abd0e9121aa79085b78304b26c603cca7da62e3d45b0724942ae3ae6ebebd8ec7c42367cbcf77a7e8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\JokeDay.jpg

Filesize
55KB

MD5
6582a4db0e5c0570717565d12815d169

SHA1
b05f9a1cbb16149da1dde9e7b0a9fb3abb603f94

SHA256
b1b347856a7a93fc41c18291ecf2424abb03961439583c78a9b2b3c4520e9263

SHA512
33185d6f56209b8d713ca8f76fe505947836b116b65b01ca2e649fde42783cf35d606f5a6101be3b97602af89ce7787c42a2dc3af922eb7e325fff1d6ceb8fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\LoveDay.jpg

Filesize
114KB

MD5
5498653fb773e2fe9f6bba46b7fc2f1f

SHA1
811efcd09132744a0db365de942b306d84b651fb

SHA256
a1bef06e1dc9b472cb3db56828f8fe1f10af642ce0704218244a731b56f7d973

SHA512
71f3db241b23b996cb52c663ad46a4b5056b3baebd91f51dbf2a13c376e5f252fae21ba110247c4518dab1f3fef695c6bd879133f36bef497b3e76df67dd415b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\NewYear.jpg

Filesize
1.8MB

MD5
72d7cfd32904762e3e06590a08f6b752

SHA1
d1e9fab08630afd6cb06ee7b719338b00bceacbc

SHA256
b544f944a958b0634e6d975fc4990ad8e1a71fabfa383939cb71569332d246f3

SHA512
c1c76e8e5483f598fc540ead8e0cfb3a4ab7e537565056c1036a895ad48ee0b590b6a0a63c4f8aa2e1b221ffe98df6d0b6b85f176a1e307a4e733e7f63a220ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg

Filesize
93KB

MD5
babd1b019be8944f7ef6c64c8194bc8d

SHA1
702a50d3e3a0933db4dc1f37423bca3b5c52acde

SHA256
71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76

SHA512
6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\SchoolDay.jpg

Filesize
94KB

MD5
ff2c795ca73657308ff62023583bb7df

SHA1
79795d1a923fbd2b042a41d71c6e4daa71931790

SHA256
a4f459702e21c375a81e84ac85ec84aa463310d8aef505181c72c5274fb27a35

SHA512
08a11863ebd40f1b9740411fa79a3f49e37085db0ee0c864502ffa2a75398b7241b104dbb5b765d3a3b7932cd10cc28e096fe9bd920766a62be0cd43e2e95cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\SpaceDay.jpg

Filesize
97KB

MD5
cc86f6ad72336b38c9a94292a18d2a8f

SHA1
5c9d533d89c042d5492d2a2dbf5537d3f95488ab

SHA256
44e05f8b0a73889362368fff0e91bc5d38b1c33552e1a2c0f6967a99bfb4a252

SHA512
7b6c1e34784345ec9210d0ee593bb9cf9ade0be718bfe75b6d08efb0d7c82a5b9b4e408a78b1fa6605d4477060f7b6578d3bf981a116722b029d312ba48921db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\SummerStart.jpg

Filesize
94KB

MD5
d77e5703d7bd49bd5ed2dc837fcc93d2

SHA1
d745bbd9fe501412b7678dedf468a3d4ebb422e4

SHA256
7ebbec54b74af16436aa4e881e3cf723c1948e88f3189ce15c8d2e675ba7de78

SHA512
1fb1638544451632d185b1085590f73b93ea0f791f24ea833fff9828db77e6fb9fef56af703b0b6f7d3ba99a4c11e323d4fd63cc39c3b14ae3105b343d4e5aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\TastyFoodDay.jpg

Filesize
92KB

MD5
9f7ba227860a8d446f77f62888e4158a

SHA1
361e736b6ef44e6c496aedf7387845249c76a4c0

SHA256
d070946d773f126d824a26abbad730d2fbd146e1a9359cd3afd21960285d638a

SHA512
c2841305671590fcdae7d25abb17258be2cbd271ad1241e1a74206f12c583c75db64d706e87a0f99fe546a9c8bc63d382f93703ef358b384ccf349c3887acac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\VictoryDay.jpg

Filesize
97KB

MD5
eb92d94cd35b8d73ee977381750a96c3

SHA1
95b0dd83b136898b4afaa780f1c8375b31a7f7a2

SHA256
8bb4994de1217cb2cd1651449f030794388a2e1fc333d062d52e813748216ff5

SHA512
52d67616eab7856d2be52eacd7144c3e85f4a37daaafc293765911854504147dda6e61d93d2a17866e5735a4dc56f0246cd8a2d2ea8a9cd87bc3f45a2655d663

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warcraft.jpg

Filesize
98KB

MD5
0141badd4ae9147a4058fdde8f9c272f

SHA1
d8ced687bdb7be0fb534a62e28d1909b9e615e19

SHA256
f88b682b452ad60cf3803cefe5c5c992db9688d47e550d757fa9c2d2114e72ec

SHA512
3d5a0526c32eb28fcf3ce84d3c9abc446215de98c18599985bbacbba262c9c961566595cd374b69f0a8feae5b4ce4de616f8d411eb7eb71adb44929e6a8a6bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warhammer.jpg

Filesize
58KB

MD5
0a5ffe11b4d2f0d579e22a475047589f

SHA1
de35be4763c7bd9698ec627f025fc81fc9927ff7

SHA256
bc755a02b636013d2ec0bee05412ff7361675b0cd3dc5661a4d750d74e798346

SHA512
adf7696b4fb1a1201e744181b63b02e9f224a1791e954994daf8785c6752a7ab85b438816e67a9236c6275b2f7383eb6f50fe32e1e58b3a3aacf9fad1d49b92d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\cats.ico

Filesize
132KB

MD5
a60ad26735ed5f524fadc837ba409bee

SHA1
0c93146c29615c62b84da87ec5b9e8503ac0a51f

SHA256
ac38101ea1995b026d743575c7ecd82be22192c36f7f5fce336b6584a83b88a7

SHA512
bf20184fed223bfd5c470002a6d0a5d1222c5e24b9fb4c84318a406c0524f961a02d036e0bc3a9530e53b676ce9931f03dba9c8cf02d3aabfb522c045000e054

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\clown.ico

Filesize
132KB

MD5
ad1e1074f2e24099f2c1a41a42ee7ba7

SHA1
8b3db9e5fe4537dec069172e52d527223e5b1eeb

SHA256
01b0c0084fa9d536baec5468033154d9fc3028bbed55d0d3697d0aab8b13384b

SHA512
fd8a58519994bd773f86dd71eb90c519cf50f0e0dcdfa33af4dc5e5fdc7119b3cf240ba0654ac542d5b6ec0fb4647b819dfbbb338aa2c87940bddc31431b3f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\food.ico

Filesize
131KB

MD5
f3ce54818a6c18da1826ddd2f089c51e

SHA1
b0a39168c28afafd461d05522e6f964e7524d4fa

SHA256
e3187124e5e5b7b135014f6924893fedea29efb62c9955c5aefa2aa00610a97b

SHA512
19fd926cd4840a1fb7af64b7cb17bedd3f3e7fad861b2cdeef6b8589ff6119488f76dfd2ac27b8acf85d4493cbda06879c85f23db3d3c4a0f09f94899185d5cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\halloween.ico

Filesize
126KB

MD5
aa4603c868a63e56a5a3505daf9c63ba

SHA1
594dde5f2e3277653a6511e3e805a2da7f7fdd7b

SHA256
af71eb5c9170edbe968ed691a6be636a753e69ee46a82d528eadba33c2ca574a

SHA512
e0c7cc1196801749f790c72c5a75dccc83f2affdc77d74506e2f2079990be7d21368e7b9646f3f739e95691f7b799a16f8ae86a0b4a9c4fad02a96ef53eb2cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\installer_logo.ico

Filesize
100KB

MD5
d1f5ebe2b7fc80412af20dccdf6d10dd

SHA1
7172b11e58421e741fb49d1d83f05ea696135b78

SHA256
2f6d4d480ccb302d8c119695ffb2f33b0d446e0d32a050a8e77828c3393d2906

SHA512
c753790979241d978c300a6c22567f8c206d0807ec2c06c053aa39da94ce511626868e0a12a2b207c7d6bc790595cb75668c231ad82a6bff3b9568338d619ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\logo.ico

Filesize
141KB

MD5
362e23dce02f6439b99fc322a62cf7be

SHA1
dce93401f082b4464f697974727f90cb55eedd80

SHA256
3c4cf7e9644493d059da452a3af9c17a3be5c01db09c2da5d5d3d5a45468f2a9

SHA512
e1b36ce9feba258e3f2db9bba421546b96499273be37c36604f0c6afe04cc8e1f04d910f7d815ccd9040be1166dee9e5ef1c107dde08f578dbde44ee4e045ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\newYear.ico

Filesize
130KB

MD5
9f66fb548e4aee0089409e5b896fab99

SHA1
f340d4ded3da188aaae76a6dbbcd64f4c8678b13

SHA256
dda4f29c5f687ab63c547cad472f5ab9a5fa7bac816b36207c0201542dab6173

SHA512
df4071913a884bdc844e30dcbba317e052926e77da4fd17b903cb5975845f067786e508016e2a10cb7f9367f863537cbb91d7d0684601751ebc91f8455760040

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\romantic.ico

Filesize
141KB

MD5
1e574f7a6ea27150d9c2fd81b12f6394

SHA1
847699fa258885f644b66a25dad4ada094671ce0

SHA256
f01399c613a0b6451dcb8ee77c5d77a1755161bc0a5a403682b3607f6040fec5

SHA512
a235fc7f7cb4365e90ec59338334d606a17a77f101ab1505889e7f75c7258e7c3a63f9a93cf4d447bbca39ca207b8b0d221bc19afc71009a088f52ba9621f4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\space.ico

Filesize
137KB

MD5
af9a47926259005be2bc4e609f45c62c

SHA1
edb0a26d47980032531381a40766af1a44bddd01

SHA256
5dcada90aaff8f8076a966dd4a83ec4b087b437ca4d7a0a9519e277ee1528bea

SHA512
af3344daf59a5c0e2b2f140101cf47084be7a8ad04ae31691fffad809f3ca41f314cfc5be61d2e1e88b96703e30124da3ae430bd2ee88f529ca100978558c584

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\summer.ico

Filesize
135KB

MD5
cebdf3173e21a7c16d4a7d8076a11c0d

SHA1
c4c19af47f02faae7a6aa671affa087d11a9e96f

SHA256
14da5ad17b31761f6c9302a05b198a703e91bb6bf1a9ead708d4914fb4ed05ac

SHA512
22672e6b4a72ec4fffac142eec31a75f85a3eb89d8b66a9b82d775db6604e3ac329ee3976e327e463ca240bd83e221ef01bf0aef204dc3f58700c43e1a3e4069

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\compressed_logos\war.ico

Filesize
126KB

MD5
b942f8a18c3cb3d9aace9b5892c66671

SHA1
1cc54e8947e36f2e64cb7ddd9fba785a60f93793

SHA256
4efdef75cd3a854faf44e5d0f25f62da8194c07e108b3b2679503c16f2805a4e

SHA512
4b49c72d6f994f575a9dd142dc8bbec2b13bcced27722ce2820910aa3023c5e9254ec8defc1809f899130f6c3d398b6adcc32e146ea1d02c94fac80a8928dc0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf

Filesize
46KB

MD5
e57b6bc24b970a377574124e026a7c01

SHA1
00184aedd4ee4d2ca6b5c87cf41e78f64304c89b

SHA256
b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6

SHA512
c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf

Filesize
45KB

MD5
d10d77b03ba3abe6ccc1c142d9852595

SHA1
6108edf0cfb3d5f25e3c593949c301c5c2aa5f25

SHA256
3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44

SHA512
71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf

Filesize
46KB

MD5
df63e8855d04ab0e25d2bb6a0b1fabfb

SHA1
5512dc285f36cdf7da5ba5eabaca128ca3442537

SHA256
a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed

SHA512
eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf

Filesize
45KB

MD5
d969db6adb881f1dfa91a5b7ec0154d9

SHA1
d7b44b20eb246b0ff5c41147c0d0fb96fde47c48

SHA256
c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152

SHA512
2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf

Filesize
46KB

MD5
5177edfb54762b59df676052d11b363d

SHA1
fa18815bf4914b93d587c2758b65e234ad51b38b

SHA256
50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d

SHA512
7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\0.svg

Filesize
1KB

MD5
3c82bc5493a92aebc9064551ea8d38ac

SHA1
b1019e3fe4397f7215ed8af2c0914159e986fbb2

SHA256
6046c1e9b8fc8cada4c4e063b031e164163e7c5723afd8c37d7df6c3054e1e7c

SHA512
126c5773e2192629eee40a611997f01c14bf598215d6ed33488b9d934ac41acfa83b99d7f373e0726a459dfee950011a0c24f97fbc600f5f96dfbb16ac7d9bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\add.svg

Filesize
568B

MD5
5a3230a0cfd5bef48c90b7c90a5d4f8e

SHA1
0f4058127c30aa7928a448e54195fffda531929d

SHA256
54bf4853ae737f99972b4aaad7bb1384e2731989e120609bcbb0be7c4b37e173

SHA512
cfad366c093e952541b85107fb12c28707bbc907a41fbf65c669e691c36e7ec2ed0357b4e5839f5142d1a44d2087d15e65ee10fb738658832fc32f4b1af52e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\admin-panel.svg

Filesize
1KB

MD5
3793c8581582f78f81e96a2d15e79637

SHA1
9abd494baf1e8263a87fa8ab23627b75c7b93e73

SHA256
0df749d94a0349477ff44e8c3d4a061246155a732583b6a73a5cd0dde3aa3dd2

SHA512
23cd27d9c9c171d9b104aa6bdcb369617e4e737a38ca2a6398e24842066c8bb43bbb5706b1a5abf0f8a775628e1f69563abf695e3ae9293acb44bcbff11decff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\advanced.svg

Filesize
1KB

MD5
11f3d49b01f6105d803b3d67e8a2d7a1

SHA1
866d313d44b62a7ddb75360b707bdc0ce3f76df9

SHA256
cc1b5cb898b7fd9c396c85359c651c3ec77b76d4502972caac0db0e1ad789477

SHA512
eec9f3e63fed93bf1a35c6063b3a35d432ef0325359de828535586681407e0d2cf78fbd4431c0ea1231496df979871e82cb520394e985ec4873af07e359bfd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\alien.svg

Filesize
1KB

MD5
e41fc939fd261093211ff58aae998a04

SHA1
f10d40b8d1967df4ccf342122c19289d88799693

SHA256
393e551487d68dbe48af9497c28b02ac7da38e6dbf63f7c00d166a7f614ef1f8

SHA512
182010b5dfc3e4bd7520c12937977fb602bf6e1ecf829e9e4419261a0f3e6db3b4ea1467dcd59b6db6264c9299e1b43eaa0d8d438a81b38dc43dd2ef18f6f7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\android.svg

Filesize
1KB

MD5
f7a42021989e658675d9c2b23b05ac3c

SHA1
710d995221d1e31f7c6c8d4cd310c841adcfc8ad

SHA256
2aa2c7444e03fbfb7e2e4c103ef843c94f5b614e3b0611095d7bb85d70208f6e

SHA512
0de5da4e4b55bd3f888bc9274974e05f633dc0ea97550215c30a1bd76553e0ffcfbfe0d947d9a73daf5d3783f10483f0b46e041b4f9daa9b15c86d6de71f5f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\answer.svg

Filesize
540B

MD5
d7e36b8acea961b56059715332963233

SHA1
fbe5afd17f01e0f7e1cf7ef484130034f3d687fd

SHA256
384a3965448ee7e12eb408ef25b94574720b2ddfecf68473c3c09278deb2eb39

SHA512
13970fe8a0ab81d6a5343493c8d4d862a89035191f902f7544245c2767ae1937936698190814ed1ce55e20b023e95d2c96c7cea163a4f739387e19a3b49b10f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-down.svg

Filesize
339B

MD5
673eb4d7e133b2fa1372d7c036abf18f

SHA1
24895453cc62ad88211f2c8a7a4ecc029fb78afc

SHA256
21a868b97fd5beda44d05924451aa074c11a1a96ea5ba45ef11105cb290ff4f0

SHA512
3296ec1a21147e5637ae4d7fd67a7a6f96bb9baaa2719957800235a3e8524686dd048efeccc376865347b4092bb7833e504f914b9b5918818c3aa920ff7f4c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-left.svg

Filesize
292B

MD5
ba5b1e092c79bc5ca5a74b534a6356f8

SHA1
c0b784acf0eab0f9ac2469cb91380c3170527ee2

SHA256
fd7d1070085adf5c678b35cff5899aa600c13cdcc5fb788635a630ae6cd156ec

SHA512
138d8e5b5775c05a7f0c2f2a0ef3bb95d3bbbef643420156deac5bbf4cc43fcc28b1981402f7cf083e4f9eeb0538349ef050ba3997fb12efe2d2e0c4144bec9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-right.svg

Filesize
250B

MD5
caf3668c9e2b82819137f778b10f04f9

SHA1
a3713391b4ce86c084f1981851cef5e76afc71aa

SHA256
92b25cb5172f158b02e577ad36c7de69fd277378cfab9c8cdc7e639b16c03433

SHA512
0b9bf756c36026d853ba5809819f29c308ba15149debc75d04ac5cc2eff4f6c59f3a1da2ac50f268c7751243f96d3c3eb707a16ec0b1ac14fa49199a284826fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\auto-delete.svg

Filesize
695B

MD5
7e1bd86b2f114bb2c6ab973c96163ff8

SHA1
a50ce0109893d9deaa1e62e6dce20e31b20e8f04

SHA256
277e2549994f76a3539271719dd46fc0d06e72c303b4efe9e805f8c9d0c4ff3a

SHA512
c232ba5b153f3a8616767b1afe0e8c784f391af4b0521b5a509d2f311a0450ab06f68dc377636d6ed696f733e0b5f058ff08b305cc142a09f07e7febadcc261e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\back-arrow.svg

Filesize
622B

MD5
3127554ba77c0b0c6871b12540cc595c

SHA1
88cb8d41ba3da59b474e977a68b5fe0c806cdb5e

SHA256
d83d07f26c46717e11fb9ef3e3fa8256f8edd2f66571db73b6a7af69742524ec

SHA512
9666da34b8d01d8b1a2805329d07d5a9479c6952f06563ef10ca6888595d81e35ac3293ceb87784a18a28f30ad175d4e69eb7de48d03f3ba7ce341ac99672dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\bank.svg

Filesize
1KB

MD5
bf9a759efeccf88d1293ea9392eec741

SHA1
6bb175757b6f51cb684dbb8c77fa7e470f78e812

SHA256
0672537ca0cea9227371d3728fafbb6f90255386cd96863422fb895ba3cf3720

SHA512
8b396744afaa53fd17824dc6a36001cb592b0d7b9b1bc68f64d06a9f4cccb35554114541652c493097afe7c153e14a396f4f5ed8cd935bc8014970a98d27f80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\bell.svg

Filesize
997B

MD5
c67aa6948d2882144f34e73a6c1fe85d

SHA1
693d45f290ffeb039a6cbb1161ee2ff6689f5d90

SHA256
cdef11be995dc895a64a4cc3926d3a7bf980fa1a98e2b616c74ae016f9b8f29c

SHA512
6dff102927599b52c82ee8d235bcfc684826185251dfac4142d10cf6a61e7f2dbefbd98826987a75b787460781e3ec5c80842ad8e40dc0b5711b55f034731c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\bug.svg

Filesize
1KB

MD5
9d7be139a71ce10e807d2a1b04b587ea

SHA1
3532e7dde081bf670c051cf8a1c7234351e35688

SHA256
db1ff0d07f8add2a7bfb1d92089524665fd8be533f51c620df756b1aa0ad2b9f

SHA512
8c6a8d15fe9cd4c22be149c9c7a1015d3a26f0b7fb9e79eb4d1db172c44afbd844bf10697f5c886af4946cef3e2b4f86b6c1a0970063d356460c76902d34f8cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\calendar-alternative.svg

Filesize
1KB

MD5
a6f16ca0a775b85548c0ab584cadfc1c

SHA1
e8603263e13321dc9a0a8f5074bd2bceb7b9b61e

SHA256
ef8b44637573b2ded7956b36764578515436eccd35a597bbc4d056f082a0af8e

SHA512
fdff93b5f6cb897978ab8cbcb063d32632596f826c2e4a4b78cb4bcf53cb55bd138a78fba53f1d89e21702f73ee204da44af7f365b6949a0ff01a659a87bafb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\calendar.svg

Filesize
862B

MD5
6763d770f3af90634905102ebce6c6aa

SHA1
0782da706704c3250ecf24772235588285318dc4

SHA256
203b9b3acea3bc32f1b77a5043410c512c75e9961807b5cb021c4cc707963601

SHA512
916532fb3c1a99a3d6ae626814dd6621d7d1f4269dcde289c82dd539fbe61dbc825fdbb2513e86cf74ae5e1d9f3b23026bdc742d3ee77ebfa14aa2b8db4b26aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cancel.svg

Filesize
241B

MD5
85497ee294fef9feb9f061be10d7107f

SHA1
8ae0a473f3a031022ba24245907f2620d999bec7

SHA256
0d949074a7408c62371d3d7c599b9f154569116d8715365019627f34bb900037

SHA512
ba660b5e8196c7311681d582ee0c8a792f3e3c62d0eb041110e36d704fff221e9a9ba7289c2577b922e90cc03bd520d066236f1ab8f961c96979b64fd180bba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cat-1.svg

Filesize
955B

MD5
dda5d8ad7977109c39a717d54ef4c8f1

SHA1
b0de1cf7da2d842a58b91c3b6fe6f6f17b411444

SHA256
a973170eea7dc6acdc9b3134fdf1cb9f933926cc4a7e2561b7e97ebbc942f782

SHA512
69b52d8205bc99970f8577bc7a9c0a2238f1b1aea3115c1b0d4b05fd112ec2089df04851f072d6de7ff5c637e460115b5863e4546b14c0bbaa558aebab82d329

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cat.svg

Filesize
1KB

MD5
da519ecdce7d14eebf349e03c730a5de

SHA1
1294237b4b437da9f4f816bc9de833c3fd6d19a3

SHA256
607229e4a89f472fe9f09ef58aa5ecdd5d2e8a0a1c615870598a9af5733a0cd3

SHA512
0f80459f7b5860734a73e076f3ebc396afe8c64b83c57b58eb38a15432a3850be5b0437550fe469522628e476118457976641e9d05053d0310c99f78ecd7a4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\chart-bar-alt.svg

Filesize
503B

MD5
672ecdd013d7cd8956fc92d89b54d899

SHA1
d2b579ce3cd45359a2d00e07058cfc2b852ea8ed

SHA256
06c128ca3c4bfca98b1d3219de980deb428a5dd0f88d6de4787a40c56bfb832d

SHA512
088602da6370a1fd3e5630e6b07c8de80cd5b9512cf709869a2ad9ed320aa2095d28180399e0cb2e0cd5bff1918714e3ae0fe9afcf50433588afaf012f704855

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\check.svg

Filesize
277B

MD5
c24f66399270eb0fe85b287b76e1f0cb

SHA1
a152ece0430988acba0f402447d53450cce99c84

SHA256
649efa12e5c21b700afebd35a3a09719358acafc743fe2d44364282677af37d2

SHA512
1abbfa156dc145d8bb845cc7b6b3940f16083046503237ed0fb857f7dfb3fc6b8fff2dea59d6c4c5ea1085eccdb1002e9ceb054f5c574456e171bae71c8c961e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\check_circle.svg

Filesize
303B

MD5
0bb388952a9445daaf17fa821e64bcfe

SHA1
adaaf38d0bf04c5ad802384b0e27cf1363e12a91

SHA256
24433540f888e811571292a08fad179b8b81e2630ff535218f79fa407deed895

SHA512
f845f3c2cc9a563001ddc83ef908c4673522c7087ffeaa80860c62ae6b97c804c08f8040f37e22daa31acac818d23e18c02048cf53944228f32a28a40a54f721

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\checked.svg

Filesize
1KB

MD5
539d835e7eb96147a9c52529da32bf94

SHA1
02963318607d0556f7ac45c98b2bce140753588f

SHA256
63852cd8260bdc17fce231ec5df84d1a4db7c486ed7bedaf1d6210a967dc6dd7

SHA512
cb696a8705ec7d05d0548a935c4bfaa6f067ae9a3d02e67e12fd25a8906e648270a4ce43056e7233910c11f7e8d8407aeae0cdcfe863886ba9f185cc25219e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\checkmark.svg

Filesize
268B

MD5
5d43b638c6162414f4a9e920e61dc49d

SHA1
bba1628a99f0b8f9aff477de12b1360ed10dd47e

SHA256
ce7c824dbcf1848f684d968062a2f09bd833dea19d575fe3790e956132c973ca

SHA512
144fbe786d214f3a3aab0dd2f9edbe17b07e664066da1f5d4d61c2b3f5fec6ede5e6f63dd9377d4605a27dad25b4e9c126040d00ea446bd7dba8b06347f509fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\chevron-down.svg

Filesize
232B

MD5
4d7f71145f9fcc087f0a28db28452992

SHA1
684f8685d1d8afa8dc297c51e9c8e281c594cbd9

SHA256
b1e82d8b9df576b359ad8ac70c6c89911e22f8ca29bdacb19e5802abb01bae86

SHA512
53b44938032d5de7f212a54a0422c13326a1add6aa7c54f78baecf88ca372d7130ba77321a0034493aa80f72ffb1c54cac12d5ffa454585a786e4f8c29638e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\christmas-tree.svg

Filesize
2KB

MD5
a6c2804b3f3f593a193237f6481b3345

SHA1
c7612fba1c4cc105b696db535c7839182bbc8465

SHA256
14a1c9354a68f93d29ed72cd367707fc20043e1b802be8fd9677030f6f8c61c4

SHA512
b1b3253502ffca9f7189f2b2b2466d73d6adae6f8b77ded1831ec53a073bddf2bbd59a8e73f9c71b6884706f96c2e3d25a217547779e954e0aa69d37ec811251

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\circular-divider.svg

Filesize
152B

MD5
8012665f9b98ebc8f5f076bb9ec1582c

SHA1
bdc90f66412c891bf712811c1ce92673cbd8d20e

SHA256
ddbf0bda5eeab1b8351486b002b1ae9a4a6e2db8fc6b9e2c25d612628eecc631

SHA512
ec55fc92325d39a46943ebe2c0aa47c082148740caad4f7b719b79de1eb4d2f2baabf6f9f69f0a51e0317ab39166550a84d0ba3e053f2689eb3bd3d929f330dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close-circle.svg

Filesize
570B

MD5
085364fc515cc02710adee3b224caeb2

SHA1
91309d5263683f1e312a85ee4b44b9d67ace7753

SHA256
08593c7c901ae6e1bbc52be0701c3fa0e9bd5c1e61f61728d3fbac0d900e6da7

SHA512
7b94e0069ca3545c8e1635cd8b6d6b67a0cdd52cba151dae06a88d8f3a2e5ed7bbf971f6cae8fca3ec769f83f07b69fa247bb6be8bcd58a3db9ebef4f2934a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

Filesize
201B

MD5
7f8d672a2849987b498734dcb90f0c51

SHA1
e53b9319bf964c15099080ac5497ee39f8bab362

SHA256
4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

SHA512
b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg

Filesize
1KB

MD5
e99140f842b471d330fc27cd73817c4c

SHA1
9957147463f586824b65bc7bfb121d33a9523a96

SHA256
0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae

SHA512
f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\collapse.svg

Filesize
195B

MD5
ad6092934dc48be9d00331e6f21eb235

SHA1
29cd8e5478e432b386382caf6ac7b3537b108c33

SHA256
2e0eb48ef144b771903a2ee5096ac4305ef43c830d2905f46b0384a07f5f4090

SHA512
38254a977c1a74515ed6184b5ebb3b1b3125db4b713a2de69aee9dc54912a9e869fede36423548e9ebf8cfc66e6711738789ee2c33f6f3af74def779eb7e5afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\complain.svg

Filesize
2KB

MD5
b6bb3a6b10c02488ad600fe65829378c

SHA1
88d2e5351cd071d4e7bb8c774eb4f5f2e75dc9af

SHA256
993ef7cb65b7fb77e035421ca68c60438e46bfe7d4a0c6ae875fa20d9d4ec2dd

SHA512
7a9ed7a5d01143f09f271fd868c4aef92405e6e00f3b9ecf709485a767285281640c457c8096ad8a0108070f453fb3e1f965110407881ab492a89beb87e75b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cookie.svg

Filesize
4KB

MD5
620a242ff032fba0b630a33f751099e2

SHA1
ff5891c241df6b4589a8981dda340c030a8586c7

SHA256
03b331c7a13a6a045bbd4f2b178fd52f898049ec8dc9ed0cae8dcbf61aadb2c9

SHA512
329d6b1f8b33d1e2f50839230cee738556c86a9f5348be40e10c8682b017ed16e68eaa3fd6add4309b592b5eb196c6742d4fdada39802473dafe78165590ef63

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\crab.svg

Filesize
2KB

MD5
4b946e45950ca64628f4eecfb2edfb66

SHA1
881fef3e93f22250787bab38635b003b6912048d

SHA256
9fe50503fb15530bdd87bb0ac2cfecea217449d36df6fbc9bde4439d3cdb9bb8

SHA512
dddad2fb47d21f3a6bf6c62878942c45e909af5466266833909d0f80a88f100918e2e31d0f2055bd5aa2f4bc98da88689b9879f298904b1a6f18ca32ff85edf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\date-calendar.svg

Filesize
552B

MD5
cec1d858967425f269add29f85c0080d

SHA1
5e52bf28efd7367778183b0f6b6fb7832d7b9d70

SHA256
56844bd764b03446b865f0fa3bedf995ef06063e2306c88f7d289d707e676a6c

SHA512
884f976d49fd7898c66a3a394dea9594e78d88a08d3add65edad365fd6a12d0c9eeed710352471da089c9b629cdf35faa7283acfeb0d9e10baf3ee5603c0442a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\day.svg

Filesize
5KB

MD5
50f48d3dc89a7e9efee695176a4a05a4

SHA1
537e286fa920602678ad99b50cade0b63e4ba60e

SHA256
3a0dc43445129705331d59f44cb1da0df735ecd03afa7854ac6b8d86ca9aaa0e

SHA512
0e5750de343fa6f5f95192a0ac0e9fb5f7c3ae1221d1156bf4ddca00f2abf9016447d992215440ca2ba5adba7ce1114766c27a6695c63210d95b39f3b78a5b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\description-blank.svg

Filesize
657B

MD5
bf2c8a4289c9396bafd0ed3e2638f6cc

SHA1
a03f43665f69efab2c7c2501a55197f27f3922f0

SHA256
d0ffdcfeac8eba5286843ff1c7986787e9f241b4e999bf9d2f497ab69b59299e

SHA512
a5354777c26ea3bdac9271a3849d83d6d89d52b26e6b39b5683a966f5a17d332e4449e378766adf166d8ba30914a61038a162c1fe98f3e65af9b1db7b55be2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\directory.svg

Filesize
469B

MD5
5cbe7c691d5271ad409e22ab514f81c5

SHA1
b15e9f748d71036e862eeeaeaf7f70ee1b1c204e

SHA256
8d2f0bcfbe633144a227a88f8c3e16848e1569ae34cc998e9361da330cf27e5c

SHA512
285022dbfa69f96ccdff37225e64ce7b79e39b4db7b4c2bbbc4ac8a346d773286b8848a09fb17691b24495e009598362c831d0dc34c3ab8a0c825a5ef8e9a8cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\discord.svg

Filesize
2KB

MD5
ad17bef21884d1e218967e25e0591927

SHA1
dd166b164a4788ac201d86125aaf42750e1e5068

SHA256
4cfd2975d5fab3c39e716684aa203a220a90e9ecbf3a0259ee42e2dccf515032

SHA512
3384da9c3a602c456f1788ed527dcd52a9a303ac6568be0a8ce0fec1fc5899a052fbd45624b57113b28ba1e89549d7e2f818803208693a286959131094bb4062

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\doubled-arrow.svg

Filesize
516B

MD5
ae8035c2e498c755ba7afaf3c6cb5bcf

SHA1
66e03ec9b191d8014252f5f77e9ee0c27e4e4ae1

SHA256
452d056778560a036625f8f5c865c86ec7877eeefcd3288b9ca42ba3a39ae967

SHA512
eb00d53414172ddcf7ea16de36ae71bfe2c17d7f580e4538858ff18ad32f04ce83fea8e9768e36c92f0d2a1e9d5992db40cb583ea913bf62ab6e8eeb810b22e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\download-sharp.svg

Filesize
254B

MD5
6dc9206bf3c0452995bbd8bfecc1ffbb

SHA1
bbdcd91b2b5cb2b6744a5756fdcc3c4901d1a903

SHA256
2d6de4b0293507d4009384e78a8524427ea8a9bcf8382639a7212497f6360cbb

SHA512
becf931df39fe2f4ff2a03da057c43a9ce83d5f9dfe0604d5949d4887106ed738d846ab7ce5b12d868339cf77236a85d46d3edcfd3957b610eb174252febbaf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\download.svg

Filesize
538B

MD5
f50747938c143bc56ea61c5f4adf6a2f

SHA1
10969921312edd9747c453f15236d82176840222

SHA256
bd3207219df645a3f06665f087fb06721e85c4d7999a9edb73831c8998630468

SHA512
d11ef03d00f5e56497b0408b03a4c023f2b5b5f92ad547583379783c6d81fd03a651ceecd26990aa5709458b697e5288af7b1ef2443946bd2aad81f73f900d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\edit.svg

Filesize
895B

MD5
f260bbe2edc2e588fb17dcc4e3536d71

SHA1
0285ba80b1422f86fa249d2dd14c1bcfa32eae24

SHA256
fc98144f82f1c62ef49cec7271ec3b453d2cf447c588f83ee128124b1909c093

SHA512
0da3bca97e5079497d6c8253c87410509ee182a19bf7d46839839e6e430052e6f73015fc61159d858ec9a90323f21bfd07e0003bbb43d14866ec0d80562a5b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\error-circle.svg

Filesize
488B

MD5
b3b259b4d2b1972e1bb738ceb0ea1ba5

SHA1
e6e10af900510de03ba1d903768f9214cae85879

SHA256
6871eb850dd06db542efacfdb1cf5b27b9b2fbc8e6154ed0003a0ea4225ff466

SHA512
28841c1b98adbb4144d71c944d2d29a02a96ba5260c294f71cc0734ee7451d74785c6bea59a4874bc4e042c16cc4a88896e400960abc2420d1c55742084ffbdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\farmbot.svg

Filesize
4KB

MD5
ab8c146952cede527469c88858d284cf

SHA1
67448b2a9eea7001c15d6e95aed77bde90f0bc99

SHA256
b26c59accf130486c733486f2c1552c5dd0c5527770c6b5a07443644e9cc469f

SHA512
5e58290ce8173dc6ce82e6dc635f5cd885e8c4dc7ceb1520441d384a020839f571fb1dd540fd57b25da8d9401b3a01a7fe3c73a520f1e8110e2402f2e05f124b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\favourite-add.svg

Filesize
533B

MD5
e8b7b3d288ab2328b33657f7ba9a3e29

SHA1
04027c95834489c6b09d684ae04267afaa00c7e0

SHA256
f3ef6f54d23542653ba6c054fba6a73ebc6bbea008d3638cee41be07c3866260

SHA512
e2f6951903ff2f4cfab951861946f42fef7018b0e5572c996736d80eb4d7f5b0582d4bf30b9e54730dd7123e9b0cd06930042440d4a3ad2ed84b9611500d69cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg

Filesize
151B

MD5
d47255b6d3e685cac4804eb58207d0b6

SHA1
7fe02211cf6b77f3971522a3b3888460491ae153

SHA256
29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640

SHA512
b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

Filesize
79KB

MD5
3577f702479e7f31a32a96f38a36e752

SHA1
e407b9ac4cfe3270cdd640a5018bec2178d49bb1

SHA256
cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

SHA512
1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

Filesize
760KB

MD5
692337664e861ad322138061132dddc6

SHA1
8a99bc860eda0772f3b1f4a125fa4d474410e21c

SHA256
c12537022ef818991a7bfed41a76d8d6ae962ffbc0e6511ac762a5d0845e7f7c

SHA512
3e2e6adb651e37e530734f999634d7c101fa1c45ae380be8ad169bbfb0a047f2878ff6c8d1428d6b9e7301b447ab2f8839484322ddb3831984be71d442829a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.3MB

MD5
225782e5d02f400a76b8fabe8a6f5cd1

SHA1
e54ef4f664a250808749be2ea9870607c20ace31

SHA256
b66713715a7aeaa2f88ba18838aa7c245556eaaeb31c82da3f5aebcb71a7715e

SHA512
9e88489361b36970a982329184b7afa9ef403ca86830427c60397e49522e5d38fc652ce4b65e79c54583a50ffee83fb138a02d638e015c9ff53e56164556be76

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

Filesize
559KB

MD5
c3d497b0afef4bd7e09c7559e1c75b05

SHA1
295998a6455cc230da9517408f59569ea4ed7b02

SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

Filesize
116KB

MD5
e9b690fbe5c4b96871214379659dd928

SHA1
c199a4beac341abc218257080b741ada0fadecaf

SHA256
a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

SHA512
00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hgjussp1.ayc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\j9NxhuBG9j.bat

Filesize
229B

MD5
4ed221fc44c3be1d3a895c1940d91076

SHA1
0bfdcb2bf1887f150c4faf70a51089a51be89629

SHA256
366993e45e0963d4562e82f466cf169efb23d1e6e1ade12fad6b1200e10d6e63

SHA512
c4f03b8aaa9e6db5a4a24045b4d483e3ef4554190af3ca8412ca035f2a7a4aaa2faf8c9094e2ed70aea5d313ba3429ac2e5d4d3c20266d834b612c8a15a9f256

Download Submit
C:\Users\Admin\AppData\Local\Temp\x.exe

Filesize
28.1MB

MD5
e45246c14904e5ecb9555feb8c0aff8b

SHA1
0e3dc5f5b1aacf56a45e5b3f5d9cd1730595ca80

SHA256
19428c7cddb10534d999d31c85ac8aa6df37f1be337b796439250ac8308c7e68

SHA512
c88511bc8571b4f5bfa0b0c3a8ec17c43536072e91a061998df2683069fc26ede11ebc33eb4d7ac351283d11bd5a50e7174d0f6c776fdf5d7b831ce10555095b

Download Submit
C:\Users\Admin\AppData\Roaming\Comdriver\N6AdgHroBA8xwm99sutzvj43bdFh6UKKZKcLC7ihYnoDNC3ex.bat

Filesize
81B

MD5
41b5b6c6ce6d047fd91a1aab7ae6c5f6

SHA1
dbbb38ff29ae8d5b1df0e204050a82ae31535523

SHA256
c0ffb3667d5169b2aa3bdca89776eaa32a46a112e1d0e8b7aab9c9d9d863234b

SHA512
ec60e374b32d00b9cc62fb844f81b529e4a86724f5bab8c915bc0ae651be9e682c630f1e28d09f4af3db26385d677ce6ac452f1571912f0b8f6f6b24456d1988

Download Submit
C:\Users\Admin\AppData\Roaming\Comdriver\PortRuntimeHostPerf.exe

Filesize
1.8MB

MD5
381328b2207ad4d2d49074585a2f35e0

SHA1
96279983ebde81cc51d4350290c8cbcd71c58d59

SHA256
c663042d1daf1dbde6356bdfafd7ca13b68c2bad67ee318896bc01058d72794b

SHA512
638be771ccab9f8c8acd2028957a174605aca7f91798d464d9c47a3d9624c5bada1d607a1e91d8a30d8acd7009a2d10a024b3ad80a1813ef23465141e727d777

Download Submit
C:\Users\Admin\AppData\Roaming\Comdriver\d2sdOUNz2l3mTj5MoDzrIajkHplSQWvXKmzVWInFFOZeZ2BgrbJztlDSX8M.vbe

Filesize
244B

MD5
d6c8b1aea60d782ae16efaeba54b03da

SHA1
a0987cf1a190fdba3c00555a998e4f4d4aa15ba5

SHA256
b54e2315d767bcc9f734bf894c68d162dc958961e05a3b8f821b00f4a0d570e5

SHA512
d49b2cc421aa2c818bbc5c3fef3907027c829e0d871f3794a58e3ce2299eda0473dfc9b14c14df5d4b54b0d57ea068e234111b068101db21045dbfca00461438

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

Filesize
269B

MD5
68b21464fd7e7a2c0bbc5cdf1e247567

SHA1
e3bda8d3f1ec317b5b4c607acdcae66031310253

SHA256
73b2faca8518859408473a229f9d5e1cd3e4dba8c1e0b2bacfaf79fb921e6df5

SHA512
0d939feba0bc4a831fe968578575c360cf1ec9191975eb1c341aeb415c5e3ca2cb0d5c41de04ede3a8bfade82b78d3bc03b0a1d15ff441542a8f7f1bab7d7faa

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pw40a2ly\pw40a2ly.0.cs

Filesize
371B

MD5
281b22c6955fc247b8b6fde813edd6b8

SHA1
1553df4c0bba35af7139da0895e031e8a58934ba

SHA256
49258f412f60d1dd8865cc6a93f380d7ce398aae7f4d6e5d4fb58cb5bb846ee0

SHA512
7d32746fd5e622bde1a35e3af5d3061ca9a1bc8e57bc8c835f92bf3f4e64716d6bdb91a27c8063e6999a1098240e85c849ff7e20c27e6b38b4bdf2358b6ff85f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pw40a2ly\pw40a2ly.cmdline

Filesize
235B

MD5
1e580de854f0962b0f099ed86e358975

SHA1
8bc44cc9d389d0309607f5962512d551ebba7415

SHA256
b52e1e74bd67396fc4ada33982b5bb5101628bddf773f4e84893193ff473128f

SHA512
9161b8f4f77c4fb5ca3b9ea84099165371710468e05dd42d66e769386e49ea6b35b32a28ffa8cadd62a66ca59e6d5d93203ae8fd879f4c8cb5dfd57a584eda85

Download Submit
\??\c:\Windows\System32\CSC67FAB207FB3C4AC8AAF98AFF52ADFB8.TMP

Filesize
1KB

MD5
f1480fb87a76e200f58ddd71dcc52561

SHA1
500f9537e6ea8443665089ab5426a89bf84598e2

SHA256
e592099b51004199946d1a2ce3f4492db1e724c9b4fe2354e570e8e287a8b4ed

SHA512
15d1e26cf2ab221200e14d7f2220d27c66a87bf1a935124910d8114c9efbca15d14d834a830150c478d0a193f58a9ae8a1c3f428ff26e4ecf600807de150812e

Download Submit
memory/1908-1244-0x000001BEA86C0000-0x000001BEA9491000-memory.dmp

Filesize
13.8MB

Download
memory/1908-1245-0x000001BEA86C0000-0x000001BEA9491000-memory.dmp

Filesize
13.8MB

Download
memory/1908-1242-0x000001BEA64D0000-0x000001BEA64D1000-memory.dmp

Filesize
4KB

Download
memory/1908-1246-0x000001BEA85F0000-0x000001BEA85F1000-memory.dmp

Filesize
4KB

Download
memory/1908-1243-0x000001BEA86C0000-0x000001BEA9491000-memory.dmp

Filesize
13.8MB

Download
memory/2088-21-0x000001F463220000-0x000001F463242000-memory.dmp

Filesize
136KB

Download
memory/2408-1328-0x000000001D1C0000-0x000000001D2D5000-memory.dmp

Filesize
1.1MB

Download
memory/4464-9-0x00007FF9359D0000-0x00007FF936491000-memory.dmp

Filesize
10.8MB

Download
memory/4464-164-0x00007FF9359D0000-0x00007FF936491000-memory.dmp

Filesize
10.8MB

Download
memory/4464-8-0x0000000000DF0000-0x0000000002A0E000-memory.dmp

Filesize
28.1MB

Download
memory/4464-7-0x00007FF9359D3000-0x00007FF9359D5000-memory.dmp

Filesize
8KB

Download
memory/4636-1282-0x0000000000BB0000-0x0000000000D8A000-memory.dmp

Filesize
1.9MB

Download
memory/4636-1291-0x0000000001550000-0x000000000155C000-memory.dmp

Filesize
48KB

Download
memory/4636-1289-0x000000001BAE0000-0x000000001BAF8000-memory.dmp

Filesize
96KB

Download
memory/4636-1287-0x000000001BB30000-0x000000001BB80000-memory.dmp

Filesize
320KB

Download
memory/4636-1286-0x0000000002FD0000-0x0000000002FEC000-memory.dmp

Filesize
112KB

Download
memory/4636-1284-0x0000000001540000-0x000000000154E000-memory.dmp

Filesize
56KB

Download