xworm | 322ade330c1d135d9a602323523d8d9198bfd60186666bc7b4169d39fce9cf53

Analysis

max time kernel
138s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/03/2025, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ISTHGLauncherFixer.exe
Size

80.7MB
MD5

36d7b5f683034cb80736471dd06ac521
SHA1

36107f679d0b647d660d151204ed3bcefa4e3bff
SHA256

322ade330c1d135d9a602323523d8d9198bfd60186666bc7b4169d39fce9cf53
SHA512

00f2dfb80960559a21284173dbeb6d21b2c7999e987f47216cdc2629cedb412b747313d7b3dcddbd4644dc777db01db92fc4174540f9080513264749577bbb4d
SSDEEP

1572864:kww/CZRSyW/nc6oOxbbX7++KqmLjrLISInYndP/MgAWvc01pf79R:VGCTSVkHQnX7llSGYndHMgLvxpf

Score

10^/10

xworm discovery execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%Temp%
install_file
svchost.exe
pastebin_url
https://pastebin.com/raw/kADeGNZE

Signatures

Detect Xworm Payload 5 IoCs

resource	yara_rule
behavioral1/files/0x0007000000012101-2.dat	family_xworm
behavioral1/memory/2092-6-0x0000000000F40000-0x0000000000F72000-memory.dmp	family_xworm
behavioral1/memory/948-824-0x0000000000DC0000-0x0000000000DF2000-memory.dmp	family_xworm
behavioral1/memory/2336-828-0x0000000000390000-0x00000000003C2000-memory.dmp	family_xworm
behavioral1/memory/2504-830-0x0000000000820000-0x0000000000852000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
396	powershell.exe
292	powershell.exe
660	powershell.exe
2432	powershell.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk	ISTHG .exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk	ISTHG .exe

Executes dropped EXE 6 IoCs

pid	Process
2092	ISTHG .exe
3016	ISTHG Launcher.exe
1636	isthg-launcher.exe
948	svchost.exe
2336	svchost.exe
2504	svchost.exe

Loads dropped DLL 24 IoCs

pid	Process
2204	ISTHGLauncherFixer.exe
2204	ISTHGLauncherFixer.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
3016	ISTHG Launcher.exe
1188	Process not Found
1636	isthg-launcher.exe
1188	Process not Found
1188	Process not Found
1188	Process not Found
1188	Process not Found
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe"	ISTHG .exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	pastebin.com
4	pastebin.com

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
2820	tasklist.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2876	3016	WerFault.exe	32

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ISTHGLauncherFixer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ISTHG Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1632	schtasks.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3016	ISTHG Launcher.exe
2820	tasklist.exe
2820	tasklist.exe
660	powershell.exe
2432	powershell.exe
396	powershell.exe
292	powershell.exe
2092	ISTHG .exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	2092	ISTHG .exe
Token: SeDebugPrivilege	2820	tasklist.exe
Token: SeSecurityPrivilege	3016	ISTHG Launcher.exe
Token: SeDebugPrivilege	660	powershell.exe
Token: SeDebugPrivilege	2432	powershell.exe
Token: SeDebugPrivilege	396	powershell.exe
Token: SeDebugPrivilege	292	powershell.exe
Token: SeDebugPrivilege	2092	ISTHG .exe
Token: SeDebugPrivilege	948	svchost.exe
Token: SeDebugPrivilege	2336	svchost.exe
Token: SeDebugPrivilege	2504	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2092	ISTHG .exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2092	2204	ISTHGLauncherFixer.exe	31
PID 2204 wrote to memory of 2092	2204	ISTHGLauncherFixer.exe	31
PID 2204 wrote to memory of 2092	2204	ISTHGLauncherFixer.exe	31
PID 2204 wrote to memory of 2092	2204	ISTHGLauncherFixer.exe	31
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 2204 wrote to memory of 3016	2204	ISTHGLauncherFixer.exe	32
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 3016 wrote to memory of 2720	3016	ISTHG Launcher.exe	33
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2820	2720	cmd.exe	35
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2720 wrote to memory of 2824	2720	cmd.exe	36
PID 2092 wrote to memory of 660	2092	ISTHG .exe	38
PID 2092 wrote to memory of 660	2092	ISTHG .exe	38
PID 2092 wrote to memory of 660	2092	ISTHG .exe	38
PID 2092 wrote to memory of 2432	2092	ISTHG .exe	42
PID 2092 wrote to memory of 2432	2092	ISTHG .exe	42
PID 2092 wrote to memory of 2432	2092	ISTHG .exe	42
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 3016 wrote to memory of 2876	3016	ISTHG Launcher.exe	44
PID 2092 wrote to memory of 396	2092	ISTHG .exe	45
PID 2092 wrote to memory of 396	2092	ISTHG .exe	45
PID 2092 wrote to memory of 396	2092	ISTHG .exe	45
PID 2092 wrote to memory of 292	2092	ISTHG .exe	47
PID 2092 wrote to memory of 292	2092	ISTHG .exe	47
PID 2092 wrote to memory of 292	2092	ISTHG .exe	47
PID 2092 wrote to memory of 1632	2092	ISTHG .exe	49
PID 2092 wrote to memory of 1632	2092	ISTHG .exe	49
PID 2092 wrote to memory of 1632	2092	ISTHG .exe	49
PID 1728 wrote to memory of 948	1728	taskeng.exe	52
PID 1728 wrote to memory of 948	1728	taskeng.exe	52
PID 1728 wrote to memory of 948	1728	taskeng.exe	52
PID 1728 wrote to memory of 2336	1728	taskeng.exe	53
PID 1728 wrote to memory of 2336	1728	taskeng.exe	53
PID 1728 wrote to memory of 2336	1728	taskeng.exe	53
PID 1728 wrote to memory of 2504	1728	taskeng.exe	55
PID 1728 wrote to memory of 2504	1728	taskeng.exe	55
PID 1728 wrote to memory of 2504	1728	taskeng.exe	55

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ISTHGLauncherFixer.exe
"C:\Users\Admin\AppData\Local\Temp\ISTHGLauncherFixer.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\ISTHG .exe
  "C:\Users\Admin\AppData\Local\Temp\ISTHG .exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\ISTHG .exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:660
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'ISTHG .exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2432
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\svchost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:396
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:292
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1632
- C:\Users\Admin\AppData\Local\Temp\ISTHG Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\ISTHG Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq isthg-launcher.exe" | %SYSTEMROOT%\System32\find.exe "isthg-launcher.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq isthg-launcher.exe"
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2820
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "isthg-launcher.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 532
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2876

C:\Users\Admin\AppData\Local\Programs\isthg-launcher\isthg-launcher.exe
"C:\Users\Admin\AppData\Local\Programs\isthg-launcher\isthg-launcher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1636

C:\Windows\system32\taskeng.exe
taskeng.exe {25EE664A-BF5A-48FF-A0E2-2AE915108F0C} S-1-5-21-312935884-697965778-3955649944-1000:MXQFNXLT\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  C:\Users\Admin\AppData\Local\Temp\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:948
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  C:\Users\Admin\AppData\Local\Temp\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2336
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  C:\Users\Admin\AppData\Local\Temp\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\LICENSES.chromium.html

Filesize
8.7MB

MD5
1ca87d8ee3ce9e9682547c4d9c9cb581

SHA1
d25b5b82c0b225719cc4ee318f776169b7f9af7a

SHA256
000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d

SHA512
ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\dxcompiler.dll

Filesize
20.8MB

MD5
81e6c6a4eaa8e3df8d753d742fc0df8c

SHA1
3729b63e1ac3493896217f578ee98e207592cf7b

SHA256
2ededfd26d2545a0089955dc3f43f76186dac8b042c2d465d35cedf4e6e66b63

SHA512
4fce6a7d938549be4537aca5c40c310c6e08c816913f770a23856679a143870f295cdee0b696f1ce296852987c9c5dabe571743e37187971e305bebc27b375d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\dxil.dll

Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
795bdd8940ba5b3cb7403b62abbae71a

SHA1
375df88dfdd799766a148519db5533d998229e51

SHA256
ea99200cba26df063526eb9321a83abf1cc7320ed82d3022586463b9e2aad1bb

SHA512
f6e44de869f788af396e755056c3837f4dcb95ba9bc7769e03a747f3d7c3cd1ff0d38f63d735e5907736b3c981c24bfd58004d8ca2d4ef21d8961c155d68d7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
8db06527210cc89a43b5bc16049665ae

SHA1
5103e2cd27a17b3b2e0eb2ee34d64ec45b4c0061

SHA256
5da4d383da95d0acc76a7649340d5fae77c77688ceac74e8f45e58b8eafceb8e

SHA512
972443cf5e5373557e57df0fc4938db9b3de771714d909e733c3252ee4cb886595eeb5d2b45b2d96fc8f31215f071b1040f90b778df24400d1ca6762764bba49

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\libGLESv2.dll

Filesize
7.4MB

MD5
a5bafbde1c251be55ab3efe1bb0494d0

SHA1
647d62437d1d7fb2f13f1ea21624c72eac74022c

SHA256
40fb4a1b588001016b6873f418c71769be219d1ee30407ea2476815dc60e6792

SHA512
302463f7782ba14452894d650ab351db6743e6e540e0d70c88dea47ac57e4e37d420d1e09d90e3eaf0c72f98998e5a6f5bfba81936b8380894ec4f4ce0b93a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\af.pak

Filesize
464KB

MD5
862a2262d0e36414abbae1d9df0c7335

SHA1
605438a96645b9771a6550a649cddbb216a3a5b1

SHA256
57670eae6d1871e648ad6148125ee82d08575bec5b323459fc14c3831570774a

SHA512
a789a4cad72106a5c64d27709b129c4ae6284076f147b7c3fcb808b557a3468b4efe3ede28033f981335d5eab986532c0497ddd6ed24b76189fe49366692ee73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\am.pak

Filesize
756KB

MD5
4eaa15771058480f5c574730c6bf4090

SHA1
2b0322aae5a0927935062ea89bd8bd129fa77961

SHA256
b05dcb8136751aee5eced680a5bad935e386bfce657dd283d3ec00ee722fd740

SHA512
b67e7dd24eadc91d4cd920f8864cfb23a9c67b2cecd54ec97e01705636604ce504dc417d6af1c53f374b58eddf71a12bb82248bd8fd68307161d4833342681a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ar.pak

Filesize
829KB

MD5
f529e644ac3f062283d68e65241a54bb

SHA1
b36ff7369cf2c68fcc93dbfb4b36e6c90748323b

SHA256
7b6d035dcf6cf17ed7dbf055eaa6d1b2cf39c1d18743a540622602c3462bc919

SHA512
dc7f609b9061617fb425dd3000c54c5e52be8bf49df6c64df6384ef54232244418cbb78f3f9bb7764de95199cfa1c84908a6bbc65df1ece1de7e626dc99c6f4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\bg.pak

Filesize
861KB

MD5
0e8005b17ac49f50fb60f116f822840d

SHA1
f2486da277de22e5741356f8e73e60b7a7492510

SHA256
50e4f6b9c387adf4baba3377c61d99326cc3987928d8d60b88d1ac29352820ea

SHA512
5df18bbeabd56e70d4c5a80dee5b7ce48259000665941634937e556e3b3a1c6403aa45c410f6f755607549c9dd35d722987b447c50efca51228ffeca4628756d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
c8173f0cc63ca9e02c07abec94892b53

SHA1
2688b199cc40bb2082247fa451eac1304608e48b

SHA256
e6adcfb4f3b3bccd4a27edadc168b503c36551cd6b27fb24043efeb21f691ce5

SHA512
3d2317430722dc15c5d938fa55235af1caa03dcff7a574b44d37d89e7cf2c94dd2e84518b3eeca4a5a8dbec1b99d94aed97429aaf55c63998002d50ce9cb5019

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ca.pak

Filesize
524KB

MD5
9e3ea2baf7e6c6101fb6b5b92c797bdb

SHA1
c181dcd37141d955d85be56e3e08d37c17feaacc

SHA256
b4efc6026115b7fac9f6b9cd360dfdd570cb5a16faf38d549fcad2b80e5f1fd2

SHA512
90e9609764847285d82894b3c4d98496fb9002c0cecae092e71b7d43d8871bd1463898d82b6a65a530ba76ecf403a30a01485f2f16e376a773f6fdf8f302e402

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\cs.pak

Filesize
539KB

MD5
70f320d38d249b48091786bd81343afc

SHA1
367decdcdad33369250af741b45bdc2ca3b41ab3

SHA256
1c9448ea3aefce1a7e1491e73af91af772d8b22d538676a2beab690558e668fa

SHA512
02b08ed9261fd021e367995551defaf4b4f54c357409a362f4d2470423644913375cac444f62153ec2963a84880a30a36f827dbfacdd76a6222838c276cf5082

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\da.pak

Filesize
487KB

MD5
f50d22a2b8b479d4b93b4ab57f3d9e48

SHA1
fda4217cb08139ac86dda33c1fd82fa8e1278916

SHA256
944ce6be74e1eb3605d1a5ef56666426a94bcd0749a0981de6337f5c65f5203e

SHA512
365bfe4de01a8b4e38ba376ed8fb26d74495c76f73ad927fa6ea24d696c03a793a6f3d1d36672d0292c232f36e2620acf3f0f98f3ec311ea901822d3af1c43ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\de.pak

Filesize
521KB

MD5
6ef50371a2467f6917f62266412a93df

SHA1
5435f819923e358361fcc44b61984646bf985fe6

SHA256
a0a0ff4d65a2253f0cf7af2894e74df4e05e1fbb3489e647c1ecf2578d660f19

SHA512
f4f557589e50774ec8af4b8b0647cf6e09c5decba1ace9ea074f9cf291772039243b0f66af79cd041e1837deca0e2d4f5371715a2ab7ee740b4d016eceaafe81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\el.pak

Filesize
944KB

MD5
16bcd10bc81dd8a5b3ad76c90cfb9614

SHA1
240395860971fb9205d28602d4d4995007ee5c75

SHA256
6a06d1d6b566214f7c3b693052beec488f7aae5ceeca26781a5d66fade39388b

SHA512
353a26b21848f4dd30b3aa1f4196b23571e177893ec6912db4570493664ed987e688fd66c04e509ecc58233476ebe59453260bc3569136f275fcd681ae54a174

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\en-GB.pak

Filesize
424KB

MD5
65a60c82a8cf28b637a280c9c0de52db

SHA1
1f4bd7f2a41014a97f08e487c9f2e048b2417322

SHA256
42080ecd3f551e53bd1542f1c7f6cc3c178fdad53765f0666e2a5ff6304db48b

SHA512
3364e5242af731e7fd0e36e3622a8b86574ebce81d166218684e357f8e75b092af517fb97b021885388e920bc988ee0782755a03183dd103277a669a9a51c5d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\es-419.pak

Filesize
515KB

MD5
f9e9744ea1b2fc5fccd28ca861ecb7f7

SHA1
70d965a872e2adf63bdeb9538e9d1a92f3e4918f

SHA256
4caafeb7ca914904185c9d0d81abb801d71a91e330ba4c4d4e8efec62f5c4dfd

SHA512
07127ee4857225f7f66f855c65edd7de398f338cdb2917104c9df302a39fa6ef103aad872d9bb71d14cf4d692a78aff7288d78d4cdb548f722bbfdd3ec0d3d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\es.pak

Filesize
515KB

MD5
19d80d10df56c695017cb22dbe3fcb0d

SHA1
fb2b978686400b1faad45847fab7f6fd30eeb994

SHA256
a8fa45cc4483bf386ee688b8c81e2b325d8a14645024a8d3f44714fa5b963ea0

SHA512
a33cb90524a6e5e907101a557be977536b00e2a83dae57139c84434012d6466a40466a387e80c1980a9f226b905e3d09c87b7dca216364683ddebd29203b2982

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\et.pak

Filesize
468KB

MD5
b8bae8d2a3f3b096a350bd77ea8e77ed

SHA1
3876d03600865d6943e4810eb5db6e005e250105

SHA256
9e45ac59e1b0b92e34f20bad3a49d77a249fe452a530566cde3fc2cbae943b0b

SHA512
aa5c451873af1c594f3f997a0dd165c50db54b2c7dd96f46208ba92fac3cb980903f6209d4c7d2ab9b184b0d366e4a37390373d7e31e87f9ec894a1f8f090e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\fa.pak

Filesize
767KB

MD5
3ec4a63a98a02bc81197eb87d5ffd0ff

SHA1
fab230190b4b7a7d60724b2e80a629d35ec95a59

SHA256
6fb81304d2fd771808cdfb012a20516717658d9f9823f5302503d39bf7e28220

SHA512
4585808b92dcdb9ff7cac836a5a0b914c7badc433a3ce361de5bb9ab669c8079fda1ec006a67360a1163678c2dcee77a46334bbe10cf043aa624361d687753c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\fi.pak

Filesize
478KB

MD5
a1af3eb1d0288e0d6ec0b65eafe2b662

SHA1
0a1515275fd6d9300046779b5862d94cf9505ab2

SHA256
ff53d982a01e8dfe175e4af7aab512964fe5996ef6b13400c6634e4b01e3fbea

SHA512
538263705f9a70e9a5ce80171d256edc487cb1a629f4a56b7383d296c6fdb85d2bd7a26e84593f8d4c00d47f41ba837357ec69df084258fd57d98c6fec67486e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\fil.pak

Filesize
541KB

MD5
cbb431da002cc8b3be6e9fe546cd9543

SHA1
19fbf2715098fc9f8faba1ac3b805e6680bbcca4

SHA256
ab107369d45e105a4cb4f2f6bc8da2a8c1b6c65d5e94a7ab3e703e619c083dae

SHA512
3cabbfd021e5814587dad266c4f5c9f624e9d9278f22658dafd65ff2ad2bdc5f6df8a8672614b296cea826819211e12f8e77f183007c0a79075e2f0980b99911

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\fr.pak

Filesize
559KB

MD5
03cd2eef25e46f3e0f6ace6c7995ee54

SHA1
2e97b42041433fcc27de1cb399f2631e2c9b7560

SHA256
bb706206a7f8ae0b03c6fe5c734c798e3e23190707ac474eed53ce0b15f58507

SHA512
a22742811ec4483f8f302b6d72aaac44bf3c4ff1d7eed04c192715329019e4f4e77cd84a11af8a56a8df5293e78418a8e75d88f0a4661c884ea75a9e6b2e67d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
a9e6d8e291ffec28551fccf4d1b06896

SHA1
adc9784433fbf2ee89bcfe05baea21beb1820570

SHA256
716ea0433e19edb5113dc8a25ae67c2587bc17c7fb63a93ac473bdcef8f72d34

SHA512
3a60002dc6a9008cac78bbc050fc36d1053bfbd21ecf4d0579b2780985d4e7a7aec94483d8b0b8dd7a899b8435d54a27bba68917a23945431183eda021722697

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\he.pak

Filesize
672KB

MD5
4958ab72f72195a86617e51cf583bddd

SHA1
8ceb9955f90ad3a948a23b31b01608cee41b7577

SHA256
25c090842584905842dea419798774eb4c22ea5e6cfbce6021396c9b742edada

SHA512
b1a23a461da674fb85ea8c1a535c0ca240b91d910b97289d91beefcb4f8364c41398a0aceba0c9edfe97aa7d0ec1ef2d2d20c223932864fed4bc57061f530724

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\hi.pak

Filesize
1.1MB

MD5
b841c49767097065ed39966c9819fa90

SHA1
defd854046b36767640d5f65bfe16ac9d738221d

SHA256
77f5e5c53e63126ff7fcdd0a7da8d09af98af93b61f7c343e06c4b86a25e5271

SHA512
f6e23e4be8bb0e4318f8f1d02050f75625b7ca61d0f8b055b2d95722e2eeebc3c520fcad2798f0f88925096b1ee17491d64c650cf1a52508b4db380d3c6fb35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\hr.pak

Filesize
521KB

MD5
86745d197b1be347efd6377929e4792d

SHA1
182031c4a984fb1b6486b5525d26dd21e74e9b78

SHA256
742b1483adf47b86d95296817b4874b63119a5885d396bcbfbe061c8fbf8056c

SHA512
62567bcf626000359447a47be8c8c28b05f5ffd55d52716d264d9373408f81e158b6d8059eb1df2bdaca5141d692af417c5ae34a1f1f5a103ef4a59b4ef2651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\hu.pak

Filesize
561KB

MD5
c65b2136a7fd786c2721fb3f388b159b

SHA1
d8c9d1d4a4198cb913477469bc0dc692a57e1e93

SHA256
75966f97ba3b4f4a3d089f65a6a23ca20dc767ce62848d01977e38a383edae08

SHA512
757f51644040083467df66c9a91926875056ffa10d3fd4a4cbd95bf47c1ad42e9f370d2f7fd7b70d046e9cdbeabb86db8dff8b073dc3f41af35eadb89bb6f10c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\id.pak

Filesize
462KB

MD5
c640796c2b98411759320b9092a5c898

SHA1
e8929646cfbbef821bd5b8faffc13aafb29e23ae

SHA256
23d2be475fc8e98422e160e50d9245f601749df24e5f09b352853e0a15985916

SHA512
dec282ec1ce8c129715afdf862ac065608409cf148bf394a29df0ed7f5898b602c3c9b0f9da6e26a46f637c5da73bbfe2708715868809328a6108aae2ef974d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\it.pak

Filesize
509KB

MD5
f7b37bd87ffcb672373ae5ad067b195a

SHA1
74420317ca4ab2b92559d6fdeefe551f5c3e825e

SHA256
528680be954b25ee0bb5bcd9830edb3974ff3e62779520ed4a24553273f4a81b

SHA512
0d60f9cba087fd8791313dec48835db7e4b934e2f4c7a890f5985fc190c35fb13a6e9eafcd77f6d38f709ee487773878a32bcbaf6b4fb33f68ce0248a853469a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ja.pak

Filesize
622KB

MD5
2375d060aed81cffd56701ce0bb32e61

SHA1
b9bc899b67034018e6e2c690ac4f8454a9c75311

SHA256
0644ec929b7f7a4afde3ecbf07d6808d7493923d8c39f7d1c8082b97443bcff7

SHA512
3b6b2999223d3a95621bb5e1a325c650a4efcd84d9d4aba0275d9c4d22a2a414d43060aa267aa9acb78d5345905dd79adadc5cf96600166621c0fda980182064

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\kn.pak

Filesize
1.2MB

MD5
293f88ac75ca3f990d29653592845042

SHA1
d3b21856ad6be4d00a6a1e4a760adec82e40ea6b

SHA256
8433e5fb1aa16d6f864171fbaf18f8a020c143d898b99f032081c486595adb50

SHA512
67c03d441fef8a228ec0c8e0c95da8c3138523a2c9e4222d3676c28fe821d5b13b3d754e280e899ff8d73c4a7223a4dba3a5d247c601a3c0652455bac1f9e2ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ko.pak

Filesize
526KB

MD5
36500ebc236ece05eff6f9f43bea897a

SHA1
9c9f32fd046799580950c900c2ac3834c3698bf1

SHA256
b53f396e0c2d16cb459c7b14025e76e0f675f1e3c814c822bd46c2e9dc8369e1

SHA512
c91ed7217610f9f4f69006d926495705e7e9ac1509dc201e3a15f41f20159a67019d54f5da2f5d4b201346330dde1c27f71faea122f1516086a205fd906e86d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\lt.pak

Filesize
564KB

MD5
edb2c872a4fec5367cbe68035ef0ecc7

SHA1
b4d42bcc83c98dda1ea2ef962d097f6fb3d25c71

SHA256
1bd385b780f3d13d41f8cf782a322e37be889aee273ffde3d8959e0ebcaabd0b

SHA512
dd801a1aac2242e3f532e968b4c9639a2c8bf3eccc17470d9aa8bd6730ae4be3e7276fb782c7908bb6f87d3ade20a40c644b9db5d2201d96d91fd95ebdf429c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\lv.pak

Filesize
564KB

MD5
393c296fabe0c4c64a7d6b576d7d2cf7

SHA1
16c0605e5829cde9738e1cd3344a59b74fa1f819

SHA256
91642c04de64f88a5c49b4eeaf5d627554e60d56fc40e7cd58cd2601b0d3dbf2

SHA512
067cccb059d4526c104880a26ebf04c7e2498c49c5641abdc91785e859bc0be1475ec58cae9ad1eb076f26fb9215ac246155e123baa13c06a05e4f22a002c2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
b690b0f01954735e1bcea9c2fb2ac4e4

SHA1
8d98860e202b15a712822322058e80a06c471bb8

SHA256
83d187cd70048f4129fa65ba148c74a04a47ee1f14218e7c85b36fe83e87b5e3

SHA512
786f08019a0917d0b3f29aa2d1885db6a6f995990fd8faaf41a9630f8347b4d210a844cc6690a41b4af37d60e11f41fd2675df1a01bab5915e20cd9bc69b4541

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\mr.pak

Filesize
1.0MB

MD5
378f29b8282d7344dcd938dc9f972604

SHA1
f453f175626250af4605548ae16163b7fd27c483

SHA256
3d10d4d40802285f4be0d7f5ebca43aef2645b66f5afc36cf4f11e9e06510776

SHA512
d29125b09b73123957ab00df7500a18c4e08154ddc4f57ee8e9780928b3d31a18c9ad659dd3543fd8d5cf41678f7f1afbd15b8c89b4dc1a87a1f05fd3800f1c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ms.pak

Filesize
484KB

MD5
a269d94587a15e93e5c6da6549821110

SHA1
f88995624f8b044858f035cc05fd9b3308d40397

SHA256
f27b9f0cf0007d874d3065d17a53fcccd6c3be9bfa83b48219d43515c4884130

SHA512
5913627840de05ff8887bd6eb265066fde79dc34d26ec073aabba4f0fc7e605386e1e6b188c1b1374865c0457ce888883cced3614acd76d88741d8c779f01d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\nb.pak

Filesize
471KB

MD5
bf9bfdfab1479bb52254329d7aa229ff

SHA1
cd9ff35321731b839ea6e5f31f5de0bfb475666b

SHA256
96747543d9b2dbfb4482d4c24d7818d366545b2476633ad4fec8cc958ab760d3

SHA512
ba8e62d0a87c532ff46f2129724dd2f1bfdebd99c2606e0b9608cd07841776faeca15d04ec6241020c232d4c07809d718f40cf4ad9231d6a8996d55973486629

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\nl.pak

Filesize
484KB

MD5
52833e5c4c6608c7ba08f1698fb31206

SHA1
27804ef492bbc644f027bdb95836354054f1497d

SHA256
ab326437ed144590f84e9b7c2c38f9de44f85c5afefc084fb80ea92b773fc2ae

SHA512
738edf9c686c8267799a9781e6b96c1e38e0a372c5a63dd6e9034bdc9f37c69032b8d466245ccde7b19515a7c7ab654399f27cb2bdc44da556206a1ad29fe113

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\pl.pak

Filesize
543KB

MD5
8cfa8fb3d4ddaf33e86477e4f986e4fe

SHA1
a79e0dcb7c86e72390ba674d0a017f124604df95

SHA256
7be59c235d1a195491d4721de7bbee3aaa8473afd949b19625d274d5d94d0cfd

SHA512
c7fc8650233a673e9f095fefc256762d9e6326bab78285a6dc9224fa47aa71bd0c3ab3438231d28891527f3c137d93c86c6e9e9b55c5fdf184aae768f2b59925

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\pt-BR.pak

Filesize
511KB

MD5
d5e6233818389c0a6ffc8dd2e0a73318

SHA1
cf0fe8ac0be35566b75fd07fac4e5d49c8d36fb2

SHA256
6c0e879b0747847fd5026cb78f3c3ce1b2bad548ae36ab5a5daee02145994bb8

SHA512
ca9f98f7b5755ceea311d4990007ed53d5d8d6072755e96cf45263c847af5b23c35bb5c3179c0174d2590b52459bb623ee27873d31f923d287caf0b59221a222

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\pt-PT.pak

Filesize
512KB

MD5
134c49a617b734b4b63e007528dddddf

SHA1
08a4722645dbca509a3a8c55c31efbe1e878b139

SHA256
ecbd217a2ac71bf33416760b7b3e510361b6f5f89251836d8e019f9c4b21a058

SHA512
bdb9135de9dc02de2dff6de8e08e440db77290f55cf44cb2014a842748e9510f32b5971602137633d4570d049aae119c2e06baadbaadf444362d9f7cadaa23c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ro.pak

Filesize
531KB

MD5
938e62fca60d7b54e9c54cdd1f745f06

SHA1
5a61a1ef3ae855ff436c5d7f45b6ec271a5228aa

SHA256
82e69f505222125ea62f8e90d8030d82a1bd49871192cb4274a8fd9d0e03d577

SHA512
d3f43881fc951c961cfb34babaa6eba2aa9175865dc07542dc529ab1c11d15703c03a7e8193c004b004d13f0a0672bccb2fcdd1cd88f32add159c337281d6d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ru.pak

Filesize
872KB

MD5
bb85d5b39356569ae8f8a7d32a25892f

SHA1
6a324070cc7ca2db8a707b825ba502701386b81d

SHA256
b2a561f8892248b58b13a9954468f0ec21c89ce0286290d51681575d17e64157

SHA512
6999ac65f770cc34417033cd98b96e47e796d003d16693d0d1423ccbd23f918dd3ae50b2709cf9937ab058b4412baff32af71573d053e84d5180423572400876

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\sk.pak

Filesize
548KB

MD5
6b61db7fcfc28dd532d571dca009412b

SHA1
eb53fcbd2b75b5f899a520ae9d5d08c07ae73165

SHA256
214d1b4d9ba67f6ac350b75be4b7744ee6c48b7af66477b5d91ad9a634d68f0d

SHA512
05041fbf0ba870a45406b26b6759abdc25726685b9ecddb37edf1721a7ce8b4534da3930d23beba36e55e9adeb983a5fc2add2c7e52991289975375802fb9597

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\sl.pak

Filesize
526KB

MD5
200eae7da258f3693022068ddbdc4f59

SHA1
57e4d82b26397961910120bb985cd39dd33bb5f4

SHA256
f8a28ca2c19ae8d3dc798f659ef06e42ab442018ac5ae572f4ed0c9630ab7274

SHA512
c0dcadabaf98d9c2ba0d9070de932d181f5a458d6c4c685a051fedeefe88967554a78fd4ebc26c18e697cde14e5b5cf624adbf08391af4740fb1f0a9523b495d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\sr.pak

Filesize
811KB

MD5
5d70a218b7dcccab0406fa9239ef800b

SHA1
cd231758f84a0d56545d0a234a58757a18a58d0c

SHA256
a2bc6b064ff1f7b15707f61bd76ddd9d889bd982c4182e9e74272d39c6235c85

SHA512
ef6f71e0d9782b5ed6706d9226c1a7fb5a4323b8dc8de25737c7dcca87d04c16b545372127670de312079be993823f565de1aaaf5ad833bec5baa0856c19b0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\sv.pak

Filesize
473KB

MD5
1c7593ace08332b76cbdba33d5429891

SHA1
362b038dba2dc47fe6224b2337bd9c93bfea5173

SHA256
6cf1e6fdf971efe5df86bdbccc3b1bf019563d0187c718d6cd8a552d51ffc0f4

SHA512
33a2015029cdc45daf9d498b410e0e9b1323d9c19e192efb29c3bbf4cd6b11b651032f7c5272031a2fadddf6b7b5b99f10fc040422452204e96e76e7dc0e1f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\sw.pak

Filesize
498KB

MD5
9808a9df2da0844b1ce1a2a4213c48d0

SHA1
541f24f006ddb3361ff1e5015f097ab799120fc4

SHA256
1949953d638f266ce74d84c020174c074780166b880e7c2ec38bc6047bbb8ecc

SHA512
66b256e02ce11ea0273cc5bfa78e56faf8b250208d1e868bf4af77cbefd1c891708573d63873a5d02436f884544a6550176afcd3a8220cd35d64b88987e94404

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
d50aa6815b63aff8c443622cb8bfd849

SHA1
fd247855e6e428109e7bf2e0018580cc6e0663c8

SHA256
6348cc2d385b9808fdf1b815914dbfb26f552da4d10f85b2613a5e6e9f95b8fa

SHA512
620e2f9ab9998c68d667e32ad9bbfa2569f7a60fbc2a67d7492c6c215af2a1037708e38b4ed7932074d29a140581fe0ffedddb362133a941966044b98eaa50db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
d1429c1d2a5d17dffbd239dbe552a08b

SHA1
41fa775005c516e4a9683540bacd3f8c80f430ce

SHA256
ffc3c1066dd722f4a50ff73d6ceb487c4e804d542f4816e213d6d3db933f06c5

SHA512
5149a430ead0deac7a2c51fdb1aca3a0727162f4a406250289f00126dc14320b949c55656bf2f20aa8e0ac37e7cf1b0c44af1947b74c1189ce37ced21fa22ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\th.pak

Filesize
1003KB

MD5
afe6fc0f7da67450b9ac750b396eb118

SHA1
6ef621f50a9e4e5905641ef4972cc3c3a1301f69

SHA256
05efbe80e86282c83b83ee48adbd472c07c566f00e48d057c4824d310b8aabc9

SHA512
1438193da865642c1da0b9f67641a4e5be0b8d5ae80e77e87e618625604b9d0fc2f34c3a6089967f38fee265791e48df39ad00e9ea706c0f4cbd318a0c5dd6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\tr.pak

Filesize
509KB

MD5
afa120ebb9751f0a0ea8fc7c2715b983

SHA1
6be5085131b734b8afd2ef49d4c0a03457a118ff

SHA256
ec33033d23059660ab5b0d3c07e977e92bce91831a3cce562fae25b4c99890f4

SHA512
1082c5089678af44d0386e62d42a8391ba62d3b746146780ef2c09ff2e1a87276f599ffe8ed679f7ebe1795f7f3a872a4a90af239d33dc63ad233cee565d3a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\uk.pak

Filesize
870KB

MD5
d44cb8a32dadf19f118ed27c4f22093d

SHA1
68503901a263652c24e29fdb0b67fa0f8e58759d

SHA256
efd0b7b8ca41f84f96ef4366ac52715b2126ddeb8f1c195e3aad62e3ff8b5636

SHA512
027f6717ddd3b02444364ca6c497cb5611f065efd57d99d715bb566cfc960fffdf087be1c70169ecf1d7cf81d11b9450ccad6c3f3f56084a5d6c9a76fca3fc9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\ur.pak

Filesize
761KB

MD5
29403f3d5c8f6ae2a768de2fbe8b368e

SHA1
da83015565980ea1a24f5493be6311f06427269e

SHA256
2520ba8471c840aa075075524c4ad2bde10f43fa7a1b623aa14555180ecd30ef

SHA512
a0709280adec39633ca19daf9f8bac6c17a999101246778a63cd9e172dbea2f281b20ce197290c4af6c7601ee7956da42f17e31461a1bd8b8a4bce3c36dc87b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\vi.pak

Filesize
602KB

MD5
09e79edd28d43f1a496871e8260c581f

SHA1
9c2457177f8012aae04f3c776ae0d99ffd10711f

SHA256
0b33f69fc2ffada0d2fa6e8ccec271d3bf773e88d402afc5c08fea0535d8cb9d

SHA512
2fc1370521b5d1258d2fa462591fed649952b5fd4627486fa4fa9f755d1368545305db096960cca76fe8583107e34667ec0338ed6d76d738d3755b2e2fc15e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\zh-CN.pak

Filesize
435KB

MD5
c150a465b1e77aadd767a5b6049c4b0d

SHA1
06ad388f50d03a9643ddb8750158fa8ac479ee07

SHA256
ffdb626f59adcfcd0e206bc4c02fb4255374428762832ffbe8d323557bdf22fc

SHA512
cfcebcf74cbd3c8908deb2395e93bb0fb699be9e3885dae43601faf6c73da68cd6074f671419452379155450c4fe7f9f351a938571f0e0e85a6507fb990b042b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\locales\zh-TW.pak

Filesize
430KB

MD5
09bd1bc0df2b220de8cf6f4da42f6a8a

SHA1
4ee3ae66927243e945c3ddab8500dda709d7246b

SHA256
1bcfb95540fb203eee77f6d40329ae5573644f4c6db68518ad5f8222fb6ab4ff

SHA512
5dd50370e57f35061c98b4f336924097e9849bd057d1b5f529852c8650149a1585fb471569b86bdeac0790a97cc8061f837f8eb928a07c5150e985a05fa55ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
b7df07d95b56a4a5802b53486e112aff

SHA1
3bd90c21fddda08906e43fcdf2b487335d19565c

SHA256
b2ce659c78ebbe7e6e5a756279afed30d11ff0628fff3628f30cdc2244ade5af

SHA512
eac384e7ebfca933d73c2a5a2a4285f377e0d3fd7d7c6b40bb6373cdb3e69a01064f158244b77344dabf484097c9b9185847fd2043acff8360c02805dd349d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\resources\app-update.yml

Filesize
111B

MD5
bee701da9a054ea03dd69583b22eb6f0

SHA1
dbb69ea30c8a288f149edd07ce52efa660ecfbc9

SHA256
243461caee5c4ea06a991e32ce931e6138387bd4f1de00c1c1ee5abfc2b1f664

SHA512
c63f7077787d50f48ec26cda4935daba22ac4bc9db684953ca0877007a5390afc6c889e15fdc4cf8217459f8c339730dab4ffb8690a122d985f450648f220de4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\resources\app.asar

Filesize
9.8MB

MD5
521b7062cf9e37921613fec9f30b5e3c

SHA1
8ba7d36378ed717bf07b4fbec64dab9f551c3c94

SHA256
f50e0ee32a020b454cc6ac08b42965fd7f2fe77d5c5b25af718ed42228094838

SHA512
442952d1df00c9ca8ae979feca2ff537bafae9f72aef0caac70371d65bb671909739cfccb668f8fa37fb96d40dbb835bdac96e8116629edb30782e748aa21bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\resources\app.asar.unpacked\resources\icon.ico

Filesize
24KB

MD5
c801bfa84d18b66d31fd469dba9522f5

SHA1
86eaf410b46986e9314dd5c4a95732c11e2a178b

SHA256
bbe6ab28a4fdcb4f90e7c2ef245a4cf7c12a3e5f576676e3307dd5e5de23186d

SHA512
3db9a6cbb79c6cef0d1a7cc6887e3186c3ea7cd70961397a92cc9885ecc99a605f3f2de79270050445b6ba0a6d100368c99a7199be972f3be0d13e9d99360070

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\resources\app.asar.unpacked\resources\icon.png

Filesize
87KB

MD5
f52144c0d1231317eeeb02f2b6220fe4

SHA1
915593f23383f038797a7350c7d0ba4403f41c1a

SHA256
5124619e57f156e0ac70269262605443f62e501004477e3c018024032444b84a

SHA512
b9defab73d740bb7ce37c38adca2b6d67d6e3c3b9fdbf097ea6366d5dde58664d0a983608e2c7f0ddaf9cb21cfb0f5f03b47c1f0c73e6ab2beac63097519dc3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\snapshot_blob.bin

Filesize
270KB

MD5
3126d62daf4090a26b0884544a3f3a80

SHA1
3698491729265c27dbdf7bf89556fafd6d4658c5

SHA256
9f449aa167ae5e6396c50019d2dd4cd725dbdfb575732700a2626fbfb797ca42

SHA512
983971fb005f40fb35839067f7729659aa6bb47b76f8982f372d2597978a913874abe1e886abd49d8312f54c8b39b3455ea014740f4edad9b7ba5968d074491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\v8_context_snapshot.bin

Filesize
627KB

MD5
aee8355acdb3c20763ec3654b9d2f912

SHA1
aa737b26f866f0156c6732f3da692cbe0ce422b0

SHA256
d345c9148103e7b2978281e4d5a2989d75a37ab1dfa93dc76914eabc2eaa1262

SHA512
5773ff43aec801baeaac6299ce654c640916a675775a7029e26d5bb6e2c9f95db83ab5320ef8ab44eae87fd9f31b7c5a10c00f92c61a1f6b78bbbfc17462200d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
85edcc793851a4d7894786e42d68f21c

SHA1
361d272af80479b7ea8b3a58ed1d3106519adf24

SHA256
544543c0b3b2afe73b11d32289b6cccbdc2bc3b6496645fd1dc849bc5fdc80a3

SHA512
4e7e23b4e8e3f090f6944f90d4d2dd93951524c0114c2d132612261c7ca28f241bb9b5a4590039d795cd3a747f8738ea67757b055c7cc636dc565a198bcdb6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\7z-out\vulkan-1.dll

Filesize
925KB

MD5
4e8a3cd60b9c008f11b586f8832a9f23

SHA1
9cc6717fef52dfd31552dae10fec55b362bf622b

SHA256
37ac8b55ba7c47c5048f54b0d064c7b0c393fcbdd5bdde586ac05fcd199960f7

SHA512
1bdc1fb2f8c0e8d41af636fed76c9812024c991a13939a38b9ec5a85e58da4ef0df9d3c80c0dbdd7b4f0c4c0152bf66cbc3d82930bf4b4380414ff2d484111f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
ecdc8696abd7c07de42853a29d4e40e9

SHA1
191d3297b53031c3f495b053a20ed65664a5b245

SHA256
42be489709cb4cea8fbcf9babf78e4d113e6da7481481fa12f22db15e863e38d

SHA512
5f740ea2bcf8890b6a78248671c8e3a21ed1f6893f7bdf313e76d4e359440e6ff2deafa052b9ebc9ba7ce13066964ddda230e5ec59016a5856622aec7186cc7a

Download Submit
\Users\Admin\AppData\Local\Temp\ISTHG .exe

Filesize
177KB

MD5
4b4014d0c6a3b9e399b13061144ac565

SHA1
a2e54264b674632f8bf3b1a3e4c735940ff06fad

SHA256
ae360e8a54d6749a48a22d98a2dd32e7e0f878407875150eb748ac60a13bb84a

SHA512
2f7cda9b55bc4605e5198ed7b94cabe1cf30ec75b865a4aeacc215976e4d515c217bf8763e157a8930e0cf62afedcd3ca31f3594d73be80fbc5c2713543f2c4a

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD79B.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/292-790-0x000000001B750000-0x000000001BA32000-memory.dmp

Filesize
2.9MB

Download
memory/396-783-0x000000001B730000-0x000000001BA12000-memory.dmp

Filesize
2.9MB

Download
memory/660-203-0x0000000001E00000-0x0000000001E08000-memory.dmp

Filesize
32KB

Download
memory/660-202-0x000000001B7E0000-0x000000001BAC2000-memory.dmp

Filesize
2.9MB

Download
memory/948-824-0x0000000000DC0000-0x0000000000DF2000-memory.dmp

Filesize
200KB

Download
memory/2092-6-0x0000000000F40000-0x0000000000F72000-memory.dmp

Filesize
200KB

Download
memory/2092-825-0x0000000000E50000-0x0000000000E5C000-memory.dmp

Filesize
48KB

Download
memory/2336-828-0x0000000000390000-0x00000000003C2000-memory.dmp

Filesize
200KB

Download
memory/2432-638-0x0000000002340000-0x0000000002348000-memory.dmp

Filesize
32KB

Download
memory/2432-637-0x000000001B5F0000-0x000000001B8D2000-memory.dmp

Filesize
2.9MB

Download
memory/2504-830-0x0000000000820000-0x0000000000852000-memory.dmp

Filesize
200KB

Download
memory/3016-622-0x0000000002250000-0x0000000002252000-memory.dmp

Filesize
8KB

Download