7fb63fd8ed79d0b1658d9ceb36347d911fcb381530d297c75bc6431c8f600176

Analysis

max time kernel
47s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2023 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ExLoader_Installer.exe
Size

19.0MB
MD5

eb4545711587d5d2371785a0fc31fa13
SHA1

efff50b0ed9870eb7f6886727c92de259c5fcbbc
SHA256

7fb63fd8ed79d0b1658d9ceb36347d911fcb381530d297c75bc6431c8f600176
SHA512

7a029f99e6faa2eff31db776ad7c18888a2ab27d4fe93ffdae94f90ece187e369cbd7fc2180e0e69f99df9f54f206fc4d83edbf07b73e9a9414bbb45b68641f4
SSDEEP

393216:QXOZwmnD4T1mS3K35CJsVpTeBPVOECFsu2yVTcntWXD4:xXDi1l8DpSBPVFksaTLD4

Score

7^/10

spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	ExLoader_Installer.exe

Executes dropped EXE 4 IoCs

pid	Process
3532	ExLoader_Installer.exe
3824	ExLoader.exe
3408	OperaSetup.exe
5052	OperaSetup.exe

Loads dropped DLL 19 IoCs

pid	Process
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3824	ExLoader.exe
3408	OperaSetup.exe
5052	OperaSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00090000000231b8-1827.dat	upx
behavioral2/files/0x00090000000231b8-1832.dat	upx
behavioral2/memory/3408-1833-0x00000000008E0000-0x0000000000E15000-memory.dmp	upx
behavioral2/files/0x00090000000231b8-1855.dat	upx
behavioral2/memory/5052-1859-0x00000000008E0000-0x0000000000E15000-memory.dmp	upx
behavioral2/files/0x00090000000231b8-1863.dat	upx
behavioral2/files/0x00060000000236c8-1867.dat	upx
behavioral2/memory/3932-1869-0x00000000004F0000-0x0000000000A25000-memory.dmp	upx
behavioral2/memory/3932-1885-0x00000000004F0000-0x0000000000A25000-memory.dmp	upx
behavioral2/memory/1228-1889-0x00000000008E0000-0x0000000000E15000-memory.dmp	upx
behavioral2/memory/2888-1890-0x00000000008E0000-0x0000000000E15000-memory.dmp	upx
behavioral2/memory/3408-1908-0x00000000008E0000-0x0000000000E15000-memory.dmp	upx
behavioral2/memory/2888-1912-0x00000000008E0000-0x0000000000E15000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\do.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-memory-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\kg.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\resolved.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_negev.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_revolver.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-datetime-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\vccorlib140d.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\bz.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\cd.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\us-ca.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\legendary%20eagle%20master.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\fk.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\wf.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\shaders\ink_sparkle.frag	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ga.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\keyboard-properties.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\gold%20nova%20master.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_knife_css.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_ump45.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\summerstart.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\cw.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\resume.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\other_items\grenade.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\warcraft.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\answer.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\thumb-up.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_xm1014.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trash.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\gold%20nova%20i.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\id.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\je.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search-alternative.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\swords.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ms.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\add.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\tank.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-rtlsupport-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\packages\media_kit\assets\web\hls1.4.10.js	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ae.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\cg.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ml.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-crt-stdio-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\vi.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\library.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\silver%20iv.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-synch-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ss.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\settings.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\silver%20i.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-crt-string-l1-1-0.dll	ExLoader_Installer.exe
File created	C:\Program Files\ExLoader\ExLoader.zip	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\halloween.ico	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\cloud.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\cats.ico	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\bs.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\favourite-add.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\vk_swiftshader.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\fallguys.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\et.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\gb-eng.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\mw.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unverified.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\war.ico	ExLoader_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2612	tasklist.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3668	powershell.exe
3668	powershell.exe
3668	powershell.exe
3120	powershell.exe
3120	powershell.exe
3120	powershell.exe
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3668	powershell.exe
Token: SeDebugPrivilege	2612	tasklist.exe
Token: SeDebugPrivilege	3120	powershell.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3532	ExLoader_Installer.exe
3532	ExLoader_Installer.exe
3824	ExLoader.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 3532	3944	ExLoader_Installer.exe	87
PID 3944 wrote to memory of 3532	3944	ExLoader_Installer.exe	87
PID 3532 wrote to memory of 4508	3532	ExLoader_Installer.exe	91
PID 3532 wrote to memory of 4508	3532	ExLoader_Installer.exe	91
PID 4508 wrote to memory of 4244	4508	cmd.exe	96
PID 4508 wrote to memory of 4244	4508	cmd.exe	96
PID 3532 wrote to memory of 2380	3532	ExLoader_Installer.exe	94
PID 3532 wrote to memory of 2380	3532	ExLoader_Installer.exe	94
PID 2380 wrote to memory of 1444	2380	cmd.exe	95
PID 2380 wrote to memory of 1444	2380	cmd.exe	95
PID 3532 wrote to memory of 3668	3532	ExLoader_Installer.exe	102
PID 3532 wrote to memory of 3668	3532	ExLoader_Installer.exe	102
PID 3668 wrote to memory of 2612	3668	powershell.exe	106
PID 3668 wrote to memory of 2612	3668	powershell.exe	106
PID 3532 wrote to memory of 4176	3532	ExLoader_Installer.exe	107
PID 3532 wrote to memory of 4176	3532	ExLoader_Installer.exe	107
PID 4176 wrote to memory of 3400	4176	cmd.exe	109
PID 4176 wrote to memory of 3400	4176	cmd.exe	109
PID 3532 wrote to memory of 4296	3532	ExLoader_Installer.exe	111
PID 3532 wrote to memory of 4296	3532	ExLoader_Installer.exe	111
PID 4296 wrote to memory of 1940	4296	cmd.exe	113
PID 4296 wrote to memory of 1940	4296	cmd.exe	113
PID 3532 wrote to memory of 3120	3532	ExLoader_Installer.exe	114
PID 3532 wrote to memory of 3120	3532	ExLoader_Installer.exe	114
PID 3532 wrote to memory of 4108	3532	ExLoader_Installer.exe	118
PID 3532 wrote to memory of 4108	3532	ExLoader_Installer.exe	118
PID 4108 wrote to memory of 3648	4108	cmd.exe	119
PID 4108 wrote to memory of 3648	4108	cmd.exe	119
PID 3532 wrote to memory of 1204	3532	ExLoader_Installer.exe	120
PID 3532 wrote to memory of 1204	3532	ExLoader_Installer.exe	120
PID 1204 wrote to memory of 1716	1204	cmd.exe	122
PID 1204 wrote to memory of 1716	1204	cmd.exe	122
PID 3532 wrote to memory of 4832	3532	ExLoader_Installer.exe	123
PID 3532 wrote to memory of 4832	3532	ExLoader_Installer.exe	123
PID 4832 wrote to memory of 1356	4832	cmd.exe	125
PID 4832 wrote to memory of 1356	4832	cmd.exe	125
PID 3532 wrote to memory of 4188	3532	ExLoader_Installer.exe	126
PID 3532 wrote to memory of 4188	3532	ExLoader_Installer.exe	126
PID 4188 wrote to memory of 4760	4188	cmd.exe	128
PID 4188 wrote to memory of 4760	4188	cmd.exe	128
PID 3532 wrote to memory of 3824	3532	ExLoader_Installer.exe	129
PID 3532 wrote to memory of 3824	3532	ExLoader_Installer.exe	129
PID 3532 wrote to memory of 2924	3532	ExLoader_Installer.exe	131
PID 3532 wrote to memory of 2924	3532	ExLoader_Installer.exe	131
PID 2924 wrote to memory of 4332	2924	cmd.exe	132
PID 2924 wrote to memory of 4332	2924	cmd.exe	132
PID 3532 wrote to memory of 1648	3532	ExLoader_Installer.exe	134
PID 3532 wrote to memory of 1648	3532	ExLoader_Installer.exe	134
PID 1648 wrote to memory of 2252	1648	cmd.exe	136
PID 1648 wrote to memory of 2252	1648	cmd.exe	136
PID 3532 wrote to memory of 3408	3532	ExLoader_Installer.exe	137
PID 3532 wrote to memory of 3408	3532	ExLoader_Installer.exe	137
PID 3532 wrote to memory of 3408	3532	ExLoader_Installer.exe	137
PID 3824 wrote to memory of 4144	3824	ExLoader.exe	139
PID 3824 wrote to memory of 4144	3824	ExLoader.exe	139
PID 3408 wrote to memory of 5052	3408	OperaSetup.exe	138
PID 3408 wrote to memory of 5052	3408	OperaSetup.exe	138
PID 3408 wrote to memory of 5052	3408	OperaSetup.exe	138

C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3532
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4508
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:4244
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:1444
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "ExLoader.exe\"" /FO CSV | sort
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3668
  - - C:\Windows\System32\tasklist.exe
      "C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq ExLoader.exe" /FO CSV
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2612
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4176
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
      4⤵
      PID:3400
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4296
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop
      4⤵
      PID:1940
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3120
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4108
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time
      4⤵
      PID:3648
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"
      4⤵
      PID:1716
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"
      4⤵
      PID:1356
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4188
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"
      4⤵
      PID:4760
- - C:\Program Files\ExLoader\ExLoader.exe
    "C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3824
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:4144
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:404
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:4252
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate
      4⤵
      PID:4332
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
      4⤵
      PID:2252
- - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
    C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=102.0.4880.78 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x754d3600,0x754d3610,0x754d361c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3408 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230929231357" --session-guid=386c3532-243f-4105-8486-7407b6e0d0b7 --server-tracking-blob="NTA2NWFkMDNkYTFkZTk5NDBkMGUzOWMzZmE3OWQ2NjYzMjBhM2IzNGU3MTc0NzE1MDk2MDk0MmM1NGRjYWVjNTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjk2MDI5MjI4LjU4MjciLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuMSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJORVdfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiY2QzZTEyZmEtYzM5ZC00M2Q2LTgxNDUtNWY3Njg2YWUxZGE0In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=8405000000000000
      4⤵
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=102.0.4880.78 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x736a3600,0x736a3610,0x736a361c
        5⤵
        
        PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\assistant\Assistant_100.0.4815.21_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\assistant\Assistant_100.0.4815.21_Setup.exe_sfx.exe"
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\assistant\assistant_installer.exe" --version
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=100.0.4815.21 --initial-client-data=0x268,0x26c,0x270,0x248,0x274,0x78e8a0,0x78e8b0,0x78e8bc
        5⤵
        
        PID:2864

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ExLoader\ExLoader.zip

Filesize
42.0MB

MD5
848636803e2a6fcedd833dbbf02de03c

SHA1
eb65b1b136c0ae2faa6efe577213b62107c0e914

SHA256
02b10e95cdb2475b0b2bbfc691edc2c785d9fe6c63f0f5c71ec308cbadee08eb

SHA512
3eaf5570c8d233f65092fdb957c3efa91c86ba7b72cbb7b6b5a2660147aaa96008ee84adc315718f895342a600cad76dc944ce03a67a0843f56fae0de07a537f

Download Submit
C:\Program Files\ExLoader\MSVCP140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Program Files\ExLoader\VCRUNTIME140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Program Files\ExLoader\VCRUNTIME140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Program Files\ExLoader\data\app.so

Filesize
14.1MB

MD5
5af88dda3a09c84e7d0db46a68cb72c9

SHA1
816fe361ac3a3b55adf67fd78414c5764236b2ab

SHA256
cfe608d3b4f954e00394c5fbb8a12357d799337d894d08856aa0993fd8df1ac2

SHA512
c3a52c7958cb5816816853d415b802cee00a402fa84a11faffa01f4b9286764598d013126d64233f99ce370d87c9795466da2cc67c17d7a7c370765b3309342f

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\FontManifest.json

Filesize
687B

MD5
08916680285af6ddf4adbd1dd265487d

SHA1
e5fa77912a69248aab08714c5b605df62c469f33

SHA256
ef252f80a090c0ae1499c34148c27f3e982100b25c8daa9921d102343383f751

SHA512
68c9858777147a6a1c4932c13149aba4bb97453a3aface4c80077a5746ed493c811e36cd89b838e34429e91b1833b1866177b4bfc216129d555f310fe71a108f

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\flags\au.png

Filesize
3KB

MD5
547afa2ae4ca6cdc6393606d03e953d4

SHA1
6bde65e0ac8c6350ba88797d39178a43600ddd23

SHA256
dbcea978deaebf92b7c3df6aef8d21a8acfd177ca2be03a888a600b7027f2a10

SHA512
26b9546bd5d9e680b867766ffa7667de21c72eff980636a8b7bd4b72fd1fdfa0220e58038276ce804a70343c2d190045faf390f2dd4e56e07378324ee1a5959c

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\flags\um.png

Filesize
2KB

MD5
58d98fcc9237832c42164f413fe906e9

SHA1
74af76d12c341b469499630471916380d6d8e046

SHA256
9536030a6f2caaa15c950f28d8d9386afef5a667b05e8760975a74b5cc7f9f46

SHA512
f550015eca03527f7e54651ddfbbb10055b4bd798fad1df8450fa11c76731ad259aac0f8b151280e3e685e53e667402848efaf418d5d86751150822decb36df0

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\icons\exloader.svg

Filesize
2KB

MD5
1f9c6b46612b6ad6ccd00b853d4a3bed

SHA1
f9a33ee31b5bea95f108bd4255b6378300c97d66

SHA256
c3f443c6278137c085774568a4a5cb58eaab92df839503b1eb4264098772dcd7

SHA512
6a550cfabed5992dbbf4a1fd7ce85da8be57edfc9ee0c7eb8fe751c12bd4d6e07188b91ec69a3b6d377a49f305119dd59202e8f33b5df6952652cb180106fe8d

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\icons\plug.svg

Filesize
717B

MD5
caf11f87032e5d9d76c25d48884d1ca9

SHA1
faadcb8c72717c243f827324b55f575df80d27a6

SHA256
2b854b9c4dfc355d083dcf045c95f1077b1c086085901683a857e5b1958f7d59

SHA512
657810c32bb2d93aa610ff8c61cc381835f8fd57bd1d22e888bc9a4ad544ab92bcfa1ed23b1188e90627ccb9c6b41827a0171d85bdafc81fd5e285b400e83cbe

Download Submit
C:\Program Files\ExLoader\data\icudtl.dat

Filesize
798KB

MD5
cf772cf9f6ca67f592fe47da2a15adb1

SHA1
9cc4d99249bdba8a030daf00d98252c8aef7a0ff

SHA256
ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30

SHA512
0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

Download Submit
C:\Program Files\ExLoader\exloader.exe

Filesize
207KB

MD5
ee1507f73475f6fb555c2f3f8c083e9c

SHA1
c6e9db5b4326da92debb81f98cce01967a3281a6

SHA256
136129fff70947e6cc2beef0b40624b4913d664173eb3f55d495e465e7e1dc0d

SHA512
8b925f67ce70e2a4aa8fe6928886e7193ef71adcf3f3fe0d50234807ef75735e517b98c76be2bcb65f98a7b0f9a117f888b0670a57efd6badefadc2516b4b110

Download Submit
C:\Program Files\ExLoader\exloader.exe

Filesize
207KB

MD5
ee1507f73475f6fb555c2f3f8c083e9c

SHA1
c6e9db5b4326da92debb81f98cce01967a3281a6

SHA256
136129fff70947e6cc2beef0b40624b4913d664173eb3f55d495e465e7e1dc0d

SHA512
8b925f67ce70e2a4aa8fe6928886e7193ef71adcf3f3fe0d50234807ef75735e517b98c76be2bcb65f98a7b0f9a117f888b0670a57efd6badefadc2516b4b110

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll

Filesize
17.0MB

MD5
7ca5f8f023ca7874ac6f3daa6859d1fd

SHA1
da7954d134531a73a3bfa1af19b945d9d839ca14

SHA256
712de14e6b587f8257ffca07d4f5332220f8634b604d52dc1d25601f2f284e1a

SHA512
10a914b6093cdeab9076009260a5a2d080bc483503b0b610e36f3d594d74b80df20c32b7cfccf3c6e1476979fd4112e21da97eddca7e13f4fd629ecf0428fcc7

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll

Filesize
17.0MB

MD5
7ca5f8f023ca7874ac6f3daa6859d1fd

SHA1
da7954d134531a73a3bfa1af19b945d9d839ca14

SHA256
712de14e6b587f8257ffca07d4f5332220f8634b604d52dc1d25601f2f284e1a

SHA512
10a914b6093cdeab9076009260a5a2d080bc483503b0b610e36f3d594d74b80df20c32b7cfccf3c6e1476979fd4112e21da97eddca7e13f4fd629ecf0428fcc7

Download Submit
C:\Program Files\ExLoader\media_kit\libEGL.dll

Filesize
461KB

MD5
0f61da7cea39e89861117f3cb4620dae

SHA1
9ca286bf6d5617eb38101d5e166edac29497c9c5

SHA256
b2590bd0692f0381fc45c20bf1c7f7f713c9ea19c7ea6bab62efdd1fadc4eaac

SHA512
7dc2bbce9808e00122ae0d960ad6b0156d201494aedf4c4c9e261f50986b72dd19b41d443138ffdf1b2e5b8e29614f0a1e909e4c867262eab311f6675618369d

Download Submit
C:\Program Files\ExLoader\media_kit\libGLESv2.dll

Filesize
7.1MB

MD5
d22c92bee4e7a14d6c74e7376eca7605

SHA1
0592d72d5e0e38e5cfd9a090309260962bf8c4d9

SHA256
620bb6e38d7ed6c760a0cf4a8eb6a8f64b259b96ff286551cd32cefc6c35ca39

SHA512
2aeec8ccf9db442a2b1e3b391e6c3e899de1266199e6ee6040aceeaf8931e1d10c55ea1ab9ebbd3cc662bf56aea698c09e38f75c7b3e8b0b27c02af63d36993f

Download Submit
C:\Program Files\ExLoader\media_kit\libegl.dll

Filesize
461KB

MD5
0f61da7cea39e89861117f3cb4620dae

SHA1
9ca286bf6d5617eb38101d5e166edac29497c9c5

SHA256
b2590bd0692f0381fc45c20bf1c7f7f713c9ea19c7ea6bab62efdd1fadc4eaac

SHA512
7dc2bbce9808e00122ae0d960ad6b0156d201494aedf4c4c9e261f50986b72dd19b41d443138ffdf1b2e5b8e29614f0a1e909e4c867262eab311f6675618369d

Download Submit
C:\Program Files\ExLoader\media_kit\libglesv2.dll

Filesize
7.1MB

MD5
d22c92bee4e7a14d6c74e7376eca7605

SHA1
0592d72d5e0e38e5cfd9a090309260962bf8c4d9

SHA256
620bb6e38d7ed6c760a0cf4a8eb6a8f64b259b96ff286551cd32cefc6c35ca39

SHA512
2aeec8ccf9db442a2b1e3b391e6c3e899de1266199e6ee6040aceeaf8931e1d10c55ea1ab9ebbd3cc662bf56aea698c09e38f75c7b3e8b0b27c02af63d36993f

Download Submit
C:\Program Files\ExLoader\media_kit\libmpv-2.dll

Filesize
28.2MB

MD5
1e07dad08afd18526860ec3b7b295527

SHA1
3a5ca91c5606edee384c46892ca93e099891131a

SHA256
8fc0fcc2e119907da0402ae64b830afa74f822148c7d40d75def56eaaa69e9b3

SHA512
a3b7e117cbcabac826b19070e2b082f9b16c003957d66049db26b7be244a9128eea264139b8c7fc032af1d694ed9345d1a7a73f28a0dca089a78f5202e31ab55

Download Submit
C:\Program Files\ExLoader\media_kit\libmpv-2.dll

Filesize
28.2MB

MD5
1e07dad08afd18526860ec3b7b295527

SHA1
3a5ca91c5606edee384c46892ca93e099891131a

SHA256
8fc0fcc2e119907da0402ae64b830afa74f822148c7d40d75def56eaaa69e9b3

SHA512
a3b7e117cbcabac826b19070e2b082f9b16c003957d66049db26b7be244a9128eea264139b8c7fc032af1d694ed9345d1a7a73f28a0dca089a78f5202e31ab55

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll

Filesize
11KB

MD5
b0bb1f4ea43ce13eab228c141f33f1b8

SHA1
3959a93c05d63d1d183be930ee906bcdc54146e9

SHA256
18a0219c3e25b9afda13899a0c95608bf89d0ddc67621d34624e5b17879346da

SHA512
0bf5cfb1045fa798eeff0015cd8e7188dbf19f4c51eb2d9731364cfc274a2b5ee7a7b27c4a0e8bd8940b8f0124367ff3b242204869673eb0e0e1bd27561d5413

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll

Filesize
11KB

MD5
b0bb1f4ea43ce13eab228c141f33f1b8

SHA1
3959a93c05d63d1d183be930ee906bcdc54146e9

SHA256
18a0219c3e25b9afda13899a0c95608bf89d0ddc67621d34624e5b17879346da

SHA512
0bf5cfb1045fa798eeff0015cd8e7188dbf19f4c51eb2d9731364cfc274a2b5ee7a7b27c4a0e8bd8940b8f0124367ff3b242204869673eb0e0e1bd27561d5413

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_native_event_loop.dll

Filesize
36KB

MD5
c5d62464e6c192aee294525b8210859d

SHA1
ccb1c2e40a17dbd083d60174681daa686e53fc39

SHA256
c8b3cf68b34fa5c1fb5965f626076b93858cdf3ad75971e9c471fe7263b154c9

SHA512
0f2284077fbecb16f550c4b4258708e2aa889b4bb50bef7d5ce7347d3586b80e68c9581f2eeb93fb27bfb0b5aba36917dada24f410de0f42d3c2b96de8debcc1

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_native_event_loop.dll

Filesize
36KB

MD5
c5d62464e6c192aee294525b8210859d

SHA1
ccb1c2e40a17dbd083d60174681daa686e53fc39

SHA256
c8b3cf68b34fa5c1fb5965f626076b93858cdf3ad75971e9c471fe7263b154c9

SHA512
0f2284077fbecb16f550c4b4258708e2aa889b4bb50bef7d5ce7347d3586b80e68c9581f2eeb93fb27bfb0b5aba36917dada24f410de0f42d3c2b96de8debcc1

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll

Filesize
137KB

MD5
bbaf08591f8fcdba269d0df8ab03e652

SHA1
e53326aad5fa4d6c4b54115e4b9e6ab6f7792660

SHA256
8ed9dd70c3ee642ebf0ec4b79bac28529d0becc6337d6354d145b449274dbcc9

SHA512
a66b17ff8de6e37f9c94ff537c77efd5a66df85f16310f38545688516ec0ffb5c2330564eef1c71d335c9378e9f85fca1536180d49c08eaa7464fa50f707d0e5

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll

Filesize
137KB

MD5
bbaf08591f8fcdba269d0df8ab03e652

SHA1
e53326aad5fa4d6c4b54115e4b9e6ab6f7792660

SHA256
8ed9dd70c3ee642ebf0ec4b79bac28529d0becc6337d6354d145b449274dbcc9

SHA512
a66b17ff8de6e37f9c94ff537c77efd5a66df85f16310f38545688516ec0ffb5c2330564eef1c71d335c9378e9f85fca1536180d49c08eaa7464fa50f707d0e5

Download Submit
C:\Program Files\ExLoader\media_kit\screen_brightness_windows_plugin.dll

Filesize
91KB

MD5
165244bd11540a4477b9aebb655e3f7c

SHA1
123cf8797c0685fa1d2462dbcca234da1f25323b

SHA256
18740428c9deb7422cc1af8bfdb9cfe93b0b3cf5e7c2dc78d09c4385b73ee154

SHA512
2f0d00ad77bb023b4a6451d55df5c8c217b72db2b27e97e12fe5002566656cfe83b019688fb98f3cff9902ab3273cc8bca8aa83dd77eeb5e072099184c6468d4

Download Submit
C:\Program Files\ExLoader\media_kit\screen_brightness_windows_plugin.dll

Filesize
91KB

MD5
165244bd11540a4477b9aebb655e3f7c

SHA1
123cf8797c0685fa1d2462dbcca234da1f25323b

SHA256
18740428c9deb7422cc1af8bfdb9cfe93b0b3cf5e7c2dc78d09c4385b73ee154

SHA512
2f0d00ad77bb023b4a6451d55df5c8c217b72db2b27e97e12fe5002566656cfe83b019688fb98f3cff9902ab3273cc8bca8aa83dd77eeb5e072099184c6468d4

Download Submit
C:\Program Files\ExLoader\msvcp140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Program Files\ExLoader\vcruntime140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Program Files\ExLoader\vcruntime140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a2b24af1492f112d2e53cb7415fda39f

SHA1
dbfcee57242a14b60997bd03379cc60198976d85

SHA256
fa05674c1db3386cf01ba1db5a3e9aeb97e15d1720d82988f573bf9743adc073

SHA512
9919077b8e5c7a955682e9a83f6d7ab34ac6a10a3d65af172734d753a48f7604a95739933b8680289c94b4e271b27c775d015b8d9678db277f498d8450b8aff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

Filesize
2.8MB

MD5
ad560e45aac073eca3a92d2b8d171bf2

SHA1
c6a5f9487890da0009a3a3cf727e6cb32dfed1ab

SHA256
7ad3c5935ea2776de59fa8cbb216f1be6c9bbdb7a52f1abdbc0fb0be942c1fb8

SHA512
fe4f2103a94de26b5322cd271a7f119f720c08a468f37206e9c697d9bcf5e54cd523e0349ee74e00967a043607f6f7aa02572636c1deccca7ab734efee0c5bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\additional_file0.tmp

Filesize
2.4MB

MD5
79ef7e63ffe3005c8edacaa49e997bdc

SHA1
9a236cb584c86c0d047ce55cdda4576dd40b027e

SHA256
388a4c959063e7edf133058e2cf797574bed808776a7c9a0307aaeb718ff7bd1

SHA512
59ee17f0f452617bcd1a4e42947310c52c21e88d31f1d6a09ebdb6ab400fcb1f997627a0f97fa185e58683d65a45425f8a7ec698f63a84d91c838e0f7e899094

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202309292313571\opera_package

Filesize
64.9MB

MD5
b6ee087effe0342f24ce47a247548204

SHA1
a158b5694b7aa196ccbd2ed5b5716d90302f5e72

SHA256
b5f1696e79f0640f5925af16a394fa0fe7cc42e98f628f7a09862be96292ca83

SHA512
2ea6576566662524bab3180b33e7bda1d07b09af06e4db8e04d7cd438cf1fbd42574fa7eb855af176b3d6cc1ad2065b71da6665b134d263662eb8c6d75903501

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

Filesize
2.8MB

MD5
ad560e45aac073eca3a92d2b8d171bf2

SHA1
c6a5f9487890da0009a3a3cf727e6cb32dfed1ab

SHA256
7ad3c5935ea2776de59fa8cbb216f1be6c9bbdb7a52f1abdbc0fb0be942c1fb8

SHA512
fe4f2103a94de26b5322cd271a7f119f720c08a468f37206e9c697d9bcf5e54cd523e0349ee74e00967a043607f6f7aa02572636c1deccca7ab734efee0c5bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

Filesize
2.8MB

MD5
ad560e45aac073eca3a92d2b8d171bf2

SHA1
c6a5f9487890da0009a3a3cf727e6cb32dfed1ab

SHA256
7ad3c5935ea2776de59fa8cbb216f1be6c9bbdb7a52f1abdbc0fb0be942c1fb8

SHA512
fe4f2103a94de26b5322cd271a7f119f720c08a468f37206e9c697d9bcf5e54cd523e0349ee74e00967a043607f6f7aa02572636c1deccca7ab734efee0c5bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

Filesize
2.8MB

MD5
ad560e45aac073eca3a92d2b8d171bf2

SHA1
c6a5f9487890da0009a3a3cf727e6cb32dfed1ab

SHA256
7ad3c5935ea2776de59fa8cbb216f1be6c9bbdb7a52f1abdbc0fb0be942c1fb8

SHA512
fe4f2103a94de26b5322cd271a7f119f720c08a468f37206e9c697d9bcf5e54cd523e0349ee74e00967a043607f6f7aa02572636c1deccca7ab734efee0c5bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

Filesize
2.8MB

MD5
ad560e45aac073eca3a92d2b8d171bf2

SHA1
c6a5f9487890da0009a3a3cf727e6cb32dfed1ab

SHA256
7ad3c5935ea2776de59fa8cbb216f1be6c9bbdb7a52f1abdbc0fb0be942c1fb8

SHA512
fe4f2103a94de26b5322cd271a7f119f720c08a468f37206e9c697d9bcf5e54cd523e0349ee74e00967a043607f6f7aa02572636c1deccca7ab734efee0c5bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2309292313535423408.dll

Filesize
4.6MB

MD5
61bb892a801262be232ea98e2c128331

SHA1
8c0fc39857c25e3bdf0577e0ff4d04f4969939b8

SHA256
a7ab470673da5a6a82f96e5f7140b3e7166f7bed9fcbb379a995a078323a1c62

SHA512
38ce408771554c1e3aaf351bc2e00c94bb62af8158b1c63668a0f54f35dffcd3eff66a765a484db54078f8dafb1a6e033c1b677e683058a1ab7657793ad97bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2309292313547935052.dll

Filesize
4.6MB

MD5
61bb892a801262be232ea98e2c128331

SHA1
8c0fc39857c25e3bdf0577e0ff4d04f4969939b8

SHA256
a7ab470673da5a6a82f96e5f7140b3e7166f7bed9fcbb379a995a078323a1c62

SHA512
38ce408771554c1e3aaf351bc2e00c94bb62af8158b1c63668a0f54f35dffcd3eff66a765a484db54078f8dafb1a6e033c1b677e683058a1ab7657793ad97bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2309292313563383932.dll

Filesize
4.6MB

MD5
61bb892a801262be232ea98e2c128331

SHA1
8c0fc39857c25e3bdf0577e0ff4d04f4969939b8

SHA256
a7ab470673da5a6a82f96e5f7140b3e7166f7bed9fcbb379a995a078323a1c62

SHA512
38ce408771554c1e3aaf351bc2e00c94bb62af8158b1c63668a0f54f35dffcd3eff66a765a484db54078f8dafb1a6e033c1b677e683058a1ab7657793ad97bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
181KB

MD5
00c1261303883e59814c4092da26920d

SHA1
1100f1ec4b69a2166fcfc9768d4a4279d48315d2

SHA256
bff32fdbce2548679c9b3e080df41860cbcf89eb5c5a7b440ac01079bfde7b23

SHA512
2e650e5cd93d5ab177da3c612895e7133a946f4bf5603dcf8b7f966fe6159b7cb05d7937bfc4c28da716421df9c21d0f1aca0f6c906a5279d82538684a6aa3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
181KB

MD5
00c1261303883e59814c4092da26920d

SHA1
1100f1ec4b69a2166fcfc9768d4a4279d48315d2

SHA256
bff32fdbce2548679c9b3e080df41860cbcf89eb5c5a7b440ac01079bfde7b23

SHA512
2e650e5cd93d5ab177da3c612895e7133a946f4bf5603dcf8b7f966fe6159b7cb05d7937bfc4c28da716421df9c21d0f1aca0f6c906a5279d82538684a6aa3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
181KB

MD5
00c1261303883e59814c4092da26920d

SHA1
1100f1ec4b69a2166fcfc9768d4a4279d48315d2

SHA256
bff32fdbce2548679c9b3e080df41860cbcf89eb5c5a7b440ac01079bfde7b23

SHA512
2e650e5cd93d5ab177da3c612895e7133a946f4bf5603dcf8b7f966fe6159b7cb05d7937bfc4c28da716421df9c21d0f1aca0f6c906a5279d82538684a6aa3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

Filesize
13.2MB

MD5
082fa743dda09b6c700f2655e12afba8

SHA1
5d0ffc03b72eb13d6e8928b84449acae37eb2500

SHA256
1ab142ebcf759c5010bfefc8cf6dcfc49bc7bf5a89bb29e53789aeac9e65a110

SHA512
65497ab99d770d5260c5cd291eb0a2ffd1d33f30303644f777501c504a779863dc2c5cf0b1b9b44be2afac0340c21f40f402181492d7fe37b25502f29fd5d584

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

Filesize
35KB

MD5
3675ec9952d2222bfffe7a52719955f2

SHA1
4bf2485bbeebc2ad81b864ea17381624e128b954

SHA256
b085e95ef2daa7335288bdf595b56cfcc6597311431e685938f6241850338a27

SHA512
6c82c944a4fac6051a54891fd62e233881a50626b4416a7aff2eb21c69b370b64856711244ef289dbf45db8f9bea20c95dfa7ea8ca884bad233202fd73024d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

Filesize
687B

MD5
08916680285af6ddf4adbd1dd265487d

SHA1
e5fa77912a69248aab08714c5b605df62c469f33

SHA256
ef252f80a090c0ae1499c34148c27f3e982100b25c8daa9921d102343383f751

SHA512
68c9858777147a6a1c4932c13149aba4bb97453a3aface4c80077a5746ed493c811e36cd89b838e34429e91b1833b1866177b4bfc216129d555f310fe71a108f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf

Filesize
1.6MB

MD5
e7069dfd19b331be16bed984668fe080

SHA1
fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

SHA256
d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

SHA512
27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warcraft.jpg

Filesize
52KB

MD5
a48a77f8b3f8f7e6a9661776472b14c0

SHA1
7118461b780b558939a325a319e8515edbbedef1

SHA256
2e58bd1444d8452ba963e877601e8942a1560abdd44c16ed33580148322234ba

SHA512
f6a8a2844d872b650fc6342f809198bf078cf2d472c1b43f18529a0216393f6494202ab3b95ffef560fdba4bee7a4c6a85be49d9151cbd52c0c870d65c6e47fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\flags\RE.png

Filesize
2KB

MD5
23f2c7dc04bfe492598bc440f57114af

SHA1
c30b386b7138a1d89b90f0e679ef58f4c545ba42

SHA256
94a0c4bc3aa825e44d36b0a463f9bfb012c2156392594a8ac6d76b389776e3a9

SHA512
edbc28f9f61ad48ac02e1bcb0f862249b5baf352289e068cb5df5552b5e9752a205e7b093b7caedccf4230186659d4b12579433ae8141b5129a5a6cf4c6bc5f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\flags\SJ.png

Filesize
2KB

MD5
bf25a4249d34f915ec1a246a468290cc

SHA1
5cc47373c11ff0488929124e18e280c7eb36b232

SHA256
0dd0e0a0d72ff4179b11afd5367a72b000de4a5c5ea0362f1f1723f80a3a2d22

SHA512
982fbc34c0c0ccad148b6745185af317bbe12215e08c879c6a06a7073d2afbcbc70c4fed9e028cc91a6a1eaa1fece064dbddf415a4b97a799dbfb1debcc02337

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Black.ttf

Filesize
159KB

MD5
35e0e2e7a5b03275ba569a214edbab77

SHA1
b341b185db9c7231884558dcdab0124d2f5ed1d0

SHA256
2d1149ca6075e3559fa4234107474b3b500bc479baa0bdaa8a99563a587c62f5

SHA512
e3d752d8fd5a7306dcf8fc428b72df1668991b7152b66fba41e365cc61626f8ddfc8092dbcbc2b2ef3acea5c09496e83af2a2208cdd5b66e7ff3267b2bf2f0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Bold.ttf

Filesize
159KB

MD5
88079335418f389bfb2d86bc4f1ced64

SHA1
fd799b6fb4aff1a9402e071ab02d1ddea731b868

SHA256
85c6a818e33ae8b62d15672522c0b12f2e602680f75c4414ee815a73596ad365

SHA512
5105d0f432cda4de9749e4e0dd09f9687d06ad17b7e02f98dc9d0b2ffc3d959c386302f8882c3a3f1021c39ecf88e60f5e630b929fb905eec48bead923b47e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-ExtraBold.ttf

Filesize
159KB

MD5
27f7ef17de3691b5cdb9f1ee1ee5cc6a

SHA1
1c92715c134738f2956bf758181522243c7586dd

SHA256
118e237edf796dd76c453e912a4f445816e918bc3ff1d3941b2548c0a8fdfe29

SHA512
6d5c68056a37d989f64528c092680416c1300c95471be43ebddff7b579bcae9dfa7f402ab422406bf3a4a3df728b4af1e68e15e385b49221847f48e0bc59f228

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Medium.ttf

Filesize
159KB

MD5
b952c3c81ba34b54c66c748ea1e828a7

SHA1
9d35f805e98f95e72f5d0a4ced7397584d7349be

SHA256
f5a6dcd3227d1a75db47a6770e617d8077cba42c146d1d6479ae394431c7d40e

SHA512
30ddc9f9fd2916b3ac846cac60c93b5f89057a1369ffd38ccf569a6eba3dff6be10408ad7413257e794e94a46e68e67105fae28f1ce95544485edbe85842a420

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-SemiBold.ttf

Filesize
159KB

MD5
87641f9900d717d6bfbf108b8755868e

SHA1
75f4fca0d4d80e2b9a62d3283261e933786fb8c1

SHA256
564368e49d2d7d65005649278c3e042d6954df5e5dee3874a3b548ad067db0cc

SHA512
a319660d6457efd705c291aa5445146f77e2d099ac26be3f48963b9846cb0f3cfaaee1fbd1e9acb5a7ebb74d39b541d00c76fd50932b388cee7ff54da2ef40ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

Filesize
201B

MD5
7f8d672a2849987b498734dcb90f0c51

SHA1
e53b9319bf964c15099080ac5497ee39f8bab362

SHA256
4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

SHA512
b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\collapse.svg

Filesize
195B

MD5
ad6092934dc48be9d00331e6f21eb235

SHA1
29cd8e5478e432b386382caf6ac7b3537b108c33

SHA256
2e0eb48ef144b771903a2ee5096ac4305ef43c830d2905f46b0384a07f5f4090

SHA512
38254a977c1a74515ed6184b5ebb3b1b3125db4b713a2de69aee9dc54912a9e869fede36423548e9ebf8cfc66e6711738789ee2c33f6f3af74def779eb7e5afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

Filesize
79KB

MD5
3577f702479e7f31a32a96f38a36e752

SHA1
e407b9ac4cfe3270cdd640a5018bec2178d49bb1

SHA256
cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

SHA512
1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

Filesize
798KB

MD5
cf772cf9f6ca67f592fe47da2a15adb1

SHA1
9cc4d99249bdba8a030daf00d98252c8aef7a0ff

SHA256
ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30

SHA512
0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.0MB

MD5
7278b67787032816b65eb19f62c976ae

SHA1
f33ece6e14d2464d5bef37ad4dfb4efcaff18895

SHA256
0b405d7709f6fce0f78623143e37aa6bf60f7d5b35fc56fec66a710622a880bb

SHA512
69fa9bac7eadce0ea255399565325453c4cb6029f7564ee2e0d818716773c0c293768986a401c161b2ead48b9169069b981fd1724a0b0543943c69de271f7ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.0MB

MD5
7278b67787032816b65eb19f62c976ae

SHA1
f33ece6e14d2464d5bef37ad4dfb4efcaff18895

SHA256
0b405d7709f6fce0f78623143e37aa6bf60f7d5b35fc56fec66a710622a880bb

SHA512
69fa9bac7eadce0ea255399565325453c4cb6029f7564ee2e0d818716773c0c293768986a401c161b2ead48b9169069b981fd1724a0b0543943c69de271f7ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rfkqopuj.ehd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
9652c1610e738110e118815a8c79dfde

SHA1
bacb61525815eac215a8cfc6522b08b92c31f00e

SHA256
9fa2f2c08499a93e72a69578bda9a362456905c5ac345d0d9a32ea4b8ce529b1

SHA512
fa02a98a6204b3787c202241f867d53f15c62634a5d5ff659bc256be8563ce427b56ba142a7cf364dfa5593cde174f95942b348be6a611c5a80a6cc4b5d49f65

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

Filesize
246B

MD5
38635cfb884454ad3a276947ad8886d8

SHA1
2f64d2af6525c3d5402697025c550d7ef8093504

SHA256
ffa01b525111faa014fd57083966d1caa7f678de7297f2a2e4bb12b06530d37f

SHA512
2ad9202ce963b7887d28de34835f73271f952e107044080b15f3a5235bee05ee9024ebe6f1556230813ac0fd9a41e80711ad720a3b9eb4a13ad0dea099b7f00b

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

Filesize
246B

MD5
11e4dff569c5d5c01a2bcfb4b0c6a48e

SHA1
fe22dfb99aaccd93942475d255a5af2b6e2ab337

SHA256
aab30685a184a03aa2bc860035ca853051c11cd86a85e28fe1ae93e80e662e77

SHA512
4c7699db8720e90afd7d29e532db141ee6100e6fa55fe7f5a485d77e8a7ebb6aee15cc548da4e10d05d650651d12e65f41845565b343dd372e350a6b9178f502

Download Submit
memory/1228-1889-0x00000000008E0000-0x0000000000E15000-memory.dmp

Filesize
5.2MB

Download
memory/2888-1890-0x00000000008E0000-0x0000000000E15000-memory.dmp

Filesize
5.2MB

Download
memory/2888-1912-0x00000000008E0000-0x0000000000E15000-memory.dmp

Filesize
5.2MB

Download
memory/3120-1755-0x0000026B27F30000-0x0000026B27F40000-memory.dmp

Filesize
64KB

Download
memory/3120-1753-0x00007FFF207C0000-0x00007FFF21281000-memory.dmp

Filesize
10.8MB

Download
memory/3120-1754-0x0000026B27F30000-0x0000026B27F40000-memory.dmp

Filesize
64KB

Download
memory/3120-1766-0x0000026B27F30000-0x0000026B27F40000-memory.dmp

Filesize
64KB

Download
memory/3120-1770-0x00007FFF207C0000-0x00007FFF21281000-memory.dmp

Filesize
10.8MB

Download
memory/3408-1908-0x00000000008E0000-0x0000000000E15000-memory.dmp

Filesize
5.2MB

Download
memory/3408-1833-0x00000000008E0000-0x0000000000E15000-memory.dmp

Filesize
5.2MB

Download
memory/3532-1079-0x0000018C901F0000-0x0000018C90F2D000-memory.dmp

Filesize
13.2MB

Download
memory/3532-1076-0x0000018C8E0A0000-0x0000018C8E0A1000-memory.dmp

Filesize
4KB

Download
memory/3532-1080-0x0000018C8E0B0000-0x0000018C8E0B1000-memory.dmp

Filesize
4KB

Download
memory/3532-1078-0x0000018C901F0000-0x0000018C90F2D000-memory.dmp

Filesize
13.2MB

Download
memory/3532-1077-0x0000018C901F0000-0x0000018C90F2D000-memory.dmp

Filesize
13.2MB

Download
memory/3668-1133-0x0000015BFB4F0000-0x0000015BFB500000-memory.dmp

Filesize
64KB

Download
memory/3668-1137-0x00007FFF207C0000-0x00007FFF21281000-memory.dmp

Filesize
10.8MB

Download
memory/3668-1132-0x0000015BFB4F0000-0x0000015BFB500000-memory.dmp

Filesize
64KB

Download
memory/3668-1130-0x00007FFF207C0000-0x00007FFF21281000-memory.dmp

Filesize
10.8MB

Download
memory/3668-1131-0x0000015BFB4F0000-0x0000015BFB500000-memory.dmp

Filesize
64KB

Download
memory/3668-1129-0x0000015BFB450000-0x0000015BFB472000-memory.dmp

Filesize
136KB

Download
memory/3824-1801-0x000001B927680000-0x000001B9284A5000-memory.dmp

Filesize
14.1MB

Download
memory/3824-1864-0x00007FFF14740000-0x00007FFF167F8000-memory.dmp

Filesize
32.7MB

Download
memory/3824-1796-0x000001B927490000-0x000001B927491000-memory.dmp

Filesize
4KB

Download
memory/3824-1909-0x00007FFF14740000-0x00007FFF167F8000-memory.dmp

Filesize
32.7MB

Download
memory/3824-1797-0x000001B927680000-0x000001B9284A5000-memory.dmp

Filesize
14.1MB

Download
memory/3824-1802-0x000001B927680000-0x000001B9284A5000-memory.dmp

Filesize
14.1MB

Download
memory/3824-1803-0x000001B9274A0000-0x000001B9274A1000-memory.dmp

Filesize
4KB

Download
memory/3932-1885-0x00000000004F0000-0x0000000000A25000-memory.dmp

Filesize
5.2MB

Download
memory/3932-1869-0x00000000004F0000-0x0000000000A25000-memory.dmp

Filesize
5.2MB

Download
memory/5052-1859-0x00000000008E0000-0x0000000000E15000-memory.dmp

Filesize
5.2MB

Download