hxxps://google[.]com

Resubmissions

22/10/2023, 15:51

231022-takkssae3x 1

21/10/2023, 14:02

231021-rcar9sfa4s 4

21/10/2023, 12:50

231021-p3e4kaeg2z 1

19/10/2023, 12:13

231019-pdqtrshc44 8

Analysis

max time kernel
498s
max time network
500s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2023, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	ExLoader_Installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 15 IoCs

pid	Process
4528	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
3028	ExLoader.exe
4064	OperaSetup.exe
3712	OperaSetup.exe
3256	OperaSetup.exe
2748	OperaSetup.exe
3204	OperaSetup.exe
180	Assistant_103.0.4928.25_Setup.exe_sfx.exe
1592	assistant_installer.exe
5092	assistant_installer.exe
6796	there.exe
6732	exloader.exe
264	below.exe
4304	exloader.exe

Loads dropped DLL 64 IoCs

pid	Process
1144	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
3028	ExLoader.exe
4064	OperaSetup.exe
3712	OperaSetup.exe
3256	OperaSetup.exe
2748	OperaSetup.exe
3204	OperaSetup.exe
1592	assistant_installer.exe
1592	assistant_installer.exe
5092	assistant_installer.exe
5092	assistant_installer.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6796	there.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
6796	there.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
6732	exloader.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
264	below.exe
6796	there.exe
4304	exloader.exe
4304	exloader.exe
4304	exloader.exe
4304	exloader.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000022f30-2302.dat	upx
behavioral1/memory/4064-2341-0x00000000008A0000-0x0000000000DED000-memory.dmp	upx
behavioral1/memory/3712-2348-0x00000000008A0000-0x0000000000DED000-memory.dmp	upx
behavioral1/memory/3256-2359-0x0000000000D20000-0x000000000126D000-memory.dmp	upx
behavioral1/memory/4064-2360-0x00000000008A0000-0x0000000000DED000-memory.dmp	upx
behavioral1/memory/3712-2361-0x00000000008A0000-0x0000000000DED000-memory.dmp	upx
behavioral1/memory/2748-2365-0x00000000008A0000-0x0000000000DED000-memory.dmp	upx
behavioral1/memory/3204-2375-0x00000000008A0000-0x0000000000DED000-memory.dmp	upx

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\fallguys_v1.jpg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\christmas-tree.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\sj.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_hkp2000.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_sg556.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\msvcp140.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\mm.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\ucrtbase.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\api-ms-win-crt-runtime-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\cm.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ss.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\complain.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_m249.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_mp5sd.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ga.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\sv.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\chevron-down.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\bomb.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\other_items\bomb.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-file-l1-2-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\gb-zet.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\id.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\im.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\sn.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\supreme%20master%20first%20class.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\collapse.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\moon.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\no.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\pk.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\so.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\uz.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\favourite-added.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-localization-l1-2-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ch.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\me.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\notification.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\users.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\icudtl.dat	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\tt.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\bell.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\playback.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-core-heap-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\fabric_third.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\images\forge_second.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_knife_gypsy_jackknife.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\er.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\gb-eng.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\rw.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\description-blank.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\directory.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_mp9.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-downlevel-kernel32-l2-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\silver%20iv.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_scar20.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\media_kit\api-ms-win-crt-environment-l1-1-0.dll	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\mv.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\pf.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\tk.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\flower.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unverified.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\ly.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\flags\sb.png	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\telegram.svg	ExLoader_Installer.exe
File opened for modification	C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected-check.svg	ExLoader_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133421912026205766"	chrome.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	OperaSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaSetup.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
1424	chrome.exe
1424	chrome.exe
1144	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
2100	powershell.exe
2100	powershell.exe
2100	powershell.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3828	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe
3828	taskmgr.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1144	ExLoader_Installer.exe
1144	ExLoader_Installer.exe
3028	ExLoader.exe
3028	ExLoader.exe
6796	there.exe
6732	exloader.exe
6732	exloader.exe
264	below.exe
264	below.exe
6796	there.exe
4304	exloader.exe
4304	exloader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 2156	208	chrome.exe	82
PID 208 wrote to memory of 2156	208	chrome.exe	82
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4944	208	chrome.exe	85
PID 208 wrote to memory of 4080	208	chrome.exe	86
PID 208 wrote to memory of 4080	208	chrome.exe	86
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87
PID 208 wrote to memory of 928	208	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b0799758,0x7ff8b0799768,0x7ff8b0799778
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2860 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5280 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5436 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4576 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4692 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5440 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4932 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4584 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5688 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:660
- C:\Users\Admin\Downloads\ExLoader_Installer.exe
  "C:\Users\Admin\Downloads\ExLoader_Installer.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4528
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1144
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:2932
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:2472
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:1308
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:180
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
      4⤵
      PID:1220
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        5⤵
        
        PID:2372
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop
      4⤵
      PID:5084
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop
        5⤵
        
        PID:1308
  - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2100
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time
      4⤵
      PID:4808
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time
        5⤵
        
        PID:3116
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"
      4⤵
      PID:2740
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"
        5⤵
        
        PID:5064
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"
      4⤵
      PID:4112
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"
        5⤵
        
        PID:2828
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"
      4⤵
      PID:5016
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"
        5⤵
        
        PID:4636
  - - C:\Program Files\ExLoader\ExLoader.exe
      "C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:1492
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
        6⤵
        
        PID:3544
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        5⤵
        
        PID:3116
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        6⤵
        
        PID:2812
    - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command (gwmi Win32_BaseBoard)
        5⤵
        
        PID:6940
    - - C:\Program Files\ExLoader\there.exe
        
        "C:\Program Files\ExLoader\there.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:6796
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
        6⤵
        
        PID:5836
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid
        7⤵
        
        PID:6532
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        6⤵
        
        PID:3544
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        7⤵
        
        PID:6016
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5636
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:700
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5344
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:6132
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:372
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5800
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5304
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:2520
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:3820
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5792
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:2516
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5632
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:644
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:4568
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:4940
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:6808
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5128
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:3296
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        Checks computer location settings
        
        PID:2008
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:3744
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:3868
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:4408
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5552
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5072
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:4244
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:1968
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:4620
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5908
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:732
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5400
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:3544
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1820
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5296
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:920
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4936
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:6428
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:3328
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:6020
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5456
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:7000
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:2900
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:6488
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:6192
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:5016
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:5272
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:548
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        6⤵
        
        PID:1320
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        7⤵
        
        PID:436
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath
        6⤵
        
        PID:5492
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath
        7⤵
        
        PID:5296
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath
        6⤵
        
        PID:3468
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath
        7⤵
        
        PID:5348
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath
        6⤵
        
        PID:3740
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath
        7⤵
        
        PID:4244
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath
        6⤵
        
        PID:5384
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath
        7⤵
        
        PID:4128
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath
        6⤵
        
        PID:3952
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath
        7⤵
        
        PID:4716
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        6⤵
        
        PID:4236
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        7⤵
        
        PID:2472
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath
        6⤵
        
        PID:5544
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath
        7⤵
        
        PID:5196
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        6⤵
        
        PID:6664
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        7⤵
        
        PID:6428
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        6⤵
        
        PID:5472
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        7⤵
        
        PID:6432
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        6⤵
        
        PID:4152
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        7⤵
        
        PID:5588
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath
        6⤵
        
        PID:2988
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath
        7⤵
        
        PID:5756
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath
        6⤵
        
        PID:5888
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath
        7⤵
        
        PID:6588
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath
        6⤵
        
        PID:6224
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath
        7⤵
        
        PID:5168
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        6⤵
        
        PID:5752
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        7⤵
        
        PID:6896
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        6⤵
        
        PID:6296
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString
        7⤵
        
        PID:3004
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate
      4⤵
      PID:3352
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate
        5⤵
        
        PID:2292
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
      4⤵
      PID:4236
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
        5⤵
        
        PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Modifies system certificate store
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=103.0.4928.34 --initial-client-data=0x30c,0x310,0x314,0x2e8,0x318,0x74e28538,0x74e28548,0x74e28554
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4064 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231019121722" --session-guid=b00e6a66-799a-43b5-a873-e225ae8c3eab --server-tracking-blob="ZmQyZjk4OTNjZTllYzY5NzlhZTQyNzA2YTY2ZTc0ZGI5YzYxMDAyOGU4YWExYTQyMjIyNDY4M2M1YTgwZjZlOTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU9MRF9fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjk3NzE3ODE5LjA0ODAiLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuMSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPTERfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiYzkzMTI3MjgtMDM4Yy00MDQ3LWE4ZmItNjIzMTU3MjVlZTY3In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1C05000000000000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=103.0.4928.34 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x72c18538,0x72c18548,0x72c18554
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe"
        5⤵
        Executes dropped EXE
        
        PID:180
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\assistant\assistant_installer.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=103.0.4928.25 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0xbd1588,0xbd1598,0xbd15a4
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3884 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1616 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4664 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6124 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3108 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6640 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6820 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7124 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6808 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3268 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5940 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5520 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6528 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5600 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3764 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5556 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5336 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8288 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8164 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8128 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8116 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7864 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7644 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7728 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7692 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8304 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8320 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9888 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9612 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9604 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9580 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9548 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9416 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8752 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8344 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10308 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10132 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8144 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8148 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9712 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=6016 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=3724 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5980 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6220 --field-trial-handle=1872,i,3125085738678595014,1633000618136107759,131072 /prefetch:1
  2⤵
  PID:5128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3828

C:\Program Files\ExLoader\exloader.exe
"C:\Program Files\ExLoader\exloader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6732
- C:\Program Files\ExLoader\below.exe
  "C:\Program Files\ExLoader\below.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:264

C:\Program Files\ExLoader\exloader.exe
"C:\Program Files\ExLoader\exloader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:4568

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:5296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ExLoader\60cf0ab4

Filesize
301KB

MD5
eb2763a895def797aaafc576a1f2ebf8

SHA1
5fb6c67cc9fb2bd461ebd423a63740145b9fffff

SHA256
f67d94d3581b9862c516f71229f8711bcaea1f046ef43fb513c34dab87a728a1

SHA512
c8ecc7cc2b1f0746fbdff614e2dc181024e1aef20a6717f76afae95f5cef26e6abf6eb4950abee3651ce200e8814b44fe40637a4a6aacc95ae3ad7d813f44721

Download Submit
C:\Program Files\ExLoader\ExLoader.zip

Filesize
42.3MB

MD5
e2f57ffe676e6ce42521409d226ebb5d

SHA1
53357f7de9031c71edd4523cf51c1722591671f7

SHA256
27f97fa5811e8dc3102abd6ce5865b07bced75328bca84802b1a762d2b4d932b

SHA512
f6a4ea816df29658f959106b2493163513361ed733941aeeb2bbb7b99758f098802acdb903b4ce7af64b444e05d9892b922e9985f760723860202338f4abc0fb

Download Submit
C:\Program Files\ExLoader\MSVCP140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Program Files\ExLoader\VCRUNTIME140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Program Files\ExLoader\VCRUNTIME140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Program Files\ExLoader\data\app.so

Filesize
14.5MB

MD5
cc119c1aed90aec5381efca68a4d1976

SHA1
75de3a51a63255e0e2f873302f930391cec74a64

SHA256
7102c29ad66522ea322df1b614e44a8b887af582bb7a519935ff6717fb8f3f39

SHA512
e06c2a2a62216aaaf622b0e11244975156f19318e358b4a5a93ea4fb33ddea3d79c02c6e1443f294b302deb87ef56bd8a5f99243730c78ae860a08a3a2898540

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\FontManifest.json

Filesize
687B

MD5
08916680285af6ddf4adbd1dd265487d

SHA1
e5fa77912a69248aab08714c5b605df62c469f33

SHA256
ef252f80a090c0ae1499c34148c27f3e982100b25c8daa9921d102343383f751

SHA512
68c9858777147a6a1c4932c13149aba4bb97453a3aface4c80077a5746ed493c811e36cd89b838e34429e91b1833b1866177b4bfc216129d555f310fe71a108f

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\agents%20of%20mayhem.jpg

Filesize
111KB

MD5
c90f20fe086f92334e9c28617b074977

SHA1
e22c44b85f4f6ceb0fec2a568252aa181df258ec

SHA256
e24de8ea065066522543e0919697af69036f2a554746172c373cc2dc9b0ff895

SHA512
31c7143a1f76184e87847ebc63fbbcd77a04573d456f15782f55869ee7b5b9ee3b2295b06e5f581d7e4f46e67399b2c97890646df58ecaa05de25f44ea24a2c1

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\flags\au.png

Filesize
3KB

MD5
547afa2ae4ca6cdc6393606d03e953d4

SHA1
6bde65e0ac8c6350ba88797d39178a43600ddd23

SHA256
dbcea978deaebf92b7c3df6aef8d21a8acfd177ca2be03a888a600b7027f2a10

SHA512
26b9546bd5d9e680b867766ffa7667de21c72eff980636a8b7bd4b72fd1fdfa0220e58038276ce804a70343c2d190045faf390f2dd4e56e07378324ee1a5959c

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\flags\um.png

Filesize
2KB

MD5
58d98fcc9237832c42164f413fe906e9

SHA1
74af76d12c341b469499630471916380d6d8e046

SHA256
9536030a6f2caaa15c950f28d8d9386afef5a667b05e8760975a74b5cc7f9f46

SHA512
f550015eca03527f7e54651ddfbbb10055b4bd798fad1df8450fa11c76731ad259aac0f8b151280e3e685e53e667402848efaf418d5d86751150822decb36df0

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\icons\back-arrow.svg

Filesize
622B

MD5
3127554ba77c0b0c6871b12540cc595c

SHA1
88cb8d41ba3da59b474e977a68b5fe0c806cdb5e

SHA256
d83d07f26c46717e11fb9ef3e3fa8256f8edd2f66571db73b6a7af69742524ec

SHA512
9666da34b8d01d8b1a2805329d07d5a9479c6952f06563ef10ca6888595d81e35ac3293ceb87784a18a28f30ad175d4e69eb7de48d03f3ba7ce341ac99672dda

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\icons\bank.svg

Filesize
1KB

MD5
bf9a759efeccf88d1293ea9392eec741

SHA1
6bb175757b6f51cb684dbb8c77fa7e470f78e812

SHA256
0672537ca0cea9227371d3728fafbb6f90255386cd96863422fb895ba3cf3720

SHA512
8b396744afaa53fd17824dc6a36001cb592b0d7b9b1bc68f64d06a9f4cccb35554114541652c493097afe7c153e14a396f4f5ed8cd935bc8014970a98d27f80e

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\icons\bell.svg

Filesize
997B

MD5
c67aa6948d2882144f34e73a6c1fe85d

SHA1
693d45f290ffeb039a6cbb1161ee2ff6689f5d90

SHA256
cdef11be995dc895a64a4cc3926d3a7bf980fa1a98e2b616c74ae016f9b8f29c

SHA512
6dff102927599b52c82ee8d235bcfc684826185251dfac4142d10cf6a61e7f2dbefbd98826987a75b787460781e3ec5c80842ad8e40dc0b5711b55f034731c12

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\images\mascot.png

Filesize
1.0MB

MD5
74f6778f1243a09539ea88b380137eb7

SHA1
1a8c065ea714e7d64b7653299b47b16b1d8590d1

SHA256
2cf6cf4a5f53ce9a6d8777d5830973a9b35b959026ed9c25cdfe4c71e92aa525

SHA512
11582330bd6ff38cfe7f806d2b8a238f87f154dccf9caf27e04595d6c7c7cae590eeb58fd34e8524a38d5a58aadf1d75ded1de0722f543f73efb83266ce7cf51

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\other_items\molotov_ct.svg

Filesize
5KB

MD5
43287d7cc7f2849e9388c99f69c56a4a

SHA1
810914fbaefc629511089a5ff787b46ae46ff93b

SHA256
b2a01e47d015fe073e59714e08fc1aee188c9cfc07e0003677fbdbc050d10a9e

SHA512
909e739e5fa1e1ee81cbbc73a24d4623034a9f28114b987e6c8e2c052a40598439a947afe11d5e4e4bbe77c79185077babcbfa7f0273af892f9dc8709a20cd2f

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\supreme%20master%20first%20class.png

Filesize
25KB

MD5
0b51e5d633179b1fcd7624f2fa89bce5

SHA1
7fb5687b329c3a042c7ccc0a1180599ff897ed2a

SHA256
fca96582d8f4667053d0aeb0548907902f57cece3ea0a3ca286a36fdaf081a95

SHA512
39aa730dcfe4b4380753df9fb1c222a10438d57b4db4da88438eace9cbf15f3090a1626b953c64a41850994deba36919c774173574d86d6480e8831106813801

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\ranks_competitive\the%20global%20elite.png

Filesize
25KB

MD5
ddd32d8b27a8183ffb23ba24c5cedb19

SHA1
7a747d34ffeaea022a31ae0af8ffbf6179b39a15

SHA256
7bc0fafea4dc7dfa9fc0bad06715e05511130f8946d63ed0be3c67372cad9cf1

SHA512
cdbfa0e858ef97e1c608c76b9702bcdaa5ad61e375fbe4d353b91fca572b0da62181000989b86694489cb49b1030b266cdf674b48449ecfe263c4cf4213125cd

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_knife_survival_bowie.svg

Filesize
2KB

MD5
1f03aa092ca8ac5ebd9897dd86115a64

SHA1
7deef39f1285abb966bcdb0742c054c8de8cc1bc

SHA256
6b5e19d841d500e2a627a314ef3472075f167272b546dcd20c25086fa43c03c2

SHA512
7fb48308286dc7c9e5e696e0f810dde5bf0d20f6e6f4604d49c3bbf3a6d7dc2d1d5cdf41d68f53f78b33a00294890f12a92887b67e38dcbdf7c1099e73f9fcc8

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_knife_tactical.svg

Filesize
4KB

MD5
b68381b4f2efab52998de925c4fa3ab1

SHA1
c9cd7981f7d7cd82372823d378b80ea376d2071b

SHA256
6d7ca91e5b3acc3894cca5fde3a99b5e0c5d8f138b785c35ed1618e29e59bc1c

SHA512
e1eab5f64a19f1e2bd2e2f0f453a76ac53bb4d2ee05996c192396cd13dd4c021bba4899ba02f963ae9c668f5003cfa70ec8811d7d39951bd4db515ee04e8f563

Download Submit
C:\Program Files\ExLoader\data\flutter_assets\resources\skin_items\weapon_knife_ursus.svg

Filesize
4KB

MD5
f0f5cb98b0eb717146fd721a565a0469

SHA1
3cd1414c88e4ff2ffc40a9cad336b7497ffeca1a

SHA256
20926b44a2c87b380aabb3115ada21b3b4c2b9ae2eae75edd5dc19fd009dbbdd

SHA512
916f17f726860f164236fd33b70c4d853b0544435127da6ccdb9da78008f27c4ce060b9dfea853859ff5c7a5e6b37ba5774d90f5879a080f8504cb94b9180e57

Download Submit
C:\Program Files\ExLoader\data\icudtl.dat

Filesize
798KB

MD5
cf772cf9f6ca67f592fe47da2a15adb1

SHA1
9cc4d99249bdba8a030daf00d98252c8aef7a0ff

SHA256
ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30

SHA512
0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

Download Submit
C:\Program Files\ExLoader\exloader.exe

Filesize
301KB

MD5
eb2763a895def797aaafc576a1f2ebf8

SHA1
5fb6c67cc9fb2bd461ebd423a63740145b9fffff

SHA256
f67d94d3581b9862c516f71229f8711bcaea1f046ef43fb513c34dab87a728a1

SHA512
c8ecc7cc2b1f0746fbdff614e2dc181024e1aef20a6717f76afae95f5cef26e6abf6eb4950abee3651ce200e8814b44fe40637a4a6aacc95ae3ad7d813f44721

Download Submit
C:\Program Files\ExLoader\exloader.exe

Filesize
301KB

MD5
eb2763a895def797aaafc576a1f2ebf8

SHA1
5fb6c67cc9fb2bd461ebd423a63740145b9fffff

SHA256
f67d94d3581b9862c516f71229f8711bcaea1f046ef43fb513c34dab87a728a1

SHA512
c8ecc7cc2b1f0746fbdff614e2dc181024e1aef20a6717f76afae95f5cef26e6abf6eb4950abee3651ce200e8814b44fe40637a4a6aacc95ae3ad7d813f44721

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll

Filesize
17.0MB

MD5
7ca09d9a1ba0a08d15ef4890af78c725

SHA1
1452ebf925368044eadbf568324a82979e56c77b

SHA256
1d2125c2dc2d2eeb7afe1d9589cee8040b8f2be8f7ac6aa32529578a2d0844b1

SHA512
73b4ab231b653ea50bd8ea5f928ee9bc5c6fc428a550265173ea1869a99ad74d2ce613f09d32aa4aecdb7516a54069e887c2606f606ae554a65fbe0f07821252

Download Submit
C:\Program Files\ExLoader\flutter_windows.dll

Filesize
17.0MB

MD5
7ca09d9a1ba0a08d15ef4890af78c725

SHA1
1452ebf925368044eadbf568324a82979e56c77b

SHA256
1d2125c2dc2d2eeb7afe1d9589cee8040b8f2be8f7ac6aa32529578a2d0844b1

SHA512
73b4ab231b653ea50bd8ea5f928ee9bc5c6fc428a550265173ea1869a99ad74d2ce613f09d32aa4aecdb7516a54069e887c2606f606ae554a65fbe0f07821252

Download Submit
C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll

Filesize
11KB

MD5
5a680303e4259f473a78ea1d9c5fda60

SHA1
84ab4cf3bd8646ec01d6de8bc90b79bec1bc962d

SHA256
1fbbd0374f2a56fb7a11a2abb11372afd5f8776d03400065ff6dae08c7ab289a

SHA512
ef1fe7def3da891b91e9dc9d9ead6a4bf407d7816714f95cb5e08e893e083690b42b1c2ec064177a581b272c23b8d626eaa1ed9dbae9e4f1a00b7b6c63ce7f07

Download Submit
C:\Program Files\ExLoader\msvcp140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Program Files\ExLoader\vcruntime140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Program Files\ExLoader\vcruntime140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
39KB

MD5
17b9bb9509fa8aa6e3ef890dc6cb9917

SHA1
81d4f55fe01ad0a40d0d798b102ca826e97c0de1

SHA256
b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe

SHA512
0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
72KB

MD5
210a5a11cc3c0411190ac78a345c2f37

SHA1
981ef6653e6bf3c3499e6005f5a4983a5a0578fa

SHA256
67744cb0ec664f1cb17bf04ad2996b12f2bd3df8f6172a708ea58acb314960b5

SHA512
f689e9154c9a716307566f6379af9c8ca35c33453a367ef5d1234f032362fbfd0654739a66a6800797fabd37dadcc27e754999e73a2161ae33e385e1d18d94bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
28KB

MD5
411adcfec8da51139fcafa08f4bf76dd

SHA1
34d652fa41486d10ae0d2ee678ab80fd677aad5a

SHA256
2ee3ff8118aefe065fc20bd88055386060ee0889062a047c257609e61c136807

SHA512
b701d221d4ef9d13f3bdc5dd419763b2e70ed713fa498033db11afe8ba1492691f62d106d81f02be9590e1ee9ec8cfc39d95c4e42cf0ede7fb22a7a216c028b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
29KB

MD5
040a25b5aa2dadeec37427aa01b569e2

SHA1
bd3eddd61fd747b0aafb02165494aac4e2e59310

SHA256
0d28b84ad90e5f70834c98dee27d39b6da0ace5aba5cd8393373b72b9a0f2e64

SHA512
b43adf0b9899dc1f8886e1684a56252ac12894eb41b9f8743d5525d7bf92d40c523afd26cf8e7e5b61b4e29ee57dc10acfcd5d227beb4658bea0ffcfeeae683e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
58KB

MD5
e3f3508e73a83b2cdd03058acb91e62d

SHA1
cfeddd3c166d97a21a2eac1534fa99ed292c874f

SHA256
cc1d7127e48ec774a853052eaaa88d0b09b5b0508de29bedd53cebe899097c13

SHA512
0720506136b3b1fde989b2fe9f07d0d2e1eaac4a8ffc05d407ab080aee644494b0affead17ee9869fc7c1412209c3e97b48cf3135c091f01d9bd67eb7c1089f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
276B

MD5
191803b44c87e0ed07750e80d4f07a98

SHA1
201a1c4b73c730f908438aaaf26239ceba04ca28

SHA256
7c5b6eb03d13b65afb92f9f1ebd6827766a94fdd486f8723e9fa67086eba5c61

SHA512
cbf5cfcea49afbf3b463488e15bd051a69f06647e06c6964cdbcf137c03cde8bcd0c12f89eb068e02e3b36bcb852226ae6d3242e9e9b6c365b2cc21b4d7d72b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e24740dd40751ff_0

Filesize
31KB

MD5
ddce92fa9b11a2c349bfdca14558ee71

SHA1
41f41fe1569daf2e81d7637543fb518642f1f92c

SHA256
27f32b32221fd15a7c904a7c55f2c26f44c8f05d14bd0cd7fc5e900121412e17

SHA512
35adc93fcb0bd383be9649a7885fe7735ba9f7bd814ff00153031699c131a329e32023fd69c6cfa2364d0375554f25446e0035ca71684d6773a07f6a88ab9f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\775d776ed426628a_0

Filesize
290B

MD5
af51ae170de497f4d2fd1f595a4ee2e2

SHA1
97cbb95ce1c5d3af421e1d36ae0b7be854b1590f

SHA256
1e0616b19dc157605c5d2b05eaf20d1f47f9bee5cae7076ea07ae180f74adb28

SHA512
1a68614857654c4f36bcb88614fbd1526d958883bd211c586af005c4aa6047458599c695c432e6dfb16f94e7deddc4bfa9020561f4c2b5a19a7421f80efd6f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\945c2ec20732ddcd_0

Filesize
3KB

MD5
3d9429e9500d5baaa7571f04aad8cad9

SHA1
e3488e225fa324887ea7d73c14aedf38490f7ceb

SHA256
f26d6c30b02ddafa0d46b7da05b3cfa522fb6d02bb77a0c317dce76064571845

SHA512
4af8127a165983962114b9c96f4d7b6d302ac06200532ba2531e4fffa2e18303aedc6a5cc9404afdbbff72024d6c18883da3d62384ea180aeee8e5e3911b1d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
791778a944c6498b623ac902f070edfc

SHA1
32435fa7b6a519a4ae5ca198cf952b4c3c425d1f

SHA256
448e056940b117390829a87d08d44ad9e68ce900eaa7c9eb3e9f5879e266bfc5

SHA512
30463558838c385578692d5845c548f7018b54b191644af773948fe82a821700ec0eeeef82f1e9cf5fb4488d51838fbd189db9ff8c35965a6afb5a2653b24b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
bc1417bc112511412c2db4b5155b81de

SHA1
eb6906b520360d5ad32707cf92d55549814ef5e8

SHA256
efe5a68ed041c0de90c27b97de143cf2a0bcacf4d599b6468675dcf2383b7c57

SHA512
3aaa86993805f120cc99c26ba53fb48f5f5f9c517f669c79c5cebfe637247df624d0544c06208e9eeb0cfd7a97819f8d19c6e3a06ad3a711f0ca30252a35902f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba42879b1acc99db1c08dccb04aa4068

SHA1
2faacc8d8d581b8b24c737075d7f07c28443c4d1

SHA256
270a20809205037bcba59ce0662ce4c16870c75502b8eb7a83ef163a636487fd

SHA512
4165b2c6bdd101e4c916a7ad4f08ddc83e6ad3223f37b6caea2a68d2fbc23c5d95f127bd9c041f4401d7ae668c5c28eaa27eba8f50bb1d30a3a2f785c80e8a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
89a633472ad32d09697cc7afbc9620ff

SHA1
40ad9029dd81a5c6e55bd2422012351fe593afdf

SHA256
edd9eb9697b2ce1e6d4bb2b35fee6e32e37a9f129bbe46a4b6304288ddc13d64

SHA512
0c4daeeff6b33bd8f3d2a81ee495144109f08997be4f02dcb34001d061c240ae6c49909186417bee71795bca32168f855dd89d26b5e4763ac601fc7cf40face4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9229a69fc8aaa7afd560af9c7a3a6158

SHA1
0dfb295cc20ec07306d37265f4b8718f4dc6163f

SHA256
6283ecda10efa73d1d2753c655eb4a7bb9060b03f0ddd3ea1eb435b70e874e7c

SHA512
a2b96d7534f2782ecca137f4ed0c0fa7dbaefa59a9fdf0235950937a0bad56c091001e4b1f1ca9e73b5a43510f829bc8cf42fca2f21e32cea8e8a1fe181b35c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9be56861c381a07ef00cd929ee708ba7

SHA1
a1f7db0a03830c31fa3cf5adecdf9706b1c402b2

SHA256
3e2010b026dbc20c4a3742d348ea2376ec4b95bdfa4df003c975afa252345f6a

SHA512
36fe36e208750497538c7e0355b2290646e3bbb09bc78b466e88ffc4f258c94fd280db08615726eb07d2be3e46a071da7eeb8cdd9fd5750b3053f08784dc9310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f8cf0654750206271a18a8fbf1a25711

SHA1
9cca4574ed5a2bb87e3183c28dd2ae080097d495

SHA256
8e441353e78da60d9ff135d09a356546007928a990725b3d1e39b0d24d6ec9a1

SHA512
ea9eb0b6c9eb001365309f72829ec924ad9811615574288499e21d15e93d6dbe0308825381d44f286f3613937f914fb9c2dcfd165fbe8a98929630921a4529b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
9bd2414b6203324a9bdd61f489895f6f

SHA1
5f38871490a6a77de71e02a482495a96e61d0ccb

SHA256
be29d151bfb8c9b9fad4d620ad7ea0226c18815fcf4b1e6590e3c57de6142125

SHA512
2bfaad03adfa3b91862edf601ba1eedb43e9735863159ed367f516a31ccfea5b98e9ea65ed710902e71bd8b0577059c73db00989c8e42696987f9c75775a37fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
0d1c909d645518a07d41f601778fd6a6

SHA1
66858d410ac71a85502fddaa6e9053194f44c651

SHA256
83265ec91d6f368e0d44fa46f5b62f8c639e95fad2d686b30dcd3efa2ef7bc84

SHA512
9f73a0debb863045989bdaf84be2886dd798f0602c631106e6146e279c3ae5a1ee02ea7e9ac75747c3cbca075e67de769fa5a6f3a401ffc6eff99df2ca02bd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3cfa680a0e35ca202f72ad01dfd542d0

SHA1
f43997dc8e294f94d483b5b89c300eab9dbef882

SHA256
bcf51d6cf005c69024d7abcb4cbc7bd5a04e7e7706579f3a6b2a4058ea2597a6

SHA512
1adfba5abcaa5a8aeeb7a9b586f0cc84dcd40f73cf60fead3fdf48c138e7178ec7a54f66eae90cd27a58360963c817fb128c3b18dc354582890c5a3c7d9d1d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ebf2f968078175068ebdad4eeecda8d5

SHA1
e2f0b578e1dcf717dd76c2c1e7e218993e20c240

SHA256
400e33233835740269214aef480f3fb1ebe0ac5ee08da3dc22f7900b3860b37b

SHA512
7aaaa376928f08f419e14506fe790e96f19d11e827ad356d13ef78c48e0c35999379154ff43c44ff188b60bac305d5dfcb85cb3cfe0baf115d8528f82f9d409e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65ec4e80026e6f0d0fbea8d61bfecca7

SHA1
c0a9d3440887667427eeaab520b5acdf117d2005

SHA256
e3483f8837a0cfdb48c116bf31f051a663f19358e45ac563d99186fcce715a9d

SHA512
40e689fbbaf5c4ad2dae87a783793c1e7e2991d1271ca2e1421fad44bf7c7e0ad8702255c57f0eed9c77c9908b703ab2439f9fbd10acaeb6ca21bfc6897a4da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5296ad3e569bebc135df1b44a53a9c19

SHA1
d8b1c7e43a5281e6518bfff3772b390be142f9c4

SHA256
2a0beb6f13c772e61b553beb0d98d112e4f1157ecd53b97d13e4782735afb5b0

SHA512
a97c034e8ae19bcb0ffad470af01e64cade6b400270663d408a3a61843eceb945572221671c568a07685f60234ff3274978efa51ec51b35cd97420c5efdf929c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5af6fc192a0c214aae3397386ce6aea

SHA1
ca8cd53b2e52f58626757220cfa2254f471079d2

SHA256
c31e29c65a428099f1f6c3ced25cb324c05e8ca90e35459a36dd78401a8078a2

SHA512
98c35f7168e97fa19a618440e6bf5cf14e25ca37080af4f0b30c93f55f3f479e2d702461d3969396971a4cd65c1d1a054722253b60aa69d14691dc642296fd69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f3bbf6419da18d93d75e4d7ab79351c4

SHA1
113dc6a54b9917b2cd10f88594d0660ca71ab816

SHA256
3dfe154e8fb7129203ab99387754746e7f9e76414886d13a461acd3026b5f11a

SHA512
9780b78ef40f7dba549bc43022ca723fe8ab0b01e2057ab6674fd3d2bc58a88c77d549f44763fc0cf23403e1f1980e5e46b7625598e9a59beae1da5d35001149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4f0b4f17e7559680568e700f3f70f3d1

SHA1
052a4008e8496528d0d6a4c95596b70d2d30f165

SHA256
cae9a179723519bf8587b2c9b2b0b9bf4cab8e64d7250c0788b928e1ddc2169d

SHA512
4402bef63605fbbb1954b0a94ef8d246cca912925be1dc78c1000482c9e1ee53f281d6a744f2a8c3d1375f04347446763c73d915b287ed954461f1c8c3af145d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b1c940fd220aedc7574e49b3b17d448c

SHA1
d94c6540dd0b99ce02b3c89f61079981788700e5

SHA256
b99907478d6711ef61d98c6caad36581bdaf5d1232c20e25260113b297d8eccf

SHA512
027f2f5053f74beeea8fe41132d2691c72ca8d585686a96f94cbd23b27d155bb83a3f793ca4cc9e8f25ccdf550ba2df43756493c66f2cee77c77f9a68db0dcca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6a8b8141d9dd2362fb0ec90618c720bb

SHA1
4190dfefa42b43a450ae4be8f388b5f4b8661234

SHA256
8618893cc6a53c4fc8f6d3fe9b0fb897f61dd8112b6bd537f8e74ee913882214

SHA512
3c405972cc998e7486168393b8c2f75a9897c776fbd1066368af5324de109d928b2266662f797b687756bb7d503e76fbc2f6c3f766789f29cc48d57968f592fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
afd63b847b132787b352891ab0c85576

SHA1
3128a79816a19b9e5a0bc5768bda2cf764e01602

SHA256
4f9bab8ed6f5c48b87a3162019832c87c61cdeab3b4ec3e96f5f555c513c2de7

SHA512
0bddd15460992161f6f40013c6fcd52d67649089a6e300d151368cc8789eb9efe2bad3e0eba653c373811dc4690642ea7724f72a6da60a968d6f824d5e77c409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
2987e4cc4051b534bb3a2302fd9b02cf

SHA1
0d63971037e2816fdceb79dcd34d92c7aa90983d

SHA256
ef0e13952cdb8ec0ca912499a1b8d0b2f0c2b0ee64c1499010e34f0f58dec9e4

SHA512
d9b7445f5bcaa206aa8f3dbca9d1a4174b918f649e6dcf31bb030729323163f87ea0c26b7422fdd579bf8ba76894a93bad61e7d0934f0321cd29e1e166c1e123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2cfa76a60f710879f2be8192fc95725c

SHA1
037f0d78ff1d59039e761b013295e8525cc8d0a7

SHA256
777296df1fad87156b47c8c6dccce7a676a936561d6a65ed0a6ea776a0e71907

SHA512
2052e0678d24ac7589eef8ed14653ca1d05013809f5e6bbd1aab2e49cb88ceb1cd571120666d683dac3fa4a0da01ea7fca7e98c1538a730b0fe6637475d11caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
53381eda273711d61527c59c2b7e961c

SHA1
a7358a2738866c8335d62b2d872a84b3d0aa47fb

SHA256
0e76b8ed9212562a73645e66aeda89fae46b99f7d1620d1ed57ac02ab1da79c7

SHA512
c9ad030ffd537102c2061263ef27535082d329807979ccf8d6f8609af98d0b407f0870f8b20ade4904de09c04c69b24efe77ded308a95c702d637ea5fc382e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9311719db699d24be52d0c8fd40a629e

SHA1
8496bf54067fbc666946e5e3824e3b16c17ca5ed

SHA256
868557cb8beb9691fd660598e42384822df09041611f77ea0937f76759056527

SHA512
5cc5c98ec81da3b029690ae4644afe4fc4d76f83e928131b86ea057c23772a3c1b7475d554d6da00a85b6415a9d0197714ae82a40995121d0c0ef2499c09ee1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d21771eaaa375c2f24d09ccb7259fbbd

SHA1
f26980d27d23227098ef31fca75d155c7a8e400a

SHA256
23113433ee48a3699a765bd9dfac9ffe6de76f717a029545ba0bab62aaf51f05

SHA512
25ab6023bca0766706a5e1985c8115d4f6b828f65cec98a67e82184d28914516e04cc1176c1ecd71b693e59bd3e2f4525b049dad21e3688adb29663b108131e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62b1cce3801911b372fbbe4ad4d2ab1c

SHA1
4fb21fc2f46272f0dfdccc7c5ed8ed92c34d249e

SHA256
a1314c9caa8a37f162ae121ad0c54a641f91dd322ac87105038a87d796d845b2

SHA512
099e949fdfc26a193c5616dad42153a9eb07769f8a7a3700412df7f4677def2cbdf7638089ccb6111e4f0581b368714a0739aa78f6abfcd1c5e628baf825d7d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4fb984f9b1d83cbac9a024dce138b557

SHA1
e7d1bd6cc2936e1afb7306af3110c8b2b2352759

SHA256
02390488f874f0d81d27ce774479a668f9eba8ae972bd78fa29907852032777e

SHA512
d9dd08979e9d12accfe24abd4b9d6dfd42197a1b70777fd8af1167cd965a1f76bbad3e542b2d65a55ec92b98643b412cc099c0364005aaaf2ae68375effc1f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a020ec5835921c9e88a81c1426642b2

SHA1
41fc83f45138831f5adb00af83f622cda5e58a79

SHA256
6d23e6626f2a239f0bd690677d6326616d611deabedb08c091b024b94d220d14

SHA512
cb23a508fab4ef3b6084d406d3ac8e7c5a8c91f8d798ad134744a41f1e2051bab118e14e05bbbc8a9095d7303c5b5984fc6befd3bc3eb68280e5b4b8519d79f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffd139f0324f185900210b35d3e2bc21

SHA1
43591c8f976d31ac0799f5ccbb41ee707bec95db

SHA256
8fce3cd00eff2ccf5ed6152996dbd0198853e357949e5b4fe955e5a4b1d4b1e5

SHA512
dbaba91cda9dfb830e1027f4e7108f6d98caca5a2912114e0f8f7efe6ffd24fc512034b7f3e9f1603f157443d84e0b0c2ab0f922cde4a36ede57d9588acf768f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
69c763c368719b601761000ca97a462e

SHA1
c4a8bc26329f89734bc387af623081f46db71c51

SHA256
a8e1d3c0e40cd59358ded9a248a57b111e22855f11362492fa1d59bdf343d7e6

SHA512
a1a5478d003d621278235284547cc294c1039bcd610680bf2b8774fa8d4c0b54bb778dc2d30d36746bb06677b3435d7e2d44d4282feeb99b5f8794f7c9c05783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
404cd3b6905a4c0cd6597c418811446e

SHA1
d7227fe3c7f9da3c2eacf65fc207183256f78d67

SHA256
cf6a31b8d496dfb42dac052553368145aa1e824a31521bd04914b27b6bf49893

SHA512
79d366c1dab4afbb6ce1fea70c4eaa67f3d9c1a4036acdb433ef2b82ec9c56f194514e1e84c3dc060362d6084fe005442be18e07a4f72fdce2e1aad012d7fc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b55f3f955826418e11f68a504ff15b80

SHA1
aa73eb79c7a8a503ca0425922cfb9cdfa2864acd

SHA256
a6e45d7068fc9f4a922cf11ea81563e733d4e704925dd655c0830f8c88431431

SHA512
0febb0f5ac3150ba17e506b3a12b0dd846502016601d34d3c55083529d7b1ae48cf97e887e7d822924b4e4e042c4bbdabd7257ae83955331c3501408cd944be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd103e47881dfca95a1f02cfce1478dd

SHA1
e02b488f82e31302222de4ed58b191b7a11b410f

SHA256
bec0081ba869adf0bec366c1b4276bd790e99b685b25cfe06a881bc4e12c72fc

SHA512
811fbaa84a9d5c2b953104f36a45a389357bf83648f4c43e0e83da930d11b7431aa879a7b5668ecf1060cfd81296a4693002cf17a31a1d438f2cdeea742c834f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b457fb8976d57f8ef632657fd2467312

SHA1
d71656112553df7d3834a17d2f0078a200e745ea

SHA256
220babcb181c2a038ab05f9e8f7d8b46a1ceaa99bc03dd5ae8ceeda7fcf3ea9d

SHA512
60e3ebeb103bbff619ff356e399a9604fefc291357c2812d8c8fa16f751bdc5b903cc7bd1ac8410cca5d28ff5f546ecd01fbf8749c94e782a3aa3d99acd7dbeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8902af57f4d1e89b837fe39c3a1e6225

SHA1
caf18432673c0c0f1c1ccdd869e49409e968b232

SHA256
c1fbba62ac309c5afa57520d9897038a00b79f91c203e1f3925333ff0bdb7755

SHA512
efe715122fb52f096740ad1436a988b4ecec43e32a8f09a1f528dba5c03d5e9d339e894978a470b9aa5f3cf84a40afd682971d608b15744446b1fadfa39c3333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb680289467be1dc0b4e26a24044d709

SHA1
b7241bbcbcd14b38ccdaf9483f3159b50d2c7d0c

SHA256
bc75479228b8e0c1a8e29798d2f5ddbe4611108b3b4c2ea19a9578a9cc80662d

SHA512
6c03eec21f936feadc56600859a7c81261d74dbce23e49c12a543bae53114f1efff0dae6a3a75f73c83053837bfa61f862deaacd2c38c6a4b2cb05a7f66bf977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ecbc.TMP

Filesize
120B

MD5
1d24fdb72c537569d7a81584229660bd

SHA1
d52fa1bfb13cd64c288e2e5c5ec7e1eeaa09c771

SHA256
de86e9a9713dda66106008a9d33fe8767662e21684ed206a2510a4a71b07b19c

SHA512
6b9f3fe6b8c2b879d38128849ca945c1270f1827c2b6c42178b0978506440869d41fc044f449f809954951694fc12390d791e477b9fe812e9bba1ed6987c673e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fee8ebd5e17781dc4b8443b110c1636e

SHA1
bac1cfebfeef89ed8e639bdd2a23fff8f8ec1e10

SHA256
e3ea2126e00239a3e14025303ad0d781c3e690eb62ecba32d039aeca716ef5b9

SHA512
14d05985c60584c38a5074b1dcdabbfe3613e4379f17ab57183f863201a848d06804511f2a13ad1267179213ab484928efe80ab2e6340f22ba1bdfac780984c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
2e89e3845ae56c2350cc42d63683ff9c

SHA1
386bd771318ec74f0267c162cd7239871badb01b

SHA256
b4b975c00f8de6e704c778b2a7afe808b66d8857034a3c6f4cc509468eba9e4c

SHA512
dd18cecfbee61c80ea230a95e1b7bb248aa158dc950eb735db2c4d298edb16dadcda7de24ea08d8d165560e0f223d9eb50ac00c1920360e7e2fc6a1f84cfda03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a94f4a90d4c0531be7c632532da56c1e

SHA1
e97a42649f9200486ab4fda4eea539fcc3e47053

SHA256
72d70638cdc890d8e892bde0ce7015d35d7fec4300e9e35241db1f8eafb64b58

SHA512
30dd35211c5e97aa3e6846943119a367d32b478b47eaaf53e253274bd0d2b88126d18bbb8abc5cbcf2e9815e99a7edfde4bda4e7149a37f8533e324f09f12f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
39bb7b849875ef1c1c3a1478033e828c

SHA1
95c0c80bf74281cab4dd80cf1e0eaba6a6ca4e01

SHA256
81cfd7ac9865afe4001a84745afde1802854427bb01561a6cfba8723220f240f

SHA512
125f3bbf78be0141ba0f352f7e2f237ee9c09c17a197d6f07b42f9965977fbf3f66af4865bd92d19dac74f011f947bbab06d17de74f21193acd965adad41f1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
104832228f910fb6f9f027a7aaaf5aea

SHA1
b89c44b406faa4cd734b5c6ff488219253ec3383

SHA256
3fc2d5336ad2a8ab885eba9fecc1b0ff542fda369b3a6e3eca124cb2320beb35

SHA512
d75835b40e28b41aa4236706ff3baccb8801764d60d026ff24ebd8be546d856754dacf9b368eb33001d72cfafa12561aa5e03cb6900f40ef2ffbd2da4d8449b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
415ebb22fb55454b077b87ff4823ac44

SHA1
3da4f5ca666a697d66598efae9396edb04514d4b

SHA256
397d73b6d8e4291a760334ceeb6a3ea651057ba9dbfcbb92a2e66de265227cf2

SHA512
966537e1ce1fdd51e3bdead4b32a5bb31e7f2a9ab750cccba4d6eefadb1ae92cdb7552ad3d392678d9237b4f7738bd57d81f0201b361125f2b09df8e749ec19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
bb8e79857c342f65f6f7b3946499bd83

SHA1
b0bece9b192b31305167fcd0b253013e39508b98

SHA256
de7cd62a9ee1b641a92ceac442d1d4c18b37d5cecf4ca63aad72932744fa8349

SHA512
f7c5098035b5f2c99c4e15e9a9584b1cd307f8a6b512f6039e61c5560d47148f6bdd504b8a2f0f2382a177cdcb5d330f435af9d427c871e946e0850398ff5413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
049462bf8453acf3730966a6cdf6432a

SHA1
c0d685b3f1a5734cc1ae015f79298362739a458e

SHA256
b559fc5978719a974de83663adab5a20e71c92eed6326278f27bfe7bb7d9f2c3

SHA512
b2cb864fa0f4caea466aee6988de2721a7914dcd8131bd34ba3cd0071b4e67618a6c1c030b4b7ec09a62007f5fbb7cc3a5f9bd10c1e078ed12b59c0cb7c9c8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5999c5.TMP

Filesize
97KB

MD5
5a07ae37c4904803c27511639f40b8b5

SHA1
5f648196955ebc9fa87f6d0e0292cf7e3b6cbf7e

SHA256
7e376580743d99acc924aa8738a7056d6e697045a26cacff116b957685c84bc6

SHA512
633967a27778434209bb84772c2766bcaf2d760252155252a62f0e9a2e19113aba02740eae0bfc3c5629d76b48b56f81dfbbf4d00cc69d2de158d8b5af09e59c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\additional_file0.tmp

Filesize
1.9MB

MD5
b0f128c3579e6921cfff620179fb9864

SHA1
60e19c987a96182206994ffd509d2849fdb427e3

SHA256
1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee

SHA512
17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310191217221\opera_package

Filesize
94.4MB

MD5
0ba90769769f38c565fe368421b3b75f

SHA1
09227068b5ddcc0ecff7dd0275569b3849770292

SHA256
a981817ba6addd18fba84aee8418aabd9fd39c9812edbdf2c5a391fb7fb8e491

SHA512
1d9ed4b1a02f4c70acd0f617eec3401a684b86e65fe7e9ea99ac2b83d3637eea6f93646fe671c0f5c9acf6b7d54ae8f9b12d23b7ad5d37981d3dd1804f1d8302

Download Submit
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

Filesize
2.8MB

MD5
5735c2f2eb95decfc41b16e366d66194

SHA1
b19d32b827f7a4dfb853e38c5342a0f664b1e46e

SHA256
7583c763d1bb461517afbcc0026d72ec617991021ea5b51b0cb68d8afb287221

SHA512
bd94dcf36123e9df2562ea974969e5957a25b7246b1cd5f2c224238af1d25dfcdabaf0fd5b23408009423583f040a4c3b3170b96fe6202daa75d79d7b522c5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2310191217139813712.dll

Filesize
4.7MB

MD5
1312b9c3111e7eaea09326ff644feb04

SHA1
114f2fd35c67fe5378e0cac3335485eb2ae8f292

SHA256
246411eb4d336db6f5563483030c3ebdc476e6715f264658655f6712aee5bb0f

SHA512
372ea048f5ebf256fd85e932a406de5e3d1842722e505d432b0679ed0990ea3522c2397fe7c91a9e915950f36207d81689d7b04817005b95d118539452f4384a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
159KB

MD5
3788cab74a75a972bafb18d0d314ad5f

SHA1
8eb7f4faefbe8813c1a2ce41451f593927c957fb

SHA256
af7f9cf5ed24e01094f38865db57f829bc23b8964188b5dd18402ceb90548142

SHA512
b5a709d237414601e3047e1b69b1035798e9b33d1ed584cd734471f74552752e49bf567b5322a616c9577f3ccae14b15d032a964790ac2651f36c8208acb5f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
159KB

MD5
3788cab74a75a972bafb18d0d314ad5f

SHA1
8eb7f4faefbe8813c1a2ce41451f593927c957fb

SHA256
af7f9cf5ed24e01094f38865db57f829bc23b8964188b5dd18402ceb90548142

SHA512
b5a709d237414601e3047e1b69b1035798e9b33d1ed584cd734471f74552752e49bf567b5322a616c9577f3ccae14b15d032a964790ac2651f36c8208acb5f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

Filesize
159KB

MD5
3788cab74a75a972bafb18d0d314ad5f

SHA1
8eb7f4faefbe8813c1a2ce41451f593927c957fb

SHA256
af7f9cf5ed24e01094f38865db57f829bc23b8964188b5dd18402ceb90548142

SHA512
b5a709d237414601e3047e1b69b1035798e9b33d1ed584cd734471f74552752e49bf567b5322a616c9577f3ccae14b15d032a964790ac2651f36c8208acb5f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

Filesize
13.9MB

MD5
b5a5cd6ed7b5fcf9cd6eb276ce53f40c

SHA1
7ac960e1c3e998b86d9be1143363783f46515431

SHA256
c8731121fe3984f3fbb7e3cb15a2e7840607ee28608868b8a8a2bfb7c23f5561

SHA512
3530adad443151f01af756d96d00d170b2b2507c81aa8b4ebc49488fd16217617f664f73639dc8ab979b2a55bc70da889c91a8c9cd31ba1bd02fe8eb7ed2a0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

Filesize
35KB

MD5
3675ec9952d2222bfffe7a52719955f2

SHA1
4bf2485bbeebc2ad81b864ea17381624e128b954

SHA256
b085e95ef2daa7335288bdf595b56cfcc6597311431e685938f6241850338a27

SHA512
6c82c944a4fac6051a54891fd62e233881a50626b4416a7aff2eb21c69b370b64856711244ef289dbf45db8f9bea20c95dfa7ea8ca884bad233202fd73024d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

Filesize
687B

MD5
08916680285af6ddf4adbd1dd265487d

SHA1
e5fa77912a69248aab08714c5b605df62c469f33

SHA256
ef252f80a090c0ae1499c34148c27f3e982100b25c8daa9921d102343383f751

SHA512
68c9858777147a6a1c4932c13149aba4bb97453a3aface4c80077a5746ed493c811e36cd89b838e34429e91b1833b1866177b4bfc216129d555f310fe71a108f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf

Filesize
1.6MB

MD5
e7069dfd19b331be16bed984668fe080

SHA1
fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4

SHA256
d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453

SHA512
27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warcraft.jpg

Filesize
52KB

MD5
a48a77f8b3f8f7e6a9661776472b14c0

SHA1
7118461b780b558939a325a319e8515edbbedef1

SHA256
2e58bd1444d8452ba963e877601e8942a1560abdd44c16ed33580148322234ba

SHA512
f6a8a2844d872b650fc6342f809198bf078cf2d472c1b43f18529a0216393f6494202ab3b95ffef560fdba4bee7a4c6a85be49d9151cbd52c0c870d65c6e47fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\flags\RE.png

Filesize
2KB

MD5
23f2c7dc04bfe492598bc440f57114af

SHA1
c30b386b7138a1d89b90f0e679ef58f4c545ba42

SHA256
94a0c4bc3aa825e44d36b0a463f9bfb012c2156392594a8ac6d76b389776e3a9

SHA512
edbc28f9f61ad48ac02e1bcb0f862249b5baf352289e068cb5df5552b5e9752a205e7b093b7caedccf4230186659d4b12579433ae8141b5129a5a6cf4c6bc5f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\flags\SJ.png

Filesize
2KB

MD5
bf25a4249d34f915ec1a246a468290cc

SHA1
5cc47373c11ff0488929124e18e280c7eb36b232

SHA256
0dd0e0a0d72ff4179b11afd5367a72b000de4a5c5ea0362f1f1723f80a3a2d22

SHA512
982fbc34c0c0ccad148b6745185af317bbe12215e08c879c6a06a7073d2afbcbc70c4fed9e028cc91a6a1eaa1fece064dbddf415a4b97a799dbfb1debcc02337

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Black.ttf

Filesize
159KB

MD5
35e0e2e7a5b03275ba569a214edbab77

SHA1
b341b185db9c7231884558dcdab0124d2f5ed1d0

SHA256
2d1149ca6075e3559fa4234107474b3b500bc479baa0bdaa8a99563a587c62f5

SHA512
e3d752d8fd5a7306dcf8fc428b72df1668991b7152b66fba41e365cc61626f8ddfc8092dbcbc2b2ef3acea5c09496e83af2a2208cdd5b66e7ff3267b2bf2f0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Bold.ttf

Filesize
159KB

MD5
88079335418f389bfb2d86bc4f1ced64

SHA1
fd799b6fb4aff1a9402e071ab02d1ddea731b868

SHA256
85c6a818e33ae8b62d15672522c0b12f2e602680f75c4414ee815a73596ad365

SHA512
5105d0f432cda4de9749e4e0dd09f9687d06ad17b7e02f98dc9d0b2ffc3d959c386302f8882c3a3f1021c39ecf88e60f5e630b929fb905eec48bead923b47e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-ExtraBold.ttf

Filesize
159KB

MD5
27f7ef17de3691b5cdb9f1ee1ee5cc6a

SHA1
1c92715c134738f2956bf758181522243c7586dd

SHA256
118e237edf796dd76c453e912a4f445816e918bc3ff1d3941b2548c0a8fdfe29

SHA512
6d5c68056a37d989f64528c092680416c1300c95471be43ebddff7b579bcae9dfa7f402ab422406bf3a4a3df728b4af1e68e15e385b49221847f48e0bc59f228

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-Medium.ttf

Filesize
159KB

MD5
b952c3c81ba34b54c66c748ea1e828a7

SHA1
9d35f805e98f95e72f5d0a4ced7397584d7349be

SHA256
f5a6dcd3227d1a75db47a6770e617d8077cba42c146d1d6479ae394431c7d40e

SHA512
30ddc9f9fd2916b3ac846cac60c93b5f89057a1369ffd38ccf569a6eba3dff6be10408ad7413257e794e94a46e68e67105fae28f1ce95544485edbe85842a420

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\Raleway-SemiBold.ttf

Filesize
159KB

MD5
87641f9900d717d6bfbf108b8755868e

SHA1
75f4fca0d4d80e2b9a62d3283261e933786fb8c1

SHA256
564368e49d2d7d65005649278c3e042d6954df5e5dee3874a3b548ad067db0cc

SHA512
a319660d6457efd705c291aa5445146f77e2d099ac26be3f48963b9846cb0f3cfaaee1fbd1e9acb5a7ebb74d39b541d00c76fd50932b388cee7ff54da2ef40ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

Filesize
201B

MD5
7f8d672a2849987b498734dcb90f0c51

SHA1
e53b9319bf964c15099080ac5497ee39f8bab362

SHA256
4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4

SHA512
b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\collapse.svg

Filesize
195B

MD5
ad6092934dc48be9d00331e6f21eb235

SHA1
29cd8e5478e432b386382caf6ac7b3537b108c33

SHA256
2e0eb48ef144b771903a2ee5096ac4305ef43c830d2905f46b0384a07f5f4090

SHA512
38254a977c1a74515ed6184b5ebb3b1b3125db4b713a2de69aee9dc54912a9e869fede36423548e9ebf8cfc66e6711738789ee2c33f6f3af74def779eb7e5afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

Filesize
79KB

MD5
3577f702479e7f31a32a96f38a36e752

SHA1
e407b9ac4cfe3270cdd640a5018bec2178d49bb1

SHA256
cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2

SHA512
1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

Filesize
798KB

MD5
cf772cf9f6ca67f592fe47da2a15adb1

SHA1
9cc4d99249bdba8a030daf00d98252c8aef7a0ff

SHA256
ac44ccc3f61bf630bb20fb8043d86cfe4c8995d06b460084400db45d70497b30

SHA512
0bec0d3a34a4ac1cc2ed81dba3bc52981c5dd391a68fe21132dfadb70e42ffbe8f3ba798185733d64a900fd2bb2403f9a8558e6666f2c1e2c0e818d8e3f154fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.0MB

MD5
7ca09d9a1ba0a08d15ef4890af78c725

SHA1
1452ebf925368044eadbf568324a82979e56c77b

SHA256
1d2125c2dc2d2eeb7afe1d9589cee8040b8f2be8f7ac6aa32529578a2d0844b1

SHA512
73b4ab231b653ea50bd8ea5f928ee9bc5c6fc428a550265173ea1869a99ad74d2ce613f09d32aa4aecdb7516a54069e887c2606f606ae554a65fbe0f07821252

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

Filesize
17.0MB

MD5
7ca09d9a1ba0a08d15ef4890af78c725

SHA1
1452ebf925368044eadbf568324a82979e56c77b

SHA256
1d2125c2dc2d2eeb7afe1d9589cee8040b8f2be8f7ac6aa32529578a2d0844b1

SHA512
73b4ab231b653ea50bd8ea5f928ee9bc5c6fc428a550265173ea1869a99ad74d2ce613f09d32aa4aecdb7516a54069e887c2606f606ae554a65fbe0f07821252

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

Filesize
554KB

MD5
9aeacfd60c19fdb1af926ecf7e6eab87

SHA1
e18684b140af095c25628fcc599b600b2ef999a9

SHA256
7bb664a486e941d0f6004ef1eb48773c7c5f1be5f1cbf1aa5f9819a215863d5d

SHA512
8a9654018313ab79af95a92745b4faaa87b62210506bfd788919769878a43efaf6e48494b8b2c7ad6155adebb8b07cae0f06ef734e9042c858478e95e911c656

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

Filesize
94KB

MD5
c8e5574247f5a2468f71b53fc0279594

SHA1
c28d7c9cad48882beaeed0fba15cbc11fc2f949c

SHA256
0373c0cd6856950dee1b1a9e3ddb896099c6c823f6e46dc00802fed19dbd58d0

SHA512
d244d3879cbdfd22bd94eb7d4950916b5999d6c012b0287a8807a110f1bc80266049f4d0563b97bb0154bcde7480ffcba07e9f7e66fc2ac20020e3c77792df81

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
36KB

MD5
35628f1d136c003699382ea7d489cb16

SHA1
30dfd392927161182224f0e6b8aace235a00fbea

SHA256
0d6f93c5d19530a1623798f936468bc0934c1795545dd000b8812539b3e308cf

SHA512
558e6d729d39f25584191804e3b60f8fe8e9e950d58cd8f82eeaecb45c5bc86f2b9e9ac499ddabbee7dfe6a6ac6cb44cf63ced6e8105405ab9b314b5005d9cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fkdvrrwu.0n0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\00dc8120-2d3c-1d4d-836b-af1a981d131b.png

Filesize
3.2MB

MD5
e99e1817649be7ec4887b43596760214

SHA1
8cdec058bf9e309f4370770c9607a69ca01d879f

SHA256
aa73248aa79262c125010c11203515dcadbf9fe1f43c1c00f0e864836ddd2e08

SHA512
b18551745dbb7cde0a0968312913bc36cb17171082b7d8aa17f3c0f9bd1e391d89a4e6cd276364c57182c810ffa4a5801217e7d61618e0c5b4b87a9c17f1a011

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\0491f520-2d96-1d4d-836b-af1a981d131b.png

Filesize
4.9MB

MD5
79f9a2cb4380958f37e5837ff3535cc8

SHA1
b3488147b8734e5ee9a6f0fc7b980001b32fb9bd

SHA256
f161028be1ffbfa8666acb68a45191e61b323f51a637124bb6c316bba2a49242

SHA512
b00a678eb2f9e806e9b5f4a0c4f53567a8e6c106a22e849a757f03d6cbd07b330236759d68032c9e94e6eee231744b9f5b548dcc025d7012482b6872dff19a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\05c4a8c0-2d96-1d4d-836b-af1a981d131b.png

Filesize
2.8MB

MD5
a4e8b4fee4d94cc825ddf8f843c0878f

SHA1
4d0081508e4c932383e3844b8b02b83357baf7e2

SHA256
05f8ea68d1d827c4de4e3d58de6de354a63f53128fa5e7ef44fa20f5b359b741

SHA512
6db204376e75bb8fca1c27c1832fb726769d65fceb388124c12d7b778defb6c6e824c4c8e1d51ea1644b1c6f79e6835b320f0533961bd6a326b8a9d48fe9d681

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\06f102c0-2cf1-1d4d-836b-af1a981d131b.png

Filesize
243KB

MD5
a7c54d972d2978b2373bcfad76e4a66e

SHA1
87bc2e47fa60852c0ea027a675e1aa09766dbca9

SHA256
88fc3b4f3327d55df7898dfeef461b7d40e8a71f205e4c57b2e7e8cba617c8bd

SHA512
f708a2e9b11041fe79ff647c418bbf22ba3b927dcdc556311f1be26861e8b3bacbd999aedbcd1c3ea60952d5ece194e96b8b214c1a4bc28b9a05beff207846af

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\08242b90-2cf1-1d4d-836b-af1a981d131b.png

Filesize
1.0MB

MD5
f2bbd9c0a826f100629511edd7b5da0c

SHA1
9f3a15f3610b76dea53d834dadf08066e775d86d

SHA256
247544708d08adb3d7f922a02707cd964fa47ea304e471de32f788c1fc415ab2

SHA512
fc37a9cb43f35059511c26d7c83774614566f5693f8e081ff0f07e66f9e9114ed3fbde7128806c351ef430fc2a48988bed2375f9ea0367b64d5700086267666d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\08be6fc0-2cf1-1d4d-836b-af1a981d131b.png

Filesize
206KB

MD5
7b3e1e22b1715da237eb9be3650987cf

SHA1
f70bdc46480ec00a7a56ba3241bc76fa43c9f1c9

SHA256
351c95f34293a2825cba4fbf143381f5c55a5838f9b37f8f184a157ebe64620e

SHA512
1bd3ba8013abe2fedb4125b311baec7a635c11e5634955a39952613e3544dc262228739022a8ede721c62f29d8eac183c409d402f6c317548d282ab87533e3a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\0e497700-2d5f-1d4d-836b-af1a981d131b.png

Filesize
4.4MB

MD5
0a8f747d96f341ae7dae613424b6d31e

SHA1
07ef08df2af30f866676449eea68af0edcf36062

SHA256
04f6be75397c0a55286d31222407813895c86ba799b4220d378ea254ee9b1237

SHA512
1794f442a144095e18668b5d2d0bed137ced61a68901534dbd75b6dfed40df2f481d9b8bedd1ec0e17c123f631ea6e32544dbcf1777526e0663237a2c79da2b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\10cb9390-2d97-1d4d-836b-af1a981d131b.png

Filesize
2.0MB

MD5
f2386e60d0844d43f47ccea4937edf15

SHA1
16cc380746a47402a125d9305ce51abd6af29f4e

SHA256
418c969e582cd50d4516eee480f5a03c35e85667abd20f9c62cb11e7bdbe5d1f

SHA512
f39061282254d826f31b9d09e662f7afedaf0f64b82418205f5fda24e49f6863af2a8804bb79efdbe7bcf6fdffe4351ece54af2962f52328f366ea85d7052ef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\1186b590-2d3c-1d4d-836b-af1a981d131b.png

Filesize
727KB

MD5
50aea773723785134da2145bcd6e7af7

SHA1
6b5e3755aa5682e29ac567b1753de69af3a65d26

SHA256
3ed47b328f9e059eaf874db50f05f2176e82e7d66998e3f8a17ea88bfbeea91f

SHA512
520f02d58d24d564b56de1219e38b7f24cae161fe33255ce195c9197dff40335f8212a6084b1c9f5c0d63ec2395021e08d5e01a62a24b955778a48fe20fe1ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\1fa18cc0-2d61-1d4d-836b-af1a981d131b.png

Filesize
798KB

MD5
a2188bd4e7fee5a24dcaeddaad83c026

SHA1
c4b7a14e49963377eadbe999aeb675c47e9403c4

SHA256
c33b0589b3dd0d74ce26d5d4613ebd76f9e26b21c209426019944db6727719a7

SHA512
3cb603d6a23edb3939d5abc057778f1b851b12d373c4d1322fdfdd0aeedc948c3a4b90e995d018c0a0f5422f30a0df8de90a8270baee17ea6260b8e8ea34ddd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\22f651f0-2cf1-1d4d-836b-af1a981d131b.png

Filesize
1.2MB

MD5
0a9bdde5758b142d6edbc8f323638ded

SHA1
7e8b4f4f6956499f92b6916e0809e2c5df563847

SHA256
c12a04db9c195e93a1e2b6f34d6cd2b46b9bf90cd026ea807fe9d6b639937ab7

SHA512
31c5c99f7789522f8d892e97a56eff26859f9a84bf4cc7a5cc2c542e3726f59d14d76b1e7a78d355f8e3f3ec62d311d9169c3c9775aa33dc1d97b29205f402c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\23b60260-2d47-1d4d-836b-af1a981d131b.png

Filesize
763KB

MD5
76fd3338dbe0e06f8694ffbab9133aee

SHA1
27193d14dda13330bdc46808a9ba67ac009c55a2

SHA256
22e835af3c35538a3726b2864f59596f55866c5dbfbd1b2b000083ce6f67a0d7

SHA512
e0ed472b1899b1ab837fad354cf2aedcc0b8e73b143d383e883609f0535c02854c8a47994a3918efdf4172aa19b0cb4d8b966072d38e20f9fc4de7011daff3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\244f0e10-2d47-1d4d-836b-af1a981d131b.png

Filesize
466KB

MD5
da96b49ac3fea21f5da1d21ac78aede4

SHA1
b2b8d39ef1739f33f6025996c97a2a3d288c4655

SHA256
5ce218a6e2877ce439fd5fd0a6b9a135ed0ee214764be8fa77def45a768a6822

SHA512
8f3139320e14c696e3804d2ae05b349add43e0f8f70a3d0de474fedfdfab130c7925f1ac040d9e91ed4b7813671d89ac8dca739e2e929a3c7cf31e7bcedae43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\380e1e70-2d59-1d4d-836b-af1a981d131b.png

Filesize
3.5MB

MD5
afa1e19e9b9b56d8c1814a02fb5cf6d6

SHA1
82c1398105477d97f74bb9ff5e5e9c68dafe2814

SHA256
8dce5fb2cd995fb406206897e267256dfff5c35bc914e6a3f699d07ba96bcca3

SHA512
ba2a48e109dd604279e1324d41c07472c3a476c4c5bb53cf8859d9962f5c3cde3784122ddaba914348aed9a5a4e4328b0f9360d3428368d4537bc6c8c4c69295

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\3b4a9280-2d5e-1d4d-836b-af1a981d131b.png

Filesize
1.3MB

MD5
d98c30786472d2f9116bf6d1cf188901

SHA1
0fb2f96dafd54c6449959c67660a202e9ddbbfc4

SHA256
66003a9225f46dbcea8189d68815cc2452102d94e8c3d8540cbca8b0ee1cf8b4

SHA512
be4441f44debc02a697ba38f65472eee06b9b06e88842b0e09c05f6e621eedf6fabd12156f072613011ca13b18dac9f814c63dc49a30a4228959a838ea00fa5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\43336f70-2d96-1d4d-836b-af1a981d131b.png

Filesize
4.8MB

MD5
f1e9111dd475d2d40152068757d4ddf3

SHA1
d558c71b4bda6a76dc4675fd4a8ebeba4fe5345a

SHA256
a3415d9f02aa76d6be405f5cc00183746fc26cabdf70309881142c5bb4ea2d57

SHA512
f475c928bf514d2e7fc94fe03bc030b37931c61d3b7b7ffc108ec09cb51793c84c0698c032b454ee4340991539bff141267fe81e90ff7ee81c0aafcc85b25bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\54f38d10-2d5c-1d4d-836b-af1a981d131b.png

Filesize
658KB

MD5
3ca7686ea0e7accb76671fdc751a246b

SHA1
88a7e10b04d2e6a65848e751ba4e9b844f0ce8f9

SHA256
653a846792e52082283e37c8671b1d388f4ecf12ad88c56d13909242773915c3

SHA512
25856100a9559215c79139566f9de9ec1c01881be76cb6ef07b55cc3ee75e7c45117ff1c77870d1c866fe4e7ff4636e7daa04c36115e97d04d3429359f619dc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\56fbf320-2d4f-1d4d-836b-af1a981d131b.png

Filesize
1.2MB

MD5
56d8b87ef9b7626a8efdce76f99b3952

SHA1
c24e107510544171b79ea41bc95d513a3b2ddc49

SHA256
a6413ee298d487eb6a60b51200b45f8252781b83ecdf664902119e75a359057a

SHA512
2d7d5ce5892e583d92c93becbb991f66497143090b902ffbc5e446578e5bd1ea55ab2e07fc49a3e1e95983d43829f20ad05b4bb63e1fabc5e2f2fdda63dcfa69

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\70a73140-2d45-1d4d-836b-af1a981d131b.png

Filesize
1.1MB

MD5
798057f9331980014a0e2fe04dc08581

SHA1
d613d77c37751c21bc68f003c2acb195ca392391

SHA256
16cb89f604e681648a19ff103f5569cb33acb3b744ae00b1f6cdb2d11aee40b6

SHA512
e494ca6b25832500cabf6028f06132f7ef9573e58e028122e5fb249b9902511fefac8c2bc248f863a08b77cedea9d7cffc75a4e6b528d5106834c35f26b24f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\87da25f0-2d47-1d4d-836b-af1a981d131b.png

Filesize
706KB

MD5
f97e3a0fca358882c2ec3633facb6b12

SHA1
7dc32fc686baacf1e1046db3791bda21e27f66e2

SHA256
1ae755720be20e1302fc0470a15b6d8264a3a538d7f6ffbe0c7698293d2e0ef1

SHA512
8135650229b98c9af25aa5293e1adc595e81eecb814ab01084575125d8292171a5bfc9d7f361bb9f82bcaee6781f1810b0ee8766fccc23b82bebfce12e4d0e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\8a417d70-2d51-1d4d-836b-af1a981d131b.png

Filesize
4.2MB

MD5
17a5934cb58c6ac6b94052865792b322

SHA1
297423f0c63d50c71f61704035b9197136b3df95

SHA256
feadf6279b461592b55b35724dfc1d93227d4e28b01b8248193df943e33ba7c5

SHA512
d1ef283a05c224a2e0b3dba8267c9a574537cff63bf35fa94178b88fecec6281211a2c9f9b882d8d5d9c16c0da487e19ed7f88f885a88ed71b712858c9704b5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\8a417d71-2d51-1d4d-836b-af1a981d131b.png

Filesize
1.1MB

MD5
4523f55accbebdddeeec955a53445f71

SHA1
5e9fae51f2de02960fb085afa21bcc017c1fca91

SHA256
4fa1eca4cfc6def3b21f5277a7196eae231f1c6f006f64eb1b266bef066957be

SHA512
189b4e01ed97d540fd46890794888a49e268450d8256d141e0de9241bbe5909c84241e410a04d5754944a18fba4aebae068e9123af8047c828f2dc9de131c69b

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\931baf80-2d9a-1d4d-836b-af1a981d131b.png

Filesize
3.8MB

MD5
8a53c61b2768bd80c65405243d744100

SHA1
872de78d5611fcda43eeb0b75f88770167827ee1

SHA256
c8bfb7faacb578dc84d6ea3656e85b02c9ee49d34cd903dc8b0aadfb6057cf0f

SHA512
0e387b1d64415b54e6a95a8ffe19ee733b0518e15fb80e1d20082ab444d5cbcef0db8baf72911a498846dd5980d334fe03653950625b485725452723842c6327

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\98bf84a0-2db5-1d4d-836b-af1a981d131b.png

Filesize
2.6MB

MD5
1cac59919baac377e8eca0fc58a44ae0

SHA1
1e60fc47cb8cee5d7bcea60fdbbb940ad07b0e50

SHA256
8763248157992d11e0617dfc031219bc8cd817ba73bf075eba2ec85b42fde2b6

SHA512
6b4f5ab7d259a48d12cb5ea47fff4f833e4ef09481bcaebc2e27e3f85367088b2823161c2eaa50a92ca4d956d895787fa61732f10fa3fafba42659d857d80a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\a1368fb0-2d5c-1d4d-836b-af1a981d131b.png

Filesize
1.2MB

MD5
3a6bdde057da4e781cad12c2aae63575

SHA1
8a4dd63211aa9527e4e984be1f7309d1869c81ce

SHA256
1249d4a2b25c2afbedfa58ef5b4a68eff92c066bd66523a7488e1a65e0d5bf92

SHA512
26181cb03424e739991e8ee52b32122a6bbaea693438c0f6e8d504bd9a5c08bfecd08da04e83fe2f8555389080b9d8f8fa6fb054167e99827998d9f6b4036040

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\aba58f00-2d57-1d4d-836b-af1a981d131b.png

Filesize
790KB

MD5
954c1b0d184d70b9a8754a9bec56e4e8

SHA1
6f6c22c5985738bdd411942b8405e066980a007d

SHA256
54f037790f36dbe01d5bc9a2fff70f7a5524fd0a5ea78e5b5b9c7480de33088c

SHA512
9d682955c72eeb45065cd8911dcbb860082e7f587c57953bb4fdca13f6067a0810ed816c68869634a30f179553c8a9b050e27e5346c2b5f29fcf3014b0f3b5de

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\c2456d70-2d43-1d4d-836b-af1a981d131b.png

Filesize
970KB

MD5
fd66580019fba51184e7b408245f9221

SHA1
b7544eedc39b310e49b432ab326edd3eeeeabf5d

SHA256
cd2ebc34c582b11066bd62cb5dd86b4b7b7a4d64ffcaaaf11218b6d769952808

SHA512
0049a71a1bf6e63b8936c2ef9f165c4fb31e9e3224ac915f0902f276fe1b586b646411f8791c14a0bcf2bc77a675b5b13453676f14984344d1b1dca6091dbe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\c45ba240-2d4e-1d4d-836b-af1a981d131b.png

Filesize
927KB

MD5
2947ad78c74b97e14798b0563208df61

SHA1
06aa26176006543de79f8f7d071d8be5b5db9c84

SHA256
d1a67afdd9422aba2128a5bd81403f33f1843521ef3c1d7541d6047765c0a614

SHA512
2a906b556dfcc965b221a7d00ee3b9f981e8d2bc51913d77dba20ba9a6a7e200330853f6fb4b26d72538a94703d76e8baa039f243426bfc504e758a7d6f524f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\c98b63d0-2cf0-1d4d-836b-af1a981d131b.png

Filesize
537KB

MD5
c0de3a44308537710610b3145afe259b

SHA1
ea8067e6bae0f59f05052fbde39d9f30c4d3d4c4

SHA256
c0d5fe5de696bff4d8db9ef6d12806e92358fca7b93ca436cff841ee3c878c49

SHA512
db371fe8d12b2590b7e3f89e33300f9ab25efa759e8ef80d63f5f032d2a9acc49010a0d2e1c9a6efc29e8107c98be326292bb9333ee87e193383aa4eb7a2fc2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\cd482140-2d3e-1d4d-836b-af1a981d131b.png

Filesize
843KB

MD5
51ba58a13bdfd5dec19e86f37df9e052

SHA1
7ec5ea2272919d9c69162a8bc6d5b24d3c0e6e9f

SHA256
c6983f9a9dc4ecdc42c5057bd44a28d9e0f449885f2cdc863a864fd8e66e6ea3

SHA512
9a867ac08178b4777356da39e87917e34e76a57c1e3eb4c093be291b5db324776a693dcc14b2b29be44542596e7fc961d7a652267729d753483a2210a5dedba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\d0dde9d0-2d4c-1d4d-836b-af1a981d131b.png

Filesize
2.5MB

MD5
8eaaca6e867c1801265543a4c9fca8a8

SHA1
06390c304e4c6e6ddc2efe91c0476d4ac05ec814

SHA256
daaffed395ae26e73a85feab1dee266fe146e3b4c881cea1aab83d4e40c0ed8e

SHA512
35f8db4e24de7c3f496bd014463b09ae90474121a859769619bbe3a91cb636d6106109c955f1c27ccf37bcb7ca4b3b943bd5c5ebf3bd13fcf1aa7f76a27355f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\d55c5090-2d4d-1d4d-836b-af1a981d131b.png

Filesize
916KB

MD5
986912ceffeb9019f5c150eae386a090

SHA1
ae05ecb581548a80247f69d87bbbd082198ba767

SHA256
4c496cec14ba8097b41b55b1648d45a15a9afe4d91892f3921b29d993abc86cb

SHA512
131721f49cd2b3c5848bc6fda0f2d11eba341bec3321344e9e7a9b41bdbedbe558b9506bcfd74caea35a68aaeaddc44bb23a59afe26da85663b50f7fd610a4af

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\df7b8990-2d45-1d4d-836b-af1a981d131b.png

Filesize
1.1MB

MD5
53ffad7034133a3fff13e199c52f517e

SHA1
5b1a11cefbfd526a60294cc578d547ce08a7b009

SHA256
1e4971bdaa1a765ac3fd1823e36a1df95b93f662c4c7b80099a77bd654f96fe5

SHA512
643e072f8885927cd1796504092d87a6b330b502466b0c4bcad53378bbd0d98b87eca660f5370fe04537cf25613589a8e22dc19e275306d8f38ab8efdda5e25f

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\e137eb20-2d3b-1d4d-836b-af1a981d131b.png

Filesize
408KB

MD5
224bf0dce18da038677831ced2352cc9

SHA1
c534849ce9a17f43c24616046e079c05827d6db9

SHA256
b470205d65f66a6a13800578051f1f7e8e89b2f13f4964d69822ff31c8ca9c8b

SHA512
f2632fab906d8a32b7cae15175eeddd55408efa3e418f77f2bc8e8e9cf0c5c438b20d3a50db7b2c2e1969595c62ab94caa5f416ae0c19305278ee6bf6a408c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\e449f2d0-2d4b-1d4d-836b-af1a981d131b.png

Filesize
4.6MB

MD5
f16b0ed7e5f0d8c93056e51843d79a0a

SHA1
2069a53f30dd07952c5a51facc64609cf041a3a6

SHA256
80ffb848120913af5b05602b8891226cad53a0f74d0168454b218244448540a4

SHA512
da5e7bf317ed2fe1efaa465ac1017bc90261ac37a31e2e93c3774bc559bc1fb002cfbd5ea8eb34c8303a3607d2214a5b5958487d19c0f1d89a6512d579dd0fd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\e4cecd80-2d3b-1d4d-836b-af1a981d131b.png

Filesize
3.6MB

MD5
b490f73d55f406dd3719dc33ccac5717

SHA1
db6ca4d2ded4f1e866b1fc80231ae1b906818fc1

SHA256
0c08e45979e6bcb7916b7d69e05c9169d42b49a7071c5fdaec6dd612ea685361

SHA512
aa575f1e961839c6d25f291108ebf9864c2fac23b943138b9ea08d7b5cff243580b663de492c80b1d95633f76d7a0a1a3c87c0b46ec8e33c89fa58fcd34debc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\e6c90bf0-2cf0-1d4d-836b-af1a981d131b.png

Filesize
325KB

MD5
f8f6626fad6d65fa60bc074436678658

SHA1
0489adcf84ae24107bd78eab75ba56d762fafd5f

SHA256
d1d5eb1e2e352b027e560446b9b0a2d4414830ebe0dd5ba3ac9c28af5bb4c73e

SHA512
cae102b21b5851a6a08e1d64b3d4f48c61ff7e1888be4d3057f6272e65e0077406aff597304f6783d12c640b2854c14c9726440a0f3a80f7fa284fe29d4fb37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\e758c8d0-2cf0-1d4d-836b-af1a981d131b.png

Filesize
309KB

MD5
4757905c2a93bfa467b8c3d04594c903

SHA1
936b6cd665237be8f071469f721efa5c633f7e06

SHA256
9f5eec76758bd65c2fb8c617ad24e2686a8cf51a02524f9583778347921e6db5

SHA512
eeb241b85e11ee3feb917ac7bbd1db19a2878370c4ba843935c6f4b4b8b9712bd4d8dccff1e755c9d93c8db8c9bde41b2a4882f47584c9e648e42272cab0b57f

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\e8750e40-2cf0-1d4d-836b-af1a981d131b.png

Filesize
186KB

MD5
a36e1d41bf95ce28f6334d56a09df33c

SHA1
3de1dd02320e846939eef5e0346379d27927d6c1

SHA256
ab7497f98c0f138db9bf6b901fa10e68b91bd5163daffca8e379631212a056a3

SHA512
5e2e00824ddacf4cb51ead9c1528e96035d885637acd7d10a9d53880df7d29d660b6d20e788407b8491e9293adf40729a8388ad67e60d9db8fd77e388488dded

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\f75195b0-2d3f-1d4d-836b-af1a981d131b.png

Filesize
1.1MB

MD5
d13c6d39f12a9280d9e33a8744f290bb

SHA1
bd93bb840b3b22b87e64f51f25c8d9e2e236200f

SHA256
4737f870f39e389f1f21d6530af4b4846bf76857163250af2d9a102f7c0ceaa7

SHA512
2515070113c295d5302c363306456d56ce42a4331458440d3958458beda6adb658ce41c93bf7e86ede2a9f4933e7f75fd03fe5286e6738b981454afb07684912

Download Submit
C:\Users\Admin\AppData\Local\Temp\libCachedImageData\fadded90-2d3b-1d4d-836b-af1a981d131b.png

Filesize
3.5MB

MD5
bf753492346d42ed255a7ce6c8f3d2a0

SHA1
a614427bbc710851223ae1cc311390108a5a62c3

SHA256
26def26756845eeeb109c1a40216299d91addae53dbb55a48526b7e4fc203252

SHA512
6585d33f3362330c29b0cc7804357806b23b55ebbe3ea12371bed151738edc06efa3fd279835c26976d8a3f7583262c717f4c96613143d40b979d8e6dcb05b63

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
c6a47ea9eae645e08d9ee1bcce5d8754

SHA1
c487a4988b0cb71f1b5425b879b719c50b60c1fa

SHA256
c6fbb3207a374c8b669f7b70d7229614c7a344da24b6b39cac67c1c169921108

SHA512
0ba14461edbfeaf50ccb1a0211d85ce5d2198786c55dd40462b56db79030d025795c2b66038ee5d7128e445088231b7be592084c290975b32e3d8e11a1ee6499

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-10.svg

Filesize
874B

MD5
e1733e3a43bd068e53cd7797a68a6167

SHA1
26e1c47dc2ef31f4f62d4c2cad930aa7378dda9c

SHA256
6acd550e4998b761df3470d8914357bc958d03ba0f60229a0e4888d9b0c502b2

SHA512
2d042d04c7dab4659740869ab609a99d614289e5c042ca4aebef3c06cc3888b9cc98c9b5ea7b449e7b90d61078916584e93b65e8ea6ed25153056eee81c2e75e

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-11.svg

Filesize
2KB

MD5
e481da5bd89b9455baa45f686046466a

SHA1
e01fc3914c52af85fdf9a0a3573606faa2150cef

SHA256
b2d49e98435c31dc561f44ea22b4fe109b65190ae8598e60cc48f8caff9ceec7

SHA512
0417957790453a0da90b4541b5b1797c7b85afe7b4a6aafd69550c7daec69afb668ef7c14661e6d56e193ef379790eaf54c639e1049c278d906c2d2fc05ecab4

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-12.svg

Filesize
466B

MD5
b82be3e7bbc539cff8c65d2445985f18

SHA1
c05337b679a610240df0b8bd46491b89dc4ad182

SHA256
fbbe56de1740285b80b2c1462136c909b120be05a5fb88283d37236301b60c5c

SHA512
decc9399d6d59e5e5c5eb514d13ce0e93eff858d9a8192ce9dcb62f2267407b2930291de00d1c5e484fb16dc107eb602f78557bd88b52ef27527aa20c45d876f

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-13.svg

Filesize
925B

MD5
937cefdf70a564a65c26315cdcb617d0

SHA1
e5c65db186de14bf8aac97c4e0e641aacd37e5ce

SHA256
b2cdd4fa37d58c52739361fdfb4a4d7997f337ff7e93e369cad2840714f16606

SHA512
4b51a02560485c6db8cead3fd5937a43632c11dfe2830bc1ab90b3563774bef4753e7883eedabc13ff6fcbbd8136921703b1703ac89b8d6ae850affcb055975e

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-14.svg

Filesize
972B

MD5
67c47120d5ec695a91d8183cb5670628

SHA1
89235ab6e57044032d8e4841bf609d735e6bd77c

SHA256
299354d2c1ed79df9957868b229a6898d7aa32decec3101793154d80749584f7

SHA512
b754fc5705485a125fb9a6ba60f387c2dc638b419d03d673b17f02d523117f17054029b1d7836b5e5f58826598921e388dc39cdd0f5db798ed3b81a44d294120

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-2.svg

Filesize
2KB

MD5
f374bb708d64f3314f9d1c6198294512

SHA1
8a800faa352e5aefc7ecdd2f68bcc8a7631823ad

SHA256
afc41b419bcee57934803cc8215dfebd4283f65b9d160a23dae760e159b7da53

SHA512
53a2bf23a854928c346f5fa4a317b19b5ace630402daaadf4033f8fbc49110d222b0c6d8772c04efa39146f92720dd91611844fc2b201c6397d8776fc87d76df

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-3.svg

Filesize
430B

MD5
f3d936c7c4fe49fc15acc614fad46dca

SHA1
cab911867e02419f510672ffa7a43ed38e4f3756

SHA256
64add75f471ba76341e7191e1644ec65bd58099bc659dd98f8516adcb61b9973

SHA512
c6a04897b06ef4d348a0a749042f49899d7e10f802523e4a08becfece46e4c8aa0663cc916302081081b2aec28dfba73ad5b15424c5463833a4798da69576ee6

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-4.svg

Filesize
454B

MD5
32023b6e90d55c9da91d9c9c0768c5e6

SHA1
60d3e784395f0af77ea0570bb76ad01b7fa83776

SHA256
52cc775ad72189ef294aa7c090f34bf21f0035c65f6f199f5673073c23e99657

SHA512
a5ca4cbf08916285b2e49ebb692c5f1adaa2e5f9261aac4336ad96e4c1cc443200a0aec868a4bb3981727c8cc5b1afe51321dd5c496efd04e6018dd2b688c232

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-5.svg

Filesize
626B

MD5
d2e388ae38f72644abf751d39eb8690a

SHA1
564b44d16ba3139d08a04326741250a3042b9a25

SHA256
86d36614e223078594e8eb96d77909e06e273b2317c4d5e0d9f8fa1c5a39fc67

SHA512
02356f177cc03df2b955358363eee98403f831d95db86e67a9e338b9e2baaa3d2f9439d1ff8f1af2d5cffa168c15228691b9da167f7209eebb872c77544c3c2e

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-6.svg

Filesize
721B

MD5
7b985cf8f7842c2b93233dc7d2488bb1

SHA1
4de78ff5db8a9b45371529e03383bc157df9127c

SHA256
ae7bd928ab4d0143b99d80834f6efce4bbd3258ef544bdda56944b1259d0bc09

SHA512
efaaaacfcd999da5c318ef8ad5e014e60cb971167ee824171a89be4314d52905039c42af6a109f90283854b1226b79757cca3c1b7c7b84b39021ed1d9e65af49

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-7.svg

Filesize
866B

MD5
34b50413b7335587a0175328c9a86a4b

SHA1
22b4c58badda96626aee9e50c3c2d16cd134b1a6

SHA256
e0efc2d3a7a0836a695f56f126c30854eecc8550c60d8a47dfc8741137f15ea4

SHA512
b5ec5ba12fac8a987b624b4ea1090f0fb7646eb6a10ea5e31801a25c6f398196145b5441111322141dc68d9cfad0a92873d2e76f9a8245697fbf6aa540024fba

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-8.svg

Filesize
747B

MD5
2defbe5c7bf5b395e8fed6720bf3fbea

SHA1
792a5fea20a88ababd2758fb4fd3bfd3606233c3

SHA256
75d1339247c7549e7b666e273a18294077398c183e50ef05c791d2eb90aa9bce

SHA512
b636529f3342052fa3b678f00b4e333a230dd5aa30551fd1aa1a21f39d1226192dd6a522404f1068db0d96c214be8291f9a8b7b0d09754296de3b00f52df8bf1

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-9.svg

Filesize
5KB

MD5
37673fb4737f110ffcff30820f7411a7

SHA1
bcee7220faa640dc81e7bb225606a0837264cf51

SHA256
ea279b74ffba3ac4077d923e4cebb684b47670ee47bea531c7ec3ddce6ded9b4

SHA512
d5d319aa929c8daa9e5397a2f657438c4692dd0b477339071c2991891cc3d171dcfa5b46c5faf76ccf345abd2aaf1baf26dcb5d1114a5871105cf3146fd8b7f6

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\10.svg

Filesize
1KB

MD5
1ae03acedc307c0cdd568eb3279a704d

SHA1
d038d97a0e32d644cb80764020e76c925a29d4a2

SHA256
6febbd4148072bebd4aec847f2e476a5674b4b165e9b1fe0f919e027e5fc99ab

SHA512
619794107cbef64c09d43aedafa8a3463ac9e986b9babcbaa697b1c634b482bec4dfab24c2c806ee7673850d1a67c7a97ab0125d9e752914a621adf57b6d9c04

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\240.svg

Filesize
3KB

MD5
15cf6a3e9ba4a7d11a7985a5db7566cf

SHA1
2a567ca89cabc616f10d51b921d10264f1573742

SHA256
82f74a005c2a0182c66fc97bbb13112828df961db3287b062fd29c730cc59b02

SHA512
d4a743dab395318c346906f334e92abe05a0118051872083399a664fd4d304773584ce4b9a40f198200c93fd928570c3c42b6c56609defe3cfc40ea6cb555d69

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\271590.svg

Filesize
724B

MD5
ff13af16817c1a5913f70ab053b55d5a

SHA1
40569c4e66865e41804db84671a1b1b04f43d7c0

SHA256
13fd39fd44ffca22e442c6b200096eae6a4132c49f64caeb1a56b40f2b2c2beb

SHA512
10d09021497bce0354bf42b003bed6a741f6d740bb5ae8976e6e2dac70bcf1255f6ece9864fa1e583a9cba92e4fffeb620aac667a37421dbfb22e02cc4288406

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\304930.svg

Filesize
1KB

MD5
44a37801889fc2fcc6397e7fb1286c14

SHA1
55707d11d25df26b5647956c8cec51dfe3d72ba7

SHA256
7b299b18ce300ca36bce22f7c8bedbbcf6a299e1f641e5a76ec34813c630ec2a

SHA512
cd54b4e7c9a089efee331b824a07bfe72ff545f78fc60e15b656beab168cf32f666dfcf08c6db04cfce2ec79ca7919bdd3b66fd926c79d92e670fa4e8b5026a7

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\4000.svg

Filesize
1KB

MD5
c7695e25806185b8d62c37866b6c41ac

SHA1
c1ebdae56b6445dfb08c981cbfd98fd1410a3ae9

SHA256
71626b7ac4e4b28d0169014d161a55a97ffc03b655d86d63db0e96d78680228b

SHA512
235520361e00a72ec5a772e0008d1d2e7191ac9e3aa292ad98fda33cd1f58756fe577820457450799529af1be23492322fafa471d15e92019bf1b0d127f45b0b

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\440.svg

Filesize
766B

MD5
3b531921781a2400c33d1d35ccacb369

SHA1
f1f234152a8ad61112d4b29283e57a8a40dbb474

SHA256
195463ae571b1730967b0ea06dd8496df2364f9cb683c3d169236dcac51f4c60

SHA512
8ae3e3dccfc3f814ff61b0eb30514f4dda580eb4fdb9913d73d9dff699c724c04ad0b6b8762cd942a3e842f317e27be63f88bb669f723f1b915e5165f281c2ea

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\570.svg

Filesize
1KB

MD5
4c0a9209c2c60797c3d984addf0deb8a

SHA1
2ad7946f379aca5f0b195c2ad38b2a844f3c962b

SHA256
3b5b14a838196a58cd3f0539f6bcde5a00f79c95e8830ac531c8c1c01fea18be

SHA512
d404e079d94b3e8e22884e9091f67b1c971ce7192ebd19983e9c5accc70536667e7de9b545cd5f0125f24a6a5961eb68c706e8c732ef2106d4f7132204d28f2b

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\730.svg

Filesize
3KB

MD5
6d9817ccb2be9280308fce44c456b5cd

SHA1
9a17d7f992d78ff4c968d990189e635975a87ee0

SHA256
f66b912bcca1c69a36742ec0f7d1e23b1b50ca7158321a60aba4bd631e43bc81

SHA512
3d830f6f4ce885de48f94f1433109736788f83fb92fc8bdfb10d00ec1c21bec886d48374d30d096181249d46bcff766c4e58b9cffdd300e2b5f50eaa9c33cd6a

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\731.svg

Filesize
3KB

MD5
96552e7d817c03a0f288a5955ec78b2a

SHA1
eb4a454c80e2f985fbe78ac2db1ade4e5cd84064

SHA256
64dfa7a49091c7f824aca93975d4d47469dc967832bda600903695bbeb0ffa56

SHA512
4a8c9f609eb082ec9c9d734b913293e48c00e3431c73be31cb8210460a4e02c12b150b98392ed80e312bbc15e011895433f247838a4a097147e0e0d291d4e9f7

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData.json

Filesize
29KB

MD5
12b72c14846edc31d3266d3fa5d54704

SHA1
2a8bc0cceb7820f9f5052fddd26f36e32456bac2

SHA256
5ad8bcd0be795047b109a3440267869a46abfa05b0ba0855deedbe9d88f94c1e

SHA512
b98361c55257e54a60dc6527567e56417d6b0e450c1c630ee51679ca1a279663106c969a3c5f3679e3a346cd183bc2e42700f468dce1b6e0ecfab6e70cc51037

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

Filesize
246B

MD5
d482a5808f38113441355577a15df950

SHA1
faa8d46995c51910cda6407d0cc672c7c12defeb

SHA256
a234ca98d9d942c285ced5fcc0685aecace457d8a675192c85422fc3b7f9d4b1

SHA512
23fe1de88330fb713a2444ca05ece6efaafdad9d0e6668c2a7e412d00fb6a1f5a49b9efc89793e3e89adc9ea03cc0e7537bbe36776bda4c1e3a4a60f1cf2cdb8

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

Filesize
814B

MD5
dc49c7356b6f74f934e0db7d6762895d

SHA1
51f1037ef6488f9cfb74cc0aa08609a902797c0c

SHA256
6e40b022435e0c2d6aa4dbec0a7277356b826d72232bd48630f6335359d754d2

SHA512
4bc18bf590ac9db95ef309c7058d092ff0c4ff74daaf003942e27a40b51249de9cf0142c57e1bf59c74ce60f4f9a2d746a988c50ca2040680c7bcb1b13f13925

Download Submit
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

Filesize
246B

MD5
0e296fbf4fd668b386129213a17639d9

SHA1
824b0a43b2aea52616d850285e4dac0ae4ea8c4c

SHA256
969081eb40c0452d745bfc426b063ca92ba007aaf7555fe0d809c1daff4cb650

SHA512
4b6e6d5af4624ca343fdc7e1f41abdf2cc67a1dbcedb690d922fbb7e441b00e9f901951bb03d8b2a9ef5339871c29d3727897dd5bf40319d3e777ca59a3d8315

Download Submit
C:\Users\Admin\Downloads\ExLoader_Installer.exe

Filesize
19.3MB

MD5
675a79c02ec00db976db734f5b131625

SHA1
f6fa6df368c9fd2baa87925247217f9ba537ddfd

SHA256
3af30c88e8ab409815a4c3601a17e29e7b68b03b7990735404bac0b7a3ac3396

SHA512
6b45c1984a06f516b1df8ce65e040112e2732ffc12514a6aad57373619c89a410c472b2258ac4b3c2dab8c5c1981d2bb3387c66eec6d17c189f683b4721bec51

Download Submit
C:\Users\Admin\Downloads\ExLoader_Installer.exe

Filesize
19.3MB

MD5
675a79c02ec00db976db734f5b131625

SHA1
f6fa6df368c9fd2baa87925247217f9ba537ddfd

SHA256
3af30c88e8ab409815a4c3601a17e29e7b68b03b7990735404bac0b7a3ac3396

SHA512
6b45c1984a06f516b1df8ce65e040112e2732ffc12514a6aad57373619c89a410c472b2258ac4b3c2dab8c5c1981d2bb3387c66eec6d17c189f683b4721bec51

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 772341.crdownload

Filesize
19.3MB

MD5
675a79c02ec00db976db734f5b131625

SHA1
f6fa6df368c9fd2baa87925247217f9ba537ddfd

SHA256
3af30c88e8ab409815a4c3601a17e29e7b68b03b7990735404bac0b7a3ac3396

SHA512
6b45c1984a06f516b1df8ce65e040112e2732ffc12514a6aad57373619c89a410c472b2258ac4b3c2dab8c5c1981d2bb3387c66eec6d17c189f683b4721bec51

Download Submit
memory/1144-1570-0x000002ED4F710000-0x000002ED4F711000-memory.dmp

Filesize
4KB

Download
memory/1144-1566-0x000002ED4F700000-0x000002ED4F701000-memory.dmp

Filesize
4KB

Download
memory/1144-1567-0x000002ED51920000-0x000002ED52705000-memory.dmp

Filesize
13.9MB

Download
memory/1144-1568-0x000002ED51920000-0x000002ED52705000-memory.dmp

Filesize
13.9MB

Download
memory/1144-1569-0x000002ED51920000-0x000002ED52705000-memory.dmp

Filesize
13.9MB

Download
memory/2100-2249-0x00007FF89C9E0000-0x00007FF89D4A1000-memory.dmp

Filesize
10.8MB

Download
memory/2100-2251-0x000001C62F1A0000-0x000001C62F1B0000-memory.dmp

Filesize
64KB

Download
memory/2100-2250-0x000001C62F1A0000-0x000001C62F1B0000-memory.dmp

Filesize
64KB

Download
memory/2100-2256-0x00007FF89C9E0000-0x00007FF89D4A1000-memory.dmp

Filesize
10.8MB

Download
memory/2100-2239-0x000001C6473E0000-0x000001C647402000-memory.dmp

Filesize
136KB

Download
memory/2748-2365-0x00000000008A0000-0x0000000000DED000-memory.dmp

Filesize
5.3MB

Download
memory/3028-2306-0x000001B7884B0000-0x000001B7884B1000-memory.dmp

Filesize
4KB

Download
memory/3028-2291-0x000001B7884A0000-0x000001B7884A1000-memory.dmp

Filesize
4KB

Download
memory/3028-2297-0x000001B788570000-0x000001B7893F1000-memory.dmp

Filesize
14.5MB

Download
memory/3028-2295-0x000001B788570000-0x000001B7893F1000-memory.dmp

Filesize
14.5MB

Download
memory/3028-2296-0x000001B788570000-0x000001B7893F1000-memory.dmp

Filesize
14.5MB

Download
memory/3028-2328-0x00007FF8916B0000-0x00007FF8937B8000-memory.dmp

Filesize
33.0MB

Download
memory/3204-2375-0x00000000008A0000-0x0000000000DED000-memory.dmp

Filesize
5.3MB

Download
memory/3256-2359-0x0000000000D20000-0x000000000126D000-memory.dmp

Filesize
5.3MB

Download
memory/3712-2361-0x00000000008A0000-0x0000000000DED000-memory.dmp

Filesize
5.3MB

Download
memory/3712-2348-0x00000000008A0000-0x0000000000DED000-memory.dmp

Filesize
5.3MB

Download
memory/3828-2529-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2531-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2520-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2522-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2521-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2527-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2528-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2533-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2530-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/3828-2532-0x0000022EF3030000-0x0000022EF3031000-memory.dmp

Filesize
4KB

Download
memory/4064-2360-0x00000000008A0000-0x0000000000DED000-memory.dmp

Filesize
5.3MB

Download
memory/4064-2341-0x00000000008A0000-0x0000000000DED000-memory.dmp

Filesize
5.3MB

Download
memory/6940-2858-0x00007FF89DB50000-0x00007FF89E611000-memory.dmp

Filesize
10.8MB

Download
memory/6940-2860-0x000001C959EF0000-0x000001C959F00000-memory.dmp

Filesize
64KB

Download
memory/6940-2877-0x000001C959EF0000-0x000001C959F00000-memory.dmp

Filesize
64KB

Download
memory/6940-2878-0x000001C959EF0000-0x000001C959F00000-memory.dmp

Filesize
64KB

Download
memory/6940-3038-0x00007FF89DB50000-0x00007FF89E611000-memory.dmp

Filesize
10.8MB

Download