Malware Analysis Report

2025-01-22 08:49

Sample ID 241027-sha6nayemc
Target https://pl.exloader.net/
Tags
discovery execution spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://pl.exloader.net/ was found to be: Likely malicious.

Malicious Activity Summary

discovery execution spyware stealer

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 15:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 15:07

Reported

2024-10-27 15:09

Platform

win10v2004-20241007-en

Max time kernel

101s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pl.exloader.net/

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ExLoader_Installer.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\AssetManifest.bin C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\NewYear.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\complain.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unsafe-shield.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\favourite-added.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\SpaceDay.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\concrt140.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\audio\CSGO_hover.wav C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\google.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Cyberpunk.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\romantic.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\simple.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-debug-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\VictoryDay.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\mask.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\upload-sharp.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-fibers-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\folder.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\vac.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-memory-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\war.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\fonts\NoirPro-Regular.otf C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\answer.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\macros.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search-alternative.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected-anixart.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\vccorlib140d.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\AssetManifest.json C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\fonts\NoirPro-Light.otf C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\android.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\telegram.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow_alternative.webp C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\msvcp140_atomic_wait.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\url_launcher_windows_plugin.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\packages\media_kit\assets\web\hls1.4.10.js C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\add.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\alien.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trust-properties.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\shaders\ink_sparkle.frag C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\halloween.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\logo.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\newYear.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\chevron-down.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-console-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-crt-conio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\clown.ico C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\checkmark.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\collapse.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\file-text.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\sort.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\flutter_windows.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Halo.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\key.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\JokeDay.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-core-string-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\media_kit\api-ms-win-crt-string-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\arrow-right.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\farmbot.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\hot.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A
File opened for modification C:\Program Files\ExLoader\data\flutter_assets\resources\icons\library.svg C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 807525.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1520 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pl.exloader.net/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8658546f8,0x7ff865854708,0x7ff865854718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8

C:\Users\Admin\Downloads\ExLoader_Installer.exe

"C:\Users\Admin\Downloads\ExLoader_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"

C:\Program Files\ExLoader\ExLoader.exe

"C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe --silent --allusers=0 --server-tracking-blob=MDgyNGEyYjRiMzg2ZmE5MTI2NDc0YThmMjUyYmQwYWI3OGI3MWUyZTcxNTBlNjliNzgwOWVhODBlNGMxNzA2YTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwidGltZXN0YW1wIjoiMTczMDA0MTcyOC4yNTU1IiwidXNlcmFnZW50IjoiRGFydC8zLjUgKGRhcnQ6aW8pIiwidXRtIjp7ImNhbXBhaWduIjoiTkVXX18xODIyNmEiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6ImQ5YWM3YzM5LTU1NTYtNDgwYy1hODFiLTY2ZjQ1NWRlMTFmMyJ9

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.115 --initial-client-data=0x338,0x33c,0x340,0x314,0x310,0x74dafb14,0x74dafb20,0x74dafb2c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3236 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241027150855" --session-guid=5992d4dd-ec82-49cc-bdb4-c2d0cae8f4c5 --server-tracking-blob="MzU1MjY3MWI5M2VkM2JlYzNmYzUwYWMxNGFkY2VmZDEzOTU2YTFlYTRiMzU4ZWY2MmZjMjRhOThjMzE4MTY2NTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMwMDQxNzI4LjI1NTUiLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuNSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJORVdfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiZDlhYzdjMzktNTU1Ni00ODBjLWE4MWItNjZmNDU1ZGUxMWYzIn0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=F805000000000000

C:\Program Files\ExLoader\thatsactualtalkbots.exe

"C:\Program Files\ExLoader\thatsactualtalkbots.exe"

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.115 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x7331fb14,0x7331fb20,0x7331fb2c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xba17a0,0xba17ac,0xba17b8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 pl.exloader.net udp
US 172.67.210.30:443 pl.exloader.net tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 30.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 data.exloader.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
RU 77.88.21.119:443 mc.yandex.ru tcp
GB 216.58.201.98:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 exloader.net udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.9.44:443 ipapi.co tcp
US 8.8.8.8:53 cloudflare.com udp
US 104.16.133.229:443 cloudflare.com tcp
US 8.8.8.8:53 229.133.16.104.in-addr.arpa udp
US 8.8.8.8:53 44.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 get-gx.com udp
US 72.44.63.6:443 get-gx.com tcp
US 72.44.63.6:443 get-gx.com tcp
US 8.8.8.8:53 6.63.44.72.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
DE 3.122.39.69:443 www.opera.com tcp
DE 3.122.39.69:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.200.46:443 www.googleoptimize.com tcp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 69.39.122.3.in-addr.arpa udp
DE 23.199.217.193:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 193.217.199.23.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 2.18.66.73:443 www.bing.com tcp
US 8.8.8.8:53 73.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.dll-files.com udp
GB 143.244.38.136:443 www.dll-files.com tcp
GB 143.244.38.136:443 www.dll-files.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.179.227:443 www.google.co.uk tcp
GB 74.125.133.155:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 216.58.201.98:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 meteum.ai udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 meteum.ai udp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:443 www.google.com tcp
RU 213.180.193.146:443 meteum.ai tcp
RU 213.180.193.146:443 meteum.ai tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 data.exloader.net udp
US 8.8.8.8:53 data.exloader.net udp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 146.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 ipapi.co udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.9.44:443 ipapi.co tcp
US 172.67.69.226:443 ipapi.co tcp
US 8.8.8.8:53 cloudflare.com udp
US 8.8.8.8:53 cloudflare.com udp
US 104.16.133.229:443 cloudflare.com tcp
US 104.16.132.229:443 cloudflare.com tcp
US 8.8.8.8:53 net.geo.opera.com udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 api.exloader.net udp
US 8.8.8.8:53 api.exloader.net udp
UA 91.231.182.13:7777 api.exloader.net tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 13.182.231.91.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
RU 213.180.193.146:443 meteum.ai tcp
US 8.8.8.8:53 www.msn.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.169.36:443 www.google.com tcp
RU 213.180.193.146:443 meteum.ai tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.20:443 autoupdate.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 api.exloader.net udp
UA 91.231.182.13:7777 api.exloader.net tcp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 20.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 download.opera.com udp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.117:443 download.opera.com tcp
NL 82.145.216.15:443 features.opera-api2.com tcp
GB 172.217.169.36:443 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
RU 213.180.193.146:443 meteum.ai tcp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.11.89:443 download5.operacdn.com tcp
RU 213.180.193.146:443 meteum.ai tcp
US 8.8.8.8:53 117.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 15.216.145.82.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 8.8.8.8:53 89.11.18.104.in-addr.arpa udp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 8.8.8.8:53 53.16.21.104.in-addr.arpa udp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 172.67.210.30:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 104.21.16.53:443 data.exloader.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_1520_JMLXXUHSPAMDWDWY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18ed911342aa206270a3377f856e3921
SHA1 a2e9cdb0c26780c6f94638a619535eee4c7524e9
SHA256 fed7e4b69f5e611aa38dc49834c95ab57b77d2b119d8e5529db69f8673b2931f
SHA512 5204a8ec71d1026b3964a366793de228ae0f293e58ecae5210a5638c956ed6c39c7071b22ccb6ec48689359836450f8f005a701191d17a8d11cb70b0b73126e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7b6316355bc70a7adb03bb9405d8e74
SHA1 344e620157e55a36d40fafe308893af9a4a1be98
SHA256 861046ec923ca6c431a8aa92fde7d0425f42b77c7bddd7ece6e5dc0a5efbfd13
SHA512 74463fcdefbe6d3bbf77fce76d297769808aa1bf2b3d9d505d4fa5314457b6f0de34bb82688417fc365370cf3d63a5dcb7c938ca18bf578105a059d79d5e205f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 8109a02f269602b73754c306235236c5
SHA1 8e7afc76827e74a20c162734b05a16bedbbc244f
SHA256 061ccc9303425c5ec45ae4df50cbaba7c7cbdf4439b765c7032d49d210d4f5c4
SHA512 884a933b8b8fa2f2432a2ab392c992299cbd9c0b70bcbb9a76d82e38e60c9b1258cec7c2f6d6b2bdf909caee0ba5397344721c4ca3adb8f702118d65240fbb79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 568c2fc6d44c8a0f2cb6507fb83cde63
SHA1 9818800f1fcf5bbb25a172900c474c607a49750e
SHA256 7135cf4e95cd5195e1f48c2eaaeb50753d250e6cb434ea7a748a5da3972e7468
SHA512 19bfcba7a4535646254288ecef81c757c21dd5fcc62e7b8e82a429e901871d36ad364b32a6831e7a754456c085d68cbe853d08f2a3d007a68a6723dc8acfab9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63149107d1482649c53da6720d731f04
SHA1 7bf74eac137920afc4c7d3873be071ad29f35953
SHA256 8b149aacb409a1f3334835564a19ed3146dc700ca9a814a536022eba025ac560
SHA512 3136a8b1469f30e3e53ab5b418fc2cb9348feb44eeb8557d7f567d5b861985d9c380f61b003f91d5943445c2da4c35c577a2c63c9d8cda17c4684b4d104974af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fdaa1a8b4b7478840a3b931c5f02d35a
SHA1 d04e5dbbc3235d11dd1eaa1dd885d67c35dceebf
SHA256 1510ff4438b6052afaf36ce2ef19693d6c3e886ff9d8c573ba041cef11d92f5c
SHA512 4a7994709ccffdefe2eddf4f6589d0f8f0faaa673f315e90e404fb48d409c7ee689d94580c3441e56deb9c1ea1ea070ae24242ab46300af71f6cd136436a4a85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580fab.TMP

MD5 74b4a1e5545c5b47b11cffa6269a54f1
SHA1 204c48f415745813f13d7369a4d4d518cd007f7c
SHA256 5793471e721864fd62f0476f91d91235ef042f49880d57ca3c6e483d16648192
SHA512 5e013b5ccbce51e343b3ae5d5a9242aba78dda04787ad0b572fcf7d818f005dff1df67bb29cd5b78bef946dfb4c6452c9949960535f364cdf5839469e35558dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 54f20de8a9081fccaa118be5bf3aa347
SHA1 9a6f5952bca06500c4df3f5a26a54955e55ccc14
SHA256 b47847a633f51ffc2135e83796b686532acbb5876025eac6d20a083502315834
SHA512 488522b5d5dc119f11e33f295fc3a2537cfe8360287ba619eae02d70629d6bacf7ea9f8e85a05a1b9d84a0688922e97c7d754c42d5428363253765fee35f6d63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c807f0a5211eb49172c6f2328cb308c3
SHA1 c68188dab1a33d285386225b216f5337d9ca01b6
SHA256 e9018a687ea56ed9fe68ac644fe69739a4de8b3e23c3d68c7832333f738618dd
SHA512 6d2ace06e6255e876342bd340261a36707f09ce09326c2c6790f31d391d25cb516207dc40072aa360596f96091d162a857a99acf11764cd40089a74203030cba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8904ddf00e28f189548b073b673a82c0
SHA1 523ca545c9250f399e50d15099c7fdd6adee8333
SHA256 dc273250783b5e2f5548ebae84a1383760044ade4edbce583828b654d477b0fb
SHA512 2fe4425f64b13d2074fa1d8b2d81e9118cb3fe763f72bf033640962df55175790b45f15ce133bc354de0d49033b43f291c6989eca3160cb2320f7e9b49b646a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05ec06910d46371e28151ed4b42171cc
SHA1 6cfe5a3d9426ab7d05f154c7671c204929b87e73
SHA256 c59e114a7d3ab0f37e62092efd01e5fc77494e88e77b4a2c9ffaf409f483e5f9
SHA512 d0ae32cfc4039867ca9fa8996a8a9372c0dd677e90b81b8c685edebba6b9e8c0603326f29b34ceae86227df717bdf663bfccbc6a54d58995c0cb4e9f79b278dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 783c453831b65c1ef0d2e2403f9168ab
SHA1 ca0c9195646e8bc40127308281873e8ed30a8963
SHA256 6ac64986b83a2bdb5ca77cacc4d1433262e4a9ee77bd1d14e8a431a4c1c87b3a
SHA512 b88333f4d5cac398c638ebed91a77c118e2003b73a43c1e795c455a11d2924aeb403e85a3e4a566f17a5a6f0e21e74bbaa616d94434ec7054baca52c1df1cc8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cfc653cc5272fd3777c915309135f2c4
SHA1 7197b5d0c3b956a8066e5ea05a109234a2dbc3be
SHA256 d27c2c3829ce0d54cebf3ba946c9c62b64d29caaa7520a85a9d0dfc239b00a19
SHA512 521a461e1b4952072a56653af8fa07d8b8b650050ebd7208d4c0d70b43e2a32b7ff30101e9f911be08851c5a4804594fb1589daa5e4a051ee0dbf3c731a73141

C:\Users\Admin\Downloads\Unconfirmed 807525.crdownload

MD5 51d5e87ae7bc99d3acc39daa20b03431
SHA1 7320a8cd779bd18f572422aa53b241fadeae6a34
SHA256 07f61f7c87bdeacfe34388001489136c563f55891d1a7e4481048b0e26e888a4
SHA512 273eb5f5c93df9885ce2bcdc35df234a1f99e13af7b904d7e9a257b5e75a9a38b95f2ee4bc27a4cb069718cde57804aea45cc79223b34aa211a3a5604189c7b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 822faff897aae7ebfc9309ee9b9f6a25
SHA1 80a4ae90ff3988325db2cc517b9961df8f99f129
SHA256 20b77401fb65a0b53ce83834a9f465ccf1ddbf4c6312b1a5071115d38b71b59d
SHA512 9abcf3506e2b80ffa41efdabe6192c6d70acb2553a890313b82e2953208554343aa080552f08d4431a0a97a29049248d086051a465e70dc3c22a191394676b9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 46452d66a325d41363a6f867557af732
SHA1 d97f1c30c10aa604388fff1f352dfdea46518d28
SHA256 3961cabd9f6b4045f80e969d30b21f751bbe1d0b68c1ef4a4247c3100b122e2e
SHA512 edf266513110cb12f690d12f389c119b250ca8a61a9c9c89b48692b20523357dd8501997af1d24ba9193f4bff57a595bb554998beab59ebdea72db2dcd43f24b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b695b3be76b3171c6bcb1be1f840c620
SHA1 91b6b5ed9215b9b0d2825eaccb7f568a103bc546
SHA256 0d0b7fddef46f83b3a7abdb6aa62ff738c4f7c4ee456d191c055a97ce0d520f0
SHA512 bbf8eb5540b131970cebd3f54e24b587c44d36b386a77e25f26dd3ace16db1e7c4ce85f2a0c5f9f32d1111fd97961da5ddd1c26473caf170e97f238f168971d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cd51703f7d76ea61335f7f227dd501ae
SHA1 c84a3f9fdd0d5c7383525243ed1ab37aa2ac31d8
SHA256 b9ce8fe45fea82259708d8c0ef76acc0ddd70d86b1c50c9a63fc77f5fdbe5369
SHA512 d2ec903dcb04cdf68b98095fcd5558024273a7a7f6bdd3120980384a5ce49611a9ee7247c1eb27ae02da64f32f165b4412d097d7a716f45b8e1c04ec556ace2e

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warhammer.jpg

MD5 0a5ffe11b4d2f0d579e22a475047589f
SHA1 de35be4763c7bd9698ec627f025fc81fc9927ff7
SHA256 bc755a02b636013d2ec0bee05412ff7361675b0cd3dc5661a4d750d74e798346
SHA512 adf7696b4fb1a1201e744181b63b02e9f224a1791e954994daf8785c6752a7ab85b438816e67a9236c6275b2f7383eb6f50fe32e1e58b3a3aacf9fad1d49b92d

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe

MD5 b51f61c70894e92875d5530d0f553067
SHA1 6cfe241ad503445443463faa5f869e0ec9cf0cb5
SHA256 0cb547550924bc73727d60885a82df098ead1eddb37f39b32dd46eac8e83db27
SHA512 e8ed6fa9f10dbad7cd7e420aecf655079cb04d59229b8c014eec2cdae545de16566f8c784786dbb98e2c12f3f3bcdbba2d78445fed14807ec154bea0ce653ccc

C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll

MD5 d663c9eb379f0dfa6115dd1e669b761f
SHA1 fa9fea1bb8a0db94a1f6f9679cc7ef5acdbdc6bd
SHA256 4bd4bab764eadaa9da230407be3fa9c0522b2bbc3dae60593beb9a0984f35138
SHA512 c154b5c2975797d2faa33a31a2612cdd446a149144a7d055323a0c49acfb7cd8dfb815640d68c5de61ce471c6038ff3390d44a801f9dc970b573ef2ecc67f7d5

C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dll

MD5 eb49c1d33b41eb49dfed58aafa9b9a8f
SHA1 61786eb9f3f996d85a5f5eea4c555093dd0daab6
SHA256 6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e
SHA512 d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll

MD5 c3d497b0afef4bd7e09c7559e1c75b05
SHA1 295998a6455cc230da9517408f59569ea4ed7b02
SHA256 1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98
SHA512 d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so

MD5 7df61aef9229d290236334ab4e05533a
SHA1 a8191541becbd4e13bd2d92366cc836dfcf2fefe
SHA256 83f290ed77bb39945aa08b12ee81ef6914369939f643cc6194df544d9a683c23
SHA512 2036735e5c698e1cace8e7a5bc653e1f2e5d1b9c84c75dd7868807abfdce417727cc2ba12c13599e5c9a8460fc6d95e53fbe358329b4752ece105efce9421388

memory/2156-1254-0x0000011A04790000-0x0000011A04791000-memory.dmp

memory/2156-1258-0x0000011A047A0000-0x0000011A047A1000-memory.dmp

memory/2156-1256-0x0000011A04920000-0x0000011A056B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

MD5 e9b690fbe5c4b96871214379659dd928
SHA1 c199a4beac341abc218257080b741ada0fadecaf
SHA256 a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8
SHA512 00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

memory/2156-1255-0x0000011A04920000-0x0000011A056B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat

MD5 692337664e861ad322138061132dddc6
SHA1 8a99bc860eda0772f3b1f4a125fa4d474410e21c
SHA256 c12537022ef818991a7bfed41a76d8d6ae962ffbc0e6511ac762a5d0845e7f7c
SHA512 3e2e6adb651e37e530734f999634d7c101fa1c45ae380be8ad169bbfb0a047f2878ff6c8d1428d6b9e7301b447ab2f8839484322ddb3831984be71d442829a55

memory/2156-1257-0x0000011A04920000-0x0000011A056B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json

MD5 fb1230bb41c3c1290008b9e44059dd39
SHA1 66493d0f8a6a112d8376cd296b05c277b111dca1
SHA256 2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292
SHA512 d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json

MD5 3e347bfdf7da5423a048312b5a883555
SHA1 87c8b87a9fed16ac9bcfcba979f2425ef4568c74
SHA256 67dccf6da615cdf40f2db0546525beaf72005625a4bcfe314ed296d1705ad68f
SHA512 556550b96ca249b72ceca70a46655b24e47f7f58c34903c355cc17dfc67dfd1e902c342848cb24fa2aa9d51168f61ba77396514b8d810c9477686bf92a1f70bf

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf

MD5 e57b6bc24b970a377574124e026a7c01
SHA1 00184aedd4ee4d2ca6b5c87cf41e78f64304c89b
SHA256 b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6
SHA512 c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg

MD5 7f8d672a2849987b498734dcb90f0c51
SHA1 e53b9319bf964c15099080ac5497ee39f8bab362
SHA256 4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4
SHA512 b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg

MD5 d47255b6d3e685cac4804eb58207d0b6
SHA1 7fe02211cf6b77f3971522a3b3888460491ae153
SHA256 29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640
SHA512 b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg

MD5 e99140f842b471d330fc27cd73817c4c
SHA1 9957147463f586824b65bc7bfb121d33a9523a96
SHA256 0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae
SHA512 f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf

MD5 5177edfb54762b59df676052d11b363d
SHA1 fa18815bf4914b93d587c2758b65e234ad51b38b
SHA256 50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d
SHA512 7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin

MD5 e6ee07a908803b70dcdf31271bbc05bc
SHA1 4328b159cebeae8594bda27a63617e2cc7626bfb
SHA256 5bc7d9a70129040cb1a99067d26a8a74f1679b345ae7e7fbd6c71d26a97e2688
SHA512 53293ee1c663824b3170b994209ad034024df9d77fb782b13a9c104c8dd89316c2fa18fc3b7e106260b3ef3e4d9a54b8b110aad52f5defd01abf5a370a4855b2

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg

MD5 babd1b019be8944f7ef6c64c8194bc8d
SHA1 702a50d3e3a0933db4dc1f37423bca3b5c52acde
SHA256 71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76
SHA512 6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf

MD5 d10d77b03ba3abe6ccc1c142d9852595
SHA1 6108edf0cfb3d5f25e3c593949c301c5c2aa5f25
SHA256 3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44
SHA512 71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf

MD5 d969db6adb881f1dfa91a5b7ec0154d9
SHA1 d7b44b20eb246b0ff5c41147c0d0fb96fde47c48
SHA256 c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152
SHA512 2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf

MD5 df63e8855d04ab0e25d2bb6a0b1fabfb
SHA1 5512dc285f36cdf7da5ba5eabaca128ca3442537
SHA256 a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed
SHA512 eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6

C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png

MD5 3577f702479e7f31a32a96f38a36e752
SHA1 e407b9ac4cfe3270cdd640a5018bec2178d49bb1
SHA256 cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2
SHA512 1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70

C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2342a0cf3a1f02472d30ea1fd853a19
SHA1 1c96332d79d289a9c4ae1903ae62b1ebad64daf3
SHA256 f50ad6c1c0876f75d0527a46ae702a9823c0eacf84ffcb90ea5cdc73687635f8
SHA512 9ae4db0c23aca5a810483fba5708a962923a1c3b531571c7fb681c5ec52471b40f3105168612cc5aa4614ac0fb9fef173bbb1a9bbcf3f29c6b7a29f71702fe65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26f5bf8d72eb394bef51b227a3f067ea
SHA1 01c030a702a0971acb8a589e091613366f2f1b75
SHA256 dd8ee3be22ff41336e53e2436db6b5b6e1d58c8e5c31a746cf940700dcf0a0f6
SHA512 2d79d763a54365b4aa80d1f8d39b5556069f9a612301302815edc8a2ee9236e081bec61657cd0d659bba10eddb3a66a110d0eeb50b0bdd4ca0f68204341ab57a

C:\Program Files\ExLoader\ExLoader.zip

MD5 80ba1918c86ff857cedfcbdce0883ee5
SHA1 a9aa8fcb6dbaf13b0a09fbc68462f53da405ec86
SHA256 8dd9076eb10f30bf84f15d61ea4d23fb73da1eb6cb4e23d6f034eb2f5ef67f11
SHA512 1abdcfc9abbef3f42d8b812935574e82c7c434feb0d97d37fbb5a9a66b7f9d9e10b343e7fd92d1e74640ea384469263b879f8207459cca880614d00979563a9b

memory/3708-1617-0x0000024A739A0000-0x0000024A739C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_invshbor.jq1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4460-1636-0x000001418C950000-0x000001418C951000-memory.dmp

memory/4460-1640-0x000001418EB60000-0x000001418EB61000-memory.dmp

memory/4460-1638-0x000001418EBD0000-0x000001418F9D9000-memory.dmp

memory/4460-1637-0x000001418EBD0000-0x000001418F9D9000-memory.dmp

memory/4460-1639-0x000001418EBD0000-0x000001418F9D9000-memory.dmp

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

MD5 5dea2a4d7d56b54a285c63c1be2f83c1
SHA1 2144ef50ad3fcd1907e38ed28632d7eae217dbd2
SHA256 75eb12d07e6a127c62baebf52fcca2788a97914c6ddedef7e877ef6e193b7944
SHA512 972ba7dcb23dfe40a9d4f07cfa6708d3895131cc91cadf534f0b5bce3773a2d2d901362a81625aaabdada00cb699db9f9c65ecad7d25fad9108f37a3be17bcda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01d4a45ea4b8b89bcc9d3723b18ef89f
SHA1 12822a722078b1e6e06c51f6c6407a8a6dea92fb
SHA256 e56553e3cbd09f21aa98e74deaacfa8d4f754fb731b21f44c9151b73777e64b8
SHA512 70d339f6c3a924e23061696a934e2885a35d1264dda23cad27bb5bf5971254bdf50ac04d9478c238d1b1568890d3e2388e4a1d8b4fa113f38a13d3ee0120b3e9

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe

MD5 06da0bb89d1df9a4eab38725a39e5b68
SHA1 7b52d472e2abb603a1e9c3ce2e5fe9aa6e35f062
SHA256 3425e2cf310c9ea310afbc7ee32017bdde2a4c8cd773787c8741a6d0021faaf0
SHA512 8bbf502efe3dd93f1e838f509d8e626f4152c6c708d463ce353e70506c3945129874ce75514f960f26bc092c84a8e825dff81df40d5219de4374b71455c0027c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5869f06a56f6033de9f9c148580b398b
SHA1 e5be194e2375455dfd4b6bf601211e273334a0ba
SHA256 e67c6f5d6d88f7a26a4a234fdd81337111ea0d223c2a54ec8aaee67269f387bb
SHA512 7c8a4c44f7c5dfe63caba34e729572d438a3e8431a356cd875f717f019f2b9f726739de8b71cd37d08cd17ec29bc6ea0c8971d14fc6cda504befcbeaeaa65342

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f47b0c20e4fec2db4de003b2e8df8420
SHA1 a0722f14fbd99d4b8e4b841afb27ee245ddb6eac
SHA256 ccddc04f11339768fe1310fe02f3539415c28e46e937f10d352755cf20ea347c
SHA512 e3b99abd13bcca9dae555fa16b5b142f3bc781a3d499b1e4d0fe999d2254310338b977b001e0aa1d806b39a7844aa9f96219b64f6d32145d1e5d0e08b6979d43

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271508535273724.dll

MD5 173156d3688b663ef5f46e6f2475d02f
SHA1 44f4992c53194904b0dbd4c9f5f11cce623500e7
SHA256 5721b1ed26306970aac491c539bcd522b5fb3238fd5d0cfecb46d1ff4b870d4c
SHA512 189986006e78360f181d139522572afb814923ce0c92bb8d418e6f00f29e485e1809783c6c6dca0c1fe10e6495492c6a90e970608aa131ecf554e96774501015

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

MD5 489b383f803a7f3a20b2086f3b68b628
SHA1 b8eef2d2d501d770f45719202e51b084e1b99f47
SHA256 6caebb2196d37c4395d75804f0c713e714731a825f6e17e9c91101bd5f9a36ca
SHA512 5302e63c688563d41c6f7b98961ba72d186c3ba53ed2bbc9d11768c3e3567d959a092c2c28945643801e0883992aa68f72e435966113116f374337ae85bc2327

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

MD5 28ed3e4f34beeb20a88e28be65769616
SHA1 9e840c5a7d7d91732b25be8ce6b8825bab3714b4
SHA256 c511de0ab4885d79ebf8f715387c21e1e75d2853dcfd35fa04f985c13a9be3a8
SHA512 e51e3d92310d848026555314c2f4008f3bd0b8bea969b7e51e0facfc6e731e23d5d02aee82c909638f78630293199af095b513853b15881eb218988188a5f431

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json

MD5 11897cbd5eb0f0c15b31d9bcd798a34f
SHA1 cf2f580a478afcbdacf366627ddd2dc966e9736e
SHA256 57fa592352b35cffdb1fd14f4523bcb401277838036478d9036f6c0b0a345e4d
SHA512 142213175c090e17258b2dee078d7ac0fcb54327391ed9e71cf5cbfde7feebb542a9cd86a05d3449fb7086f1e649f73790c6b813de5b287b7a9be7312bd6a85c

memory/4460-1861-0x00007FF8375C0000-0x00007FF8396C8000-memory.dmp

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\730.svg

MD5 6d9817ccb2be9280308fce44c456b5cd
SHA1 9a17d7f992d78ff4c968d990189e635975a87ee0
SHA256 f66b912bcca1c69a36742ec0f7d1e23b1b50ca7158321a60aba4bd631e43bc81
SHA512 3d830f6f4ce885de48f94f1433109736788f83fb92fc8bdfb10d00ec1c21bec886d48374d30d096181249d46bcff766c4e58b9cffdd300e2b5f50eaa9c33cd6a

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\570.svg

MD5 4c0a9209c2c60797c3d984addf0deb8a
SHA1 2ad7946f379aca5f0b195c2ad38b2a844f3c962b
SHA256 3b5b14a838196a58cd3f0539f6bcde5a00f79c95e8830ac531c8c1c01fea18be
SHA512 d404e079d94b3e8e22884e9091f67b1c971ce7192ebd19983e9c5accc70536667e7de9b545cd5f0125f24a6a5961eb68c706e8c732ef2106d4f7132204d28f2b

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-2.svg

MD5 f374bb708d64f3314f9d1c6198294512
SHA1 8a800faa352e5aefc7ecdd2f68bcc8a7631823ad
SHA256 afc41b419bcee57934803cc8215dfebd4283f65b9d160a23dae760e159b7da53
SHA512 53a2bf23a854928c346f5fa4a317b19b5ace630402daaadf4033f8fbc49110d222b0c6d8772c04efa39146f92720dd91611844fc2b201c6397d8776fc87d76df

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-3.svg

MD5 f3d936c7c4fe49fc15acc614fad46dca
SHA1 cab911867e02419f510672ffa7a43ed38e4f3756
SHA256 64add75f471ba76341e7191e1644ec65bd58099bc659dd98f8516adcb61b9973
SHA512 c6a04897b06ef4d348a0a749042f49899d7e10f802523e4a08becfece46e4c8aa0663cc916302081081b2aec28dfba73ad5b15424c5463833a4798da69576ee6

memory/4408-1968-0x00007FF84A140000-0x00007FF84C248000-memory.dmp

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-9.svg

MD5 37673fb4737f110ffcff30820f7411a7
SHA1 bcee7220faa640dc81e7bb225606a0837264cf51
SHA256 ea279b74ffba3ac4077d923e4cebb684b47670ee47bea531c7ec3ddce6ded9b4
SHA512 d5d319aa929c8daa9e5397a2f657438c4692dd0b477339071c2991891cc3d171dcfa5b46c5faf76ccf345abd2aaf1baf26dcb5d1114a5871105cf3146fd8b7f6

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\10.svg

MD5 15cf6a3e9ba4a7d11a7985a5db7566cf
SHA1 2a567ca89cabc616f10d51b921d10264f1573742
SHA256 82f74a005c2a0182c66fc97bbb13112828df961db3287b062fd29c730cc59b02
SHA512 d4a743dab395318c346906f334e92abe05a0118051872083399a664fd4d304773584ce4b9a40f198200c93fd928570c3c42b6c56609defe3cfc40ea6cb555d69

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-10.svg

MD5 e1733e3a43bd068e53cd7797a68a6167
SHA1 26e1c47dc2ef31f4f62d4c2cad930aa7378dda9c
SHA256 6acd550e4998b761df3470d8914357bc958d03ba0f60229a0e4888d9b0c502b2
SHA512 2d042d04c7dab4659740869ab609a99d614289e5c042ca4aebef3c06cc3888b9cc98c9b5ea7b449e7b90d61078916584e93b65e8ea6ed25153056eee81c2e75e

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-12.svg

MD5 b82be3e7bbc539cff8c65d2445985f18
SHA1 c05337b679a610240df0b8bd46491b89dc4ad182
SHA256 fbbe56de1740285b80b2c1462136c909b120be05a5fb88283d37236301b60c5c
SHA512 decc9399d6d59e5e5c5eb514d13ce0e93eff858d9a8192ce9dcb62f2267407b2930291de00d1c5e484fb16dc107eb602f78557bd88b52ef27527aa20c45d876f

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-11.svg

MD5 e481da5bd89b9455baa45f686046466a
SHA1 e01fc3914c52af85fdf9a0a3573606faa2150cef
SHA256 b2d49e98435c31dc561f44ea22b4fe109b65190ae8598e60cc48f8caff9ceec7
SHA512 0417957790453a0da90b4541b5b1797c7b85afe7b4a6aafd69550c7daec69afb668ef7c14661e6d56e193ef379790eaf54c639e1049c278d906c2d2fc05ecab4

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-13.svg

MD5 937cefdf70a564a65c26315cdcb617d0
SHA1 e5c65db186de14bf8aac97c4e0e641aacd37e5ce
SHA256 b2cdd4fa37d58c52739361fdfb4a4d7997f337ff7e93e369cad2840714f16606
SHA512 4b51a02560485c6db8cead3fd5937a43632c11dfe2830bc1ab90b3563774bef4753e7883eedabc13ff6fcbbd8136921703b1703ac89b8d6ae850affcb055975e

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\240.svg

MD5 1ae03acedc307c0cdd568eb3279a704d
SHA1 d038d97a0e32d644cb80764020e76c925a29d4a2
SHA256 6febbd4148072bebd4aec847f2e476a5674b4b165e9b1fe0f919e027e5fc99ab
SHA512 619794107cbef64c09d43aedafa8a3463ac9e986b9babcbaa697b1c634b482bec4dfab24c2c806ee7673850d1a67c7a97ab0125d9e752914a621adf57b6d9c04

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\304930.svg

MD5 44a37801889fc2fcc6397e7fb1286c14
SHA1 55707d11d25df26b5647956c8cec51dfe3d72ba7
SHA256 7b299b18ce300ca36bce22f7c8bedbbcf6a299e1f641e5a76ec34813c630ec2a
SHA512 cd54b4e7c9a089efee331b824a07bfe72ff545f78fc60e15b656beab168cf32f666dfcf08c6db04cfce2ec79ca7919bdd3b66fd926c79d92e670fa4e8b5026a7

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\4000.svg

MD5 44a0e92fa8ed9581afa27b5580955629
SHA1 a2ee4c2f8349e179abdabf173ae2633ae950f34b
SHA256 e2d6c9b520d9c79425a40f97a9f8e5b43a8fe4f87faac0505839fde8b6ab9e02
SHA512 c327fbcb699ec0feb98356d0b1fd2a141296a63d8da653ebe2aa2c3d83101b1c6fb645c6e9bfa93b694fa00f049a8664070fb6ef615a9518f02cb28facfaf1bb

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\731.svg

MD5 96552e7d817c03a0f288a5955ec78b2a
SHA1 eb4a454c80e2f985fbe78ac2db1ade4e5cd84064
SHA256 64dfa7a49091c7f824aca93975d4d47469dc967832bda600903695bbeb0ffa56
SHA512 4a8c9f609eb082ec9c9d734b913293e48c00e3431c73be31cb8210460a4e02c12b150b98392ed80e312bbc15e011895433f247838a4a097147e0e0d291d4e9f7

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-252490.svg

MD5 67c47120d5ec695a91d8183cb5670628
SHA1 89235ab6e57044032d8e4841bf609d735e6bd77c
SHA256 299354d2c1ed79df9957868b229a6898d7aa32decec3101793154d80749584f7
SHA512 b754fc5705485a125fb9a6ba60f387c2dc638b419d03d673b17f02d523117f17054029b1d7836b5e5f58826598921e388dc39cdd0f5db798ed3b81a44d294120

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\945360.svg

MD5 24bf9616c43ff2bdff3f2be2d17fedb5
SHA1 473366969c39bfd2245f6e13541129fc4a11393b
SHA256 4f4f69262f7ac58cf7915013edf1b68fb18637cf452c0b04f53b223a4b7dca6b
SHA512 5e0546e1ef2c14c359356fb9f904de93f6ed1ac0dd885753cd0667c74196669b10e7e8b92a7ab9db757da24eb2ce2b53ec55fc690f0024c2659530394e515e6c

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\320.svg

MD5 99f33f2b60d2d1a0bab71574f73728cc
SHA1 ed72326ad12b4919e0396cadb74cd99c2c0ce7ef
SHA256 a405dd019294eb623c37fa1565044919954bdf92c9fc42ed2f1d901f58e4c270
SHA512 92529874f9d513e77abd74cc82f887e87ef02c96a705c4aa9c9c306283afc8b23081dbd4bb4224eb17d910e44e8955489f1039f78ed26691f479bcca03568d0a

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\550.svg

MD5 f138aba7dc07fda623e78581a299a290
SHA1 ae465a1ee4021c5b97b93b2efce96cdb465b02fb
SHA256 6b531e50d8cbfd269095a3d57d01c3ec2c4402f66b16d53aa5346f2ceef7abff
SHA512 530d583521064643f513c6d826bc431209ac2af1ff0f4dff1d8f85dd7d4f2955551738b96ef6ddde1cc02d906b932017bfddb21c41b3f03db32e439edacc22ea

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-42700.svg

MD5 51963f67a91fe04a2d6ae1a1d07948b0
SHA1 430622e795184a4208657492b3b899fff3a49320
SHA256 78f72961e264a266b835a60c3e1b432be8de432e2a61689d168284080ff5f1fc
SHA512 73aacaa085d5e07c42d3449c2b93e45125c75876c2a443b383921f75a641cfd3d5e9905fcd640daf5b8a07427c2a668c4c544c3e2400be473587bbb3df574d1b

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1966720.svg

MD5 5caec73ea52aa613243d9aef369fa4b8
SHA1 ea579c39fdee7bedf6c5a274d9e0ddeef1845574
SHA256 bfa8e1bacfa74cf58d74911da2052c87f695b4efb72c93cd8bd47adde449c45d
SHA512 9468a776b30535cb849e5d09733fa1e22d34c4f6e522e990ec37b937503f9713a9e5d83cd801478d9220d55dbaddb96e4de7b0e9bc803c507c55c394b3f8cdb6

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1172620.svg

MD5 4ec209c323686d0ec6020de44df9d255
SHA1 27eefcfc6e9a34b934c1ed425ed6c75ab3556806
SHA256 1ec6c143637a647438a4af779ea8976a7d470ecd5d73cba7de6f4c4f2b3228b7
SHA512 7dfffe247eb7a80bebece27e90949404911e7ef17a4b6cba0c03436392695488dcaed609086ad0f423a1fd8b9320fa578d6b92153ff6334cbdf1e1e574bf0bb7

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1623730.svg

MD5 ab88961a57678b7d1b62468e10a06420
SHA1 978e5c20af843af29f51b28a22e4e563d3d9ce9c
SHA256 aff383b405180b7802aec8369858df99a5481d16138ca301b8aac943f7afab2f
SHA512 30dd8d6cce0a445b7f5262400c222b9b8bb531d68aa0bc02924cd3d2c759aa6f013360fd01585557e342326bac234267229cba0aba4fc3825e7e6fd90ed99c38

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1238840.svg

MD5 1bde1f43e0af9a78d98f27edc03be6f2
SHA1 3802e4156a7f3030984772ca3f05b0c47c22d841
SHA256 cd8e902ebed0e3dd2ef96098d332fdc3c23a83bfc3657bf4f0ab220198e44abf
SHA512 39b875f84f37fd66aa12c359d93c6765c4c166e39e73ccece8ec6a2742eb7ffa403c18e38704dc47902845cf8deb0bc8f077e45c749c228c2f5e2392f054dee4

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1238860.svg

MD5 d781600d07d60532d1ba45fc500eacc5
SHA1 949e3adfb2c0bec18b8533bad5f53661f4df5bb3
SHA256 89312f302382450fc45972adc226c3ceab32402d0595b4d8db36893a30851dcf
SHA512 05ceda621cd7ba84defa75eb25046425fea198111b105f32d320ffd47ff3c37b36b8b5e2baa2ff6b913cf5148bb2b7e0571bca4180b38105643a4170546a17ad

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1238810.svg

MD5 5c62d732f6a80794c1562aa4eb205d62
SHA1 15b56a29450c16461ad81e37f2c69b4bd0fd9689
SHA256 2ce2797717f1b6a6acd1d3b20ef40062a42293fc2f90fffec6c8fde08b4dd040
SHA512 0a53a2714fe29cf125927e58cc54c99612a317745a125c7e0599bb4ed9edb92317ed76e3f0ae6b2698ea955a34e10e2db22bbb6afbbfeed1925dbd11e1147c88

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\739630.svg

MD5 7ade08fc9e9411aa4d6467dafb1f0a80
SHA1 d57040e4cb80b1ede53a99985bb5fa47574037c7
SHA256 c707b928cf8a06c4e2e57acae09c1127555ed15b08787cd311f89f39f18f5e25
SHA512 3cdb7aa94248379b3341f3d0243228eddaed464f9f5ad606e3d772f1d88827792a3283c9d5850953761d9fe42362ce404643c1917166b3a468438ee662d07ada

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\7940.svg

MD5 0ef0db0107ad17b665383c82353f66ec
SHA1 15f242208c88708288ccc8aeb316325f72e97939
SHA256 c5ccf04273145b0685e62fb0fab5430e8046909b02eddcadf6ca67fb3de75aa8
SHA512 137e86124d81191f189109cd0b0b8b38a9f6501508b09f46a9f6f1454598806a0e2d063e362bd8896c0c3f05b3808eefffa817c783f0f515cfec475f881192cb

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1985810.svg

MD5 cab2cad9abd0c393bfc394cfe0131157
SHA1 c09cab5123221467b6f21947641db459b634481c
SHA256 ba9e45903c15ee8fd62702a6a925d9fa873b8aa42d339161f2cba70a67bec1a8
SHA512 e0e3586abe05e128613a69daea3412f99369a46943160eb598387500ddb6c4c15c941fbe9f6d59230076cf1ccb913bae27868aa1322040bd4e43e9d539bbf146

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\311210.svg

MD5 ab85508e14a2ac9287d78851dd24361c
SHA1 d9a5540fd43b1a46badbe80be88af36aaa5e9829
SHA256 47fcc7b23f02a54bb2db7c69a4f72ef19389599305a1d6ab65416483d6b1b440
SHA512 6cc39c468597854519aef1fa5960e0d28f5bb4c3eca9e4d30c60fe7e2a66957fb1d236a807be71f74fbb956930b58145d58d21fd213de2ec8250c5bb79677b0f

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\2000950.svg

MD5 859f4312b4f8e641ddbc3005594a7849
SHA1 a1a379b8382179cea3844e9451142ea7921a657b
SHA256 f8fd7cf3c6a19c50c3c1ab3c4ced0a6cd44b41ff240054ba8d50226beeddc284
SHA512 19116876b02ec6920fc7024605839ba3fc12cfb05a21fa4c4a54d47948aea5a9cd3544c2c2758f4d6299b7adc91403761a9627b9ae6608baf4afdb69d4b6042d

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\397540.svg

MD5 7971314476a987d4b674e95a7cdef9ea
SHA1 33be930144d1ded84dcd39c58deb18b64a6c1d1e
SHA256 c696c54e89258a24f47337e4ffdb8298eca23388a68ca1d3b42671d0636f537d
SHA512 0ab501fa48285e84e981d8565d93fb4a69428021ae3876e21f6707c5e5a76dd5ac2ee8d1b2f759aade0f89d438e464336e0c2d2cfa6a8b66521c035faabd9be0

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1422450.svg

MD5 dba04c943950f053812769b639bff3c5
SHA1 47f049792aa6586886c5cd5ca28c0af56e40b7e0
SHA256 9e69053e94d882a21f0ddb7cc1191bdb8a2bae08c09932e82699769d7d59708a
SHA512 9c18715190e46d34f0392ea6aa6f038f20c6d66ff030adbed711a8d854ce8c02e6b9265f28413fabd5d9619b96574a63a8ea3efc358a677aa808e084db00f234

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\700330.svg

MD5 00ecb2bf39f6f1cba8485b898660275b
SHA1 199462d36266b75e9b862233c85df754e4765f92
SHA256 f898b26bcee23c914ce9e7524c6e0923ee80c696b80047cc3f7ab8704f3260ae
SHA512 ea22465e041ee28c781b682d7bec4ef3111d2aff90c0631e265ea2d856233e450b6ebb064cdac00196a32b559f225cb99bda2fd2bdf8fb2d1deb4e96c3b1bec7

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\03529d1b4973bbfc0e751c84c5f361e7.png

MD5 4c6d478c1a4f2541324cca1c84152245
SHA1 5339cd8b683523dd2ff8336aa47d6f7547572cd5
SHA256 9a0f63aba053b0f6ddd6ff34f50dced76e21b11364b68ea056f4ef45de8e4c8b
SHA512 f08ca21d86da039eef40c1943bc5349a4410695b99348844fd4a3eeb2935bfbb6067a47839e02d0c9dda2b43b1bec5be5752d6fd655db5076982b91d380f6af2

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\93cc560c646cac9c2078a0415d2ad396.png

MD5 1a3480c5aace536947c77fcb6170cc93
SHA1 dbe4d4c60b1bc88d423fc46fe9321a10cdf15fe9
SHA256 b6c3a65ab372ea634e095a3a86609b9da5e1e821a09f297d5414f76c3edfcde5
SHA512 708e3a697268704fa3adabf1a85946225a14b9d73e67ae43493f35928e295d9db92e9594a52bfd748851d45bb50f07bf30450578caf4df743f03b940b6fe860b

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\273349a9d449f03269ab6e485a491836.png

MD5 4fd9dbdcdb5dd27969285357b0483ff5
SHA1 7dd70ac411a58383a7c79d7a192ded4cf03dcbfe
SHA256 0e3a749cee88787c9363d059f3545165aa042f69b8e740f02f2d38a8006ac9cb
SHA512 9c92947eef251ba89ca93002598ef794a0bf4bf67fb34d16ad0ce8a6a001875eff7559cb71e028d72b587f6414ed79a43d7a9af9b142ff4ec641552596566d1a

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\bf3927b636a8a73c7945924d2a1eac2a.png

MD5 0087e4f4317f23b3a602fc8401d9a281
SHA1 dca56dd4cae947a863fe3ff4c2cc91a600de7038
SHA256 4b523caed3712cc36c4be5f155eff2e4bb7ed766d1aae92e7763c96e44ed9bba
SHA512 501e4d15daf8bafa6d2dfb898dd7aaf39177a4e765a105d3eebd84dd897c2d94c460905a4fbcebbdd56df39b2ca214dc998f5a8fcab824829d583ff122aa2d94

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\5d340a37068e830d0d502283f5b3e6e9.png

MD5 6ec7f31a32b72bf7fe1dc6a13ff11f5d
SHA1 b9e04da123fe0e6814309d28fb4f21386d379148
SHA256 52d8b323d52018f05d5fb0d510d12c1845b1fcfe9c78cab9ee92a09271e45e3e
SHA512 c097ff7e21745fbfd6957d8e17acf7c17e460f5a1794c517e8f617c30a428742079c9028bc9b497da8af68ec12def02e6732f1e3677072534eae9a6985838df4

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\37d82c841f813aa17c11be5e3b8853f6.png

MD5 a36e1d41bf95ce28f6334d56a09df33c
SHA1 3de1dd02320e846939eef5e0346379d27927d6c1
SHA256 ab7497f98c0f138db9bf6b901fa10e68b91bd5163daffca8e379631212a056a3
SHA512 5e2e00824ddacf4cb51ead9c1528e96035d885637acd7d10a9d53880df7d29d660b6d20e788407b8491e9293adf40729a8388ad67e60d9db8fd77e388488dded

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\52e258087c48c34875b484f433293c48.png

MD5 0a9bdde5758b142d6edbc8f323638ded
SHA1 7e8b4f4f6956499f92b6916e0809e2c5df563847
SHA256 c12a04db9c195e93a1e2b6f34d6cd2b46b9bf90cd026ea807fe9d6b639937ab7
SHA512 31c5c99f7789522f8d892e97a56eff26859f9a84bf4cc7a5cc2c542e3726f59d14d76b1e7a78d355f8e3f3ec62d311d9169c3c9775aa33dc1d97b29205f402c9

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\08247994c6d9b331cb82ab5a25f38914.png

MD5 f8f6626fad6d65fa60bc074436678658
SHA1 0489adcf84ae24107bd78eab75ba56d762fafd5f
SHA256 d1d5eb1e2e352b027e560446b9b0a2d4414830ebe0dd5ba3ac9c28af5bb4c73e
SHA512 cae102b21b5851a6a08e1d64b3d4f48c61ff7e1888be4d3057f6272e65e0077406aff597304f6783d12c640b2854c14c9726440a0f3a80f7fa284fe29d4fb37c

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json

MD5 34e6b35952f72c86b68216b13c6b4f1e
SHA1 bb65088b550c74e8d78a1fdb7b248d7b8ae64ae8
SHA256 076d7be94aa2946318d36777908cc44e723b4ea412a2cc6f45409da5f358851c
SHA512 4d329a7b59af02d6ed326381b3b61d4bda832df4e32d6b5ab2aed64be833eb7e7c8710e1fdfb94d738597858840c93481cbcfa2c6b929fe7ee613e7a6c91180f

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\4e39eef770b6d2c3f333f6d62f478b19.png

MD5 b8d46c3c68f228f16886071761a13e4f
SHA1 f46a14fda79ef151e87e72b7b0f3e53e24684a4f
SHA256 21aca5119e819e69a327aa5a162357210168494dd4337ac326ffb10a11d58c97
SHA512 7a42937482c97c4966e3865f3f8d281ccc9674115a5693ce0bdf16b27207fa372acaf97fe8e4adc88112029db0660dba0e353a8fda131f808d16acdb36cb25c4

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\32b92ee1172a17c4e8e20d0fe7159835.png

MD5 06cd95237edff9b38b7538e9dac5bb03
SHA1 2d851b3c631c8b75920c9399cdcafea6634802a9
SHA256 74361c46d60412a73e5ae58fbdd46402ff78e9e99b8312ec1df0ec2a07c156a1
SHA512 f3825ae2a0e7507d2154881d25c208eca4e5fd8f89d9c9f3a8633a7737ca34cbdef9dd31a831c6878b422f09c6fa190fe322217cf8ff37c96c2899c107bce01c

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\f6357b871ac2053bae0a8cfdb129eb3b.png

MD5 4757905c2a93bfa467b8c3d04594c903
SHA1 936b6cd665237be8f071469f721efa5c633f7e06
SHA256 9f5eec76758bd65c2fb8c617ad24e2686a8cf51a02524f9583778347921e6db5
SHA512 eeb241b85e11ee3feb917ac7bbd1db19a2878370c4ba843935c6f4b4b8b9712bd4d8dccff1e755c9d93c8db8c9bde41b2a4882f47584c9e648e42272cab0b57f

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\2ab9b3443b70528bafc106092abb8e75.png

MD5 62a058d4c61e9848ed7f97706ea88eed
SHA1 e7118fb0db25e279344eacbdb7d1d3ae93e2dee2
SHA256 c83763cae5c09ffcc99054875a50049dd510840becae220a7a8ee91906e016a7
SHA512 159b082ac380576cf63aa0f47a5e0bbb633e8c18ea10b1c308ea8e15739f59ac41d84fda28544f5a1c3ebcea00011c55d69d17d7c30cab02e0c9a736afa12038

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\d0ba9ef708cdd570db5a3e87db78403b.png

MD5 c0de3a44308537710610b3145afe259b
SHA1 ea8067e6bae0f59f05052fbde39d9f30c4d3d4c4
SHA256 c0d5fe5de696bff4d8db9ef6d12806e92358fca7b93ca436cff841ee3c878c49
SHA512 db371fe8d12b2590b7e3f89e33300f9ab25efa759e8ef80d63f5f032d2a9acc49010a0d2e1c9a6efc29e8107c98be326292bb9333ee87e193383aa4eb7a2fc2a

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\d68657b97bf09440f47f4b85959a0667.png

MD5 224bf0dce18da038677831ced2352cc9
SHA1 c534849ce9a17f43c24616046e079c05827d6db9
SHA256 b470205d65f66a6a13800578051f1f7e8e89b2f13f4964d69822ff31c8ca9c8b
SHA512 f2632fab906d8a32b7cae15175eeddd55408efa3e418f77f2bc8e8e9cf0c5c438b20d3a50db7b2c2e1969595c62ab94caa5f416ae0c19305278ee6bf6a408c5e

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\516a3b678af4bf03fcb600a00cb11813.png

MD5 f2bbd9c0a826f100629511edd7b5da0c
SHA1 9f3a15f3610b76dea53d834dadf08066e775d86d
SHA256 247544708d08adb3d7f922a02707cd964fa47ea304e471de32f788c1fc415ab2
SHA512 fc37a9cb43f35059511c26d7c83774614566f5693f8e081ff0f07e66f9e9114ed3fbde7128806c351ef430fc2a48988bed2375f9ea0367b64d5700086267666d

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\21ff572414b9e80577b4e9877c3c0f19.png

MD5 17456bc87e99d43217b5768c0c8fdc54
SHA1 f5475e83f5fa8dda1deb1fac1d4785e7e2d64609
SHA256 b77b7160e7bc0d64a32d5a7319ae6fd5793d11331b8d146e46dae948bd43fde4
SHA512 09be2c3e0b13f76b89d20a46f3107d5c1a6b507e10f1e253b941a7c1e4ac416158a600196b2ad80e6e91d7a2461ddf68fee09a23ca96ca3fba1c7eba6b96fd71

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\70cfea462cd585fc09f0a9dbf238420a.png

MD5 7b3e1e22b1715da237eb9be3650987cf
SHA1 f70bdc46480ec00a7a56ba3241bc76fa43c9f1c9
SHA256 351c95f34293a2825cba4fbf143381f5c55a5838f9b37f8f184a157ebe64620e
SHA512 1bd3ba8013abe2fedb4125b311baec7a635c11e5634955a39952613e3544dc262228739022a8ede721c62f29d8eac183c409d402f6c317548d282ab87533e3a4

C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json

MD5 acf740e9ac4d5457a9daa66f7ab67b21
SHA1 61d8a35bd175a024cf248e05db74eca687969355
SHA256 42888cc2a5eacdf426eb5f54cc45d707f9c0e9cf8cb615df3eca00767f28c76b
SHA512 bdcb747a42d8d60e3435caba6bf63cfe13c8b5c8b3dfdd4e3cda03105d6f4abf2c9efedcf8a2b8310183a047293497324196432247a5b6cbb6d4e30ae450d36b

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\3bced25089cb3b655d6b9e699fadf426.png

MD5 46333c4b6a1e2a947fac5253327250ae
SHA1 f152dc5cc9c558fbe54f8685e54b7e4149263d64
SHA256 7ae83ed9f716056e04f0a7909a6429886cd69b16809c97cdd614e2af48e215ac
SHA512 34ee88b7edc035f2774ce9f2e2badd5aace48cac6b05be951a07c2fae3f38c637241c8087a0d07f5213b4b79d0494960f4ca0b7a179473c233d82e314b86a458

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\e70b1805b1de2f27877d63a7c6cb1ab6.png

MD5 34da9fd266a5d353756bb8ef0ab8d5e4
SHA1 8080fcd94e0f0a8268c3d4be44617642eeae9e3f
SHA256 eda4774eeeaccb43a8b1f9dfb6e147d885fcdf2993f185e3502225f42d1d9041
SHA512 a3f034a6563b84c4502e0da7e93e3ff15bd64e6283bcca16b9c6e90118aadd23f269d3b55c3fc6a9a5ce983e27fed3d70a2152b277cc69470715f3b9e84d7958

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7e0b85a70879ce840d56f84af26d4add.png

MD5 c6d8644e3d0c9e502b4e1cbbfedf944b
SHA1 c8bd953ffadc71ace4ee3537e9162dae2a40283c
SHA256 863607549cf1752ad365e3431e601e4946209a87c61fd3c9702d1e2b16a6720e
SHA512 0f63af451f5400795683288646f4e589dbcaced6ae97c9e87db4d7b6d4bf7dbbda6861557354d0f8c5a015bca1b2f33a8c056a9793f55da0b2d2c8f31f3f2f15

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\48f63a6a71a5236ed288a55fd271857f.png

MD5 e229f4249d70716c0a5de6e9cbde9e1f
SHA1 89ac70d260205c1dec6caf4a0cd4db657d8a2889
SHA256 64bfb8fdf43fd7fc73d69603830bbaa739ace1bfcb29ee5b1b84dd092f2bfa7e
SHA512 9c6ee4f0dcd5dc72a98d388267fc8c35b475a05e53c34f5ddd3547993466e444b47d1d044e8eaa8075b019754508d68b3e56eb3fe3ce8346f91bffd07f7ba9f5

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7c7e079e17e5282268bd4208b59c4998.png

MD5 baef2274314597c334d1d96ad8e6e1b3
SHA1 fe82b6c80d62db29113c4d5d96f325a91d611744
SHA256 c83a004d8baf513700592d988ab523709913ce905904a485e3fb9d13434cd2ce
SHA512 e3c6beb73d7b1a5f3abd43f3e0b3ab882f30a3230eeb1c8dcdbd8fea11c81960b6090284f1dc847c08b5dd301f63ddd56a6a31a8413c60a562e2ac16d3e647d2

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\704820400aae00ae2b4bca9ae996d282.png

MD5 a7c54d972d2978b2373bcfad76e4a66e
SHA1 87bc2e47fa60852c0ea027a675e1aa09766dbca9
SHA256 88fc3b4f3327d55df7898dfeef461b7d40e8a71f205e4c57b2e7e8cba617c8bd
SHA512 f708a2e9b11041fe79ff647c418bbf22ba3b927dcdc556311f1be26861e8b3bacbd999aedbcd1c3ea60952d5ece194e96b8b214c1a4bc28b9a05beff207846af

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

MD5 be22df47dd4205f088dc18c1f4a308d3
SHA1 72acfd7d2461817450aabf2cf42874ab6019a1f7
SHA256 0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8
SHA512 833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\c6d0c946421426f1600bd303fda9f2e3.png

MD5 0ea5c66863451df962a2a7f714bc107b
SHA1 e630bb72a50893b3e316323f9f6e8a0b11575cee
SHA256 b0a7284bb1b0bb1dcb07a3633465b7590cab7de03645c900103608075347de29
SHA512 1a9c4a71bc99287375de409c12a713fc19266bb71e5e2ed19b28b169b4080a156ca10a290476883ddcff89ba1fe9fd2eed7c41e9788a0972df12d8184771c96e

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\df1b848cdf0cb9d3c34393d5672ee8fa.png

MD5 0bab1b3b19b81e2b98a833352b678b00
SHA1 6a0e164244012b8d308ce55f6283517342149127
SHA256 cc58c5313990dc07bb4aa475807d665161f0ce5b02a427fad0a03cd3e0d3a5f9
SHA512 033b863bb878f6646735551b98f6d633672f917b97e13f4b7ba8330f75a41d27637d8c9a4e85bbe08ec91e5cf5057dfbcb9de7e10fb711d3feac6dd6ece2296c

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\06863b6c997b988a0b25478954936acd.png

MD5 a1d250de3d2f15fcbadefcb00c72486f
SHA1 f4336359ae186231a0915e61d231d48ad4e83b8b
SHA256 e1cbb505ce32805abcf09d69f052176cccd4c1cad79e0b90a8b8631c16cb62e4
SHA512 1d6107c2be8cdbaad09f590db05865051a833ef795a75c589aba14a340d00b8a06a2e83d67dbbd8846e923b7c7399df4b25e7a1675be55d44ac291a79a27cc0e

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\c614181748c588e16a8d306b2b694370.png

MD5 a1cc92f67b0c7f9a957525d68b1ad159
SHA1 2a78b15ac99507dde9f585657c664c4fb3a4a26d
SHA256 84b21ea6d79a9eadf09736e518c0f8066bb026692cca25e5d1c0abbabbfb0271
SHA512 19a13bd269408945822e207f4c2e2a6f3eb7148e81560eab3baf3cab8931660d971ade6121f6cb0529df075c069d2749a09622a945933464d105f2e5797ea88e

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\1540bb22fbba0d16d71111edd8c1b16a.png

MD5 b619ead10670b588cbc1114edad39df9
SHA1 12a27c204c339b33fc74f664a0123059ea39e0ad
SHA256 8ef6bfe948a8f0cafa9df2c2a9dfd321c7500e5652aa1a1baa64fe162e1d51e5
SHA512 5ea399491dde2982948c35a1d41a96e724bf798ff8d953bc9129df392c0d288ed4dc755cb1c0ee2fde87f2f694e44226ce40670ec06712550a8b2080faa92b19

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\9309939de3a4c0af457dd4683cf2200d.png

MD5 8f5b61fe2f3d14afebc2d599465707fb
SHA1 63e1b2388f6dcb07fadd69094cdc90bc42b23929
SHA256 049640cf32c6af7cfa63695c7317a43f0566fe5daa6aa6f002c8a5f5798ec8d4
SHA512 f97422d598679c54aa060053b922c520b3c237f679eacf7f5b1362df0eae67a86a6bea727d253e054db79c065c3ea39eccfdb3834f109a6230593f72e8ee72fc

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\305494b58d8fd53ffeb260a6cb918e1d.png

MD5 c73e0db5d37c6a60eac2826e8a5157a2
SHA1 0461a19db4c0fdd83c37a690b8ce3278ee601e79
SHA256 157329ed7b13a10b405c4d9bf4e8a1e08f9521dee4681915e4027e83ff3d55fc
SHA512 1df18ab0618317dad754492953ae4b151e280573bbc3f9f197827add0444879a36219c8e6c6ea50bf45d5dceec5f62037a47333d848513e0e64798a10f593b31

C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\63e78fc5dc38deacb9eb79bd0d516f7e.png

MD5 476472cbc92de39c1ab8ee8ece1049ed
SHA1 94694cc09a8137e67405e0b1298732c3b1d7df87
SHA256 3e1b3ec9f054da11ed5a835f7e36fdc0408fdd090b6c009534ecb0e0420c742b
SHA512 d93b15251f436fc0c6e9c7910f4ece5d4fe4d081d66f5a1aebb415ee96dd608dd4c1dfb634d40702925f22eb09f4c1397267cb86091524011318185f732f2f86