Analysis Overview
Threat Level: Likely malicious
The file https://pl.exloader.net/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 15:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 15:07
Reported
2024-10-27 15:09
Platform
win10v2004-20241007-en
Max time kernel
101s
Max time network
147s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ExLoader_Installer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\ExLoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\AssetManifest.bin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\NewYear.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\complain.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unsafe-shield.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\favourite-added.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-localization-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\SpaceDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\concrt140.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\CSGO_hover.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\google.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Cyberpunk.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\romantic.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\simple.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-debug-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\VictoryDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\mask.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\upload-sharp.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-fibers-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\folder.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\vac.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-memory-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\war.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\fonts\NoirPro-Regular.otf | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\answer.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\macros.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search-alternative.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected-anixart.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\vccorlib140d.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\AssetManifest.json | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\fonts\NoirPro-Light.otf | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\android.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\telegram.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow_alternative.webp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\msvcp140_atomic_wait.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\url_launcher_windows_plugin.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\packages\media_kit\assets\web\hls1.4.10.js | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\add.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\alien.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trust-properties.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\shaders\ink_sparkle.frag | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-convert-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\halloween.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\logo.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\newYear.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\chevron-down.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-console-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-conio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\clown.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\checkmark.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\collapse.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\file-text.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\sort.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\flutter_windows.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Halo.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\key.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\JokeDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\arrow-right.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\farmbot.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\hot.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\library.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 807525.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\ExLoader.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\ExLoader.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pl.exloader.net/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8658546f8,0x7ff865854708,0x7ff865854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,7056533909229228128,6735057151802548994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
C:\Users\Admin\Downloads\ExLoader_Installer.exe
"C:\Users\Admin\Downloads\ExLoader_Installer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
C:\Program Files\ExLoader\ExLoader.exe
"C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe --silent --allusers=0 --server-tracking-blob=MDgyNGEyYjRiMzg2ZmE5MTI2NDc0YThmMjUyYmQwYWI3OGI3MWUyZTcxNTBlNjliNzgwOWVhODBlNGMxNzA2YTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwidGltZXN0YW1wIjoiMTczMDA0MTcyOC4yNTU1IiwidXNlcmFnZW50IjoiRGFydC8zLjUgKGRhcnQ6aW8pIiwidXRtIjp7ImNhbXBhaWduIjoiTkVXX18xODIyNmEiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6ImQ5YWM3YzM5LTU1NTYtNDgwYy1hODFiLTY2ZjQ1NWRlMTFmMyJ9
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.115 --initial-client-data=0x338,0x33c,0x340,0x314,0x310,0x74dafb14,0x74dafb20,0x74dafb2c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3236 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241027150855" --session-guid=5992d4dd-ec82-49cc-bdb4-c2d0cae8f4c5 --server-tracking-blob="MzU1MjY3MWI5M2VkM2JlYzNmYzUwYWMxNGFkY2VmZDEzOTU2YTFlYTRiMzU4ZWY2MmZjMjRhOThjMzE4MTY2NTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMwMDQxNzI4LjI1NTUiLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuNSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJORVdfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiZDlhYzdjMzktNTU1Ni00ODBjLWE4MWItNjZmNDU1ZGUxMWYzIn0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=F805000000000000
C:\Program Files\ExLoader\thatsactualtalkbots.exe
"C:\Program Files\ExLoader\thatsactualtalkbots.exe"
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCC4C0E39\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.115 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x7331fb14,0x7331fb20,0x7331fb2c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xba17a0,0xba17ac,0xba17b8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pl.exloader.net | udp |
| US | 172.67.210.30:443 | pl.exloader.net | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data.exloader.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | exloader.net | udp |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 104.26.9.44:443 | ipapi.co | tcp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| US | 8.8.8.8:53 | 229.133.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get-gx.com | udp |
| US | 72.44.63.6:443 | get-gx.com | tcp |
| US | 72.44.63.6:443 | get-gx.com | tcp |
| US | 8.8.8.8:53 | 6.63.44.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.122.39.69:443 | www.opera.com | tcp |
| DE | 3.122.39.69:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.200.46:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.39.122.3.in-addr.arpa | udp |
| DE | 23.199.217.193:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 193.217.199.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 2.18.66.73:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 73.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dll-files.com | udp |
| GB | 143.244.38.136:443 | www.dll-files.com | tcp |
| GB | 143.244.38.136:443 | www.dll-files.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 74.125.133.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | meteum.ai | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | meteum.ai | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | data.exloader.net | udp |
| US | 8.8.8.8:53 | data.exloader.net | udp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 104.26.9.44:443 | ipapi.co | tcp |
| US | 172.67.69.226:443 | ipapi.co | tcp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| US | 104.16.132.229:443 | cloudflare.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | api.exloader.net | udp |
| US | 8.8.8.8:53 | api.exloader.net | udp |
| UA | 91.231.182.13:7777 | api.exloader.net | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.182.231.91.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 82.145.216.20:443 | autoupdate.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | api.exloader.net | udp |
| UA | 91.231.182.13:7777 | api.exloader.net | tcp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| US | 8.8.8.8:53 | 117.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 8.8.8.8:53 | 89.11.18.104.in-addr.arpa | udp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 8.8.8.8:53 | 53.16.21.104.in-addr.arpa | udp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 172.67.210.30:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 104.21.16.53:443 | data.exloader.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_1520_JMLXXUHSPAMDWDWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18ed911342aa206270a3377f856e3921 |
| SHA1 | a2e9cdb0c26780c6f94638a619535eee4c7524e9 |
| SHA256 | fed7e4b69f5e611aa38dc49834c95ab57b77d2b119d8e5529db69f8673b2931f |
| SHA512 | 5204a8ec71d1026b3964a366793de228ae0f293e58ecae5210a5638c956ed6c39c7071b22ccb6ec48689359836450f8f005a701191d17a8d11cb70b0b73126e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7b6316355bc70a7adb03bb9405d8e74 |
| SHA1 | 344e620157e55a36d40fafe308893af9a4a1be98 |
| SHA256 | 861046ec923ca6c431a8aa92fde7d0425f42b77c7bddd7ece6e5dc0a5efbfd13 |
| SHA512 | 74463fcdefbe6d3bbf77fce76d297769808aa1bf2b3d9d505d4fa5314457b6f0de34bb82688417fc365370cf3d63a5dcb7c938ca18bf578105a059d79d5e205f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 8109a02f269602b73754c306235236c5 |
| SHA1 | 8e7afc76827e74a20c162734b05a16bedbbc244f |
| SHA256 | 061ccc9303425c5ec45ae4df50cbaba7c7cbdf4439b765c7032d49d210d4f5c4 |
| SHA512 | 884a933b8b8fa2f2432a2ab392c992299cbd9c0b70bcbb9a76d82e38e60c9b1258cec7c2f6d6b2bdf909caee0ba5397344721c4ca3adb8f702118d65240fbb79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 568c2fc6d44c8a0f2cb6507fb83cde63 |
| SHA1 | 9818800f1fcf5bbb25a172900c474c607a49750e |
| SHA256 | 7135cf4e95cd5195e1f48c2eaaeb50753d250e6cb434ea7a748a5da3972e7468 |
| SHA512 | 19bfcba7a4535646254288ecef81c757c21dd5fcc62e7b8e82a429e901871d36ad364b32a6831e7a754456c085d68cbe853d08f2a3d007a68a6723dc8acfab9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63149107d1482649c53da6720d731f04 |
| SHA1 | 7bf74eac137920afc4c7d3873be071ad29f35953 |
| SHA256 | 8b149aacb409a1f3334835564a19ed3146dc700ca9a814a536022eba025ac560 |
| SHA512 | 3136a8b1469f30e3e53ab5b418fc2cb9348feb44eeb8557d7f567d5b861985d9c380f61b003f91d5943445c2da4c35c577a2c63c9d8cda17c4684b4d104974af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fdaa1a8b4b7478840a3b931c5f02d35a |
| SHA1 | d04e5dbbc3235d11dd1eaa1dd885d67c35dceebf |
| SHA256 | 1510ff4438b6052afaf36ce2ef19693d6c3e886ff9d8c573ba041cef11d92f5c |
| SHA512 | 4a7994709ccffdefe2eddf4f6589d0f8f0faaa673f315e90e404fb48d409c7ee689d94580c3441e56deb9c1ea1ea070ae24242ab46300af71f6cd136436a4a85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580fab.TMP
| MD5 | 74b4a1e5545c5b47b11cffa6269a54f1 |
| SHA1 | 204c48f415745813f13d7369a4d4d518cd007f7c |
| SHA256 | 5793471e721864fd62f0476f91d91235ef042f49880d57ca3c6e483d16648192 |
| SHA512 | 5e013b5ccbce51e343b3ae5d5a9242aba78dda04787ad0b572fcf7d818f005dff1df67bb29cd5b78bef946dfb4c6452c9949960535f364cdf5839469e35558dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 54f20de8a9081fccaa118be5bf3aa347 |
| SHA1 | 9a6f5952bca06500c4df3f5a26a54955e55ccc14 |
| SHA256 | b47847a633f51ffc2135e83796b686532acbb5876025eac6d20a083502315834 |
| SHA512 | 488522b5d5dc119f11e33f295fc3a2537cfe8360287ba619eae02d70629d6bacf7ea9f8e85a05a1b9d84a0688922e97c7d754c42d5428363253765fee35f6d63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c807f0a5211eb49172c6f2328cb308c3 |
| SHA1 | c68188dab1a33d285386225b216f5337d9ca01b6 |
| SHA256 | e9018a687ea56ed9fe68ac644fe69739a4de8b3e23c3d68c7832333f738618dd |
| SHA512 | 6d2ace06e6255e876342bd340261a36707f09ce09326c2c6790f31d391d25cb516207dc40072aa360596f96091d162a857a99acf11764cd40089a74203030cba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8904ddf00e28f189548b073b673a82c0 |
| SHA1 | 523ca545c9250f399e50d15099c7fdd6adee8333 |
| SHA256 | dc273250783b5e2f5548ebae84a1383760044ade4edbce583828b654d477b0fb |
| SHA512 | 2fe4425f64b13d2074fa1d8b2d81e9118cb3fe763f72bf033640962df55175790b45f15ce133bc354de0d49033b43f291c6989eca3160cb2320f7e9b49b646a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05ec06910d46371e28151ed4b42171cc |
| SHA1 | 6cfe5a3d9426ab7d05f154c7671c204929b87e73 |
| SHA256 | c59e114a7d3ab0f37e62092efd01e5fc77494e88e77b4a2c9ffaf409f483e5f9 |
| SHA512 | d0ae32cfc4039867ca9fa8996a8a9372c0dd677e90b81b8c685edebba6b9e8c0603326f29b34ceae86227df717bdf663bfccbc6a54d58995c0cb4e9f79b278dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 783c453831b65c1ef0d2e2403f9168ab |
| SHA1 | ca0c9195646e8bc40127308281873e8ed30a8963 |
| SHA256 | 6ac64986b83a2bdb5ca77cacc4d1433262e4a9ee77bd1d14e8a431a4c1c87b3a |
| SHA512 | b88333f4d5cac398c638ebed91a77c118e2003b73a43c1e795c455a11d2924aeb403e85a3e4a566f17a5a6f0e21e74bbaa616d94434ec7054baca52c1df1cc8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cfc653cc5272fd3777c915309135f2c4 |
| SHA1 | 7197b5d0c3b956a8066e5ea05a109234a2dbc3be |
| SHA256 | d27c2c3829ce0d54cebf3ba946c9c62b64d29caaa7520a85a9d0dfc239b00a19 |
| SHA512 | 521a461e1b4952072a56653af8fa07d8b8b650050ebd7208d4c0d70b43e2a32b7ff30101e9f911be08851c5a4804594fb1589daa5e4a051ee0dbf3c731a73141 |
C:\Users\Admin\Downloads\Unconfirmed 807525.crdownload
| MD5 | 51d5e87ae7bc99d3acc39daa20b03431 |
| SHA1 | 7320a8cd779bd18f572422aa53b241fadeae6a34 |
| SHA256 | 07f61f7c87bdeacfe34388001489136c563f55891d1a7e4481048b0e26e888a4 |
| SHA512 | 273eb5f5c93df9885ce2bcdc35df234a1f99e13af7b904d7e9a257b5e75a9a38b95f2ee4bc27a4cb069718cde57804aea45cc79223b34aa211a3a5604189c7b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 822faff897aae7ebfc9309ee9b9f6a25 |
| SHA1 | 80a4ae90ff3988325db2cc517b9961df8f99f129 |
| SHA256 | 20b77401fb65a0b53ce83834a9f465ccf1ddbf4c6312b1a5071115d38b71b59d |
| SHA512 | 9abcf3506e2b80ffa41efdabe6192c6d70acb2553a890313b82e2953208554343aa080552f08d4431a0a97a29049248d086051a465e70dc3c22a191394676b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 46452d66a325d41363a6f867557af732 |
| SHA1 | d97f1c30c10aa604388fff1f352dfdea46518d28 |
| SHA256 | 3961cabd9f6b4045f80e969d30b21f751bbe1d0b68c1ef4a4247c3100b122e2e |
| SHA512 | edf266513110cb12f690d12f389c119b250ca8a61a9c9c89b48692b20523357dd8501997af1d24ba9193f4bff57a595bb554998beab59ebdea72db2dcd43f24b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b695b3be76b3171c6bcb1be1f840c620 |
| SHA1 | 91b6b5ed9215b9b0d2825eaccb7f568a103bc546 |
| SHA256 | 0d0b7fddef46f83b3a7abdb6aa62ff738c4f7c4ee456d191c055a97ce0d520f0 |
| SHA512 | bbf8eb5540b131970cebd3f54e24b587c44d36b386a77e25f26dd3ace16db1e7c4ce85f2a0c5f9f32d1111fd97961da5ddd1c26473caf170e97f238f168971d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cd51703f7d76ea61335f7f227dd501ae |
| SHA1 | c84a3f9fdd0d5c7383525243ed1ab37aa2ac31d8 |
| SHA256 | b9ce8fe45fea82259708d8c0ef76acc0ddd70d86b1c50c9a63fc77f5fdbe5369 |
| SHA512 | d2ec903dcb04cdf68b98095fcd5558024273a7a7f6bdd3120980384a5ce49611a9ee7247c1eb27ae02da64f32f165b4412d097d7a716f45b8e1c04ec556ace2e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Warhammer.jpg
| MD5 | 0a5ffe11b4d2f0d579e22a475047589f |
| SHA1 | de35be4763c7bd9698ec627f025fc81fc9927ff7 |
| SHA256 | bc755a02b636013d2ec0bee05412ff7361675b0cd3dc5661a4d750d74e798346 |
| SHA512 | adf7696b4fb1a1201e744181b63b02e9f224a1791e954994daf8785c6752a7ab85b438816e67a9236c6275b2f7383eb6f50fe32e1e58b3a3aacf9fad1d49b92d |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
| MD5 | b51f61c70894e92875d5530d0f553067 |
| SHA1 | 6cfe241ad503445443463faa5f869e0ec9cf0cb5 |
| SHA256 | 0cb547550924bc73727d60885a82df098ead1eddb37f39b32dd46eac8e83db27 |
| SHA512 | e8ed6fa9f10dbad7cd7e420aecf655079cb04d59229b8c014eec2cdae545de16566f8c784786dbb98e2c12f3f3bcdbba2d78445fed14807ec154bea0ce653ccc |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll
| MD5 | d663c9eb379f0dfa6115dd1e669b761f |
| SHA1 | fa9fea1bb8a0db94a1f6f9679cc7ef5acdbdc6bd |
| SHA256 | 4bd4bab764eadaa9da230407be3fa9c0522b2bbc3dae60593beb9a0984f35138 |
| SHA512 | c154b5c2975797d2faa33a31a2612cdd446a149144a7d055323a0c49acfb7cd8dfb815640d68c5de61ce471c6038ff3390d44a801f9dc970b573ef2ecc67f7d5 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dll
| MD5 | eb49c1d33b41eb49dfed58aafa9b9a8f |
| SHA1 | 61786eb9f3f996d85a5f5eea4c555093dd0daab6 |
| SHA256 | 6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e |
| SHA512 | d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dll
| MD5 | c3d497b0afef4bd7e09c7559e1c75b05 |
| SHA1 | 295998a6455cc230da9517408f59569ea4ed7b02 |
| SHA256 | 1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98 |
| SHA512 | d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so
| MD5 | 7df61aef9229d290236334ab4e05533a |
| SHA1 | a8191541becbd4e13bd2d92366cc836dfcf2fefe |
| SHA256 | 83f290ed77bb39945aa08b12ee81ef6914369939f643cc6194df544d9a683c23 |
| SHA512 | 2036735e5c698e1cace8e7a5bc653e1f2e5d1b9c84c75dd7868807abfdce417727cc2ba12c13599e5c9a8460fc6d95e53fbe358329b4752ece105efce9421388 |
memory/2156-1254-0x0000011A04790000-0x0000011A04791000-memory.dmp
memory/2156-1258-0x0000011A047A0000-0x0000011A047A1000-memory.dmp
memory/2156-1256-0x0000011A04920000-0x0000011A056B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll
| MD5 | e9b690fbe5c4b96871214379659dd928 |
| SHA1 | c199a4beac341abc218257080b741ada0fadecaf |
| SHA256 | a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8 |
| SHA512 | 00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c |
memory/2156-1255-0x0000011A04920000-0x0000011A056B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat
| MD5 | 692337664e861ad322138061132dddc6 |
| SHA1 | 8a99bc860eda0772f3b1f4a125fa4d474410e21c |
| SHA256 | c12537022ef818991a7bfed41a76d8d6ae962ffbc0e6511ac762a5d0845e7f7c |
| SHA512 | 3e2e6adb651e37e530734f999634d7c101fa1c45ae380be8ad169bbfb0a047f2878ff6c8d1428d6b9e7301b447ab2f8839484322ddb3831984be71d442829a55 |
memory/2156-1257-0x0000011A04920000-0x0000011A056B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json
| MD5 | fb1230bb41c3c1290008b9e44059dd39 |
| SHA1 | 66493d0f8a6a112d8376cd296b05c277b111dca1 |
| SHA256 | 2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292 |
| SHA512 | d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json
| MD5 | 3e347bfdf7da5423a048312b5a883555 |
| SHA1 | 87c8b87a9fed16ac9bcfcba979f2425ef4568c74 |
| SHA256 | 67dccf6da615cdf40f2db0546525beaf72005625a4bcfe314ed296d1705ad68f |
| SHA512 | 556550b96ca249b72ceca70a46655b24e47f7f58c34903c355cc17dfc67dfd1e902c342848cb24fa2aa9d51168f61ba77396514b8d810c9477686bf92a1f70bf |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf
| MD5 | e57b6bc24b970a377574124e026a7c01 |
| SHA1 | 00184aedd4ee4d2ca6b5c87cf41e78f64304c89b |
| SHA256 | b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6 |
| SHA512 | c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg
| MD5 | 7f8d672a2849987b498734dcb90f0c51 |
| SHA1 | e53b9319bf964c15099080ac5497ee39f8bab362 |
| SHA256 | 4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4 |
| SHA512 | b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg
| MD5 | d47255b6d3e685cac4804eb58207d0b6 |
| SHA1 | 7fe02211cf6b77f3971522a3b3888460491ae153 |
| SHA256 | 29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640 |
| SHA512 | b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg
| MD5 | e99140f842b471d330fc27cd73817c4c |
| SHA1 | 9957147463f586824b65bc7bfb121d33a9523a96 |
| SHA256 | 0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae |
| SHA512 | f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf
| MD5 | 5177edfb54762b59df676052d11b363d |
| SHA1 | fa18815bf4914b93d587c2758b65e234ad51b38b |
| SHA256 | 50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d |
| SHA512 | 7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin
| MD5 | e6ee07a908803b70dcdf31271bbc05bc |
| SHA1 | 4328b159cebeae8594bda27a63617e2cc7626bfb |
| SHA256 | 5bc7d9a70129040cb1a99067d26a8a74f1679b345ae7e7fbd6c71d26a97e2688 |
| SHA512 | 53293ee1c663824b3170b994209ad034024df9d77fb782b13a9c104c8dd89316c2fa18fc3b7e106260b3ef3e4d9a54b8b110aad52f5defd01abf5a370a4855b2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg
| MD5 | babd1b019be8944f7ef6c64c8194bc8d |
| SHA1 | 702a50d3e3a0933db4dc1f37423bca3b5c52acde |
| SHA256 | 71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76 |
| SHA512 | 6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf
| MD5 | d10d77b03ba3abe6ccc1c142d9852595 |
| SHA1 | 6108edf0cfb3d5f25e3c593949c301c5c2aa5f25 |
| SHA256 | 3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44 |
| SHA512 | 71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf
| MD5 | d969db6adb881f1dfa91a5b7ec0154d9 |
| SHA1 | d7b44b20eb246b0ff5c41147c0d0fb96fde47c48 |
| SHA256 | c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152 |
| SHA512 | 2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf
| MD5 | df63e8855d04ab0e25d2bb6a0b1fabfb |
| SHA1 | 5512dc285f36cdf7da5ba5eabaca128ca3442537 |
| SHA256 | a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed |
| SHA512 | eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png
| MD5 | 3577f702479e7f31a32a96f38a36e752 |
| SHA1 | e407b9ac4cfe3270cdd640a5018bec2178d49bb1 |
| SHA256 | cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2 |
| SHA512 | 1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a2342a0cf3a1f02472d30ea1fd853a19 |
| SHA1 | 1c96332d79d289a9c4ae1903ae62b1ebad64daf3 |
| SHA256 | f50ad6c1c0876f75d0527a46ae702a9823c0eacf84ffcb90ea5cdc73687635f8 |
| SHA512 | 9ae4db0c23aca5a810483fba5708a962923a1c3b531571c7fb681c5ec52471b40f3105168612cc5aa4614ac0fb9fef173bbb1a9bbcf3f29c6b7a29f71702fe65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26f5bf8d72eb394bef51b227a3f067ea |
| SHA1 | 01c030a702a0971acb8a589e091613366f2f1b75 |
| SHA256 | dd8ee3be22ff41336e53e2436db6b5b6e1d58c8e5c31a746cf940700dcf0a0f6 |
| SHA512 | 2d79d763a54365b4aa80d1f8d39b5556069f9a612301302815edc8a2ee9236e081bec61657cd0d659bba10eddb3a66a110d0eeb50b0bdd4ca0f68204341ab57a |
C:\Program Files\ExLoader\ExLoader.zip
| MD5 | 80ba1918c86ff857cedfcbdce0883ee5 |
| SHA1 | a9aa8fcb6dbaf13b0a09fbc68462f53da405ec86 |
| SHA256 | 8dd9076eb10f30bf84f15d61ea4d23fb73da1eb6cb4e23d6f034eb2f5ef67f11 |
| SHA512 | 1abdcfc9abbef3f42d8b812935574e82c7c434feb0d97d37fbb5a9a66b7f9d9e10b343e7fd92d1e74640ea384469263b879f8207459cca880614d00979563a9b |
memory/3708-1617-0x0000024A739A0000-0x0000024A739C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_invshbor.jq1.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4460-1636-0x000001418C950000-0x000001418C951000-memory.dmp
memory/4460-1640-0x000001418EB60000-0x000001418EB61000-memory.dmp
memory/4460-1638-0x000001418EBD0000-0x000001418F9D9000-memory.dmp
memory/4460-1637-0x000001418EBD0000-0x000001418F9D9000-memory.dmp
memory/4460-1639-0x000001418EBD0000-0x000001418F9D9000-memory.dmp
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
| MD5 | 5dea2a4d7d56b54a285c63c1be2f83c1 |
| SHA1 | 2144ef50ad3fcd1907e38ed28632d7eae217dbd2 |
| SHA256 | 75eb12d07e6a127c62baebf52fcca2788a97914c6ddedef7e877ef6e193b7944 |
| SHA512 | 972ba7dcb23dfe40a9d4f07cfa6708d3895131cc91cadf534f0b5bce3773a2d2d901362a81625aaabdada00cb699db9f9c65ecad7d25fad9108f37a3be17bcda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01d4a45ea4b8b89bcc9d3723b18ef89f |
| SHA1 | 12822a722078b1e6e06c51f6c6407a8a6dea92fb |
| SHA256 | e56553e3cbd09f21aa98e74deaacfa8d4f754fb731b21f44c9151b73777e64b8 |
| SHA512 | 70d339f6c3a924e23061696a934e2885a35d1264dda23cad27bb5bf5971254bdf50ac04d9478c238d1b1568890d3e2388e4a1d8b4fa113f38a13d3ee0120b3e9 |
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
| MD5 | 06da0bb89d1df9a4eab38725a39e5b68 |
| SHA1 | 7b52d472e2abb603a1e9c3ce2e5fe9aa6e35f062 |
| SHA256 | 3425e2cf310c9ea310afbc7ee32017bdde2a4c8cd773787c8741a6d0021faaf0 |
| SHA512 | 8bbf502efe3dd93f1e838f509d8e626f4152c6c708d463ce353e70506c3945129874ce75514f960f26bc092c84a8e825dff81df40d5219de4374b71455c0027c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5869f06a56f6033de9f9c148580b398b |
| SHA1 | e5be194e2375455dfd4b6bf601211e273334a0ba |
| SHA256 | e67c6f5d6d88f7a26a4a234fdd81337111ea0d223c2a54ec8aaee67269f387bb |
| SHA512 | 7c8a4c44f7c5dfe63caba34e729572d438a3e8431a356cd875f717f019f2b9f726739de8b71cd37d08cd17ec29bc6ea0c8971d14fc6cda504befcbeaeaa65342 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f47b0c20e4fec2db4de003b2e8df8420 |
| SHA1 | a0722f14fbd99d4b8e4b841afb27ee245ddb6eac |
| SHA256 | ccddc04f11339768fe1310fe02f3539415c28e46e937f10d352755cf20ea347c |
| SHA512 | e3b99abd13bcca9dae555fa16b5b142f3bc781a3d499b1e4d0fe999d2254310338b977b001e0aa1d806b39a7844aa9f96219b64f6d32145d1e5d0e08b6979d43 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271508535273724.dll
| MD5 | 173156d3688b663ef5f46e6f2475d02f |
| SHA1 | 44f4992c53194904b0dbd4c9f5f11cce623500e7 |
| SHA256 | 5721b1ed26306970aac491c539bcd522b5fb3238fd5d0cfecb46d1ff4b870d4c |
| SHA512 | 189986006e78360f181d139522572afb814923ce0c92bb8d418e6f00f29e485e1809783c6c6dca0c1fe10e6495492c6a90e970608aa131ecf554e96774501015 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
| MD5 | 489b383f803a7f3a20b2086f3b68b628 |
| SHA1 | b8eef2d2d501d770f45719202e51b084e1b99f47 |
| SHA256 | 6caebb2196d37c4395d75804f0c713e714731a825f6e17e9c91101bd5f9a36ca |
| SHA512 | 5302e63c688563d41c6f7b98961ba72d186c3ba53ed2bbc9d11768c3e3567d959a092c2c28945643801e0883992aa68f72e435966113116f374337ae85bc2327 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
| MD5 | 28ed3e4f34beeb20a88e28be65769616 |
| SHA1 | 9e840c5a7d7d91732b25be8ce6b8825bab3714b4 |
| SHA256 | c511de0ab4885d79ebf8f715387c21e1e75d2853dcfd35fa04f985c13a9be3a8 |
| SHA512 | e51e3d92310d848026555314c2f4008f3bd0b8bea969b7e51e0facfc6e731e23d5d02aee82c909638f78630293199af095b513853b15881eb218988188a5f431 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
| MD5 | 11897cbd5eb0f0c15b31d9bcd798a34f |
| SHA1 | cf2f580a478afcbdacf366627ddd2dc966e9736e |
| SHA256 | 57fa592352b35cffdb1fd14f4523bcb401277838036478d9036f6c0b0a345e4d |
| SHA512 | 142213175c090e17258b2dee078d7ac0fcb54327391ed9e71cf5cbfde7feebb542a9cd86a05d3449fb7086f1e649f73790c6b813de5b287b7a9be7312bd6a85c |
memory/4460-1861-0x00007FF8375C0000-0x00007FF8396C8000-memory.dmp
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\730.svg
| MD5 | 6d9817ccb2be9280308fce44c456b5cd |
| SHA1 | 9a17d7f992d78ff4c968d990189e635975a87ee0 |
| SHA256 | f66b912bcca1c69a36742ec0f7d1e23b1b50ca7158321a60aba4bd631e43bc81 |
| SHA512 | 3d830f6f4ce885de48f94f1433109736788f83fb92fc8bdfb10d00ec1c21bec886d48374d30d096181249d46bcff766c4e58b9cffdd300e2b5f50eaa9c33cd6a |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\570.svg
| MD5 | 4c0a9209c2c60797c3d984addf0deb8a |
| SHA1 | 2ad7946f379aca5f0b195c2ad38b2a844f3c962b |
| SHA256 | 3b5b14a838196a58cd3f0539f6bcde5a00f79c95e8830ac531c8c1c01fea18be |
| SHA512 | d404e079d94b3e8e22884e9091f67b1c971ce7192ebd19983e9c5accc70536667e7de9b545cd5f0125f24a6a5961eb68c706e8c732ef2106d4f7132204d28f2b |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-2.svg
| MD5 | f374bb708d64f3314f9d1c6198294512 |
| SHA1 | 8a800faa352e5aefc7ecdd2f68bcc8a7631823ad |
| SHA256 | afc41b419bcee57934803cc8215dfebd4283f65b9d160a23dae760e159b7da53 |
| SHA512 | 53a2bf23a854928c346f5fa4a317b19b5ace630402daaadf4033f8fbc49110d222b0c6d8772c04efa39146f92720dd91611844fc2b201c6397d8776fc87d76df |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-3.svg
| MD5 | f3d936c7c4fe49fc15acc614fad46dca |
| SHA1 | cab911867e02419f510672ffa7a43ed38e4f3756 |
| SHA256 | 64add75f471ba76341e7191e1644ec65bd58099bc659dd98f8516adcb61b9973 |
| SHA512 | c6a04897b06ef4d348a0a749042f49899d7e10f802523e4a08becfece46e4c8aa0663cc916302081081b2aec28dfba73ad5b15424c5463833a4798da69576ee6 |
memory/4408-1968-0x00007FF84A140000-0x00007FF84C248000-memory.dmp
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-9.svg
| MD5 | 37673fb4737f110ffcff30820f7411a7 |
| SHA1 | bcee7220faa640dc81e7bb225606a0837264cf51 |
| SHA256 | ea279b74ffba3ac4077d923e4cebb684b47670ee47bea531c7ec3ddce6ded9b4 |
| SHA512 | d5d319aa929c8daa9e5397a2f657438c4692dd0b477339071c2991891cc3d171dcfa5b46c5faf76ccf345abd2aaf1baf26dcb5d1114a5871105cf3146fd8b7f6 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\10.svg
| MD5 | 15cf6a3e9ba4a7d11a7985a5db7566cf |
| SHA1 | 2a567ca89cabc616f10d51b921d10264f1573742 |
| SHA256 | 82f74a005c2a0182c66fc97bbb13112828df961db3287b062fd29c730cc59b02 |
| SHA512 | d4a743dab395318c346906f334e92abe05a0118051872083399a664fd4d304773584ce4b9a40f198200c93fd928570c3c42b6c56609defe3cfc40ea6cb555d69 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-10.svg
| MD5 | e1733e3a43bd068e53cd7797a68a6167 |
| SHA1 | 26e1c47dc2ef31f4f62d4c2cad930aa7378dda9c |
| SHA256 | 6acd550e4998b761df3470d8914357bc958d03ba0f60229a0e4888d9b0c502b2 |
| SHA512 | 2d042d04c7dab4659740869ab609a99d614289e5c042ca4aebef3c06cc3888b9cc98c9b5ea7b449e7b90d61078916584e93b65e8ea6ed25153056eee81c2e75e |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-12.svg
| MD5 | b82be3e7bbc539cff8c65d2445985f18 |
| SHA1 | c05337b679a610240df0b8bd46491b89dc4ad182 |
| SHA256 | fbbe56de1740285b80b2c1462136c909b120be05a5fb88283d37236301b60c5c |
| SHA512 | decc9399d6d59e5e5c5eb514d13ce0e93eff858d9a8192ce9dcb62f2267407b2930291de00d1c5e484fb16dc107eb602f78557bd88b52ef27527aa20c45d876f |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-11.svg
| MD5 | e481da5bd89b9455baa45f686046466a |
| SHA1 | e01fc3914c52af85fdf9a0a3573606faa2150cef |
| SHA256 | b2d49e98435c31dc561f44ea22b4fe109b65190ae8598e60cc48f8caff9ceec7 |
| SHA512 | 0417957790453a0da90b4541b5b1797c7b85afe7b4a6aafd69550c7daec69afb668ef7c14661e6d56e193ef379790eaf54c639e1049c278d906c2d2fc05ecab4 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-13.svg
| MD5 | 937cefdf70a564a65c26315cdcb617d0 |
| SHA1 | e5c65db186de14bf8aac97c4e0e641aacd37e5ce |
| SHA256 | b2cdd4fa37d58c52739361fdfb4a4d7997f337ff7e93e369cad2840714f16606 |
| SHA512 | 4b51a02560485c6db8cead3fd5937a43632c11dfe2830bc1ab90b3563774bef4753e7883eedabc13ff6fcbbd8136921703b1703ac89b8d6ae850affcb055975e |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\240.svg
| MD5 | 1ae03acedc307c0cdd568eb3279a704d |
| SHA1 | d038d97a0e32d644cb80764020e76c925a29d4a2 |
| SHA256 | 6febbd4148072bebd4aec847f2e476a5674b4b165e9b1fe0f919e027e5fc99ab |
| SHA512 | 619794107cbef64c09d43aedafa8a3463ac9e986b9babcbaa697b1c634b482bec4dfab24c2c806ee7673850d1a67c7a97ab0125d9e752914a621adf57b6d9c04 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\304930.svg
| MD5 | 44a37801889fc2fcc6397e7fb1286c14 |
| SHA1 | 55707d11d25df26b5647956c8cec51dfe3d72ba7 |
| SHA256 | 7b299b18ce300ca36bce22f7c8bedbbcf6a299e1f641e5a76ec34813c630ec2a |
| SHA512 | cd54b4e7c9a089efee331b824a07bfe72ff545f78fc60e15b656beab168cf32f666dfcf08c6db04cfce2ec79ca7919bdd3b66fd926c79d92e670fa4e8b5026a7 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\4000.svg
| MD5 | 44a0e92fa8ed9581afa27b5580955629 |
| SHA1 | a2ee4c2f8349e179abdabf173ae2633ae950f34b |
| SHA256 | e2d6c9b520d9c79425a40f97a9f8e5b43a8fe4f87faac0505839fde8b6ab9e02 |
| SHA512 | c327fbcb699ec0feb98356d0b1fd2a141296a63d8da653ebe2aa2c3d83101b1c6fb645c6e9bfa93b694fa00f049a8664070fb6ef615a9518f02cb28facfaf1bb |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\731.svg
| MD5 | 96552e7d817c03a0f288a5955ec78b2a |
| SHA1 | eb4a454c80e2f985fbe78ac2db1ade4e5cd84064 |
| SHA256 | 64dfa7a49091c7f824aca93975d4d47469dc967832bda600903695bbeb0ffa56 |
| SHA512 | 4a8c9f609eb082ec9c9d734b913293e48c00e3431c73be31cb8210460a4e02c12b150b98392ed80e312bbc15e011895433f247838a4a097147e0e0d291d4e9f7 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-252490.svg
| MD5 | 67c47120d5ec695a91d8183cb5670628 |
| SHA1 | 89235ab6e57044032d8e4841bf609d735e6bd77c |
| SHA256 | 299354d2c1ed79df9957868b229a6898d7aa32decec3101793154d80749584f7 |
| SHA512 | b754fc5705485a125fb9a6ba60f387c2dc638b419d03d673b17f02d523117f17054029b1d7836b5e5f58826598921e388dc39cdd0f5db798ed3b81a44d294120 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\945360.svg
| MD5 | 24bf9616c43ff2bdff3f2be2d17fedb5 |
| SHA1 | 473366969c39bfd2245f6e13541129fc4a11393b |
| SHA256 | 4f4f69262f7ac58cf7915013edf1b68fb18637cf452c0b04f53b223a4b7dca6b |
| SHA512 | 5e0546e1ef2c14c359356fb9f904de93f6ed1ac0dd885753cd0667c74196669b10e7e8b92a7ab9db757da24eb2ce2b53ec55fc690f0024c2659530394e515e6c |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\320.svg
| MD5 | 99f33f2b60d2d1a0bab71574f73728cc |
| SHA1 | ed72326ad12b4919e0396cadb74cd99c2c0ce7ef |
| SHA256 | a405dd019294eb623c37fa1565044919954bdf92c9fc42ed2f1d901f58e4c270 |
| SHA512 | 92529874f9d513e77abd74cc82f887e87ef02c96a705c4aa9c9c306283afc8b23081dbd4bb4224eb17d910e44e8955489f1039f78ed26691f479bcca03568d0a |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\550.svg
| MD5 | f138aba7dc07fda623e78581a299a290 |
| SHA1 | ae465a1ee4021c5b97b93b2efce96cdb465b02fb |
| SHA256 | 6b531e50d8cbfd269095a3d57d01c3ec2c4402f66b16d53aa5346f2ceef7abff |
| SHA512 | 530d583521064643f513c6d826bc431209ac2af1ff0f4dff1d8f85dd7d4f2955551738b96ef6ddde1cc02d906b932017bfddb21c41b3f03db32e439edacc22ea |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\-42700.svg
| MD5 | 51963f67a91fe04a2d6ae1a1d07948b0 |
| SHA1 | 430622e795184a4208657492b3b899fff3a49320 |
| SHA256 | 78f72961e264a266b835a60c3e1b432be8de432e2a61689d168284080ff5f1fc |
| SHA512 | 73aacaa085d5e07c42d3449c2b93e45125c75876c2a443b383921f75a641cfd3d5e9905fcd640daf5b8a07427c2a668c4c544c3e2400be473587bbb3df574d1b |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1966720.svg
| MD5 | 5caec73ea52aa613243d9aef369fa4b8 |
| SHA1 | ea579c39fdee7bedf6c5a274d9e0ddeef1845574 |
| SHA256 | bfa8e1bacfa74cf58d74911da2052c87f695b4efb72c93cd8bd47adde449c45d |
| SHA512 | 9468a776b30535cb849e5d09733fa1e22d34c4f6e522e990ec37b937503f9713a9e5d83cd801478d9220d55dbaddb96e4de7b0e9bc803c507c55c394b3f8cdb6 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1172620.svg
| MD5 | 4ec209c323686d0ec6020de44df9d255 |
| SHA1 | 27eefcfc6e9a34b934c1ed425ed6c75ab3556806 |
| SHA256 | 1ec6c143637a647438a4af779ea8976a7d470ecd5d73cba7de6f4c4f2b3228b7 |
| SHA512 | 7dfffe247eb7a80bebece27e90949404911e7ef17a4b6cba0c03436392695488dcaed609086ad0f423a1fd8b9320fa578d6b92153ff6334cbdf1e1e574bf0bb7 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1623730.svg
| MD5 | ab88961a57678b7d1b62468e10a06420 |
| SHA1 | 978e5c20af843af29f51b28a22e4e563d3d9ce9c |
| SHA256 | aff383b405180b7802aec8369858df99a5481d16138ca301b8aac943f7afab2f |
| SHA512 | 30dd8d6cce0a445b7f5262400c222b9b8bb531d68aa0bc02924cd3d2c759aa6f013360fd01585557e342326bac234267229cba0aba4fc3825e7e6fd90ed99c38 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1238840.svg
| MD5 | 1bde1f43e0af9a78d98f27edc03be6f2 |
| SHA1 | 3802e4156a7f3030984772ca3f05b0c47c22d841 |
| SHA256 | cd8e902ebed0e3dd2ef96098d332fdc3c23a83bfc3657bf4f0ab220198e44abf |
| SHA512 | 39b875f84f37fd66aa12c359d93c6765c4c166e39e73ccece8ec6a2742eb7ffa403c18e38704dc47902845cf8deb0bc8f077e45c749c228c2f5e2392f054dee4 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1238860.svg
| MD5 | d781600d07d60532d1ba45fc500eacc5 |
| SHA1 | 949e3adfb2c0bec18b8533bad5f53661f4df5bb3 |
| SHA256 | 89312f302382450fc45972adc226c3ceab32402d0595b4d8db36893a30851dcf |
| SHA512 | 05ceda621cd7ba84defa75eb25046425fea198111b105f32d320ffd47ff3c37b36b8b5e2baa2ff6b913cf5148bb2b7e0571bca4180b38105643a4170546a17ad |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1238810.svg
| MD5 | 5c62d732f6a80794c1562aa4eb205d62 |
| SHA1 | 15b56a29450c16461ad81e37f2c69b4bd0fd9689 |
| SHA256 | 2ce2797717f1b6a6acd1d3b20ef40062a42293fc2f90fffec6c8fde08b4dd040 |
| SHA512 | 0a53a2714fe29cf125927e58cc54c99612a317745a125c7e0599bb4ed9edb92317ed76e3f0ae6b2698ea955a34e10e2db22bbb6afbbfeed1925dbd11e1147c88 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\739630.svg
| MD5 | 7ade08fc9e9411aa4d6467dafb1f0a80 |
| SHA1 | d57040e4cb80b1ede53a99985bb5fa47574037c7 |
| SHA256 | c707b928cf8a06c4e2e57acae09c1127555ed15b08787cd311f89f39f18f5e25 |
| SHA512 | 3cdb7aa94248379b3341f3d0243228eddaed464f9f5ad606e3d772f1d88827792a3283c9d5850953761d9fe42362ce404643c1917166b3a468438ee662d07ada |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\7940.svg
| MD5 | 0ef0db0107ad17b665383c82353f66ec |
| SHA1 | 15f242208c88708288ccc8aeb316325f72e97939 |
| SHA256 | c5ccf04273145b0685e62fb0fab5430e8046909b02eddcadf6ca67fb3de75aa8 |
| SHA512 | 137e86124d81191f189109cd0b0b8b38a9f6501508b09f46a9f6f1454598806a0e2d063e362bd8896c0c3f05b3808eefffa817c783f0f515cfec475f881192cb |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1985810.svg
| MD5 | cab2cad9abd0c393bfc394cfe0131157 |
| SHA1 | c09cab5123221467b6f21947641db459b634481c |
| SHA256 | ba9e45903c15ee8fd62702a6a925d9fa873b8aa42d339161f2cba70a67bec1a8 |
| SHA512 | e0e3586abe05e128613a69daea3412f99369a46943160eb598387500ddb6c4c15c941fbe9f6d59230076cf1ccb913bae27868aa1322040bd4e43e9d539bbf146 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\311210.svg
| MD5 | ab85508e14a2ac9287d78851dd24361c |
| SHA1 | d9a5540fd43b1a46badbe80be88af36aaa5e9829 |
| SHA256 | 47fcc7b23f02a54bb2db7c69a4f72ef19389599305a1d6ab65416483d6b1b440 |
| SHA512 | 6cc39c468597854519aef1fa5960e0d28f5bb4c3eca9e4d30c60fe7e2a66957fb1d236a807be71f74fbb956930b58145d58d21fd213de2ec8250c5bb79677b0f |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\2000950.svg
| MD5 | 859f4312b4f8e641ddbc3005594a7849 |
| SHA1 | a1a379b8382179cea3844e9451142ea7921a657b |
| SHA256 | f8fd7cf3c6a19c50c3c1ab3c4ced0a6cd44b41ff240054ba8d50226beeddc284 |
| SHA512 | 19116876b02ec6920fc7024605839ba3fc12cfb05a21fa4c4a54d47948aea5a9cd3544c2c2758f4d6299b7adc91403761a9627b9ae6608baf4afdb69d4b6042d |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\397540.svg
| MD5 | 7971314476a987d4b674e95a7cdef9ea |
| SHA1 | 33be930144d1ded84dcd39c58deb18b64a6c1d1e |
| SHA256 | c696c54e89258a24f47337e4ffdb8298eca23388a68ca1d3b42671d0636f537d |
| SHA512 | 0ab501fa48285e84e981d8565d93fb4a69428021ae3876e21f6707c5e5a76dd5ac2ee8d1b2f759aade0f89d438e464336e0c2d2cfa6a8b66521c035faabd9be0 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\1422450.svg
| MD5 | dba04c943950f053812769b639bff3c5 |
| SHA1 | 47f049792aa6586886c5cd5ca28c0af56e40b7e0 |
| SHA256 | 9e69053e94d882a21f0ddb7cc1191bdb8a2bae08c09932e82699769d7d59708a |
| SHA512 | 9c18715190e46d34f0392ea6aa6f038f20c6d66ff030adbed711a8d854ce8c02e6b9265f28413fabd5d9619b96574a63a8ea3efc358a677aa808e084db00f234 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\700330.svg
| MD5 | 00ecb2bf39f6f1cba8485b898660275b |
| SHA1 | 199462d36266b75e9b862233c85df754e4765f92 |
| SHA256 | f898b26bcee23c914ce9e7524c6e0923ee80c696b80047cc3f7ab8704f3260ae |
| SHA512 | ea22465e041ee28c781b682d7bec4ef3111d2aff90c0631e265ea2d856233e450b6ebb064cdac00196a32b559f225cb99bda2fd2bdf8fb2d1deb4e96c3b1bec7 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\03529d1b4973bbfc0e751c84c5f361e7.png
| MD5 | 4c6d478c1a4f2541324cca1c84152245 |
| SHA1 | 5339cd8b683523dd2ff8336aa47d6f7547572cd5 |
| SHA256 | 9a0f63aba053b0f6ddd6ff34f50dced76e21b11364b68ea056f4ef45de8e4c8b |
| SHA512 | f08ca21d86da039eef40c1943bc5349a4410695b99348844fd4a3eeb2935bfbb6067a47839e02d0c9dda2b43b1bec5be5752d6fd655db5076982b91d380f6af2 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\93cc560c646cac9c2078a0415d2ad396.png
| MD5 | 1a3480c5aace536947c77fcb6170cc93 |
| SHA1 | dbe4d4c60b1bc88d423fc46fe9321a10cdf15fe9 |
| SHA256 | b6c3a65ab372ea634e095a3a86609b9da5e1e821a09f297d5414f76c3edfcde5 |
| SHA512 | 708e3a697268704fa3adabf1a85946225a14b9d73e67ae43493f35928e295d9db92e9594a52bfd748851d45bb50f07bf30450578caf4df743f03b940b6fe860b |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\273349a9d449f03269ab6e485a491836.png
| MD5 | 4fd9dbdcdb5dd27969285357b0483ff5 |
| SHA1 | 7dd70ac411a58383a7c79d7a192ded4cf03dcbfe |
| SHA256 | 0e3a749cee88787c9363d059f3545165aa042f69b8e740f02f2d38a8006ac9cb |
| SHA512 | 9c92947eef251ba89ca93002598ef794a0bf4bf67fb34d16ad0ce8a6a001875eff7559cb71e028d72b587f6414ed79a43d7a9af9b142ff4ec641552596566d1a |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\bf3927b636a8a73c7945924d2a1eac2a.png
| MD5 | 0087e4f4317f23b3a602fc8401d9a281 |
| SHA1 | dca56dd4cae947a863fe3ff4c2cc91a600de7038 |
| SHA256 | 4b523caed3712cc36c4be5f155eff2e4bb7ed766d1aae92e7763c96e44ed9bba |
| SHA512 | 501e4d15daf8bafa6d2dfb898dd7aaf39177a4e765a105d3eebd84dd897c2d94c460905a4fbcebbdd56df39b2ca214dc998f5a8fcab824829d583ff122aa2d94 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\5d340a37068e830d0d502283f5b3e6e9.png
| MD5 | 6ec7f31a32b72bf7fe1dc6a13ff11f5d |
| SHA1 | b9e04da123fe0e6814309d28fb4f21386d379148 |
| SHA256 | 52d8b323d52018f05d5fb0d510d12c1845b1fcfe9c78cab9ee92a09271e45e3e |
| SHA512 | c097ff7e21745fbfd6957d8e17acf7c17e460f5a1794c517e8f617c30a428742079c9028bc9b497da8af68ec12def02e6732f1e3677072534eae9a6985838df4 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\37d82c841f813aa17c11be5e3b8853f6.png
| MD5 | a36e1d41bf95ce28f6334d56a09df33c |
| SHA1 | 3de1dd02320e846939eef5e0346379d27927d6c1 |
| SHA256 | ab7497f98c0f138db9bf6b901fa10e68b91bd5163daffca8e379631212a056a3 |
| SHA512 | 5e2e00824ddacf4cb51ead9c1528e96035d885637acd7d10a9d53880df7d29d660b6d20e788407b8491e9293adf40729a8388ad67e60d9db8fd77e388488dded |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\52e258087c48c34875b484f433293c48.png
| MD5 | 0a9bdde5758b142d6edbc8f323638ded |
| SHA1 | 7e8b4f4f6956499f92b6916e0809e2c5df563847 |
| SHA256 | c12a04db9c195e93a1e2b6f34d6cd2b46b9bf90cd026ea807fe9d6b639937ab7 |
| SHA512 | 31c5c99f7789522f8d892e97a56eff26859f9a84bf4cc7a5cc2c542e3726f59d14d76b1e7a78d355f8e3f3ec62d311d9169c3c9775aa33dc1d97b29205f402c9 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\08247994c6d9b331cb82ab5a25f38914.png
| MD5 | f8f6626fad6d65fa60bc074436678658 |
| SHA1 | 0489adcf84ae24107bd78eab75ba56d762fafd5f |
| SHA256 | d1d5eb1e2e352b027e560446b9b0a2d4414830ebe0dd5ba3ac9c28af5bb4c73e |
| SHA512 | cae102b21b5851a6a08e1d64b3d4f48c61ff7e1888be4d3057f6272e65e0077406aff597304f6783d12c640b2854c14c9726440a0f3a80f7fa284fe29d4fb37c |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json
| MD5 | 34e6b35952f72c86b68216b13c6b4f1e |
| SHA1 | bb65088b550c74e8d78a1fdb7b248d7b8ae64ae8 |
| SHA256 | 076d7be94aa2946318d36777908cc44e723b4ea412a2cc6f45409da5f358851c |
| SHA512 | 4d329a7b59af02d6ed326381b3b61d4bda832df4e32d6b5ab2aed64be833eb7e7c8710e1fdfb94d738597858840c93481cbcfa2c6b929fe7ee613e7a6c91180f |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\4e39eef770b6d2c3f333f6d62f478b19.png
| MD5 | b8d46c3c68f228f16886071761a13e4f |
| SHA1 | f46a14fda79ef151e87e72b7b0f3e53e24684a4f |
| SHA256 | 21aca5119e819e69a327aa5a162357210168494dd4337ac326ffb10a11d58c97 |
| SHA512 | 7a42937482c97c4966e3865f3f8d281ccc9674115a5693ce0bdf16b27207fa372acaf97fe8e4adc88112029db0660dba0e353a8fda131f808d16acdb36cb25c4 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\32b92ee1172a17c4e8e20d0fe7159835.png
| MD5 | 06cd95237edff9b38b7538e9dac5bb03 |
| SHA1 | 2d851b3c631c8b75920c9399cdcafea6634802a9 |
| SHA256 | 74361c46d60412a73e5ae58fbdd46402ff78e9e99b8312ec1df0ec2a07c156a1 |
| SHA512 | f3825ae2a0e7507d2154881d25c208eca4e5fd8f89d9c9f3a8633a7737ca34cbdef9dd31a831c6878b422f09c6fa190fe322217cf8ff37c96c2899c107bce01c |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\f6357b871ac2053bae0a8cfdb129eb3b.png
| MD5 | 4757905c2a93bfa467b8c3d04594c903 |
| SHA1 | 936b6cd665237be8f071469f721efa5c633f7e06 |
| SHA256 | 9f5eec76758bd65c2fb8c617ad24e2686a8cf51a02524f9583778347921e6db5 |
| SHA512 | eeb241b85e11ee3feb917ac7bbd1db19a2878370c4ba843935c6f4b4b8b9712bd4d8dccff1e755c9d93c8db8c9bde41b2a4882f47584c9e648e42272cab0b57f |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\2ab9b3443b70528bafc106092abb8e75.png
| MD5 | 62a058d4c61e9848ed7f97706ea88eed |
| SHA1 | e7118fb0db25e279344eacbdb7d1d3ae93e2dee2 |
| SHA256 | c83763cae5c09ffcc99054875a50049dd510840becae220a7a8ee91906e016a7 |
| SHA512 | 159b082ac380576cf63aa0f47a5e0bbb633e8c18ea10b1c308ea8e15739f59ac41d84fda28544f5a1c3ebcea00011c55d69d17d7c30cab02e0c9a736afa12038 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\d0ba9ef708cdd570db5a3e87db78403b.png
| MD5 | c0de3a44308537710610b3145afe259b |
| SHA1 | ea8067e6bae0f59f05052fbde39d9f30c4d3d4c4 |
| SHA256 | c0d5fe5de696bff4d8db9ef6d12806e92358fca7b93ca436cff841ee3c878c49 |
| SHA512 | db371fe8d12b2590b7e3f89e33300f9ab25efa759e8ef80d63f5f032d2a9acc49010a0d2e1c9a6efc29e8107c98be326292bb9333ee87e193383aa4eb7a2fc2a |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\d68657b97bf09440f47f4b85959a0667.png
| MD5 | 224bf0dce18da038677831ced2352cc9 |
| SHA1 | c534849ce9a17f43c24616046e079c05827d6db9 |
| SHA256 | b470205d65f66a6a13800578051f1f7e8e89b2f13f4964d69822ff31c8ca9c8b |
| SHA512 | f2632fab906d8a32b7cae15175eeddd55408efa3e418f77f2bc8e8e9cf0c5c438b20d3a50db7b2c2e1969595c62ab94caa5f416ae0c19305278ee6bf6a408c5e |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\516a3b678af4bf03fcb600a00cb11813.png
| MD5 | f2bbd9c0a826f100629511edd7b5da0c |
| SHA1 | 9f3a15f3610b76dea53d834dadf08066e775d86d |
| SHA256 | 247544708d08adb3d7f922a02707cd964fa47ea304e471de32f788c1fc415ab2 |
| SHA512 | fc37a9cb43f35059511c26d7c83774614566f5693f8e081ff0f07e66f9e9114ed3fbde7128806c351ef430fc2a48988bed2375f9ea0367b64d5700086267666d |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\21ff572414b9e80577b4e9877c3c0f19.png
| MD5 | 17456bc87e99d43217b5768c0c8fdc54 |
| SHA1 | f5475e83f5fa8dda1deb1fac1d4785e7e2d64609 |
| SHA256 | b77b7160e7bc0d64a32d5a7319ae6fd5793d11331b8d146e46dae948bd43fde4 |
| SHA512 | 09be2c3e0b13f76b89d20a46f3107d5c1a6b507e10f1e253b941a7c1e4ac416158a600196b2ad80e6e91d7a2461ddf68fee09a23ca96ca3fba1c7eba6b96fd71 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\70cfea462cd585fc09f0a9dbf238420a.png
| MD5 | 7b3e1e22b1715da237eb9be3650987cf |
| SHA1 | f70bdc46480ec00a7a56ba3241bc76fa43c9f1c9 |
| SHA256 | 351c95f34293a2825cba4fbf143381f5c55a5838f9b37f8f184a157ebe64620e |
| SHA512 | 1bd3ba8013abe2fedb4125b311baec7a635c11e5634955a39952613e3544dc262228739022a8ede721c62f29d8eac183c409d402f6c317548d282ab87533e3a4 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json
| MD5 | acf740e9ac4d5457a9daa66f7ab67b21 |
| SHA1 | 61d8a35bd175a024cf248e05db74eca687969355 |
| SHA256 | 42888cc2a5eacdf426eb5f54cc45d707f9c0e9cf8cb615df3eca00767f28c76b |
| SHA512 | bdcb747a42d8d60e3435caba6bf63cfe13c8b5c8b3dfdd4e3cda03105d6f4abf2c9efedcf8a2b8310183a047293497324196432247a5b6cbb6d4e30ae450d36b |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\3bced25089cb3b655d6b9e699fadf426.png
| MD5 | 46333c4b6a1e2a947fac5253327250ae |
| SHA1 | f152dc5cc9c558fbe54f8685e54b7e4149263d64 |
| SHA256 | 7ae83ed9f716056e04f0a7909a6429886cd69b16809c97cdd614e2af48e215ac |
| SHA512 | 34ee88b7edc035f2774ce9f2e2badd5aace48cac6b05be951a07c2fae3f38c637241c8087a0d07f5213b4b79d0494960f4ca0b7a179473c233d82e314b86a458 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\e70b1805b1de2f27877d63a7c6cb1ab6.png
| MD5 | 34da9fd266a5d353756bb8ef0ab8d5e4 |
| SHA1 | 8080fcd94e0f0a8268c3d4be44617642eeae9e3f |
| SHA256 | eda4774eeeaccb43a8b1f9dfb6e147d885fcdf2993f185e3502225f42d1d9041 |
| SHA512 | a3f034a6563b84c4502e0da7e93e3ff15bd64e6283bcca16b9c6e90118aadd23f269d3b55c3fc6a9a5ce983e27fed3d70a2152b277cc69470715f3b9e84d7958 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7e0b85a70879ce840d56f84af26d4add.png
| MD5 | c6d8644e3d0c9e502b4e1cbbfedf944b |
| SHA1 | c8bd953ffadc71ace4ee3537e9162dae2a40283c |
| SHA256 | 863607549cf1752ad365e3431e601e4946209a87c61fd3c9702d1e2b16a6720e |
| SHA512 | 0f63af451f5400795683288646f4e589dbcaced6ae97c9e87db4d7b6d4bf7dbbda6861557354d0f8c5a015bca1b2f33a8c056a9793f55da0b2d2c8f31f3f2f15 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\48f63a6a71a5236ed288a55fd271857f.png
| MD5 | e229f4249d70716c0a5de6e9cbde9e1f |
| SHA1 | 89ac70d260205c1dec6caf4a0cd4db657d8a2889 |
| SHA256 | 64bfb8fdf43fd7fc73d69603830bbaa739ace1bfcb29ee5b1b84dd092f2bfa7e |
| SHA512 | 9c6ee4f0dcd5dc72a98d388267fc8c35b475a05e53c34f5ddd3547993466e444b47d1d044e8eaa8075b019754508d68b3e56eb3fe3ce8346f91bffd07f7ba9f5 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7c7e079e17e5282268bd4208b59c4998.png
| MD5 | baef2274314597c334d1d96ad8e6e1b3 |
| SHA1 | fe82b6c80d62db29113c4d5d96f325a91d611744 |
| SHA256 | c83a004d8baf513700592d988ab523709913ce905904a485e3fb9d13434cd2ce |
| SHA512 | e3c6beb73d7b1a5f3abd43f3e0b3ab882f30a3230eeb1c8dcdbd8fea11c81960b6090284f1dc847c08b5dd301f63ddd56a6a31a8413c60a562e2ac16d3e647d2 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\704820400aae00ae2b4bca9ae996d282.png
| MD5 | a7c54d972d2978b2373bcfad76e4a66e |
| SHA1 | 87bc2e47fa60852c0ea027a675e1aa09766dbca9 |
| SHA256 | 88fc3b4f3327d55df7898dfeef461b7d40e8a71f205e4c57b2e7e8cba617c8bd |
| SHA512 | f708a2e9b11041fe79ff647c418bbf22ba3b927dcdc556311f1be26861e8b3bacbd999aedbcd1c3ea60952d5ece194e96b8b214c1a4bc28b9a05beff207846af |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410271508551\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
| MD5 | be22df47dd4205f088dc18c1f4a308d3 |
| SHA1 | 72acfd7d2461817450aabf2cf42874ab6019a1f7 |
| SHA256 | 0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8 |
| SHA512 | 833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\c6d0c946421426f1600bd303fda9f2e3.png
| MD5 | 0ea5c66863451df962a2a7f714bc107b |
| SHA1 | e630bb72a50893b3e316323f9f6e8a0b11575cee |
| SHA256 | b0a7284bb1b0bb1dcb07a3633465b7590cab7de03645c900103608075347de29 |
| SHA512 | 1a9c4a71bc99287375de409c12a713fc19266bb71e5e2ed19b28b169b4080a156ca10a290476883ddcff89ba1fe9fd2eed7c41e9788a0972df12d8184771c96e |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\df1b848cdf0cb9d3c34393d5672ee8fa.png
| MD5 | 0bab1b3b19b81e2b98a833352b678b00 |
| SHA1 | 6a0e164244012b8d308ce55f6283517342149127 |
| SHA256 | cc58c5313990dc07bb4aa475807d665161f0ce5b02a427fad0a03cd3e0d3a5f9 |
| SHA512 | 033b863bb878f6646735551b98f6d633672f917b97e13f4b7ba8330f75a41d27637d8c9a4e85bbe08ec91e5cf5057dfbcb9de7e10fb711d3feac6dd6ece2296c |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\06863b6c997b988a0b25478954936acd.png
| MD5 | a1d250de3d2f15fcbadefcb00c72486f |
| SHA1 | f4336359ae186231a0915e61d231d48ad4e83b8b |
| SHA256 | e1cbb505ce32805abcf09d69f052176cccd4c1cad79e0b90a8b8631c16cb62e4 |
| SHA512 | 1d6107c2be8cdbaad09f590db05865051a833ef795a75c589aba14a340d00b8a06a2e83d67dbbd8846e923b7c7399df4b25e7a1675be55d44ac291a79a27cc0e |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\c614181748c588e16a8d306b2b694370.png
| MD5 | a1cc92f67b0c7f9a957525d68b1ad159 |
| SHA1 | 2a78b15ac99507dde9f585657c664c4fb3a4a26d |
| SHA256 | 84b21ea6d79a9eadf09736e518c0f8066bb026692cca25e5d1c0abbabbfb0271 |
| SHA512 | 19a13bd269408945822e207f4c2e2a6f3eb7148e81560eab3baf3cab8931660d971ade6121f6cb0529df075c069d2749a09622a945933464d105f2e5797ea88e |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\1540bb22fbba0d16d71111edd8c1b16a.png
| MD5 | b619ead10670b588cbc1114edad39df9 |
| SHA1 | 12a27c204c339b33fc74f664a0123059ea39e0ad |
| SHA256 | 8ef6bfe948a8f0cafa9df2c2a9dfd321c7500e5652aa1a1baa64fe162e1d51e5 |
| SHA512 | 5ea399491dde2982948c35a1d41a96e724bf798ff8d953bc9129df392c0d288ed4dc755cb1c0ee2fde87f2f694e44226ce40670ec06712550a8b2080faa92b19 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\9309939de3a4c0af457dd4683cf2200d.png
| MD5 | 8f5b61fe2f3d14afebc2d599465707fb |
| SHA1 | 63e1b2388f6dcb07fadd69094cdc90bc42b23929 |
| SHA256 | 049640cf32c6af7cfa63695c7317a43f0566fe5daa6aa6f002c8a5f5798ec8d4 |
| SHA512 | f97422d598679c54aa060053b922c520b3c237f679eacf7f5b1362df0eae67a86a6bea727d253e054db79c065c3ea39eccfdb3834f109a6230593f72e8ee72fc |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\305494b58d8fd53ffeb260a6cb918e1d.png
| MD5 | c73e0db5d37c6a60eac2826e8a5157a2 |
| SHA1 | 0461a19db4c0fdd83c37a690b8ce3278ee601e79 |
| SHA256 | 157329ed7b13a10b405c4d9bf4e8a1e08f9521dee4681915e4027e83ff3d55fc |
| SHA512 | 1df18ab0618317dad754492953ae4b151e280573bbc3f9f197827add0444879a36219c8e6c6ea50bf45d5dceec5f62037a47333d848513e0e64798a10f593b31 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\63e78fc5dc38deacb9eb79bd0d516f7e.png
| MD5 | 476472cbc92de39c1ab8ee8ece1049ed |
| SHA1 | 94694cc09a8137e67405e0b1298732c3b1d7df87 |
| SHA256 | 3e1b3ec9f054da11ed5a835f7e36fdc0408fdd090b6c009534ecb0e0420c742b |
| SHA512 | d93b15251f436fc0c6e9c7910f4ece5d4fe4d081d66f5a1aebb415ee96dd608dd4c1dfb634d40702925f22eb09f4c1397267cb86091524011318185f732f2f86 |