Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/11/2024, 23:34

General

  • Target

    Noxic.exe

  • Size

    97.1MB

  • MD5

    3a74f44c697eab7f7d4be6f8f45f2fa3

  • SHA1

    9911e33b3db1ffe049f56ee1d5af12c189a02c3a

  • SHA256

    d317c6c038ca4e934f981c1c37d3d47b891249b10c7ce3e24d6ad3306a9a36dc

  • SHA512

    1e047418c6249363674612892389919971e722e8ac5c29bf365c4d41404aba9c2dbf9c76bb7c486da95f09883550d7d7fa24e631a9c91a9d02752e2133fb708a

  • SSDEEP

    3145728:Ch2VRVK8iQnLWFQM3K7f7+O5cjdsJIHxabE1:Ch2vVBf6R3Wf7+6ikS3

Malware Config

Signatures

  • Downloads MZ/PE file
  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 19 IoCs
  • Loads dropped DLL 23 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Noxic.exe
    "C:\Users\Admin\AppData\Local\Temp\Noxic.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
      "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1656 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4500
      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --mojo-platform-channel-handle=2188 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3952
      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2376 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4788
      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2252
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.cloudtrks.com/click?pid=2&offer_id=3633&sub2=u134079&sub3=cl588610&sub7=rfhttps%3A%2F%2Faimbotz.pages.dev%2F&sub8=rdaimbotz.pages.dev&sub15=727a81e3f0f8
        3⤵
        • Enumerates system info in registry
        • NTFS ADS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4916
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff15746f8,0x7ffff1574708,0x7ffff1574718
          4⤵
            PID:3652
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
            4⤵
              PID:3300
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:3228
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
              4⤵
                PID:3596
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                4⤵
                  PID:3748
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                  4⤵
                    PID:2564
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                    4⤵
                      PID:2276
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                      4⤵
                        PID:5196
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                        4⤵
                          PID:5580
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                          4⤵
                            PID:5708
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                            4⤵
                              PID:5716
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
                              4⤵
                                PID:5888
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                                4⤵
                                  PID:5348
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                                  4⤵
                                    PID:5792
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6716 /prefetch:8
                                    4⤵
                                      PID:5764
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
                                      4⤵
                                        PID:5772
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7224 /prefetch:8
                                        4⤵
                                          PID:6076
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8
                                          4⤵
                                            PID:3432
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8
                                            4⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:5572
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 /prefetch:8
                                            4⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:5712
                                          • C:\Users\Admin\Downloads\OperaGXSetup.exe
                                            "C:\Users\Admin\Downloads\OperaGXSetup.exe"
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:6132
                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe
                                              C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe --server-tracking-blob=NDE4NDRjZjI2ZWNiZmMzY2ZmY2M0ZWI4ZDg1NWMyYjc4YWY0OWE3ZjIzZTQ4OWE4YjA4Yjk1OTMwYWIzYjhkOTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1hOGViNzRiYzhlMzI0NTY2YjQ4MDA4NTMxMGZkODE5NCZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWE4ZWI3NGJjOGUzMjQ1NjZiNDgwMDg1MzEwZmQ4MTk0JmRsX3Rva2VuPTM0Nzg3MzQ3IiwidGltZXN0YW1wIjoiMTczMTEwODk4Ny4yMjYwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfSFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6ImE4ZWI3NGJjOGUzMjQ1NjZiNDgwMDg1MzEwZmQ4MTk0IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjM0MTVjNzFlLWExM2UtNGZiZS1iNTJjLTJjNTZlODcxMmQ3OSJ9
                                              5⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Enumerates connected drives
                                              • System Location Discovery: System Language Discovery
                                              • Modifies system certificate store
                                              • Suspicious use of SetWindowsHookEx
                                              PID:2492
                                              • C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe
                                                C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x324,0x328,0x32c,0x320,0x330,0x74218c5c,0x74218c68,0x74218c74
                                                6⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • System Location Discovery: System Language Discovery
                                                PID:224
                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                6⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • System Location Discovery: System Language Discovery
                                                PID:6128
                                              • C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe
                                                "C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2492 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241108233638" --session-guid=b13c11a1-7f7e-4d44-82b1-a40c660367ae --server-tracking-blob="MjhiYTZkOGYzODQ4Njk5ZDIyZmRiYTJjN2Y4YmE3OGFhMDJhNTdlMTNhMDM5MzUxY2RlMTRlMjRjNThlMjk5Mjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1hOGViNzRiYzhlMzI0NTY2YjQ4MDA4NTMxMGZkODE5NCZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWE4ZWI3NGJjOGUzMjQ1NjZiNDgwMDg1MzEwZmQ4MTk0JmRsX3Rva2VuPTM0Nzg3MzQ3Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMxMTA4OTg3LjIyNjAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9IVlJfMzczNiIsImNvbnRlbnQiOiIzNzM2XyIsImlkIjoiYThlYjc0YmM4ZTMyNDU2NmI0ODAwODUzMTBmZDgxOTQiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiMzQxNWM3MWUtYTEzZS00ZmJlLWI1MmMtMmM1NmU4NzEyZDc5In0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=5009000000000000
                                                6⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Enumerates connected drives
                                                • System Location Discovery: System Language Discovery
                                                PID:2256
                                                • C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe
                                                  C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x330,0x334,0x2fc,0x338,0x71a68c5c,0x71a68c68,0x71a68c74
                                                  7⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5236
                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                6⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:6120
                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe
                                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe" --version
                                                6⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:2060
                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x434f48,0x434f58,0x434f64
                                                  7⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5396
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
                                            4⤵
                                              PID:3224
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
                                              4⤵
                                                PID:2372
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
                                                4⤵
                                                  PID:3772
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
                                                  4⤵
                                                    PID:2244
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:2
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1764
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.cloudtrks.com/click?pid=2&offer_id=315&sub2=u134079&sub3=cl588610&sub7=rfhttps%3A%2F%2Faimbotz.pages.dev%2F&sub8=rdaimbotz.pages.dev&sub15=727a81e3f0f8
                                                  3⤵
                                                    PID:5508
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff15746f8,0x7ffff1574708,0x7ffff1574718
                                                      4⤵
                                                        PID:5524
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:4884
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:2632
                                                    • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
                                                      "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"
                                                      1⤵
                                                      • Checks computer location settings
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      PID:4952
                                                      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
                                                        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1672 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        PID:4712
                                                      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
                                                        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --mojo-platform-channel-handle=2172 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        PID:508
                                                      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
                                                        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2420 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                                        2⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        PID:3432
                                                      • C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
                                                        "C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                                        2⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        PID:2020

                                                    Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                            Filesize

                                                            152B

                                                            MD5

                                                            c2d9eeb3fdd75834f0ac3f9767de8d6f

                                                            SHA1

                                                            4d16a7e82190f8490a00008bd53d85fb92e379b0

                                                            SHA256

                                                            1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

                                                            SHA512

                                                            d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                            Filesize

                                                            152B

                                                            MD5

                                                            e55832d7cd7e868a2c087c4c73678018

                                                            SHA1

                                                            ed7a2f6d6437e907218ffba9128802eaf414a0eb

                                                            SHA256

                                                            a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

                                                            SHA512

                                                            897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            331978e587177669610a8c858947b717

                                                            SHA1

                                                            04b136f8a1661ef17080367d0b497142a86916ed

                                                            SHA256

                                                            5e6d96997134e844bc6f96720d7906041f9471e53c083ab2c1162fcebf5eb924

                                                            SHA512

                                                            7b7d632af23f8095e7063751b574a164231aaf89db661aefca06afc54e994988712f883bc5bec50fb7a31c56c79f7186b75983bd720c5469281f0ffb9544365d

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                            Filesize

                                                            3KB

                                                            MD5

                                                            ed8df51d75e3cadbce37b3c938bb0efd

                                                            SHA1

                                                            f6dbe8df354d537ab1ca929021d92b6b6c03f0fa

                                                            SHA256

                                                            ce5b42ec1609ca2dcd040fac8cca756a6b414a2e794014295f7827215d46819e

                                                            SHA512

                                                            63f0e47fd66d558e1d7f4e0ae14e17ae65bd78df493d1268f700b7ac4f0db504d14f24ae20879ade10a95401d98cdc76e1cae1a7d62c09d43ceb3624d8e245e2

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                            Filesize

                                                            5KB

                                                            MD5

                                                            d9a48a85ae6925839c2e29f11a4df741

                                                            SHA1

                                                            ae3608bb131afa1d85f4a170bc21dbba81ce4632

                                                            SHA256

                                                            be92a5f0fb7bc523763f17f2ef5fa38a576b01bf61c07bf0b36dba1fff01f1b1

                                                            SHA512

                                                            2a735c14aaedb2b12e039c564d933254635700cc228ddb50763a5736e5eb081ca741b4df5a78f8df03ca5ad8ebc0d6ca713422e79edf3b710d22d8435017326e

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            c5fb75623651363f6b94fa2f8eb73613

                                                            SHA1

                                                            cf77f547d53a2ba451159d4d1f24bb55c96bdec2

                                                            SHA256

                                                            cc5a70d713962f1fbfb278a855fd6731991900b5f780a8ddaa481541d36db904

                                                            SHA512

                                                            13a90157cbab053532293eb22bb75d8902e796f455e2dc39989688b148074cba3c283ecb30af2278683281765f24df35770dd5283a73ef3abcbb138a9b220b0c

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            202903c7115d9101d707cd04a36d6059

                                                            SHA1

                                                            8d55c7f3b4357353e4ae1275fcb8522f0b5b32a8

                                                            SHA256

                                                            7f81fbd5c46c6a40eb897b4317f88bf0be7ec8432ad3d60f753a5a1e03d90c63

                                                            SHA512

                                                            5867e09770b8999cab3281a3caf034432c64aa239452d8914c1cd7207140ec5edd6aa70d3860ac1bcbccb8e8bed99520b5bee496f064cf5223ed76f068baaab4

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            03679019f39cab5bfe41dd08d484acfe

                                                            SHA1

                                                            76b09a4a5df1569e6d30aee15c66c3ed7cc47b2d

                                                            SHA256

                                                            0a5fee8f4dd724d47929d45731d4d84eb26dab5e5f1d01e23c43432f130f081e

                                                            SHA512

                                                            4505af21c6b2a3376ef08cb83fd0a50b657a5644549e4493e42ee9c02eecb1baf9670039d341ae2a07a614cf4d629308f44b0abae71ea0d07fe75756e47f4fb2

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                            Filesize

                                                            41B

                                                            MD5

                                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                                            SHA1

                                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                                            SHA256

                                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                            SHA512

                                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                            Filesize

                                                            72B

                                                            MD5

                                                            217982373aa973785fe80c8193df0379

                                                            SHA1

                                                            77aee3ed6ba32a4c5680a8934f940b8c29c1378c

                                                            SHA256

                                                            b023c57debc08bf02229f3135d511f8d2cd477553614244fbc5caab71145d8ec

                                                            SHA512

                                                            f4f33ac3c83f33f70b24f92425ff0a370d6907b6480f656273e27fc496201f97469af83dbd65cd349fb1dadec38b0b538b2e5043d4df17fd11832c47dcaae0bc

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589892.TMP

                                                            Filesize

                                                            48B

                                                            MD5

                                                            5dc92abbf899484efa8bf64b8042f7bf

                                                            SHA1

                                                            2c31140cccbb7a14bd26ce330808ac3d3419f406

                                                            SHA256

                                                            a96b49d24c6219fafca72d4455e0b6f5750d829913078cdc8b78ae26fb49a7e9

                                                            SHA512

                                                            b150ee482205e00b2b33a6a127fd016454cd53458bf9c6c18e87a194604b06d04ef018db99837ed9d8b19d78ba97179ddc608f6c22a08cb135548d30c8d39d58

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            d3d7d4ac6c0a145698dc483ab0976a9a

                                                            SHA1

                                                            d2bbe01a62c64ff1bd12202c13a25721f3c20546

                                                            SHA256

                                                            d57e96672e51f71d1014290e2db38325028b70e85f5859279885cb5a66abfcc9

                                                            SHA512

                                                            1dc65e9711e7880889bb15597e6774101d754c320bc6310679e04f2cf313233d1e64b0e7000565435baf5c2ec620c0133175a27d2863e4f237d8d90bfc4528c3

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5874cd.TMP

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            6a2dce9b2e394daecf512f6ed846cda8

                                                            SHA1

                                                            504ea14b10a9121aaa6cbda80b7b2af6ffcb4132

                                                            SHA256

                                                            2c6663651d252e33c79698ae08201e5c5e1d0554af7c37bbd9ff2edf9ed18fb7

                                                            SHA512

                                                            5ac01912de9eb1a9ff4b206fde0e2ec3027e4d2bec7f3290283a5012b9a2d66a741c230ad7cfc957f464da19454e7694233a949590d677df3495e18512d47530

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                            Filesize

                                                            16B

                                                            MD5

                                                            6752a1d65b201c13b62ea44016eb221f

                                                            SHA1

                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                            SHA256

                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                            SHA512

                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                            Filesize

                                                            10KB

                                                            MD5

                                                            7dbf4d0c281ea4caab7a56a770667a7f

                                                            SHA1

                                                            073ea2fd077f11bc5425844d33f6754fcde6e7c4

                                                            SHA256

                                                            92c3c41cd1d9f0e3d9808af7c4096af993c37e27185303f38a50dc1ffa002329

                                                            SHA512

                                                            c02a5e4834dbf0b59175c9e6067d3253f85440a3c7a96d7c40d6d5f901343102886a8acf55f9893d90b50757daaf500376a424dfc0e02be648f5d85a6bf9d4c3

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                            Filesize

                                                            10KB

                                                            MD5

                                                            a98456e1aa5f119b5a32b50d2d81acb0

                                                            SHA1

                                                            b3fe68da40b6035a6dd15ce7b458632d83b64af3

                                                            SHA256

                                                            1a1f35b9d76bc25e7c413a8e9ee52989f730ec1e77422bf4b3fef534a5d93f8c

                                                            SHA512

                                                            9acc5f4ca6deab92b629be070866b759cbc9e9a10eca1848da37b4e5e7d4b058e9c80352074e74d14aceec23966e4421d68726ec7971d265811a9d2de4988781

                                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

                                                            Filesize

                                                            1.4MB

                                                            MD5

                                                            e9a2209b61f4be34f25069a6e54affea

                                                            SHA1

                                                            6368b0a81608c701b06b97aeff194ce88fd0e3c0

                                                            SHA256

                                                            e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

                                                            SHA512

                                                            59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

                                                          • C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe

                                                            Filesize

                                                            6.5MB

                                                            MD5

                                                            dcc0d15e77a7872758e65deb0bfc6745

                                                            SHA1

                                                            1efb89e143bf5edd34d46ae8370ecc13d4c3339f

                                                            SHA256

                                                            87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64

                                                            SHA512

                                                            9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778

                                                          • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411082336358322492.dll

                                                            Filesize

                                                            6.0MB

                                                            MD5

                                                            1b07ce60bc1c77f0cadf13c2e62b1383

                                                            SHA1

                                                            ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d

                                                            SHA256

                                                            e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f

                                                            SHA512

                                                            94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0

                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                            Filesize

                                                            2B

                                                            MD5

                                                            f3b25701fe362ec84616a93a45ce9998

                                                            SHA1

                                                            d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                            SHA256

                                                            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                            SHA512

                                                            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\chrome_100_percent.pak

                                                            Filesize

                                                            132KB

                                                            MD5

                                                            443c58245eeb233d319abf7150b99c31

                                                            SHA1

                                                            f889ce6302bd8cfbb68ee9a6d8252e58b63e492d

                                                            SHA256

                                                            99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760

                                                            SHA512

                                                            081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\chrome_200_percent.pak

                                                            Filesize

                                                            191KB

                                                            MD5

                                                            81b5b74fe16c7c81870f539d5c263397

                                                            SHA1

                                                            27526cc2b68a6d2b539bd75317a20c9c5e43c889

                                                            SHA256

                                                            cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4

                                                            SHA512

                                                            b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\d3dcompiler_47.dll

                                                            Filesize

                                                            4.7MB

                                                            MD5

                                                            2191e768cc2e19009dad20dc999135a3

                                                            SHA1

                                                            f49a46ba0e954e657aaed1c9019a53d194272b6a

                                                            SHA256

                                                            7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

                                                            SHA512

                                                            5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\ffmpeg.dll

                                                            Filesize

                                                            2.7MB

                                                            MD5

                                                            d57dd69a4d084427ea5eef777de66f68

                                                            SHA1

                                                            cacb8e06a475b2125708ae70153aa1ca525177b0

                                                            SHA256

                                                            858612d51120907bede6782a6f13a5f0b391d11ed9a35af0647126831d9843b4

                                                            SHA512

                                                            517637325aff7416e16e25f33b491025e8791e71ae3df76effc6b2910e9e651604f856d2ad6058ceee13e87a7e0e33c0c572388e76a64f902be88f175a51973a

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\icudtl.dat

                                                            Filesize

                                                            10.1MB

                                                            MD5

                                                            2134e5dbc46fb1c46eac0fe1af710ec3

                                                            SHA1

                                                            dbecf2d193ae575aba4217194d4136bd9291d4db

                                                            SHA256

                                                            ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41

                                                            SHA512

                                                            b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\libEGL.dll

                                                            Filesize

                                                            469KB

                                                            MD5

                                                            7cd0e7709799aa650cec030526b6606f

                                                            SHA1

                                                            03c06228884c3793da997b4a6ad719c518f430ac

                                                            SHA256

                                                            20d16cf4c5513a11f8f9c5a9f0fb5a0309f351d3f3d53438b4cfbb68e3466b8a

                                                            SHA512

                                                            1f4cc8b74e09354d0b3dde8ecc1e3d577d1b62d9dd25d0902d5264a72e80d09b363ee46abbe4eb7f67cecb02c1f272282825bcc95329eefd3bac48d33b43528d

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\libGLESv2.dll

                                                            Filesize

                                                            7.1MB

                                                            MD5

                                                            793f527cf248726bb0111026f80c6467

                                                            SHA1

                                                            2fbda331832bac5801ff0ed3234658bd8af29ec6

                                                            SHA256

                                                            acafb1080be066cf10dc3f0f75ef73fb55738fdaac450dee7ee6f672ea9fc23c

                                                            SHA512

                                                            5f14782237f49f621a040927ced199f678a64b147a19a8045c8916f95402906f94ce5a8a0aceb7ab29dded96d0284f0264c67286b97faee8e51d44d7de8a4410

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\locales\en-US.pak

                                                            Filesize

                                                            351KB

                                                            MD5

                                                            06d28839ea0b3aab4597ba8646a53a96

                                                            SHA1

                                                            9c6a74aae8c783546d613c6f38cbfc8f5e3736f1

                                                            SHA256

                                                            69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a

                                                            SHA512

                                                            a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\resources.pak

                                                            Filesize

                                                            4.9MB

                                                            MD5

                                                            c02a7646179764432f18e2e3aa30582d

                                                            SHA1

                                                            d8fe2b0b9f3ecb621b958c7b50bfcd958036fcbe

                                                            SHA256

                                                            c5dad6ac71492b89c21909966fd24a94ac8205f97ae85c9731d1131d7bc927e4

                                                            SHA512

                                                            95bdb007443756a21cc4ba8dfee90bcec3ab46eaf45d1a6adb7500368e1ac4f4cad9a410be34708672977517c31351cff0395d7159def49215980d1de87835d4

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\resources\app\icon.ico

                                                            Filesize

                                                            169KB

                                                            MD5

                                                            76736a156daa04efc6298d5d22dd33d4

                                                            SHA1

                                                            8999c831944ab8973db2c9832600df29f44ece5a

                                                            SHA256

                                                            f520026e6794da6455bdb33ccbe5d855b49d157bd3e2469967f5dae2a419dbeb

                                                            SHA512

                                                            c5728813f8faa1c4a7a619894f55911679d03d63eab98b6af3a87169ed6b7dcf116a3e09d999353a15e6cb37872de12b6a565b39a66d1d7c53d0d17ba48a6f25

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\resources\app\lib\main.js

                                                            Filesize

                                                            497KB

                                                            MD5

                                                            c5cc8c567f8cf454a75d1fe52b1b4e10

                                                            SHA1

                                                            d468190f6a7fab2d1cf37e271318be2c06f9e08b

                                                            SHA256

                                                            c1c720603c33896d213b06f7d2c056f6a5dd38874365bd9a816675c9d5fa6654

                                                            SHA512

                                                            b6dc23b8d53066d26b217429c6fb8bcab74335ab2a19ada666888523ba34e07093139cf56c28b118ca1f7c58a2c77a56467a71f6938cfcc8ff3cebdd06948f74

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\resources\app\lib\preload.js

                                                            Filesize

                                                            12KB

                                                            MD5

                                                            cfd7e6489b0d63738319982f68ff935e

                                                            SHA1

                                                            d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290

                                                            SHA256

                                                            d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e

                                                            SHA512

                                                            9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\resources\app\nativefier.json

                                                            Filesize

                                                            1016B

                                                            MD5

                                                            649d80ed9be5956a8352a170cd94adf9

                                                            SHA1

                                                            d2d1473aab229d282b7adf39384b2ee311e63e57

                                                            SHA256

                                                            5fd5fae6c7cceff2700ab55cc3eef4fcda32766556ab11d9df0bcff724f62c6d

                                                            SHA512

                                                            0f4cc4c1d62e1d4973bf9cdd818080d443f5096e5acfb28d7d5044ab9926230fd56ff51acc5b2da50cce6e0739ddfd06ad91b9060cfc0ad2882292559d594d59

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\resources\app\package.json

                                                            Filesize

                                                            596B

                                                            MD5

                                                            76c54d2e7c5010bd9ca18d78c332d840

                                                            SHA1

                                                            a7b8c314c48816ee6433cfad09b89a0623317ed7

                                                            SHA256

                                                            598659ffdf7609e491e338b289713371ac00230835fd854141a09ecaa53dccf1

                                                            SHA512

                                                            c2a63ad09d617181b9d5777997386d8526337f18e870a40d7275a366d41ce2ace805ad0c326c8197ba2eec6be84e1e1e2711bc0462bf6a5c89f8c87832a3c27d

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\v8_context_snapshot.bin

                                                            Filesize

                                                            564KB

                                                            MD5

                                                            d414e2c9406a9fe119a25ee53a9fcf49

                                                            SHA1

                                                            71b38aa1a71750c699cb2a55e7524e00dd8af041

                                                            SHA256

                                                            3aacd67dee9d3e7b43799c1d4fed178a247faa087de14b2d13ef67eb512e4297

                                                            SHA512

                                                            fa79b61f7d2f3b0d0d32e0d88d48eb4d5b81ea73efbc001a2710fc76fed14c099dc08988b279b874f239e8cb9d47ab11a1533d9b5ac10fb8325da9361c31cb29

                                                          • C:\Users\Admin\AppData\Roaming\Noxic\vk_swiftshader.dll

                                                            Filesize

                                                            5.0MB

                                                            MD5

                                                            60ff770a0a18ebf2473a25d65bbef2c4

                                                            SHA1

                                                            e9dc07d13f8e9a9c679765967a764a95311fcb4a

                                                            SHA256

                                                            541b416b14a0fa5d17f3b6e1eec4f4aa06dbf3c5b16654246605cee9ef6afa5a

                                                            SHA512

                                                            f1c79c2b3c00e3ec57db0db4bf55bf5669e10eca9161d9ff7087f410c691482a3b45bd5f0af89550352747975ce10613cff287fb8945ea6b762bca3bcfe22b30

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\5b7cda31-24da-4ca4-b96a-e57c6a0954a5.tmp

                                                            Filesize

                                                            86B

                                                            MD5

                                                            d11dedf80b85d8d9be3fec6bb292f64b

                                                            SHA1

                                                            aab8783454819cd66ddf7871e887abdba138aef3

                                                            SHA256

                                                            8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

                                                            SHA512

                                                            6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Code Cache\js\index-dir\the-real-index

                                                            Filesize

                                                            600B

                                                            MD5

                                                            00052289ad9da36624c931ae208a77e6

                                                            SHA1

                                                            2ecfc5fcb7495ba4a3d7229aeb927847c15bd484

                                                            SHA256

                                                            ca963b4de6b1d6b404e47b460f3d42c99ec20b81422bdd44ff95407e39366c30

                                                            SHA512

                                                            c07989e7af25b49a27e2939ff18efe5d8071c315a894108fe2c00ca0e37d6e6ccb3b9405663e230a0a18d9392facd6b6737008fc600810136f201201a5fdc9fb

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Code Cache\js\index-dir\the-real-index

                                                            Filesize

                                                            48B

                                                            MD5

                                                            fd45c8564e63f61b212de544b9d502a9

                                                            SHA1

                                                            dc20ba48dbd34ee0b668d8f4aed26ed13be23451

                                                            SHA256

                                                            1121b54234c1749f315c3608f963f4b53f2b5ebecd813fd7ae7e5bcf22302f30

                                                            SHA512

                                                            8cfc72f8d327ae401af575cbeaf897b51a6783f6e9f2928035dc556d6e8605d8c9448cb93a584d6f18673724e56ca3ae2b86281ab51aa49ceef75243f03ce550

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Code Cache\js\index-dir\the-real-index

                                                            Filesize

                                                            360B

                                                            MD5

                                                            cc3980a2e3f46e7b4c04bc9ab61ef873

                                                            SHA1

                                                            c7d60abe6495eab26ae0ca3578eb83802430408b

                                                            SHA256

                                                            ad2520697037e2a02f632f37470b1ea05f9faa788855543953b77ad3bad04e70

                                                            SHA512

                                                            aaaeb83ee7a7cca943ff97e6e240eccacb253faa16534d074a5cee18cd6e129b3636ec380e2328ce0ff70839a5b3e027338899633135abc9141a84ca3e55a7ba

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_0

                                                            Filesize

                                                            8KB

                                                            MD5

                                                            cf89d16bb9107c631daabf0c0ee58efb

                                                            SHA1

                                                            3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                            SHA256

                                                            d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                            SHA512

                                                            8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_1

                                                            Filesize

                                                            264KB

                                                            MD5

                                                            59ce410787ab7d254084547c2ab21f79

                                                            SHA1

                                                            e4ac2c5c71621638a3d671630ccdedca20718295

                                                            SHA256

                                                            1a3b3ef03774b3501abcc37858e5a3df5644f11de479315f3da653e031f9d700

                                                            SHA512

                                                            601f3ae77044ab7e0a5a78ebf98a76dca28a0c5100b959b282ff756edd07f2a62b041117f3e5ae08f5cc1bbcdebe7382d43a8132dcf200e7ac98782cf445bb2a

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_2

                                                            Filesize

                                                            8KB

                                                            MD5

                                                            0962291d6d367570bee5454721c17e11

                                                            SHA1

                                                            59d10a893ef321a706a9255176761366115bedcb

                                                            SHA256

                                                            ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                            SHA512

                                                            f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_3

                                                            Filesize

                                                            8KB

                                                            MD5

                                                            41876349cb12d6db992f1309f22df3f0

                                                            SHA1

                                                            5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                            SHA256

                                                            e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                            SHA512

                                                            e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Network\Network Persistent State

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            74277477f5d189d01707e4a73f80c6f7

                                                            SHA1

                                                            3c36c87846491948d1963627c016c48b0548b82e

                                                            SHA256

                                                            7b2c586a8a09990111e02e78e61aab359de59dcb003414175cbd3386fdfe2893

                                                            SHA512

                                                            907438d7b8664825cfb1d05676e60192a1ea04d4f955f66cf41b25e24b514c9e9e9ce106572bbb2d2edf046a63a18b7703900108a46ded9ec61644b645f61b12

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Network\Network Persistent State~RFe590b8f.TMP

                                                            Filesize

                                                            59B

                                                            MD5

                                                            2800881c775077e1c4b6e06bf4676de4

                                                            SHA1

                                                            2873631068c8b3b9495638c865915be822442c8b

                                                            SHA256

                                                            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                            SHA512

                                                            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Network\TransportSecurity

                                                            Filesize

                                                            524B

                                                            MD5

                                                            3c156dd97145f989a224b540834e0554

                                                            SHA1

                                                            60d6e73dcbad5f5328bc4f40f0580e6ac6c7ae45

                                                            SHA256

                                                            cd0d8757f1a22fe42b4550c8c13d89566c9a0c074e3c9c67ebd09da2be2ac26f

                                                            SHA512

                                                            060611ae6a104b2c99712e8915aae24014621658261a0f8d15f043b30b0fd22950bf94438519d1e0401f42c47aeeb22b1594a939442107b4aba86910a1827989

                                                          • C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Session Storage\CURRENT

                                                            Filesize

                                                            16B

                                                            MD5

                                                            46295cac801e5d4857d09837238a6394

                                                            SHA1

                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                            SHA256

                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                            SHA512

                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                          • C:\Users\Admin\Desktop\Noxic.lnk

                                                            Filesize

                                                            963B

                                                            MD5

                                                            c842f8353de625b358380071b54a3992

                                                            SHA1

                                                            499b1de626cd62c9d0f571e9e3e44c424d16c0ea

                                                            SHA256

                                                            9748b867b02369074a8790f55cac116dfec6a19a0545058f58cd1c027ddeb079

                                                            SHA512

                                                            9666c14679025b36ca848e39d2cadb49a441339e902cf54d50ec1a5ae5208a1e5501df76d11079c7cf0e0fdfe1feaaf6f997cdbab7eef0d30493d0d76525c664

                                                          • C:\Users\Admin\Downloads\OperaGXSetup.exe

                                                            Filesize

                                                            3.2MB

                                                            MD5

                                                            24b6ddacec58545bcc6321cd8e92e5fe

                                                            SHA1

                                                            bc7776ff0ce24ff4710846628618eb6e6d1b5317

                                                            SHA256

                                                            5a3b1d4afc5859c6df76f3ba996cbd4db825fedf39a9298276fbe1dc69275965

                                                            SHA512

                                                            44995e76268f589fdf98c6ab12e78a0ebe7a359985ba09b45e8ae16cb0d9f0bc720abc568b9e6020c605013b872bab60759cb8cb11966989adc9ea69b280656e

                                                          • memory/2252-306-0x00007FF811AB0000-0x00007FF811AB1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                          • memory/2252-305-0x00007FF8101E0000-0x00007FF8101E1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                          • memory/4052-10-0x0000000000920000-0x0000000000921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                          • memory/4052-9-0x0000000000400000-0x0000000000708000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                          • memory/4052-0-0x0000000000920000-0x0000000000921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                          • memory/4052-203-0x0000000000400000-0x0000000000708000-memory.dmp

                                                            Filesize

                                                            3.0MB