Malware Analysis Report

2025-08-05 10:58

Sample ID 241108-3kqz1asdmb
Target Noxic.zip
SHA256 ed08d239c46a922bb22cc1c27fdbf6699819e48d911766ec37b31b0423a52f71
Tags
discovery persistence phishing spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ed08d239c46a922bb22cc1c27fdbf6699819e48d911766ec37b31b0423a52f71

Threat Level: Likely malicious

The file Noxic.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence phishing spyware stealer

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

Checks computer location settings

Reads user/profile data of web browsers

A potential corporate email address has been identified in the URL: [email protected]

Executes dropped EXE

Loads dropped DLL

A potential corporate email address has been identified in the URL: [email protected]

Enumerates connected drives

Adds Run key to start application

Browser Information Discovery

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 23:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 23:34

Reported

2024-11-08 23:38

Platform

win7-20240903-en

Max time kernel

117s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Noxic.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\Noxic = "C:\\Users\\Admin\\AppData\\Roaming\\Noxic\\Noxic App.exe" C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Noxic.exe

"C:\Users\Admin\AppData\Local\Temp\Noxic.exe"

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"

Network

N/A

Files

memory/2892-0-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2892-10-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2892-9-0x0000000000400000-0x0000000000708000-memory.dmp

\Users\Admin\AppData\Roaming\Noxic\ffmpeg.dll

MD5 d57dd69a4d084427ea5eef777de66f68
SHA1 cacb8e06a475b2125708ae70153aa1ca525177b0
SHA256 858612d51120907bede6782a6f13a5f0b391d11ed9a35af0647126831d9843b4
SHA512 517637325aff7416e16e25f33b491025e8791e71ae3df76effc6b2910e9e651604f856d2ad6058ceee13e87a7e0e33c0c572388e76a64f902be88f175a51973a

memory/2892-201-0x0000000000400000-0x0000000000708000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 23:34

Reported

2024-11-08 23:38

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Noxic.exe"

Signatures

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Noxic = "C:\\Users\\Admin\\AppData\\Roaming\\Noxic\\Noxic App.exe" C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Noxic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 326944.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4052 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\Noxic.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 4052 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\Noxic.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe
PID 2972 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Noxic.exe

"C:\Users\Admin\AppData\Local\Temp\Noxic.exe"

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1656 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --mojo-platform-channel-handle=2188 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2376 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1660,i,12747660829818092529,794317098256018348,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.cloudtrks.com/click?pid=2&offer_id=3633&sub2=u134079&sub3=cl588610&sub7=rfhttps%3A%2F%2Faimbotz.pages.dev%2F&sub8=rdaimbotz.pages.dev&sub15=727a81e3f0f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff15746f8,0x7ffff1574708,0x7ffff1574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.cloudtrks.com/click?pid=2&offer_id=315&sub2=u134079&sub3=cl588610&sub7=rfhttps%3A%2F%2Faimbotz.pages.dev%2F&sub8=rdaimbotz.pages.dev&sub15=727a81e3f0f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff15746f8,0x7ffff1574708,0x7ffff1574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 /prefetch:8

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe --server-tracking-blob=NDE4NDRjZjI2ZWNiZmMzY2ZmY2M0ZWI4ZDg1NWMyYjc4YWY0OWE3ZjIzZTQ4OWE4YjA4Yjk1OTMwYWIzYjhkOTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1hOGViNzRiYzhlMzI0NTY2YjQ4MDA4NTMxMGZkODE5NCZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWE4ZWI3NGJjOGUzMjQ1NjZiNDgwMDg1MzEwZmQ4MTk0JmRsX3Rva2VuPTM0Nzg3MzQ3IiwidGltZXN0YW1wIjoiMTczMTEwODk4Ny4yMjYwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfSFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6ImE4ZWI3NGJjOGUzMjQ1NjZiNDgwMDg1MzEwZmQ4MTk0IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjM0MTVjNzFlLWExM2UtNGZiZS1iNTJjLTJjNTZlODcxMmQ3OSJ9

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x324,0x328,0x32c,0x320,0x330,0x74218c5c,0x74218c68,0x74218c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2492 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241108233638" --session-guid=b13c11a1-7f7e-4d44-82b1-a40c660367ae --server-tracking-blob="MjhiYTZkOGYzODQ4Njk5ZDIyZmRiYTJjN2Y4YmE3OGFhMDJhNTdlMTNhMDM5MzUxY2RlMTRlMjRjNThlMjk5Mjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1hOGViNzRiYzhlMzI0NTY2YjQ4MDA4NTMxMGZkODE5NCZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWE4ZWI3NGJjOGUzMjQ1NjZiNDgwMDg1MzEwZmQ4MTk0JmRsX3Rva2VuPTM0Nzg3MzQ3Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMxMTA4OTg3LjIyNjAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9IVlJfMzczNiIsImNvbnRlbnQiOiIzNzM2XyIsImlkIjoiYThlYjc0YmM4ZTMyNDU2NmI0ODAwODUzMTBmZDgxOTQiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiMzQxNWM3MWUtYTEzZS00ZmJlLWI1MmMtMmM1NmU4NzEyZDc5In0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=5009000000000000

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x330,0x334,0x2fc,0x338,0x71a68c5c,0x71a68c68,0x71a68c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x434f48,0x434f58,0x434f64

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe"

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1672 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --mojo-platform-channel-handle=2172 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2420 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe

"C:\Users\Admin\AppData\Roaming\Noxic\Noxic App.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb" --app-user-model-id=noxic-app-nativefier-00f9eb --app-path="C:\Users\Admin\AppData\Roaming\Noxic\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1688,i,18163330862819539772,12674870501539788796,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9658005531074099488,7345135458686354843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 aimbotz.pages.dev udp
US 8.8.8.8:53 aimbotz.pages.dev udp
US 172.66.47.176:443 aimbotz.pages.dev tcp
US 172.66.47.176:443 aimbotz.pages.dev tcp
US 172.66.47.176:443 aimbotz.pages.dev udp
US 8.8.8.8:53 d17iy0164v753e.cloudfront.net udp
US 8.8.8.8:53 d17iy0164v753e.cloudfront.net udp
FR 13.32.158.118:443 d17iy0164v753e.cloudfront.net tcp
FR 13.32.158.118:443 d17iy0164v753e.cloudfront.net tcp
US 8.8.8.8:53 176.47.66.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 d1myn4ixnn41tz.cloudfront.net udp
US 8.8.8.8:53 d1myn4ixnn41tz.cloudfront.net udp
US 8.8.8.8:53 duh0b8nl8uhfn.cloudfront.net udp
US 8.8.8.8:53 duh0b8nl8uhfn.cloudfront.net udp
FR 13.224.58.155:443 d1myn4ixnn41tz.cloudfront.net tcp
FR 13.224.58.155:443 d1myn4ixnn41tz.cloudfront.net tcp
FR 18.244.38.110:443 duh0b8nl8uhfn.cloudfront.net tcp
US 8.8.8.8:53 118.158.32.13.in-addr.arpa udp
US 8.8.8.8:53 155.58.224.13.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.38.244.18.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d2lmlpk6xgu7kg.cloudfront.net udp
US 8.8.8.8:53 d2lmlpk6xgu7kg.cloudfront.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
GB 172.217.169.42:443 ajax.googleapis.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
FR 3.165.135.51:443 d2lmlpk6xgu7kg.cloudfront.net tcp
FR 3.165.135.51:443 d2lmlpk6xgu7kg.cloudfront.net tcp
FR 3.165.135.51:443 d2lmlpk6xgu7kg.cloudfront.net tcp
FR 3.165.135.51:443 d2lmlpk6xgu7kg.cloudfront.net tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 51.135.165.3.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 app.cloudtrks.com udp
NL 34.91.218.141:443 app.cloudtrks.com tcp
US 8.8.8.8:53 t.afftrackr.com udp
US 44.216.2.254:443 t.afftrackr.com tcp
US 8.8.8.8:53 141.218.91.34.in-addr.arpa udp
US 44.216.2.254:443 t.afftrackr.com tcp
US 8.8.8.8:53 nationalconsumerscenter.co.uk udp
US 104.18.21.83:443 nationalconsumerscenter.co.uk tcp
US 8.8.8.8:53 www.cdn925.com udp
US 104.16.246.135:443 www.cdn925.com tcp
US 104.16.246.135:443 www.cdn925.com tcp
US 8.8.8.8:53 254.2.216.44.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 83.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 135.246.16.104.in-addr.arpa udp
US 8.8.8.8:53 www.clicken.us udp
US 104.16.243.248:443 www.clicken.us tcp
US 8.8.8.8:53 fqtag.com udp
US 35.190.72.161:443 fqtag.com tcp
US 8.8.8.8:53 cdn.fqtag.com udp
US 35.190.36.172:443 cdn.fqtag.com tcp
US 8.8.8.8:53 248.243.16.104.in-addr.arpa udp
US 8.8.8.8:53 161.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 172.36.190.35.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 35.190.72.161:443 fqtag.com udp
US 35.190.72.161:443 fqtag.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 stun.wwdl.net udp
US 8.8.8.8:53 stun.jumblo.com udp
US 8.8.8.8:53 stun.botonakis.com udp
US 8.8.8.8:53 stun.node4.co.uk udp
US 8.8.8.8:53 stun.budgetphone.nl udp
US 8.8.8.8:53 stun.counterpath.com udp
US 8.8.8.8:53 stun.2talk.com udp
US 8.8.8.8:53 stun.gradwell.com udp
US 8.8.8.8:53 stun.voipzoom.com udp
US 8.8.8.8:53 stun.veoh.com udp
US 8.8.8.8:53 stun.nas.net udp
US 8.8.8.8:53 stun.voxox.com udp
US 8.8.8.8:53 stun.voip.aebc.com udp
US 216.93.246.18:3478 stun.counterpath.com udp
US 70.85.220.74:3478 stun.wwdl.net udp
DE 77.72.169.213:3478 stun.voipzoom.com udp
CA 66.51.128.11:3478 stun.voip.aebc.com udp
US 69.167.127.106:3478 stun.veoh.com udp
CA 216.145.109.98:3478 stun.nas.net udp
DE 77.72.169.210:3478 stun.voipzoom.com udp
US 8.8.8.8:53 aux.fqtag.com udp
US 35.190.13.203:443 aux.fqtag.com tcp
US 8.8.8.8:53 18.246.93.216.in-addr.arpa udp
US 8.8.8.8:53 74.220.85.70.in-addr.arpa udp
US 8.8.8.8:53 213.169.72.77.in-addr.arpa udp
US 8.8.8.8:53 11.128.51.66.in-addr.arpa udp
US 8.8.8.8:53 106.127.167.69.in-addr.arpa udp
US 8.8.8.8:53 98.109.145.216.in-addr.arpa udp
US 8.8.8.8:53 203.13.190.35.in-addr.arpa udp
US 8.8.8.8:53 210.169.72.77.in-addr.arpa udp
US 35.190.13.203:443 aux.fqtag.com udp
US 8.8.8.8:53 mr.macgsapptrck.com udp
NL 34.91.234.242:443 mr.macgsapptrck.com tcp
US 8.8.8.8:53 get-gx.com udp
US 52.203.66.83:443 get-gx.com tcp
US 8.8.8.8:53 242.234.91.34.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 83.66.203.52.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
DE 35.156.1.158:443 www.opera.com tcp
DE 35.156.1.158:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 158.1.156.35.in-addr.arpa udp
GB 216.58.201.110:443 www.googleoptimize.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 15.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
DE 35.156.1.158:443 www.opera.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.179.226:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
GB 142.250.179.226:443 ade.googlesyndication.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.123:443 autoupdate.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.94:443 features.opera-api2.com tcp
US 8.8.8.8:53 api.config.opr.gg udp
US 104.18.25.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.122:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 94.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 17.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 122.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 download3.operacdn.com udp
GB 2.19.161.48:443 download3.operacdn.com tcp
US 8.8.8.8:53 48.161.19.2.in-addr.arpa udp
US 8.8.8.8:53 aimbotz.pages.dev udp
US 8.8.8.8:53 aimbotz.pages.dev udp
US 172.66.47.176:443 aimbotz.pages.dev tcp
US 172.66.47.176:443 aimbotz.pages.dev udp
US 8.8.8.8:53 du002iv2rxh4h.cloudfront.net udp
US 8.8.8.8:53 du002iv2rxh4h.cloudfront.net udp
US 8.8.8.8:53 d1ftkft7iiluq6.cloudfront.net udp
US 8.8.8.8:53 d1ftkft7iiluq6.cloudfront.net udp
FR 18.245.200.188:443 du002iv2rxh4h.cloudfront.net tcp
FR 18.245.200.188:443 du002iv2rxh4h.cloudfront.net tcp
FR 18.245.200.177:443 d1ftkft7iiluq6.cloudfront.net tcp
US 8.8.8.8:53 188.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 177.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 d2lmlpk6xgu7kg.cloudfront.net udp
US 8.8.8.8:53 d2lmlpk6xgu7kg.cloudfront.net udp
FR 3.165.135.26:443 d2lmlpk6xgu7kg.cloudfront.net tcp
US 8.8.8.8:53 26.135.165.3.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp

Files

memory/4052-0-0x0000000000920000-0x0000000000921000-memory.dmp

memory/4052-10-0x0000000000920000-0x0000000000921000-memory.dmp

memory/4052-9-0x0000000000400000-0x0000000000708000-memory.dmp

C:\Users\Admin\AppData\Roaming\Noxic\ffmpeg.dll

MD5 d57dd69a4d084427ea5eef777de66f68
SHA1 cacb8e06a475b2125708ae70153aa1ca525177b0
SHA256 858612d51120907bede6782a6f13a5f0b391d11ed9a35af0647126831d9843b4
SHA512 517637325aff7416e16e25f33b491025e8791e71ae3df76effc6b2910e9e651604f856d2ad6058ceee13e87a7e0e33c0c572388e76a64f902be88f175a51973a

C:\Users\Admin\AppData\Roaming\Noxic\icudtl.dat

MD5 2134e5dbc46fb1c46eac0fe1af710ec3
SHA1 dbecf2d193ae575aba4217194d4136bd9291d4db
SHA256 ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41
SHA512 b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb

memory/4052-203-0x0000000000400000-0x0000000000708000-memory.dmp

C:\Users\Admin\AppData\Roaming\Noxic\v8_context_snapshot.bin

MD5 d414e2c9406a9fe119a25ee53a9fcf49
SHA1 71b38aa1a71750c699cb2a55e7524e00dd8af041
SHA256 3aacd67dee9d3e7b43799c1d4fed178a247faa087de14b2d13ef67eb512e4297
SHA512 fa79b61f7d2f3b0d0d32e0d88d48eb4d5b81ea73efbc001a2710fc76fed14c099dc08988b279b874f239e8cb9d47ab11a1533d9b5ac10fb8325da9361c31cb29

C:\Users\Admin\AppData\Roaming\Noxic\resources\app\package.json

MD5 76c54d2e7c5010bd9ca18d78c332d840
SHA1 a7b8c314c48816ee6433cfad09b89a0623317ed7
SHA256 598659ffdf7609e491e338b289713371ac00230835fd854141a09ecaa53dccf1
SHA512 c2a63ad09d617181b9d5777997386d8526337f18e870a40d7275a366d41ce2ace805ad0c326c8197ba2eec6be84e1e1e2711bc0462bf6a5c89f8c87832a3c27d

C:\Users\Admin\AppData\Roaming\Noxic\resources\app\lib\main.js

MD5 c5cc8c567f8cf454a75d1fe52b1b4e10
SHA1 d468190f6a7fab2d1cf37e271318be2c06f9e08b
SHA256 c1c720603c33896d213b06f7d2c056f6a5dd38874365bd9a816675c9d5fa6654
SHA512 b6dc23b8d53066d26b217429c6fb8bcab74335ab2a19ada666888523ba34e07093139cf56c28b118ca1f7c58a2c77a56467a71f6938cfcc8ff3cebdd06948f74

C:\Users\Admin\AppData\Roaming\Noxic\resources\app\nativefier.json

MD5 649d80ed9be5956a8352a170cd94adf9
SHA1 d2d1473aab229d282b7adf39384b2ee311e63e57
SHA256 5fd5fae6c7cceff2700ab55cc3eef4fcda32766556ab11d9df0bcff724f62c6d
SHA512 0f4cc4c1d62e1d4973bf9cdd818080d443f5096e5acfb28d7d5044ab9926230fd56ff51acc5b2da50cce6e0739ddfd06ad91b9060cfc0ad2882292559d594d59

C:\Users\Admin\AppData\Roaming\Noxic\resources.pak

MD5 c02a7646179764432f18e2e3aa30582d
SHA1 d8fe2b0b9f3ecb621b958c7b50bfcd958036fcbe
SHA256 c5dad6ac71492b89c21909966fd24a94ac8205f97ae85c9731d1131d7bc927e4
SHA512 95bdb007443756a21cc4ba8dfee90bcec3ab46eaf45d1a6adb7500368e1ac4f4cad9a410be34708672977517c31351cff0395d7159def49215980d1de87835d4

C:\Users\Admin\AppData\Roaming\Noxic\locales\en-US.pak

MD5 06d28839ea0b3aab4597ba8646a53a96
SHA1 9c6a74aae8c783546d613c6f38cbfc8f5e3736f1
SHA256 69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a
SHA512 a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71

C:\Users\Admin\AppData\Roaming\Noxic\chrome_200_percent.pak

MD5 81b5b74fe16c7c81870f539d5c263397
SHA1 27526cc2b68a6d2b539bd75317a20c9c5e43c889
SHA256 cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4
SHA512 b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80

C:\Users\Admin\AppData\Roaming\Noxic\chrome_100_percent.pak

MD5 443c58245eeb233d319abf7150b99c31
SHA1 f889ce6302bd8cfbb68ee9a6d8252e58b63e492d
SHA256 99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760
SHA512 081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc

C:\Users\Admin\AppData\Roaming\Noxic\resources\app\icon.ico

MD5 76736a156daa04efc6298d5d22dd33d4
SHA1 8999c831944ab8973db2c9832600df29f44ece5a
SHA256 f520026e6794da6455bdb33ccbe5d855b49d157bd3e2469967f5dae2a419dbeb
SHA512 c5728813f8faa1c4a7a619894f55911679d03d63eab98b6af3a87169ed6b7dcf116a3e09d999353a15e6cb37872de12b6a565b39a66d1d7c53d0d17ba48a6f25

C:\Users\Admin\AppData\Roaming\Noxic\vk_swiftshader.dll

MD5 60ff770a0a18ebf2473a25d65bbef2c4
SHA1 e9dc07d13f8e9a9c679765967a764a95311fcb4a
SHA256 541b416b14a0fa5d17f3b6e1eec4f4aa06dbf3c5b16654246605cee9ef6afa5a
SHA512 f1c79c2b3c00e3ec57db0db4bf55bf5669e10eca9161d9ff7087f410c691482a3b45bd5f0af89550352747975ce10613cff287fb8945ea6b762bca3bcfe22b30

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Noxic\libEGL.dll

MD5 7cd0e7709799aa650cec030526b6606f
SHA1 03c06228884c3793da997b4a6ad719c518f430ac
SHA256 20d16cf4c5513a11f8f9c5a9f0fb5a0309f351d3f3d53438b4cfbb68e3466b8a
SHA512 1f4cc8b74e09354d0b3dde8ecc1e3d577d1b62d9dd25d0902d5264a72e80d09b363ee46abbe4eb7f67cecb02c1f272282825bcc95329eefd3bac48d33b43528d

C:\Users\Admin\AppData\Roaming\Noxic\libGLESv2.dll

MD5 793f527cf248726bb0111026f80c6467
SHA1 2fbda331832bac5801ff0ed3234658bd8af29ec6
SHA256 acafb1080be066cf10dc3f0f75ef73fb55738fdaac450dee7ee6f672ea9fc23c
SHA512 5f14782237f49f621a040927ced199f678a64b147a19a8045c8916f95402906f94ce5a8a0aceb7ab29dded96d0284f0264c67286b97faee8e51d44d7de8a4410

C:\Users\Admin\AppData\Roaming\Noxic\d3dcompiler_47.dll

MD5 2191e768cc2e19009dad20dc999135a3
SHA1 f49a46ba0e954e657aaed1c9019a53d194272b6a
SHA256 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
SHA512 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Noxic\resources\app\lib\preload.js

MD5 cfd7e6489b0d63738319982f68ff935e
SHA1 d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290
SHA256 d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e
SHA512 9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

memory/2252-305-0x00007FF8101E0000-0x00007FF8101E1000-memory.dmp

memory/2252-306-0x00007FF811AB0000-0x00007FF811AB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_4916_AYRELVZGKHSLUZJA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9a48a85ae6925839c2e29f11a4df741
SHA1 ae3608bb131afa1d85f4a170bc21dbba81ce4632
SHA256 be92a5f0fb7bc523763f17f2ef5fa38a576b01bf61c07bf0b36dba1fff01f1b1
SHA512 2a735c14aaedb2b12e039c564d933254635700cc228ddb50763a5736e5eb081ca741b4df5a78f8df03ca5ad8ebc0d6ca713422e79edf3b710d22d8435017326e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7dbf4d0c281ea4caab7a56a770667a7f
SHA1 073ea2fd077f11bc5425844d33f6754fcde6e7c4
SHA256 92c3c41cd1d9f0e3d9808af7c4096af993c37e27185303f38a50dc1ffa002329
SHA512 c02a5e4834dbf0b59175c9e6067d3253f85440a3c7a96d7c40d6d5f901343102886a8acf55f9893d90b50757daaf500376a424dfc0e02be648f5d85a6bf9d4c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5fb75623651363f6b94fa2f8eb73613
SHA1 cf77f547d53a2ba451159d4d1f24bb55c96bdec2
SHA256 cc5a70d713962f1fbfb278a855fd6731991900b5f780a8ddaa481541d36db904
SHA512 13a90157cbab053532293eb22bb75d8902e796f455e2dc39989688b148074cba3c283ecb30af2278683281765f24df35770dd5283a73ef3abcbb138a9b220b0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Code Cache\js\index-dir\the-real-index

MD5 cc3980a2e3f46e7b4c04bc9ab61ef873
SHA1 c7d60abe6495eab26ae0ca3578eb83802430408b
SHA256 ad2520697037e2a02f632f37470b1ea05f9faa788855543953b77ad3bad04e70
SHA512 aaaeb83ee7a7cca943ff97e6e240eccacb253faa16534d074a5cee18cd6e129b3636ec380e2328ce0ff70839a5b3e027338899633135abc9141a84ca3e55a7ba

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Code Cache\js\index-dir\the-real-index

MD5 fd45c8564e63f61b212de544b9d502a9
SHA1 dc20ba48dbd34ee0b668d8f4aed26ed13be23451
SHA256 1121b54234c1749f315c3608f963f4b53f2b5ebecd813fd7ae7e5bcf22302f30
SHA512 8cfc72f8d327ae401af575cbeaf897b51a6783f6e9f2928035dc556d6e8605d8c9448cb93a584d6f18673724e56ca3ae2b86281ab51aa49ceef75243f03ce550

C:\Users\Admin\Desktop\Noxic.lnk

MD5 c842f8353de625b358380071b54a3992
SHA1 499b1de626cd62c9d0f571e9e3e44c424d16c0ea
SHA256 9748b867b02369074a8790f55cac116dfec6a19a0545058f58cd1c027ddeb079
SHA512 9666c14679025b36ca848e39d2cadb49a441339e902cf54d50ec1a5ae5208a1e5501df76d11079c7cf0e0fdfe1feaaf6f997cdbab7eef0d30493d0d76525c664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03679019f39cab5bfe41dd08d484acfe
SHA1 76b09a4a5df1569e6d30aee15c66c3ed7cc47b2d
SHA256 0a5fee8f4dd724d47929d45731d4d84eb26dab5e5f1d01e23c43432f130f081e
SHA512 4505af21c6b2a3376ef08cb83fd0a50b657a5644549e4493e42ee9c02eecb1baf9670039d341ae2a07a614cf4d629308f44b0abae71ea0d07fe75756e47f4fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3d7d4ac6c0a145698dc483ab0976a9a
SHA1 d2bbe01a62c64ff1bd12202c13a25721f3c20546
SHA256 d57e96672e51f71d1014290e2db38325028b70e85f5859279885cb5a66abfcc9
SHA512 1dc65e9711e7880889bb15597e6774101d754c320bc6310679e04f2cf313233d1e64b0e7000565435baf5c2ec620c0133175a27d2863e4f237d8d90bfc4528c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5874cd.TMP

MD5 6a2dce9b2e394daecf512f6ed846cda8
SHA1 504ea14b10a9121aaa6cbda80b7b2af6ffcb4132
SHA256 2c6663651d252e33c79698ae08201e5c5e1d0554af7c37bbd9ff2edf9ed18fb7
SHA512 5ac01912de9eb1a9ff4b206fde0e2ec3027e4d2bec7f3290283a5012b9a2d66a741c230ad7cfc957f464da19454e7694233a949590d677df3495e18512d47530

C:\Users\Admin\Downloads\OperaGXSetup.exe

MD5 24b6ddacec58545bcc6321cd8e92e5fe
SHA1 bc7776ff0ce24ff4710846628618eb6e6d1b5317
SHA256 5a3b1d4afc5859c6df76f3ba996cbd4db825fedf39a9298276fbe1dc69275965
SHA512 44995e76268f589fdf98c6ab12e78a0ebe7a359985ba09b45e8ae16cb0d9f0bc720abc568b9e6020c605013b872bab60759cb8cb11966989adc9ea69b280656e

C:\Users\Admin\AppData\Local\Temp\7zS4F7C5228\setup.exe

MD5 dcc0d15e77a7872758e65deb0bfc6745
SHA1 1efb89e143bf5edd34d46ae8370ecc13d4c3339f
SHA256 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64
SHA512 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411082336358322492.dll

MD5 1b07ce60bc1c77f0cadf13c2e62b1383
SHA1 ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d
SHA256 e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f
SHA512 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 217982373aa973785fe80c8193df0379
SHA1 77aee3ed6ba32a4c5680a8934f940b8c29c1378c
SHA256 b023c57debc08bf02229f3135d511f8d2cd477553614244fbc5caab71145d8ec
SHA512 f4f33ac3c83f33f70b24f92425ff0a370d6907b6480f656273e27fc496201f97469af83dbd65cd349fb1dadec38b0b538b2e5043d4df17fd11832c47dcaae0bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589892.TMP

MD5 5dc92abbf899484efa8bf64b8042f7bf
SHA1 2c31140cccbb7a14bd26ce330808ac3d3419f406
SHA256 a96b49d24c6219fafca72d4455e0b6f5750d829913078cdc8b78ae26fb49a7e9
SHA512 b150ee482205e00b2b33a6a127fd016454cd53458bf9c6c18e87a194604b06d04ef018db99837ed9d8b19d78ba97179ddc608f6c22a08cb135548d30c8d39d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a98456e1aa5f119b5a32b50d2d81acb0
SHA1 b3fe68da40b6035a6dd15ce7b458632d83b64af3
SHA256 1a1f35b9d76bc25e7c413a8e9ee52989f730ec1e77422bf4b3fef534a5d93f8c
SHA512 9acc5f4ca6deab92b629be070866b759cbc9e9a10eca1848da37b4e5e7d4b058e9c80352074e74d14aceec23966e4421d68726ec7971d265811a9d2de4988781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 202903c7115d9101d707cd04a36d6059
SHA1 8d55c7f3b4357353e4ae1275fcb8522f0b5b32a8
SHA256 7f81fbd5c46c6a40eb897b4317f88bf0be7ec8432ad3d60f753a5a1e03d90c63
SHA512 5867e09770b8999cab3281a3caf034432c64aa239452d8914c1cd7207140ec5edd6aa70d3860ac1bcbccb8e8bed99520b5bee496f064cf5223ed76f068baaab4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 331978e587177669610a8c858947b717
SHA1 04b136f8a1661ef17080367d0b497142a86916ed
SHA256 5e6d96997134e844bc6f96720d7906041f9471e53c083ab2c1162fcebf5eb924
SHA512 7b7d632af23f8095e7063751b574a164231aaf89db661aefca06afc54e994988712f883bc5bec50fb7a31c56c79f7186b75983bd720c5469281f0ffb9544365d

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082336381\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Network\Network Persistent State

MD5 74277477f5d189d01707e4a73f80c6f7
SHA1 3c36c87846491948d1963627c016c48b0548b82e
SHA256 7b2c586a8a09990111e02e78e61aab359de59dcb003414175cbd3386fdfe2893
SHA512 907438d7b8664825cfb1d05676e60192a1ea04d4f955f66cf41b25e24b514c9e9e9ce106572bbb2d2edf046a63a18b7703900108a46ded9ec61644b645f61b12

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Network\Network Persistent State~RFe590b8f.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ed8df51d75e3cadbce37b3c938bb0efd
SHA1 f6dbe8df354d537ab1ca929021d92b6b6c03f0fa
SHA256 ce5b42ec1609ca2dcd040fac8cca756a6b414a2e794014295f7827215d46819e
SHA512 63f0e47fd66d558e1d7f4e0ae14e17ae65bd78df493d1268f700b7ac4f0db504d14f24ae20879ade10a95401d98cdc76e1cae1a7d62c09d43ceb3624d8e245e2

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_1

MD5 59ce410787ab7d254084547c2ab21f79
SHA1 e4ac2c5c71621638a3d671630ccdedca20718295
SHA256 1a3b3ef03774b3501abcc37858e5a3df5644f11de479315f3da653e031f9d700
SHA512 601f3ae77044ab7e0a5a78ebf98a76dca28a0c5100b959b282ff756edd07f2a62b041117f3e5ae08f5cc1bbcdebe7382d43a8132dcf200e7ac98782cf445bb2a

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\5b7cda31-24da-4ca4-b96a-e57c6a0954a5.tmp

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Network\TransportSecurity

MD5 3c156dd97145f989a224b540834e0554
SHA1 60d6e73dcbad5f5328bc4f40f0580e6ac6c7ae45
SHA256 cd0d8757f1a22fe42b4550c8c13d89566c9a0c074e3c9c67ebd09da2be2ac26f
SHA512 060611ae6a104b2c99712e8915aae24014621658261a0f8d15f043b30b0fd22950bf94438519d1e0401f42c47aeeb22b1594a939442107b4aba86910a1827989

C:\Users\Admin\AppData\Roaming\noxic-app-nativefier-00f9eb\Code Cache\js\index-dir\the-real-index

MD5 00052289ad9da36624c931ae208a77e6
SHA1 2ecfc5fcb7495ba4a3d7229aeb927847c15bd484
SHA256 ca963b4de6b1d6b404e47b460f3d42c99ec20b81422bdd44ff95407e39366c30
SHA512 c07989e7af25b49a27e2939ff18efe5d8071c315a894108fe2c00ca0e37d6e6ccb3b9405663e230a0a18d9392facd6b6737008fc600810136f201201a5fdc9fb