Analysis Overview
SHA256
c8b7de3ce429150617f25529aa436d28497b642925b7ea384c30f529ce8bc23b
Threat Level: Shows suspicious behavior
The file ExLoader_Installer.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry class
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-19 19:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-19 19:12
Reported
2025-01-19 19:16
Platform
win11-20241007-en
Max time kernel
131s
Max time network
144s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\translate.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\compressed_logos\space.ico | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\neuronet.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected-anixart.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\settings.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\media_kit_native_event_loop.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\Steam_hover.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\circular-divider.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\SpaceDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\chevron-down.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\optical.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\search-alternative.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\selected.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\url_launcher_windows_plugin.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File created | C:\Program Files\ExLoader\ExLoader.zip | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\CSGO_hover.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\plus.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\star-border.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\tick.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\shaders\ink_sparkle.frag | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-fibers-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\AbominationPissed_RU.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Warhammer.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\ucrtbased.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\puffer-fish.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\upload-sharp.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow.webp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-processthreads-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\LoveDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\chart-bar-alt.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\sort.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\concrt140.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\msvcp140_atomic_wait.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\FontManifest.json | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\close-circle.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\CatsDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\unavailable.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\folder.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File created | C:\Program Files\ExLoader\9ea669ec | C:\Program Files\ExLoader\ExLoader.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\JokeDay.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\Warcraft.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\add.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\moon.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\fonts\NoirPro-Regular.otf | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\favourite-added.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\trash-bin.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\day.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\store.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\edit.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\mask.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\vccorlib140d.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\audio\Standard_hover.wav | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\download.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\keyboard-properties.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\windows.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\snow_alternative.webp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\backgrounds\God%20of%20War.jpg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\gamepad.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\images\fabric_first.png | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\api-ms-win-core-file-l2-1-0.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\media_kit\msvcp140_1.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| File opened for modification | C:\Program Files\ExLoader\data\flutter_assets\resources\icons\cat.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \Registry\User\S-1-5-21-556537508-2730415644-482548075-1000_Classes\NotificationData | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\ExLoader.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\ExLoader.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\ExLoader.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\guaranteeslimitgive.exe | N/A |
| N/A | N/A | C:\Program Files\ExLoader\guaranteeslimitgive.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"
C:\Program Files\ExLoader\ExLoader.exe
"C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe --silent --allusers=0 --server-tracking-blob=YzA2OTBiYmViOTEzNGM3NjhmMmNiN2EyYjZmZWRjYmJlMTkwNmVmOTBhYTQxMDM3MjlhYmZmMGEzOWNkZDQ3OTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwidGltZXN0YW1wIjoiMTczNzMxNDEyMi42ODkxIiwidXNlcmFnZW50IjoiRGFydC8zLjUgKGRhcnQ6aW8pIiwidXRtIjp7ImNhbXBhaWduIjoiTkVXX18xODIyNmEiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJPRlQifSwidXVpZCI6IjdlOTg5ZWMzLTExNDYtNDMwYS05OTg5LWRjYTY1Yzg1NDY5NCJ9
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.35 --initial-client-data=0x338,0x33c,0x340,0x30c,0x344,0x749dcf0c,0x749dcf18,0x749dcf24
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2392 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250119191524" --session-guid=3a7e2238-73b8-4d11-970d-2c8da320e525 --server-tracking-blob="ZTdjZmY2YzI0N2EyMGEzOTdjYjA4ZGY2MDdjMmNlMTcyMTgxNGFlMzcxMmUwMDJkNzNkMDgwZDRmNTRjMjA0Zjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU5FV19fMTgyMjZhIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM3MzE0MTIyLjY4OTEiLCJ1c2VyYWdlbnQiOiJEYXJ0LzMuNSAoZGFydDppbykiLCJ1dG0iOnsiY2FtcGFpZ24iOiJORVdfXzE4MjI2YSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiN2U5ODllYzMtMTE0Ni00MzBhLTk5ODktZGNhNjVjODU0Njk0In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4A04D469\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.35 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x7293cf0c,0x7293cf18,0x7293cf24
C:\Program Files\ExLoader\guaranteeslimitgive.exe
"C:\Program Files\ExLoader\guaranteeslimitgive.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.21 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x670ac4,0x670ad0,0x670adc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | meteum.ai | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | meteum.ai | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 172.67.22.232:443 | data.exloader.net | tcp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 104.26.8.44:443 | ipapi.co | tcp |
| US | 172.67.69.226:443 | ipapi.co | tcp |
| US | 104.16.132.229:443 | cloudflare.com | tcp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| UA | 91.231.182.13:7777 | api.exloader.net | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| GB | 95.101.143.243:443 | download3.operacdn.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| UA | 91.231.182.13:7777 | api.exloader.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| RU | 213.180.193.146:443 | meteum.ai | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 172.67.22.232:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 104.22.28.239:443 | data.exloader.net | tcp |
| US | 172.67.22.232:443 | data.exloader.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe
| MD5 | 1156779d6a1fe7eca6f4f70b7e159280 |
| SHA1 | df0058c5e0b2b6696d25e49cad5511a9d5fd9f08 |
| SHA256 | bab846b6030449f4c37af32c8119ffe595b5a3d0d924d5e99370dd059bac2767 |
| SHA512 | addd3a223a48697d9ea9d1e8ade91c70221c71dba64aa6c30877501acf17ab079d49d48fd7cab614df52b0f73eee771974ac64ca8e7a0c1f930a035e0fa7c2b9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dll
| MD5 | 225782e5d02f400a76b8fabe8a6f5cd1 |
| SHA1 | e54ef4f664a250808749be2ea9870607c20ace31 |
| SHA256 | b66713715a7aeaa2f88ba18838aa7c245556eaaeb31c82da3f5aebcb71a7715e |
| SHA512 | 9e88489361b36970a982329184b7afa9ef403ca86830427c60397e49522e5d38fc652ce4b65e79c54583a50ffee83fb138a02d638e015c9ff53e56164556be76 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll
| MD5 | eb49c1d33b41eb49dfed58aafa9b9a8f |
| SHA1 | 61786eb9f3f996d85a5f5eea4c555093dd0daab6 |
| SHA256 | 6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e |
| SHA512 | d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140.dll
| MD5 | e9b690fbe5c4b96871214379659dd928 |
| SHA1 | c199a4beac341abc218257080b741ada0fadecaf |
| SHA256 | a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8 |
| SHA512 | 00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c |
memory/1948-654-0x00000174DFFE0000-0x00000174DFFE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.so
| MD5 | c2f599ae1b79da8db01b4c4501899d2a |
| SHA1 | 19865301d8a408aa003c0a133bac47951b9fdac8 |
| SHA256 | 8ceb7f683d61427f9109f58719837bbe5ac599681e723c47a62f21c557e13475 |
| SHA512 | 752e863162b4602453427ce2bb2feb55d6ff6a42350f34265f0f0ecda6401b5d403700ad47d3740da19dcbd6824188cd788c5b1a8834c27cb72917bdb054bdc6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll
| MD5 | c3d497b0afef4bd7e09c7559e1c75b05 |
| SHA1 | 295998a6455cc230da9517408f59569ea4ed7b02 |
| SHA256 | 1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98 |
| SHA512 | d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386 |
memory/1948-656-0x00000174E24B0000-0x00000174E3281000-memory.dmp
memory/1948-658-0x00000174DFFF0000-0x00000174DFFF1000-memory.dmp
memory/1948-655-0x00000174E24B0000-0x00000174E3281000-memory.dmp
memory/1948-657-0x00000174E24B0000-0x00000174E3281000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.dat
| MD5 | 692337664e861ad322138061132dddc6 |
| SHA1 | 8a99bc860eda0772f3b1f4a125fa4d474410e21c |
| SHA256 | c12537022ef818991a7bfed41a76d8d6ae962ffbc0e6511ac762a5d0845e7f7c |
| SHA512 | 3e2e6adb651e37e530734f999634d7c101fa1c45ae380be8ad169bbfb0a047f2878ff6c8d1428d6b9e7301b447ab2f8839484322ddb3831984be71d442829a55 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.json
| MD5 | fb1230bb41c3c1290008b9e44059dd39 |
| SHA1 | 66493d0f8a6a112d8376cd296b05c277b111dca1 |
| SHA256 | 2429b610ba9010211d18626d311d3dea7274473c2dd50fae833ed739b67b1292 |
| SHA512 | d5ae9b9124a7c7f8c3d04c4750459c9bc620e3aeb84f5d56a64308eb9b343d4fb62f8b3e03210e04ad90b91bbbb35dd1a56148d06dbcc0872f99e9b1b9d37c7c |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader_Installer\shared_preferences.json
| MD5 | f64fb0f46eaee310cec2a928294b44c8 |
| SHA1 | 50f321398653d1c9ebfe2816b605583edc3633fd |
| SHA256 | 067c35e9beaa8893348a8997cea283e47e5c8bfdb3f3b17f864c962a06d2ed70 |
| SHA512 | 91246223966f5d7d48d4071180239077efbfbb834b63048682ca7e917338d8d24151062a7c4c3103510266510b50805c970cf8799a8e69be162395d407c439ef |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Light.otf
| MD5 | d10d77b03ba3abe6ccc1c142d9852595 |
| SHA1 | 6108edf0cfb3d5f25e3c593949c301c5c2aa5f25 |
| SHA256 | 3c9ef459625f995c62b993b64da299204b741e153ba8e6d988463aaa86b1aa44 |
| SHA512 | 71c4fc3b6f43b4125c5ea5ae09297d72446de81ffc2928fee33aef386754e60dab11cc170c4d6689dd6eeac451f2a57b9d3372278f750dca6ed39ec82fcf9368 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Regular.otf
| MD5 | d969db6adb881f1dfa91a5b7ec0154d9 |
| SHA1 | d7b44b20eb246b0ff5c41147c0d0fb96fde47c48 |
| SHA256 | c7fc6d9f2ff611073fa09a6c61a8c086da0ebe8da841a9f4ec4087a3e9b52152 |
| SHA512 | 2a225a8c12b46aa14e14dd547c6a55c80aef6bfe8cc791dcf60a14ef91994eddc4dec473d856f7c2446d62a41d017d256b64b603d87ae45e75fdeb2230deb5b2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Medium.otf
| MD5 | df63e8855d04ab0e25d2bb6a0b1fabfb |
| SHA1 | 5512dc285f36cdf7da5ba5eabaca128ca3442537 |
| SHA256 | a728e91375dcadbdf6ef6d7e3cd0bbf5c56fb992d5b1be6640b83214c9d015ed |
| SHA512 | eba8afd3289089841e4eda4abd992c2e2020d18d44741733b5a51a2a1e0c0982ffd9da187aa56ba3b891bc259398ec156e08e45265f7218e87eb914794ca69d6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-SemiBold.otf
| MD5 | 5177edfb54762b59df676052d11b363d |
| SHA1 | fa18815bf4914b93d587c2758b65e234ad51b38b |
| SHA256 | 50000ce2f0f8bf3018f1d04aa5c6716583b808ca05c802c46a9de4f084a91f7d |
| SHA512 | 7475fe248eafd528a05acab94f3973eeeb0d169203769ee6b42d007b5fa0605a58a290e145d74d57e17486367bacffed22e4a88e576fa9f65d000e487aa78e27 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\NoirPro-Bold.otf
| MD5 | e57b6bc24b970a377574124e026a7c01 |
| SHA1 | 00184aedd4ee4d2ca6b5c87cf41e78f64304c89b |
| SHA256 | b012d85155925bbe2106b20234b96522dec7914f03b09bc6e2fff71554f31bf6 |
| SHA512 | c162cd8a7130d2c94dac5c3dad58794f368436cbf782e8063c245d4cae405af6aa25c2f381549defd520c3f7cdbc04a27f891798697e9c291317d3b3ba82efdc |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svg
| MD5 | 7f8d672a2849987b498734dcb90f0c51 |
| SHA1 | e53b9319bf964c15099080ac5497ee39f8bab362 |
| SHA256 | 4a290648cd1cfaaf1db4909d7552ae8cb83cb0b0e36770e64d153ab07ce6e7d4 |
| SHA512 | b3ddbf719f42440238c55cee896409179b4562ffe74f607d3640f623c8264c2fd2000b085dfd9a25ffd8ba2166695dcd663efec56cdac679f9993cfb602459d4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\window-minimize.svg
| MD5 | d47255b6d3e685cac4804eb58207d0b6 |
| SHA1 | 7fe02211cf6b77f3971522a3b3888460491ae153 |
| SHA256 | 29bc4875912360fac26586adaca21449026cc2cf6479f9d9bbb066abe2dd2640 |
| SHA512 | b39c96fd2479585b32146a3b33a5419f665391f1b1857b08896c8254b48fdb733551bd9974a3c7dcfb679cbb5b35ed9b8f538f5c44156d399b02b8d0d4fe95ef |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\cloud-off.svg
| MD5 | e99140f842b471d330fc27cd73817c4c |
| SHA1 | 9957147463f586824b65bc7bfb121d33a9523a96 |
| SHA256 | 0f4cb470185e3c6c26ae033a3a88e3995340bb08a63432dd9ebb82b73dd665ae |
| SHA512 | f579aef41980539675609c62ff4d80dde22bad59917d439dbd4d325173bed3f24534a72e9903aef58c6ee5d4b03fcb7d0a7be8c93c35da6dbb2e1e046b7da0f2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\backgrounds\Ori%20and%20the%20Blind%20Forest.jpg
| MD5 | babd1b019be8944f7ef6c64c8194bc8d |
| SHA1 | 702a50d3e3a0933db4dc1f37423bca3b5c52acde |
| SHA256 | 71ea07c900e7993072f4896c0ab621303feaf4d13b7c9a4b2993e06122b10f76 |
| SHA512 | 6a854fc0db7206dd182f6ebc594d763b62a75f64663d3e58029cfa2586048838fe8878b043d174923e05f4e3cd2f3e9d96a6dcf5ba8bbd7322bbc3540bbb8b0d |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\grain.png
| MD5 | 3577f702479e7f31a32a96f38a36e752 |
| SHA1 | e407b9ac4cfe3270cdd640a5018bec2178d49bb1 |
| SHA256 | cc453dfe977598a839a52037ef947388e008e5cdfe91b1f1a4e85afb5509bee2 |
| SHA512 | 1a4a03931ab56c8352382414f55eb25b324e11890d51ba95597dbd867b35db45db5adcefb47d95b3763f413a66e3228e59531bdbd5ba5541469196adb5eb3d70 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.bin
| MD5 | e6ee07a908803b70dcdf31271bbc05bc |
| SHA1 | 4328b159cebeae8594bda27a63617e2cc7626bfb |
| SHA256 | 5bc7d9a70129040cb1a99067d26a8a74f1679b345ae7e7fbd6c71d26a97e2688 |
| SHA512 | 53293ee1c663824b3170b994209ad034024df9d77fb782b13a9c104c8dd89316c2fa18fc3b7e106260b3ef3e4d9a54b8b110aad52f5defd01abf5a370a4855b2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\folder.svg
| MD5 | 50cecdece7b4bc925f5d0ee89b23f203 |
| SHA1 | dac0f01235ed5abd451b5ecd342686670a51a906 |
| SHA256 | be467574fdcd107ce7a0e7f7036a5c97a8073c77caafc3cc414da5335723cce3 |
| SHA512 | 9ae7491302fcaa7426f944ec0658d05a32bf29601f8613828a2a00f9ebbdc66cd6b7f3d03abc9030e907ea057b623bc075319ccd2546430b92a3904e4cc4ef2b |
C:\Program Files\ExLoader\ExLoader.zip
| MD5 | 39106c9f46cb70314865a6465dc7cc0e |
| SHA1 | 8655deaf47a7d17489cc6ba59625eadcf77eca4a |
| SHA256 | b2546bbb4a388e34c6e1ce1af2423fdce2e9ffbe55828f45d594a80eeccd95af |
| SHA512 | 0ef33513ecd6d893f10b11dd60864651e243d33f73690c40dd700440f016f7bf41ebc5a2a1bea1b65c78c542ec0222591406efdb8ca2da6035a0f4af9b25c96f |
memory/1576-986-0x00000208B2440000-0x00000208B2462000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0shmiucf.bst.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Program Files\ExLoader\ExLoader.exe
| MD5 | 1e04c744d115e2c4eef7c3a37c62efc7 |
| SHA1 | 076ed71b1c7e6ed9c7aba6da28a6c48e70f5bb98 |
| SHA256 | cf93cb22fa65e6f11bf2040dec522d8ea21fa85823f0dae9375ed3430aa4c77a |
| SHA512 | bc01fc882d2e089819417a784ec9ce0cff5605749a59bbd609f9ea73d9e476167a7f0866ff133d14f0d77dd9014280f09ca0eb233d11c5c20e97b2d27633afaf |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\fonts\MaterialIcons-Regular.otf
| MD5 | e7069dfd19b331be16bed984668fe080 |
| SHA1 | fc25284ee3d0aaa75ec5fc8e4fd96926157ed8c4 |
| SHA256 | d9865b671a09d683d13a863089d8825e0f61a37696ce5d7d448bc8023aa62453 |
| SHA512 | 27d9662a22c3e9fe66c261c45bf309e81be7a738ae5dc5b07ad90d207d9901785f3f11dc227c75ca683186b4553b0aa5a621f541c039475b0f032b7688aaa484 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\arrow-right.svg
| MD5 | caf3668c9e2b82819137f778b10f04f9 |
| SHA1 | a3713391b4ce86c084f1981851cef5e76afc71aa |
| SHA256 | 92b25cb5172f158b02e577ad36c7de69fd277378cfab9c8cdc7e639b16c03433 |
| SHA512 | 0b9bf756c36026d853ba5809819f29c308ba15149debc75d04ac5cc2eff4f6c59f3a1da2ac50f268c7751243f96d3c3eb707a16ec0b1ac14fa49199a284826fa |
memory/2880-1011-0x000002484C4D0000-0x000002484C4D1000-memory.dmp
C:\Program Files\ExLoader\data\app.so
| MD5 | cde527e578696b49eaea2abdb625c4ff |
| SHA1 | bd9cdc5fad690ba06b4485763d8111e3fb77ea49 |
| SHA256 | ee480f3ac5dad7e7dbbbbeed1d3d3bba3d9e45825e8716e971918b2d7928e262 |
| SHA512 | 5ac65486719c9feae439b760ace7504a42107bf6281f9416d34fe8c5b14576bc7116bf10646609a526c95f26b90bfa78bd5802171f5df33c3e9a9b50163f7a58 |
memory/2880-1015-0x000002484C4E0000-0x000002484C4E1000-memory.dmp
memory/2880-1013-0x000002484CCD0000-0x000002484DB1D000-memory.dmp
memory/2880-1012-0x000002484CCD0000-0x000002484DB1D000-memory.dmp
C:\Program Files\ExLoader\media_kit\libEGL.dll
| MD5 | 0f61da7cea39e89861117f3cb4620dae |
| SHA1 | 9ca286bf6d5617eb38101d5e166edac29497c9c5 |
| SHA256 | b2590bd0692f0381fc45c20bf1c7f7f713c9ea19c7ea6bab62efdd1fadc4eaac |
| SHA512 | 7dc2bbce9808e00122ae0d960ad6b0156d201494aedf4c4c9e261f50986b72dd19b41d443138ffdf1b2e5b8e29614f0a1e909e4c867262eab311f6675618369d |
C:\Program Files\ExLoader\media_kit\libGLESv2.dll
| MD5 | d22c92bee4e7a14d6c74e7376eca7605 |
| SHA1 | 0592d72d5e0e38e5cfd9a090309260962bf8c4d9 |
| SHA256 | 620bb6e38d7ed6c760a0cf4a8eb6a8f64b259b96ff286551cd32cefc6c35ca39 |
| SHA512 | 2aeec8ccf9db442a2b1e3b391e6c3e899de1266199e6ee6040aceeaf8931e1d10c55ea1ab9ebbd3cc662bf56aea698c09e38f75c7b3e8b0b27c02af63d36993f |
C:\Program Files\ExLoader\media_kit\libmpv-2.dll
| MD5 | 3a6bd0dc9ab32d7b450f06bca2359274 |
| SHA1 | b2be6a73be23b60f1d23543363ea559438218c72 |
| SHA256 | d5f0694b08c124e785d858d00082f3e3b158dd9138bfc48c0382bf1eb443a5fc |
| SHA512 | 4c8133321833bc94c8a2f1ddc83523fd554d9699efa09d8dea6ef4aa9bbca0a4f041a10e4793b6424c8cffc4583e36c2a96039017f29465458a9a2e5510631ef |
C:\Program Files\ExLoader\media_kit\permission_handler_windows_plugin.dll
| MD5 | af6bdeed7336e694564ddb6b19031fae |
| SHA1 | 383e0128a8794c73bd4c3aa3307eafacff6c6e91 |
| SHA256 | 06a0c6f5e428fdfb87d05d50f3f7b4bb1af630969b02f43e0f517df34c156aff |
| SHA512 | fb0eb8251bb374ce0b5d2a922a4c1b3eb7ea343ab2866b1f57d53217f0dbffbfce15b292c7e6d65a1f3652a98d05e444bc91efc8064a8e77309138cfe3fb4eed |
C:\Program Files\ExLoader\media_kit\media_kit_video_plugin.dll
| MD5 | e228660a72c691d8a06aa967ac23a08a |
| SHA1 | 4bd0cdbd71ca5c686cf1280463d0717362cc6613 |
| SHA256 | 0a9d2ebf9ac59324287720b15dd982eb6ad7631f11ad5ee41b31234f5fa86801 |
| SHA512 | 4b2aa77eb972bb642ecb1c0a49eadb160342172d987c0a3623fb146a3fed670cca531afcf69d7c22aa0234ed8ea0b35fd1e915c99fea999fe3e60b5f076dbc79 |
C:\Program Files\ExLoader\media_kit\screen_brightness_windows_plugin.dll
| MD5 | 8a76af8b126f25de94ee2c406db19d60 |
| SHA1 | 1cf8dd5f443acd1c1db01661b57572c82886e260 |
| SHA256 | 507e313f1ed3d8ca0e91e971cd7cd26d6e4abcf98b9d20f22e7e852ec8dbdead |
| SHA512 | cbdb5f24c275135e57a1d4c4ae8e7b3ae5c224756c23df0be3f52455ea4f03f937af694ac1d7042a86bd993f5b6399e5ffebab4117a0aeca51f9c42dbcd38d42 |
C:\Program Files\ExLoader\media_kit\url_launcher_windows_plugin.dll
| MD5 | 85f251d3a0406c5387f77117e2823530 |
| SHA1 | dcce565217a4eecf8f3b5e1189d94baa11e6e39d |
| SHA256 | fa685e4bbeaad4d123a2b78d1f43f7ba7a64cfc1aaac2bb863fe7b288807c840 |
| SHA512 | e29f2393b9d9a41d8a3115028e93f711ba26d5fc35d6b193d72c72b2087a4650286ea3adbe3bb0fd951f5f434404d802056a487f7c4da31db7ca0c7f3a8e69c1 |
C:\Program Files\ExLoader\media_kit\media_kit_libs_windows_video_plugin.dll
| MD5 | 5add2f3b4fb318216e1a1f1c07403b84 |
| SHA1 | e9af34de44d70395c60502269e1b26d078996ffd |
| SHA256 | 529d1fea9b3ac94829c7dbca6918b287e0a56cc6638989af490740a5d87ac621 |
| SHA512 | 619659c928ff09de644915a5d5ae1648f19a14eb5c2ac5c46fd76535269fd9d1b8ad2a9179e44d72c79ca76bb003eb65eb413bce0ca927ef824b6905d666c700 |
memory/2880-1014-0x000002484CCD0000-0x000002484DB1D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
| MD5 | 86c5002d5712ac3de23356bbfe8e7bb4 |
| SHA1 | 6db9cd250069c22554b4af50ed9aa5008e5e8252 |
| SHA256 | 1d68ae3b0df8e53bdf79a8a0d73bcb1d178a3c72af55da2572a59397210bdfea |
| SHA512 | d7f107815ccc993501cf1283fdf4cb5ee3964ef292732a8624f06a3ceb40f7057011b0f2ae881423e2abd6a9e6afe84876966c85fc15ef9526f4da95749d91c1 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
| MD5 | c80b0d12c4f645ed05ae28759537ed4a |
| SHA1 | 85f46af7b0c5e76e4fd9aaefd6e40924f2cb9e45 |
| SHA256 | 505841451bb5527799be1c69d04ea1e5139beadd38c326c39f855743474e5f2e |
| SHA512 | e3d94325b063e227ad0c06ab6c9b2f6b0ab0b9987aba9e5749c32dd80b59d601a2a1d1830e7ef3a2d09f1e4807a23c2a1e78cc52242be5db5fe977110b7950f4 |
C:\Program Files\ExLoader\media_kit\media_kit_native_event_loop.dll
| MD5 | 17e0b1583660a96df08a845522dab46a |
| SHA1 | 0a360639f9b99642d2035630699533a589a60cef |
| SHA256 | eb6ac7f66d533b837194045d5b0466feee318d4da0742c45b3e9ce77d1c1f4a3 |
| SHA512 | ae87cea5055f88d5afed82eb9cda64154596dbf7137440e20f7adb4e72eabe85d8fe5548384d2707bde16396d16445559a57937503baa655da0b68d664de8365 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501191915239872548.dll
| MD5 | 6f809bbbe1275e1e71427ff63165fcff |
| SHA1 | c2a1726e038fbf7c583b0bb5faac91829dac7ba8 |
| SHA256 | 51d12738523cabf3b96b9bed29ff882a36233a59c97a01e691552c547f0d733e |
| SHA512 | dad32cfc4d04540c00d5f184c2c1d9b96b391acf563818490426f5e6051722a81a8f35e73142d79599c2c557fc78de5680481c1b47749bcda99148cbd273c2a0 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
| MD5 | 87f7ed90616d28b28a59f29b18a1f51c |
| SHA1 | 630db6efa8215bd982884edd6b24d623d4d23209 |
| SHA256 | 55a20ef1ca035dd9be08c04ae88dde7b1ce4be664d3dcb63fb1b3b0d43b4fc6f |
| SHA512 | 0fdcee568ae27185f02cf2f70ce3f69ff25db238fe157e80004b8f8eeed8f0a7dcb19d35476f54619939b8bf29abad2acc7336f727006979d447c793808281cf |
memory/2880-1107-0x00007FFB59C40000-0x00007FFB5BD48000-memory.dmp
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
| MD5 | 744d4eb7b89034d872919769a52f2001 |
| SHA1 | 6508abc06beb409e1b440e8f94fda799bdc6df07 |
| SHA256 | 5a7e91c6867899b4985613e2b135f3d8f73329862ffc783d0d537a9dd70f71a7 |
| SHA512 | 5165f269f8d5673f5fc790541aa4592563bb3f71f4262e9c63b871590d5b2dafc18715c8e2867363f035972e5796cecc4bdfeff0013d6e48b4c210a4986eefaa |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\shared_preferences.json
| MD5 | 0a9ce004b99e1bb0a4ed6e54f5bc72e9 |
| SHA1 | 3ad834efbb55e719675cd7130a9237666f60e725 |
| SHA256 | 42a562447457516ec356035e3c51ec6ca309ea621a53257084166a54b4330840 |
| SHA512 | 0022dc954dede00dc286a48d0ec73e54c38168df09fd5b54ae1869e44f55e3828e97a60c37d98a536a8911b21b08e7484a7f65d59b43f4077ba7595514e8966c |
memory/2880-1157-0x00007FFB59C40000-0x00007FFB5BD48000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501191915241\additional_file0.tmp
| MD5 | f197f4d2d50205236436fbbcf02e79b7 |
| SHA1 | e83fad0c2b93d023c78aed539709bebbeaf1c2f0 |
| SHA256 | caa17367382012f5bd23d519323470abdca96fc6e9ef2a89608bb92dd1c314c5 |
| SHA512 | fe332b56a021d029e443ef84b804f808fb469377e07527d875ce6ea018ade84ffe7de128f43094fcd8c6abcacfbae9ab886d3813afbc18edc637aaba49068e7e |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\game_icons.zip
| MD5 | 8d0582e911b916ea68f2b660790563e7 |
| SHA1 | 316b0c2590aae22deeec58abfa73f92d3d9e03cb |
| SHA256 | 636d600a2df689bad2b082532757b7e697113f283e061e0e9e785e21c3e2e369 |
| SHA512 | 970d8e6576a80ccda562fbb5934106856291b9c9f20ed76dcbacc40bfd3f2c8238a829d78de99d6d107623e4886855c1f234efcc42ffe8890cc08fa17d29a75e |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\games\0.svg
| MD5 | 3c82bc5493a92aebc9064551ea8d38ac |
| SHA1 | b1019e3fe4397f7215ed8af2c0914159e986fbb2 |
| SHA256 | 6046c1e9b8fc8cada4c4e063b031e164163e7c5723afd8c37d7df6c3054e1e7c |
| SHA512 | 126c5773e2192629eee40a611997f01c14bf598215d6ed33488b9d934ac41acfa83b99d7f373e0726a459dfee950011a0c24f97fbc600f5f96dfbb16ac7d9bb9 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\47ddf14b8d6f683aa8ba1f577a8adda7.png
| MD5 | 758caed982c894b0f398adb7f659772b |
| SHA1 | 6ffe9317dcb094b5106fe135ae4389c535d731e7 |
| SHA256 | 2010dcbda935556eb53f41a722744c2e23bb50cd05f1d9432e5461045812515c |
| SHA512 | 205b15bee0b60f090eb8022174da6991d35c801f3874f500fa64e9959db5136fe0ec25a241d6f5c2bbdff87a5bf68e0f92d8fa8517a37c350735f10ff99e5198 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\eb316ca9a4e2edcdc1881302277d7d5d.png
| MD5 | d831293ccb3a1ffdf88639b6c180180f |
| SHA1 | be2a0f420fa7b61053f16b59d0a63108e26e943a |
| SHA256 | 6f00699629bda1aabed500c80e95d99c93d6038d2e88459e86f023cb1bd219d5 |
| SHA512 | 52028163d22816bc0a82a81654cba38128c1cdb58808a74f1e55d16bdb4143ac3e7db036cabb67c55bde705127db527e4848fc537166c904bcf89e32bb24522e |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\fcf071cb7a9868fd1477405cfc31f0f1.png
| MD5 | 1be4d35bb03410dc5814a391fb39093a |
| SHA1 | 364ba729f6a17b7196efe354c7f9ecfa70db81d4 |
| SHA256 | 4282e98f7e8ba8d9f133f4c7d5d1f730263c565cdc4270e00ea9dc637761e584 |
| SHA512 | 69adb08c57d0ffe2320a7c78d8dd3b7e18ef5aa7df7351b339f4fcebcd2f435070a32fc44f7de4668defb435d5107cdbc7d43fc8a9183dbc6a99e2b065557f3f |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\e83ed9fc67ab81954565a417c596c4ea.png
| MD5 | a3f4e0adcb9bb53eb8a8c2e0cd3b957f |
| SHA1 | 1155c4bd814475622fb90443ae61e430ba9963ba |
| SHA256 | 0104cd8aa64f09635834a3c7440a6684e5344b82b883d2007014c60ce35c03e2 |
| SHA512 | 449a42b4cf84597ab0b108e9a4ae83e717bc796985e7dffa8ecdea770fb72eee25ada4b2de0e41c547a11a0991eec47363f99227e14c9ddc24b249a64282fcc6 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\0e821c73b0efce519b102c9d41dd7e7e.png
| MD5 | 180ed9f7f1fb062ee013ed2d2db4baf4 |
| SHA1 | 2fde78fee3388f37e3d963cf377b6cfe05e68719 |
| SHA256 | 47c0f7eb3b1ccf939eedfad6de69b83efc606498c2a852c4e37e3c481b40890a |
| SHA512 | 3bc168dc925a71a05016072a41a9b90260900786cb54842096d29663411d11b46a0e531fa42e48f74b9cc48365597be6bbfc76372b33b85611001af5a58295c6 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\0d24dd1f086263a27280394010d07076.png
| MD5 | a924291fb4f8e3ca693fd97723a0b38a |
| SHA1 | 6e50dc6904b856453cfe35db4933d26cbdfff3a2 |
| SHA256 | 8d12cac6dd8da28e270c339325d67a2e3aa3d5fdcb64d1ac0a6698e507573959 |
| SHA512 | 5464c724977505c0b3b2be2dadcc98d85417766c252826795adcfdcca95acc39263b8dd533b1bc1a0630690769bd4614c037c93d506d76933a10d0a33af3198e |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7342b431386b839b9ebd18c5f59182e3.png
| MD5 | 806f6146b3f8970b235fc628ac8b9a0b |
| SHA1 | b20be9f495bf4656f4e9bf5e7f158ad7a91a7611 |
| SHA256 | 8a7081f2bb71d80ef9e5562753fe74a4d58a850271c9194de3def3bc39ed7ba9 |
| SHA512 | 30e28e7aeb47cc1010a4cad4a4c564805f74fada30ab190ce6a08f3413e8e89e51329ade2293411b645096656b1ed30067e175975e255e926e10ce5b6d4b5481 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\94e0c3edc5ae7af1904de2471036d85e.png
| MD5 | 8ff54539db826cd25d454094534963ce |
| SHA1 | 8800e2660ee95e850282f2d0c58923bf3fd8134b |
| SHA256 | a13ec435ae469a4c4379c149467de10ad11ab2333e47f1ffb09487caa7230eb2 |
| SHA512 | 0e71cfcaf06f92c89cdccb44b240da8fab21e1ebe73bc6d401da379b4bf021de4051360e8b8ea979325a6c70c38daa6c56e2051d2b83e233641388d27bea7845 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\7a0e47e68b4ecc51ec3c2477bbe4c439.png
| MD5 | faa264ef80599430df4773babbc75cba |
| SHA1 | f4e08ab89fb9364efa3c305584985e4a03c58019 |
| SHA256 | fc3f79c76e1051f2305cbdd78bdbccf6bb78144f74146604741de01a35feed05 |
| SHA512 | f063bcf41dd1ecf442f5412fd2fe282432bf17437972abc19e5d9bb52f496b425809f3bc1e143dc9a719c3c0b59b6ebbe23eec176fc93d8e7f588e75610019d2 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\53026486cd0c51ea325a2fdccb4338e0.png
| MD5 | c750892215c7488392c5829d8a9f6dd5 |
| SHA1 | 1276ad45446329138880b6cbbe6666b749f411a8 |
| SHA256 | 74dee0ecb1f53276a7935f6c907cf2ffa987f17fd1eb36ea37765e0d4ad275e4 |
| SHA512 | bb2dc331cd4e25d295236645b5e61fc99831c902c5e1d23769984c546c3457c1141fee328b22871f1f3419a8381a60fef868b2f1af7eecfcdfd933bc896b04aa |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json
| MD5 | d783076e34325d2dd3986a33fa02a4be |
| SHA1 | 9d05de091bac92793d4af84ba338961aee11781a |
| SHA256 | aa67d20e8016ecc47e039db2838a2ec8d9b4affaa6426177c8166bcacd5671e6 |
| SHA512 | e07e9cc6a15816c34428896ac04ef697f1e3c63c4d847288051750c5a16d6cb828aade2f08dd9ab4d579e904bdb6f1370681e989c6656684bc9779bfca38caa2 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\959eece144a5a6ce6c53a28f89270564.png
| MD5 | f4d002685d9a194f1c8e378f31d34a7a |
| SHA1 | eef3de2f726b0f4e5ae2a87406dd867e1c7bc0f6 |
| SHA256 | e326c12afae210d30ed9f26cc36d1c4e1e9c06ef820a6b601fce7019b5416385 |
| SHA512 | 5c03adab5340dfe55b0430e5c9f888725f60f3ede15662c3f40df9fea4ca1526c47f34aaccff85be28c982a05203fd62f33689bd9c21cb829b962c08ef2c2901 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\dea813a4baa55dc739687421a5489890.png
| MD5 | 7850120a910edbcfd5362ecfab76fc2e |
| SHA1 | f0945e15a27732b6b917b09300cc6b3267d017ff |
| SHA256 | 83afab61dd1e26c7bedcae74fc7128744579d2bfcd576ddee3d42fa0d72987d6 |
| SHA512 | 78adc040c6e9b2bc2c202ab2e4dc4b9223e7df9e3a1bbcfbc97a227cf4c5b0ba42cbb8b65a1d4e8d497edeede09a1e6d3f57d314a4b4d9da9a1d3cccd396ef5d |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\fd7af4087d25fb9733b803ef1828db72.png
| MD5 | 78f8d650520bfa8699bf5bbedf0c45bc |
| SHA1 | b0b25d6923fd39ced207b76eb9319bda3aeb70bc |
| SHA256 | ad4b286b1760785ed35dda4a909242f2f218598bb3552391ee60821106c42415 |
| SHA512 | fe76107433dc1890c7e6968e7afb5213a1294d567c47cd9550589307bf053518d6dbe5266e962fc044eeb033b39aa4754dd9c9afb83cdd75a90f3b2286f5f34c |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\bc4454a839a50e2b5292e2f08f3a13a6.png
| MD5 | cdf0f44b9be2be8d98d19d338c0a5b11 |
| SHA1 | 4008a2006a775605caf245410cf9c346667e024c |
| SHA256 | 5b300cc2a308d9f5640d8ac7643d5a5dbbcb025e02f305402cbdc015d2a49781 |
| SHA512 | f56ec411ad4f6b6c547f99ccf4b12fdce8207649c48faa7ab37fc9aaa2a5092aa8b093c229467bd09c58c1cc3077c8a0bfb108e3c8eafed2dbbff0a40a1666fc |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\30c4239a9080415b9c0c3ee740280c85.png
| MD5 | 2cec65e6907d9409210d1182b1eb96ed |
| SHA1 | 2d1051ab31839c0c9ebd64f4ea53155f479686bc |
| SHA256 | 0a9b7449915e8e1d79de85d8606ae865149276ceec7ce736a39af96214768876 |
| SHA512 | 81b1de5595c7e2f312889972a749b84d527d6abb3960d013b5b27362c8394e1fd2eb0e0a6bf8f6014233be8dce3a51f679215367d8e8bdd483720815d5174cfb |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\f3d3a164b4e4f4b3443d21469f3a7b4f.png
| MD5 | 78f4e28a3cf5170ed6d78f3943d98ac3 |
| SHA1 | 24d2f2d73c715d978b7f656dcf982d30df53afb3 |
| SHA256 | bc7e7a2c7842c6aaa6531f84b91edfcc26a38aab1173c69e8b7ca2a5eb2b1ff9 |
| SHA512 | 53b73968757138f98b0c7378fb0cbbf74bc7e870ee7cab867eb4965abfcf5f4d3aa7a68d6bc6c12d7c991f9f3513493d13ab72556a9d3cf77e80bbdddcf047d0 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json
| MD5 | 5c039f38724f5b071a974414dbf225b2 |
| SHA1 | dc13282ed9c5c930fe30bdfee7713043af0609fb |
| SHA256 | 6f3dc023f94b7e1ca9fcdf97a08ba187771488356bd5d620a8983a7a1d023146 |
| SHA512 | e3b17e10a7ce63570d57811b93fb1515ad2ae847e5e4390274bbb4aaed98eecc2d551fe87c30ccb4a18b9dfcb7a83ddde9eec3913714917e80a871b09139aa4c |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\38007daad993d0a30d44c531b566e801.png
| MD5 | 43ac81d7267e7773bdf4f74886181d87 |
| SHA1 | 04f95b2646f643bcab06a196a225d780342709de |
| SHA256 | 7db600461e0d1a07848c693a64b077bc5897c347a1c08a3c1e6d1d0bd3b51d1d |
| SHA512 | 726fbe9d7e8be0374b3e88feed8a1e395ab45263ad88f3dc94e7b4627b83c72cfbada8f1e2e9b8f279ba217b8c49d866bf1d9e43481fdd4a172073bd4d08bf70 |
C:\Users\Admin\AppData\Roaming\com.swiftsoft\ExLoader\libCachedImageData_v2.json
| MD5 | 0aea526b1aed0c05954bf9d1436dc410 |
| SHA1 | 11426a41a4b0806532ff778ed1e8ea50af1022c2 |
| SHA256 | d6e1b845b3ec8177d505fba428a007a19b31bc260a5e1e3687486b8a6e8a5742 |
| SHA512 | 4f15a4558f2c79a5cee6ef1697762f325f25e7904a52ebe6637abbea4be00780f4ca53391231ea00a777defedc24b8e3306d814c7673c2126474259b97fcd006 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\beaf3e36911441b70927ecb4884d360a.png
| MD5 | 67a50cf02f92461e18046c6c0e66fd25 |
| SHA1 | 31ea768b478dbcfa03ee7fa8fdcb86a3369065b2 |
| SHA256 | a929a07eee2930e6cd8b8d5aa4845d440492b5d3e8c399929341af4cd1a9905f |
| SHA512 | b717e91b12197a5d5e543d5d961b60a25b82a7ab1b46fdb1458590c90cd5c24280d33586764e1eb8ce0e020fb25f348a3cebf1eb849b7668ad8e792dd52d8bef |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\d0edd9f750e4f6152ab970a2a1270528.png
| MD5 | 3d66f520496d3a84063dcf3559dcf972 |
| SHA1 | e2ffeec965ecb249dd6ac1e45e5a0497adcb7ef2 |
| SHA256 | 269640c56a282486a33fb40a8e57b078634f20eff22ca331f67fe30ad824a55f |
| SHA512 | e06766b8600d592094b0efed97a5ec1d1451a963b81e913cf794f2f7e99296f16b6acf8e878b0d9be7fbed889b211e936b2546357daa5655b52dcd6d5ee56a73 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\9412adb0dff4b919a3ce84d2710b4df8.png
| MD5 | 63a4203739931a9bba55648dede9d96a |
| SHA1 | e606e0d4474cd69f7f696a0dde6770f66f2b0df5 |
| SHA256 | 4a72e437c33fb86bf1513f1088a14516dea2e2c409126bf760c3365e0e3f411c |
| SHA512 | 46798c6d116100d44ce753ab08f704fbb2c0cc83d948560dff9752406855b71cc67f3fd2e5439a3d0e85e248f5a0daa32bd0afe20f7632186b7bd968df5d2867 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\df6c9d3b733211c3a6421d5be10ee362.png
| MD5 | 45bec10d0569de6d5d8088ca9f8bcb75 |
| SHA1 | 8830c5b4a0242a0f34ab8d054df27e57cb45e714 |
| SHA256 | d62bc5d430072585637df740cf990449cf6e5aea47dfcab67d4960bee3cf8339 |
| SHA512 | 2d299b523ada4113126fd45ec948bb314ffde55f03bd862d66de9a702a27cdbfd3c3bb3d96937b7b43743910d76eb17f98e33193473b31816e51879b7c3fd723 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\9706625be9f704a156df8221377b5a36.png
| MD5 | 5b5a500cfd4ddf9f7dfb446668da148d |
| SHA1 | aeb9c24a65235e6e70bc51fd6d12425dcf9cb9c4 |
| SHA256 | 2622c99d9efe1d6cb35b0212ee7de3de5109d6df9695536bf2d0d52109f956ad |
| SHA512 | 59e07c665d648d2554400d16ece7735f7e9f5a13684627fbbcc3a8180acb884429b36ec410087603e9a9dd6580adab1348f589645c541e70492e0f271f98a9ca |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\dc1d9d6c23496fa03e06294579189ec9.png
| MD5 | 3afad9fcbd2a754accf46cdedd734556 |
| SHA1 | b19d8c500b12ab50c7025c3e263e541959ec5b92 |
| SHA256 | 520aefa172c7e6b21dff426536fe11f438bef767f483ce26dccd18968b304cdf |
| SHA512 | 36ed54986e10a2ad9a910f184afed56998c4e7ee8a2707b432525df8184b5dc0578c9c9cedaf4808678bdb669b6772455ebd33762f380ce93aa21912fc45c463 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\827fde2fc81570ee2382ba66da27961f.png
| MD5 | 3b67dc34324a46beeb9c2968f5ed9256 |
| SHA1 | 5ddc7617f5d09e97b43089dca59e82ed953a259f |
| SHA256 | 9997d0b23e68778ffb85b1f9efcf1f9ff9dee287ef44da71bc4688b2a74e927f |
| SHA512 | 5def7ae832aa74c44879dc5408f537e8558668fa8cf275fe097d2fad622ede3163885aab3c44771ab98735dce6597d274800571bb1f2ea1787c759e0694762e3 |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\a19d01944c9bdb6017cf86da8dcbe8ce.png
| MD5 | f5a4dc1f02c29f80386d970d6cfdff86 |
| SHA1 | 4ef613d075450c9784a138bd7dfd01463f4685fb |
| SHA256 | 18a7ac8e98cb7e7d593438ae1f026922a83ed35f6d70e56ffb76a4159aad6e06 |
| SHA512 | be2fa650d577f62dd8d87e3190a68f9a4448d2007df0412f571abdf02fcf3e6f68be78282ceda604cc7719d5d704b93e1834da1cfbac0b6d4b6fa5b714af8e6c |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\0652db59b612c8672229009806f5673c.png
| MD5 | 9aaa60a98d05e8e0512a855242a916c2 |
| SHA1 | b56f525e4ef9cd75f35b993ac2df527fdb5b5c55 |
| SHA256 | 71f9cbacec79254dcbad11551d4009a69399c55006cf95aaf61e10ec7e88c287 |
| SHA512 | f6aa4110eb6c904b9ca6c6ea34083c01e0466ea050f9e9b968e70e1b21e7e138e9550223478b0c21b50cb0f7ec3d87b88b5ef8a751f5a26a3f146d89fed7ecca |
C:\Users\Admin\AppData\Local\Temp\libCachedImageData_v2\506dde2b310688ddc0ac06af6b03f454.png
| MD5 | c2618593cbf3f483954c27734e7c91cc |
| SHA1 | 1fae4a3634d7ca370572d045bfe27a3879586a52 |
| SHA256 | 910a0f8455a3c7a3b460a215892030bc99576800cdb9ba23406a24cf7a05ae60 |
| SHA512 | 6fecd47b037262e7b5e806b55382bb052c793085f4966c8177bbbbd23bb3213f6aa341726636509550ab281568aec409a558da26d1034226f8f1f82b527313ab |
memory/4500-1677-0x00007FFB5A370000-0x00007FFB5C478000-memory.dmp