Malware Analysis Report

2025-08-06 01:42

Sample ID 241108-1s3yestjgr
Target Solara New Bootstrapper_10282148.exe
SHA256 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Tags
discovery spyware stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42

Threat Level: Shows suspicious behavior

The file Solara New Bootstrapper_10282148.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Downloads MZ/PE file

Blocklisted process makes network request

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Loads dropped DLL

Drops file in Program Files directory

Executes dropped EXE

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Reads user/profile data of web browsers

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Uses Volume Shadow Copy WMI provider

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Gathers network information

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 21:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 21:55

Reported

2024-11-08 22:25

Platform

win7-20240708-en

Max time kernel

1213s

Max time network

1771s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Bootstrapper 3.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Opera GXStable C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Bootstrapper 3.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2992 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 2992 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 2992 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 2992 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 532 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 1320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe

"C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe"

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c39758,0x7fef6c39768,0x7fef6c39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1528 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3524 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4084 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4124 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8

C:\Users\Admin\Downloads\Bootstrapper 3.exe

"C:\Users\Admin\Downloads\Bootstrapper 3.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2596 -s 976

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 dlsft.com udp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 filedm.com udp
US 172.67.195.231:443 filedm.com tcp
US 8.8.8.8:53 dpd.securestudies.com udp
FR 52.222.201.92:443 dpd.securestudies.com tcp
FR 52.222.201.92:443 dpd.securestudies.com tcp
FR 52.222.201.92:443 dpd.securestudies.com tcp
FR 52.222.201.92:443 dpd.securestudies.com tcp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 post.securestudies.com udp
US 165.193.78.234:80 post.securestudies.com tcp
US 104.21.96.72:443 www.ovardu.com tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 a.directfiledl.com udp
DE 167.235.218.62:80 a.directfiledl.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 getsolara.dev udp
US 172.67.203.125:443 getsolara.dev tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Temp\CabCF14.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarCFB3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\link.txt

MD5 0ed76d0a948f021916b8c255fb16ba99
SHA1 1f3af610b441cb151f89009d4d1343be66c875cd
SHA256 eca0a517e62a864b0e05633b9bf1a14b401e350d3788a17569569b8076ddba99
SHA512 a0259b538e8931ca4505224e5070b30ee202d6529d41a032b2921a26be8868eeb4403d9da582bae9478b53ed7a5e8b4325f681d03a5726b981686b0ffaa46b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_532_KEIXQPIDWWGQUABF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e4973c1d19da5e051ced993810ec4ab1
SHA1 11673afbe9a2b996de4795ac11da53e660ab45fa
SHA256 0d9a04838c0c56943ef125422f34bdf8b2b0774fc62007da4cf51732692b5bd0
SHA512 feae66646d33bb3be7a95c2f1422927674e3aece1d609007a80d5da324505bf12e7c513c0f5ef0fe888c43593270362a97513f1c7d924c6258762afb69648e23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 04aa1b25f53682aa1f27b48d0115d3c5
SHA1 20f5ab3031f8d17a834977341eb8d62576286625
SHA256 0630fe3c74cf55473780bdcb0faa1f8c3c1be86375341d2fd143ee8722dcd663
SHA512 7e1da3066e73145782a00fd77f3b6be1c494c7f866785995065348bd6a0cf6e263e2335b723158eeb1edfef3658ab1c980f7a6dd5830055fc37d4a1f72616c2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 44cb3e168a31a4aa989a25fd50ae2d7c
SHA1 13916ceed04ba893e55b7672c09788ca6d3a28b5
SHA256 1d29580c50744e2548c792029c0af17e81889ba2f5679382f12b9835a0d7ec0c
SHA512 258dae21de8c8597d90c8c6bb1ff48d2df8ce358f2d06f35759be4e0eb9a566993247384304a4884185d9b2b8f22bf5e63da341e76dfe302724e258a965a8820

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\Downloads\Bootstrapper 3.exe

MD5 4b94b989b0fe7bec6311153b309dfe81
SHA1 bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA256 7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
SHA512 fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

memory/2596-326-0x0000000000890000-0x000000000095E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0761d2862b137a678d6a8a9db673e138
SHA1 df5fb0ff21fc8c289ba533f3b4c8f10dc461bc2e
SHA256 530e76d0be66c04ab0fa8453e8808abddd043c5166c9c2dcbcd7118330aac29b
SHA512 7bd6cebeecd55c5f41b1f3f9ff3ec773eba95c52201f645f0ae91ce58dfa578aa44e04a7547794d9975cdaec677111f0aed3e863d5191edde46afa94ddf9df59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6829f567fc29249f0d305ca6a91096a1
SHA1 89ea569f90c50e07fe2b0840bdbd5787fbc82441
SHA256 378ac81875dd77041e14e887386a41997d3c5c61f2032a9bef7abbd8bfa22691
SHA512 28707f92ce450eaf0824c916b1608192aa2b84761260ec70c25c4e9ca07c7c187fbe2b28c74a8eafb22f43403fbde9a84e7798febf5cf106a8c5ad2942377d56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a63d08970d64e1116f48f9f9f8c03b7
SHA1 46d3a7affef66cac6fb7e7067081d39dd9db32a3
SHA256 0742801439d5d2ffe72326b759e170f9823bde0bef2663b24180865285489edd
SHA512 13ca3fe8cc44222dc780c57098a71bc336db98c9a851293ec1ed005aab74575e932a902d96cca47bfac17a9c7ccd9c55af403dafc01072c49305913b57a69798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ef6c7d67008a8ff377696c7aea6581ef
SHA1 eb867fc3f78574caf103a0ff56e80983c2629f3d
SHA256 dd03584e1f5f7855f64de4895b8ee0280a0cd0bda55b794b6f1b1f0e35c9934f
SHA512 d6acc3f6e2b20aa7ec322e5dd922fec98670e1146f8fe39dc3742d153f22aad9dcc257ad104a158d47a2b3888d98f4a1e10c0656c86bdd6c7726284b0e4c3824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6966dfe4baf55f092e1e9db47cd399d4
SHA1 68aba61a342f24ea69587d3d45052a31a02fbb6a
SHA256 331b47fe538e84deddeeeac8c0e267e60fb528823a32adf099e0a46b030d58db
SHA512 8e73db79addf80402b7e3c52bd52c82453cf41ea69e52ce70f2b31a42f45c3a252a083b2ad59255ce7a10b5cdc48cb5e1d9e89b3ac110313f0faeaf0b04cc092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 68116845df6e3ad7119469535a7b6d96
SHA1 9308d7bc61e55bb4f2c8235b2cd7cc95709de49e
SHA256 130103e644946964a4d032322863398fb943914970fa3b7f117783aa1f6ff587
SHA512 8b564c32d4958c8680ff5aac561f105fb43632cbb355db435d9a634701d1f649fc06a22bc9bfeb808b0eb75ad37ab82bd2d8c292cf3b64bd0a8af2d6feeab41d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 21:55

Reported

2024-11-08 22:25

Platform

win10v2004-20241007-en

Max time kernel

1799s

Max time network

1782s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Bootstrapper 3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BootstrapperV1.22.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nodejs\node_modules\npm\node_modules\abbrev\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\walk-up-path\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\events\security.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\base.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\browser.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.umd.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\audit.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\brace-expansion\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\emoji-regex\es2015\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\relpath.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\response.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\normalize-windows-path.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\_stream_writable.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\license C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\set-interval.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\ours\util.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\parse-proxy-response.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\util\tmp.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\lib\constants.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\listeners-side-effects.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-root.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\Force-npm-to-use-global-node-gyp.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\format.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\pax.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\minor.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-team.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\json-stringify-nice\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-bugs.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\error.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\patch\parse.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\yallist\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\prefix.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\base.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\run-unit-tests.sh C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\lib\tracker.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\signal-exit\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\err-code\index.umd.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\is-lambda\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\util.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\balanced-match\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\find.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\developers.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\src\layout-manager.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\word.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\index.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\yarn C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\socks\typings\common\util.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pyproject.toml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\system\has-flag.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\bin\npm.cmd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\node-gyp.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmfund\README.md C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC8EA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE965.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF1B4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59b31a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59b31a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB7AE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC90A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE8F7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59b31e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB82C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBEE4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC176.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC1A5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB86B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEB6A.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wevtutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755766434979018" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Opera GXStable C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Bootstrapper 3.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4004 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Users\Admin\AppData\Local\OperaGX.exe
PID 4004 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Users\Admin\AppData\Local\OperaGX.exe
PID 4004 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Users\Admin\AppData\Local\OperaGX.exe
PID 1368 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\OperaGX.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 1368 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\OperaGX.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 1368 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\OperaGX.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 4380 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 4380 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 4380 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 1032 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 1032 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 1032 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
PID 4380 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 4380 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 4380 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 4380 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
PID 4380 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
PID 4380 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
PID 3240 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
PID 3240 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
PID 3240 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
PID 4004 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4004 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4004 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4092 wrote to memory of 3956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe

"C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe"

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe --silent --allusers=0 --server-tracking-blob=N2UxZjc1MWU1YTVhMmQ2ZmU2MDM2ZWNmMzNkMDMxMjYzNTFmMmJkMTUzMDg1OTFlYmU2ZjM5MmNjZTlkNzcxYzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04Y2E0Nzg5OTMwZWE0ZWVkYTQzNDIzOWI4Nzg0ZjE5YiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzExMDI5NTcuMzg5NiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiOGNhNDc4OTkzMGVhNGVlZGE0MzQyMzliODc4NGYxOWIiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIwY2RkYzJmZC1jNmFlLTQ3MzMtOTRjNi0zN2FkOGJhMDA3M2UifQ==

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71cc8c5c,0x71cc8c68,0x71cc8c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4380 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241108215600" --session-guid=1ab224ed-3c5b-4210-82d6-c43f90d0ca3b --server-tracking-blob=MWExNGI4MzBiYjZmNDk1MTg3N2RkMGU0ZGYzNzY3MmI1ZGJmZmMzNThmODkzNGZjZjAxZDExMjNmMzY0YzMzZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04Y2E0Nzg5OTMwZWE0ZWVkYTQzNDIzOWI4Nzg0ZjE5YiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTEwMjk1Ny4zODk2IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiI4Y2E0Nzg5OTMwZWE0ZWVkYTQzNDIzOWI4Nzg0ZjE5YiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjBjZGRjMmZkLWM2YWUtNDczMy05NGM2LTM3YWQ4YmEwMDczZSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E405000000000000

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x330,0x334,0x338,0x2f8,0x33c,0x70ea8c5c,0x70ea8c68,0x70ea8c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x24c,0x278,0xc74f48,0xc74f58,0xc74f64

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\874a2837e3cc4a28929b93cf7efb0afc /t 3908 /p 4004

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeec48cc40,0x7ffeec48cc4c,0x7ffeec48cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5320,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:2

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5492,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4636,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4588,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:8

C:\Users\Admin\Downloads\Bootstrapper 3.exe

"C:\Users\Admin\Downloads\Bootstrapper 3.exe"

C:\Users\Admin\Downloads\BootstrapperV1.22.exe

"C:\Users\Admin\Downloads\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper 3.exe" --isUpdate true

C:\Windows\SYSTEM32\cmd.exe

"cmd" /c ipconfig /all

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\SYSTEM32\cmd.exe

"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")

C:\Windows\System32\Wbem\WMIC.exe

wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 2AE49510C002DEB4EFD55D299113EA43

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D57C78A36DDB14678BE7DA05372380D4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 97DD5E2FEC9A2242F2325A648B37D27F E Global\MSI0000

C:\Windows\SysWOW64\wevtutil.exe

"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"

C:\Windows\System32\wevtutil.exe

"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4356,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=864 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 70.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 dlsft.com udp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 filedm.com udp
US 172.67.195.231:443 filedm.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 231.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 dpd.securestudies.com udp
FR 52.222.201.47:443 dpd.securestudies.com tcp
US 8.8.8.8:53 47.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 26.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 post.securestudies.com udp
US 165.193.78.234:80 post.securestudies.com tcp
US 172.67.174.4:443 www.ovardu.com tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.111:443 net.geo.opera.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.78.193.165.in-addr.arpa udp
US 165.193.78.234:80 post.securestudies.com tcp
US 8.8.8.8:53 111.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 82.145.216.47:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 features.opera-api2.com udp
NL 82.145.216.15:443 features.opera-api2.com tcp
US 8.8.8.8:53 api.config.opr.gg udp
US 104.18.25.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.122:443 download.opera.com tcp
US 8.8.8.8:53 download3.operacdn.com udp
GB 2.22.249.200:443 download3.operacdn.com tcp
US 8.8.8.8:53 47.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 20.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 15.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 17.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 122.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 200.249.22.2.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.10.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 89.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 165.193.78.234:443 post.securestudies.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
N/A 127.0.0.1:53313 tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:53316 tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 a.directfiledl.com udp
DE 167.235.218.62:80 a.directfiledl.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
US 8.8.8.8:53 62.218.235.167.in-addr.arpa udp
US 8.8.8.8:53 getsolara.dev udp
US 104.21.93.27:443 getsolara.dev tcp
N/A 127.0.0.1:6463 tcp
US 8.8.8.8:53 27.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
US 8.8.8.8:53 b37c8755.solaraweb-alj.pages.dev udp
US 172.66.47.197:443 b37c8755.solaraweb-alj.pages.dev tcp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
US 8.8.8.8:53 197.47.66.172.in-addr.arpa udp
US 1.1.1.1:53 getsolara.dev udp
US 104.21.93.27:443 getsolara.dev tcp
US 1.1.1.1:53 clientsettings.roblox.com udp
GB 128.116.119.4:443 clientsettings.roblox.com tcp
US 1.1.1.1:53 www.nodejs.org udp
US 104.20.22.46:443 www.nodejs.org tcp
US 1.1.1.1:53 4.119.116.128.in-addr.arpa udp
US 1.1.1.1:53 nodejs.org udp
US 104.20.23.46:443 nodejs.org tcp
US 1.1.1.1:53 46.22.20.104.in-addr.arpa udp
US 1.1.1.1:53 46.23.20.104.in-addr.arpa udp
US 1.1.1.1:53 b37c8755.solaraweb-alj.pages.dev udp
US 172.66.44.59:443 b37c8755.solaraweb-alj.pages.dev tcp
US 1.1.1.1:53 59.44.66.172.in-addr.arpa udp
US 1.1.1.1:53 215.143.182.52.in-addr.arpa udp
US 1.1.1.1:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
GB 128.116.119.4:443 clientsettings.roblox.com tcp
US 1.1.1.1:53 235.3.20.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\OperaGX.exe

MD5 885c2d25e65016f83bbad5f570c8b373
SHA1 4c4205c578f504c87569fc9122ebeebc3c1e5cef
SHA256 9aecba8c96759f4f5400c4a222984a8f24af3f56f116d86eec2be3c2d9448bcc
SHA512 eda3fc75e19eb7154ae0dd65f4cc471c37e148a845045173bdefa4b7deb2c4f891b0aae4bd7c7bf201c106b8804b112d7f5fbc4976457ca19f76ef1e5659e936

C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe

MD5 dcc0d15e77a7872758e65deb0bfc6745
SHA1 1efb89e143bf5edd34d46ae8370ecc13d4c3339f
SHA256 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64
SHA512 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411082155584144380.dll

MD5 1b07ce60bc1c77f0cadf13c2e62b1383
SHA1 ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d
SHA256 e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f
SHA512 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 0a94d3e0b5c29962758cf4846de3f1af
SHA1 7f833881309c34da1515fcc47bf5da47060605fa
SHA256 0f1dcb95951b3ec852c9f43cf7df84ad1c86c5157877f8da7f8c1cd54ebc2596
SHA512 8902ec32f9335a5c6f31d65e62667033fa2db337cb749a0212ab742588789da5ce3c3a76f45c4c01e206eed6fc0e8b3627d6072aa7b5f34a7affbc54c9a41a82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 15d3275729c41399a33c2af7b77a5aaf
SHA1 4d6618ec611736689a4a0f181ec7ec2f4a96b096
SHA256 25f71eda34dd6fe869863a96305fba283c873d6f98a89af57651f2d112e8bcb8
SHA512 750da7509f07708e08b7086ee0d9d80ad31dbe77adf2479f799fd536e8f442430485546919af8be118a36af6ec546b86665060976d5832f0f4230c81644979c1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 1cb83040e345d9d4c0639a8cc01c687b
SHA1 84feeac5f1f2bb709fe846bbc0869626663113c4
SHA256 51b871fa7e5a011a47d8db9fffd4038c9a0f1be07247d887722d54cd5ddc29d8
SHA512 1b7be27e3cd2aeb061c00d2f02e8f1f4a21643f4e703b9c485e9c930a1a9e3152ec9eb290b32d47cadab6c0b5d640f64fbc7243857e5c8ff5346490fe4ff603a

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

MD5 bf6eed6cdc17a0130189a33a55ef5209
SHA1 e337f5a0931f69c464f162385f1330b4d27b372f
SHA256 ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168
SHA512 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

\??\pipe\crashpad_4092_OIQANGSIEDSNUZMX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\5ac4ce77-dec2-4ed2-b838-f0355d971b30.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir4092_1371937038\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5009305b4d8bc2b33b4df74fa8ce3661
SHA1 ac96003f25f69592b85463ce5af50135337b1d52
SHA256 3cec25a9925f3b28388bf47a374506f3ef243aacbb6db2ec2c57daed4d4ffca3
SHA512 f52df0c62d6114ff46e506d8a04ee1188995775ccb49e4db0f4af99fc0af9ab4da06a352d1ee9ad7332f3d2a29c9c4fe199b8e698a3d2561fb84c849ef841c7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 155c972e3e483dd79acb712127d4c71b
SHA1 010dd29bfed27beba9c5a7546064a265a96eab49
SHA256 db061b35f1039888817c8cfc1b8ea38ed65a3289537c724d206e32c66952c5c4
SHA512 74eba62a71a9f4f975dca9a1fa335d998f51dd87e5ee6a6744a42a8292a32b4fd9f9fe1c6e836e158dba4ba6ed9e1da7d9dc840b7a6e17d3535a68cb46f77347

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18da5a235b181490556b0f242b69e8f2
SHA1 3a773f747a31d06d0dc82235012524d9a29d8515
SHA256 9187a72c1e5eb4c952550f43c24492676fdc616dcb51f7286b5b428ea1bdebc3
SHA512 99528915e3aef741c98c2f34035a14d8a908c52114f166408c239bdcb1566621de2d58b5b018b49a145495e80acf5d2d8f5fa27d4042125363c994e9cb7ab2ed

C:\Users\Admin\AppData\Local\link.txt

MD5 0ed76d0a948f021916b8c255fb16ba99
SHA1 1f3af610b441cb151f89009d4d1343be66c875cd
SHA256 eca0a517e62a864b0e05633b9bf1a14b401e350d3788a17569569b8076ddba99
SHA512 a0259b538e8931ca4505224e5070b30ee202d6529d41a032b2921a26be8868eeb4403d9da582bae9478b53ed7a5e8b4325f681d03a5726b981686b0ffaa46b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44f0189d25e58c737dfcb599fc3fcff9
SHA1 4f95d189c8f2a5cc5b656aada88810b14b72597d
SHA256 e5aa0f98c490be4883ce319bc1067b69c9e2d0f7bea4c7e7b6e8c45967ac5fb8
SHA512 3f9c9ad813290fbc9f8292e39402a4529311054c1e393a3c30aad3b7f9f9115cd9ababcdf8c1112bc65c22460cc214f5607b0d1ef0ff2ea0b8e73aebf4175270

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1d5c03305da080c75a854bf40a1ec09e
SHA1 692178d801a1177b0ac538385da017199afb044b
SHA256 36d75c6bf942a64b1f0a8a5614c8c809159fe8190cdccc615860d5df2b843ac2
SHA512 fe70485157909884d768e7c1f9b6858e875ec5acaa5f44c43641155b1a9517f66598ce1bf1adf63dbe372c1f3ac5acfc6727844ded86087da183825c3b887e10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5f45a84caa88c12e269a3606bd347e2
SHA1 30f3acf6dd98ea3a94570890557e0e3f41c991db
SHA256 b1afe8db6de82ee91a3229b7fd8a6b44828be3421b9b601bca68aa697c50a627
SHA512 3fae9b300d3ee5c6e62d65ba75e8ccf73b7ce6fbc53b0b38e385fd477d62566c4e0a643e0e76be2f92733b1b0b210ad68130b5a0de5d66c392fe088ea4e69bc3

C:\Users\Admin\Downloads\Bootstrapper 3.exe

MD5 4b94b989b0fe7bec6311153b309dfe81
SHA1 bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA256 7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
SHA512 fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

memory/3964-652-0x0000023A10400000-0x0000023A104CE000-memory.dmp

memory/3964-654-0x0000023A120D0000-0x0000023A120F2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 aa402de386679aa5e6fa5378766ea8ad
SHA1 55c608e3ad190696f3bf5440142ed0bcbcd67f4b
SHA256 2be267983ac43a57db561cec9bc214287c5db7e1f6f4173b847dc07aec05d674
SHA512 1158d89c2440cb9be24f49ecd4d01172a4ec59ddcd430aead2647b074378533ec2b9dabcb1fda7158178f46b82e2a7576ed523b71afc5004556ae22621479353

C:\Users\Admin\Downloads\BootstrapperV1.22.exe

MD5 2a4dcf20b82896be94eb538260c5fb93
SHA1 21f232c2fd8132f8677e53258562ad98b455e679
SHA256 ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a
SHA512 4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288

memory/1880-672-0x000002519C970000-0x000002519CA3E000-memory.dmp

C:\Users\Admin\Downloads\DISCORD

MD5 b016dafca051f817c6ba098c096cb450
SHA1 4cc74827c4b2ed534613c7764e6121ceb041b459
SHA256 b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9
SHA512 d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 876b12d1565a8ccfc26e49be32564562
SHA1 2e12383951f020f14ad9d197d4c41ea1512417a1
SHA256 6f35b10f9294bbe9011f0bf0007f4db9959d0827033486213148d36090a70acf
SHA512 ce1665f865a8ec503fdc42188d272d2e395526cc48e28ca3da041d3d4c9447f448caaa5aac4efc2b182624e30157182598f150190bba8e000480ee90227d63dd

C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

MD5 0e4e9aa41d24221b29b19ba96c1a64d0
SHA1 231ade3d5a586c0eb4441c8dbfe9007dc26b2872
SHA256 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d
SHA512 e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

C:\Windows\Installer\MSIB7AE.tmp

MD5 9fe9b0ecaea0324ad99036a91db03ebb
SHA1 144068c64ec06fc08eadfcca0a014a44b95bb908
SHA256 e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9
SHA512 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

C:\Windows\Installer\MSIB86B.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d3b567140ae7dbb251196caf222a4f56
SHA1 f32bdaea29243ff0042f567669ea55606d1c7949
SHA256 b345411bfbf17327a866a0e7bee82eb8793b35a47926888314b296e9c2c9e72a
SHA512 286b40ca7553b30930dc4241eef9d63ae8d4e3385ed6c07975c7abaac8059c46a13382160c7a861f902eb5e30c9d7d6c21e2cd8f431c02c2aed3d1602f1b1f28

C:\Windows\Installer\MSIC176.tmp

MD5 7a86ce1a899262dd3c1df656bff3fb2c
SHA1 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541
SHA256 b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c
SHA512 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

MD5 b020de8f88eacc104c21d6e6cacc636d
SHA1 20b35e641e3a5ea25f012e13d69fab37e3d68d6b
SHA256 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706
SHA512 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

MD5 d2cf52aa43e18fdc87562d4c1303f46a
SHA1 58fb4a65fffb438630351e7cafd322579817e5e1
SHA256 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0
SHA512 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

MD5 7428aa9f83c500c4a434f8848ee23851
SHA1 166b3e1c1b7d7cb7b070108876492529f546219f
SHA256 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7
SHA512 c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

MD5 5ad87d95c13094fa67f25442ff521efd
SHA1 01f1438a98e1b796e05a74131e6bb9d66c9e8542
SHA256 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec
SHA512 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

MD5 d7c8fab641cd22d2cd30d2999cc77040
SHA1 d293601583b1454ad5415260e4378217d569538e
SHA256 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be
SHA512 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

MD5 bc0c0eeede037aa152345ab1f9774e92
SHA1 56e0f71900f0ef8294e46757ec14c0c11ed31d4e
SHA256 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5
SHA512 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

MD5 f0bd53316e08991d94586331f9c11d97
SHA1 f5a7a6dc0da46c3e077764cfb3e928c4a75d383e
SHA256 dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef
SHA512 fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

MD5 072ac9ab0c4667f8f876becedfe10ee0
SHA1 0227492dcdc7fb8de1d14f9d3421c333230cf8fe
SHA256 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013
SHA512 f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

MD5 2916d8b51a5cc0a350d64389bc07aef6
SHA1 c9d5ac416c1dd7945651bee712dbed4d158d09e1
SHA256 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04
SHA512 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

MD5 d116a360376e31950428ed26eae9ffd4
SHA1 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b
SHA256 c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5
SHA512 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

MD5 1d7c74bcd1904d125f6aff37749dc069
SHA1 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab
SHA256 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9
SHA512 b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

MD5 e9dc66f98e5f7ff720bf603fff36ebc5
SHA1 f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b
SHA256 b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79
SHA512 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

MD5 201e90f8b5c85d71adf8712f687f63c8
SHA1 d7d4452a1cea9cc80c36eca473b980943d738e73
SHA256 411393f7d65e9253d89c5e3e1a1227f154b829298e04155d0675c880991363d8
SHA512 77683bb82db9b29953e18008a21fcfb2bf4a4dac9312795f268cf295ff722fb5a3609df2a34e4006a95b406f02ae7f19f40486c15c65c09b8da37ab3441db2cc

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

MD5 db7dbbc86e432573e54dedbcc02cb4a1
SHA1 cff9cfb98cff2d86b35dc680b405e8036bbbda47
SHA256 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9
SHA512 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

C:\Config.Msi\e59b31d.rbs

MD5 02894b4dca0fa72432f4766225be7c06
SHA1 5ebcd436443dc7f90039571ac15e24c5cdaacf6d
SHA256 0fc8672e90c2572e7289840b451eef1403094a64ed8d29b32b2b636e24a0b739
SHA512 dd5002c52f20f304794d7b10050117b0a19551408119a5f22ccf8545efaab2e8dced85d9f506e01e396d107e800b2b954b7899624b444b6a98cfc272528a5f2b

memory/1880-3058-0x00000251B6FA0000-0x00000251B6FAA000-memory.dmp

memory/1880-3060-0x00000251B7020000-0x00000251B7032000-memory.dmp

C:\ProgramData\Solara\Solara.exe

MD5 c6f770cbb24248537558c1f06f7ff855
SHA1 fdc2aaae292c32a58ea4d9974a31ece26628fdd7
SHA256 d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b
SHA512 cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

memory/5572-3474-0x000001FBB5BE0000-0x000001FBB5C04000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e55f1d23e2b357a3435984b33771e71
SHA1 d02f4b5203410138b66d3cf819861b7a19b4586c
SHA256 beb2d40c7b22fd1648457b6a44a3db3d5f9dabd32d0a4ffed863500abbac5b46
SHA512 a9cb68345d1bbde6b0e7b9959f4435f025daf9d8f079789c21bfc3c848b445f3228977f93068b0587d6d2aaf16eb9a0b755728d1297a29d12f4322839f9fc92b

memory/5572-3484-0x000001FBD0930000-0x000001FBD0E6C000-memory.dmp

memory/5572-3486-0x000001FBD03F0000-0x000001FBD04AA000-memory.dmp

memory/5572-3487-0x000001FBD04B0000-0x000001FBD0562000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 818a77310dc8a94706d50f4e2d52e805
SHA1 4597087fd4e306dcb07713a8432f998cd84ee290
SHA256 b59704b064eecf5466676f02263cf76ce8159191518415c364a9227627434546
SHA512 fc13d78267c3ae859d1fd4952dd62b62376a6981d45d746e66eb49f0e2a027dc9c3864fae7fc0be80386b45ed33d607b01e4230faaa3566d9657bf6dafb7175d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 24297e56b912c14937aa22d152597c8c
SHA1 7fe8ddf5fe3ccac5b6fa743bdd17dd3a0bc07548
SHA256 52dd8a730c85863768cd2488eb867648f0a174a96e18fcbbd896361d0ffcf715
SHA512 7910c273b4cd8136e4d803a38808be428cdc74fe3f84b4551b39c04aff728d02e47566e09a0b66b33a359a7c2811d49b512efbc26b92128d3d97bffc98e6211b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce5665797be5a563771eedfac4930510
SHA1 4a4dc086f9584a5eae118c314f77d9cd7dbf472d
SHA256 bf9d675c83e75caa93b88ef29759c21b478e29a8c0930c892595679269029092
SHA512 ce041ddf3577ecad0bd279a2ec8b4779f82d66bc8cb9c8a1ceff61ee8c33063972bde685229fbc384cbab93eedd7194b318547ba34d3b030e99ecc32df3257d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdb34259b0bf52e345b37824eb8cdcaa
SHA1 d65df9590c259028a3692bd47e4b230ecd770fe5
SHA256 26c47f704e4c6e7d5b3621e21cb86f4e4dc9581879b2654ff25c95da71521d03
SHA512 6c141befe010c5a58a0ad982eaf3a7e9da6e89866de5a6885397741d2295b0dad8e0aec7e022efbe1f56a1ec414a1e9ee38f425eaf6dd08b204f8a628020d6cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27ac8c966dd7cf9668f915dd499f3594
SHA1 577e0950ed603bb55408b1f643da3a35915d3740
SHA256 ade4857fffbfaa0b911c35ae4f904e3dcbd9e9f05759a7661e224488b663b15a
SHA512 8f84eb73b316c83005ccedbda2805b755ffaa038b01eb4d74b32c548888c3fcf5a5ef8e17390eb71e135a1122d6b4a3488da71a9ff34e24f543e9b01fe206380

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad4d1955683f8d18cca8225e1b5a175f
SHA1 f850010d538c089fed38ff85d23286c732ce2d4d
SHA256 939252650b05ee410f440c9e6248124c5f048af9cbecb17bf3946bc46d75a568
SHA512 cc6a6b871f10499a647c4eeb76e021080ed244f1e026fea6a2de19c104224a5922ed02a5a8e0c9848034f3d45596234c02f58991a84459b128891080354d9eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82e91430227f93230a257bda2a657461
SHA1 479768f821a022cfb1073464886ef76b17ba5e1b
SHA256 71e64e9a1d9574504a7bf3a91174bef14c55ead5115e754ef637bcf4f5c290d9
SHA512 6a063b0febcd539a0e7a9c88a0bab681a84ad213cf0e69b4d7eba0befa22931428763ba7dbcd6a67116fe68ae2f1e0847ef3032483964fed69ba6630dd874698

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cd95295918f10df13c10ac10db4b84f
SHA1 d9d90778805d51fb0228d540756d9e3e67cd2c4f
SHA256 9f9235511a86cc8240c1e515b7b427f58886bade1cb8d7c2577e96b8468b79f6
SHA512 27260fbdf8d86f1ada3c7642213dbfe6f776c5a4cdd67886c89697d25af4406dfc71eb197b5fa584f9a7d8e8410bcd04fb0743d739f1070f147e6ece8bb708b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd40085600ae9db02da55599c92f355d
SHA1 a5d77d02121fa9c6e77a5081b9f4727aec1d46c2
SHA256 62397ce5f92be8120c8675832c6b1ed6a07286f8bd73526ac12c6340c0fbd8d3
SHA512 cf0fa0093f5e05fdf3f9493de98d7156b3bb970b030a06c41ff813795eaa8102b9dbf1fb10d5e5083f34863c857588d18eee476b408f02619707e46ea43643bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1eb49df3f3952e7852052ac848511406
SHA1 f82d26f17d948a0e5bca4066c247464cbac87357
SHA256 dde89268bcb61a795722981425c8ad62a84961ac7903b758958c1cdddefca547
SHA512 765d461067ac1db199e202e36a7c62fe1bf160730ee84b323bf0358fe95d7f5ecae0f98ae2f33b78e03bf252c35b148f76600a6ee012d85ec2981dee66f54536

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8776071b4be5a3adc63c0646c32c9e7
SHA1 461fdf547f4b8f8e8bf2db5192c63caa4dd814ce
SHA256 e741bde008506ebf4ea8a5addef1fe3e10b2c20b909dcf0e5ea6eda91e845ff2
SHA512 1e28dd85b8d25518b825fdd9c731b74b74d4e9552841c9be9428c412b0a58dfdb8556b5c9f69182142868e11581859ccdb329b13284c5002db82dbf2a7f4a5cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c915bff4a84f96ee77c156362c06f36c
SHA1 e61c7982d9dfb927398b1d4577cb3e5ada63c824
SHA256 001f70f2ab60c6feb98fd4399c00087103f0cb680060be0cfe92dbf88d34e90f
SHA512 417b050f631241ae3e62da4692144a7484ad7be6e3c5d9e4e7ef809bc01e675c647e08ea9d72f6862bd7cc0bda78447496a78e74eeee7cb56737bfdf00fd1d3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 728946636addfc6895832ca945257167
SHA1 88f73ed54aefa2333b7dbef2f9bb893d6513e2ff
SHA256 d611eff05303a57d69039ff1e8226cc6c4b5db79c00d5a1b55acc1364ec4b788
SHA512 4a5039779893bb3a243e3d3282014f7148362d0e0249270f23d37546e9673d1d22f5cb891564c1ce0c9a288dd2a471856379c438e19304d1d5c48fa0fd38e1f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6986fbf07060fdcfb5b82bfc822ac028
SHA1 bc3a30780189cff901c569548edc042ba17ed8bb
SHA256 7f2d83be918b91e7f609b871b19f6557938c79f2cf6f9d0549bb1c3a9192da36
SHA512 1d23942315c18ca8c1790ea56d7e65c59bb4bc90487dc8d89b8bf8810070e69507f1a60baf7e699c32015f00d86b9f2a87ab1f4701d178f9aae80bb4e9af157c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5881c669380067279abef33152045194
SHA1 55aa8b4f813b616f612654ae81111c635111cb1e
SHA256 eaed0919d39b4d6d3948d6ce543221ea9d5a8190d737efcc8daf47a7281aa534
SHA512 f5063a0524eba2b676bb45d1e75a53ff38feee3611e7c562319c380daf52bd8e4c6b47dc3c68a1c3b0b526d8a60aea4cb70d5d665bf884fead68d9acb10d7549

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29dff90b971f2f71f7aa11efab630df6
SHA1 7fa2483042c742d17197da44711f3c8f273cd129
SHA256 0dcc7476d04fb6bcb8c14b74c3e7a45c233b9bcfffaf6bac365cfe06ed9763f5
SHA512 81ddfd1ab2e46718bc7bd76e64827e3ce144bec2e5ffc764c916e7a649de9d4dde7f24b53ecbe89a23136d7a620b5be000d394c974e56c1e9bd4e7e1437fe8ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa4496c0e16f54cfd03cc1f43ab4a3da
SHA1 be8c7682ed59af4616d2271b284048733e30fd84
SHA256 cf4c5138949188168dd99f5afa63747bf338b6ae487a864bd19eed298c8b18cc
SHA512 3bd00b0e3d3fcdbe13bf29de21a62f30461a2a3b7a23d119ef2fac0e376da7d59ea256b5ddf77f333dfc47b66b39d732ad96ad9cadd5b0e92ae6bda23841f271

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0590cc8777d927c23781059d537fd8d6
SHA1 4aa1df330bbd5743386df433d613baf2de9fd592
SHA256 d7d21a78b6eee03285c4b7acadfefe90422b228818e8437dc3b32ec5bd58b8e1
SHA512 31b088482f2cc6bdae255819bd29ec8c2037be9353c5912d284a5ae91bd7dbe7a29c04f7e4e76abef4dbe6c4ed7929dda4f5533cc37397ad486d850d2609d43a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bf8ba2086b0839dbe05a2f25353fcb9
SHA1 f204990c822f4a6be659c2590b85dc86326147cc
SHA256 89001b1a0e6f2502b54b3c5121a21eabc01ccf2355427c6634ba3363b94320bd
SHA512 5547f8baefbf58c7bc36c0b9c10a514b8483ead8b47f831faf70212026772542e644ebf718309d9daaac026b69335cf32e089b93e46240d139c29f2219a8a582

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 519fb36925526fd9ece68c1b029bc67f
SHA1 f19bf6b86a1bd96a02ab0167641e0f897a12b2be
SHA256 2676c76881dd9caeffc9d0c715571e64288319759514232b27a1bdf60f295d32
SHA512 27c3e9e137a5e28c452d01734011c4c0d7608efb34b39fb654fb213ad91e567c84a72f12a4f471da61d74b8446fab2bf9ae7dc1c16446121879352988f844b3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e72b881d2a92d6b69766f5d5125898fc
SHA1 8dde581f8bd6f8738f76f4f35dacf22d47836829
SHA256 1203c7363df44a9a82de08de77e389b0302846254e7378e9c512649e090ef13c
SHA512 cfc0451d5fa80f8c04ffa5eeb40336496ba02cfee61e64ffc5ee93eebf1b0c0683b8a1c48350652c90d22095e431301c77423c95c8b9feaea1944f2cc7e293a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\40a513b4-c724-42b2-a044-9668bfcb138d.tmp

MD5 5dc1b2b9e8559d8a73eee322046282a2
SHA1 2cd9c398dedc69592aa12880ac679473965cfbe2
SHA256 5474e6f67de3510199659707b31730991210bdd7243c96c3e446b75f4d1cd916
SHA512 861f93d14786b5a96ea89aacd9bdac501c9068f5f2d641d82eaa5872b2e6c5ffc2199a8d5b86f8d2d2e2a12f84c162cead53d4923cd197ecb77cff47cf782ccf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a380095a04414b9c155d9ff16cc22a37
SHA1 6de2ce30dd833ea9658f9d4879befa41db3b0fe1
SHA256 55215018777890ddf7d6c55d4887a471d25079db5dc6a8823a2bde064508add3
SHA512 e0eae8d6fc9f4e879dcd0f57d2e900e512972ea652cd3ba37016f01ccdf6fce1291956a6d51b6bf39e0a49457d7c8da3867252f15e099b8ae83fc21f5aab5a58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0586da1f242d460228a07a92073bb486
SHA1 ab3d27322502212f910755d643d233b7861c7dbc
SHA256 b344bc69b63c429d50945ea71e95ed5fc90c6c0a117e507ea5be7ebaf927d1c9
SHA512 55bbff606eb131426d4e3174da7909ec1f78802648c82a659ed7a0b7535dcd5c120045ce71237c15b02fb45133718d8532ed5df1c2802fcb661f53790ac90f7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc33de2a11049ae6236dc6bfe58b3033
SHA1 eba8c5ee0588a7f4f1d55226cf3af26e02150522
SHA256 8f9c3324571b1e656444966a56f653f27fff367c82c39f3ac77609eae7c5da82
SHA512 a39113307d9bf25424ddc27f75237555ef55c1a91953038db1884788f5cb0b923d272bfccbe2184f89c3a27f5ee940cf2587a7415b09a4555a1540d62bc5d55f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b27af0e52a156dacbc39393e7c76624
SHA1 61ecf6129be29b7ebb5f2cd414cd95d06645edf5
SHA256 5e13bee84a0aac47c9ce9a30038ecdbc72ae60b069713245ebf0aebabcaf23e7
SHA512 01f1359f98e6346fa1aef55527aac53c5ae9e6892dbdfbd95f8775635287671654f4778f79afd14e0276bb449eb561d685f9327fe5e62499a6cc854dc0a9407c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fd0023af00b38ceb71c5eae595a8916
SHA1 edfd173e91496b930f16888c440604ca09e53868
SHA256 6eb907707c1fdbd2fedd75aa9074aeeb670100eb3688f479231a06935b4480a3
SHA512 5eb1f4b780b959d696a3037d33bdabff405b9eff3c67ad077e635eaad39fa3066207525e692801f60e11aa2f2b3cc9e9ecab6ff5afcc8d4685a03dee17825bda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37eff0e8f0d1af1cb2733749e35689b7
SHA1 5082bc7942de9f467b42b13d1b1fd3ea16ad5533
SHA256 b3e35e379b0a9dac54db6a0c96b5172182745429c78c1f6c1aa0a0be7003d334
SHA512 e1fcf0b65a836b13bdc3b773828b2c833134f85292f5ec84898adf35531b63db01609b863658355434b3011db3f2a1094e57ebe337c548df12e2491186c987d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f54326a2173d8c8ff09b50f1dae7b8f
SHA1 0e954d840c4cfabe3930e3e761db6ca4a417043e
SHA256 cc89f363f13515bcb6aac932c0456231ff464cc3231c5ad0d49604c20031ad56
SHA512 f29f8da9d5915c95cd7a95acf5628d46d3b3a1ab6b49f5bc7dfec11a55450cc43867385099058872016ee306ea3787719b41455f8827a667a2da79eeacc54b3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52811a0735c175fa70e79333ae673774
SHA1 b92f343f5e57d750d27ca00c7862c2ba853717f6
SHA256 eaecce59d66c5c3166038c456c610c8885a1a528c21e42bcff81540793a16ca0
SHA512 2ab1311511e7607e1f7411d40eff4c4a29d7769e97657f4ec8b4f818e0d98219ee846a1939187d083369acb5a95c9a57aa2c4f6d4ce7e06e1dae899cd56859c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22cf1caca9458c4218c7a676a055b85d
SHA1 ba0d257e034e347c67273775d3c7982b1b35d6ac
SHA256 3dd8e460092c06f9be408a310bac87941c218a257dff8da480d639870c309324
SHA512 54364da284d6ab3acb7c13421e4f4b2a833d1fd2b76784f06e39bbe0744f28687a6224dae07baca43736212ba9e46fc8128acaf8c261accc5e15c218ab3c0364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e7ad2410-283d-4edc-8936-7df9f6ac08eb.tmp

MD5 bda631807265afd7baa011616913f64d
SHA1 063150e52e27148d26212d0b647e66c7b0533c4d
SHA256 c993f1fa7a9e9579ff48d29da6eeda3d0235ed9b8ea9001473fd746b5005b661
SHA512 c6e0999cb764483324603dc8f3d346e4e91edd99cb575eef4c0f82af38ae39113a5899a57691a8067b81b07074c15bc374f38bfde9679306b6fc816ca5038b01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f2abeea253d6a5e8b3c178fed1e1252
SHA1 4b9a757367a26cd8ae2fa41e38e605df14b8eb55
SHA256 3f17b47c7b323c376ad888e2bf70a0acad58cb41f4a3d64ee79b67243db6b5fc
SHA512 72df45449768415f954bf12ad94dcbbb6d8fa4c70744f8ed5935035c87f9f412b710a984f41347e142cc7b8d6a54f609ece3df10c1ab188acc9f234d6ef69fdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a925516ec8f9e5fd0af6f394d7f859c
SHA1 07b716321065f29dadfb984af0aad9307ed6ae4a
SHA256 b3dce5ed8ffd1e613b789909085748a24e707a346b0c63f02f283cc7b130e58d
SHA512 75e0d002be14b243773fe0ac5e31871b3e44605c072057aa8da53891ede4c34539265f3a5597b39d3603cd0ac988b051b2df5de59e2dc891efdf1df56460555e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a8656475033d26f9aba0784eefac07f
SHA1 103e7fa41a8c40e058e73ca428bd6ea75188cc7d
SHA256 3af0c8d546dd003fb3611b0d0a3ad3d0528a829b7293c30e19e884a4bb1f0778
SHA512 206ac57910e6545f0fca517b14ce4e5e960e693f6249526eaf65083f8642b370f7a1b5346c730417a205cd3535a127c62309b05d49181a89303f277e565cbb76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e5b4b36279132a54434cc745a15df16
SHA1 785780412eb7fbec44486500e778c0f678d54618
SHA256 978f7c411bb33b578619d9ccb4d87d5058f11253d9a18dc68922f56d19f41ca7
SHA512 79df99747313474ab640c99f3ce05eaf948a027c424f70a6ade7b6b893c16c016d30b9b5d2814114c536e099b13c1304ef686ff6305400177baadd1a8d812aed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 209361fb50444049256ffccaed9bf226
SHA1 402b3b682312dc2dfe5464af72d3b68c6ecdf0c1
SHA256 cc3fbc3a90cd87d54a3d98ad48898f91ac9d5745db4ac0d9f9428098d5526d0e
SHA512 fac65a3440d2d76eb70908ae96eeedf9a1aa8cdf8a6c97420fa820d696dce609383111f2e563c72e3d427cdbb63ae6238c9f055657b8c8b64319b23b33c99452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bc99df5da3b57e7a4ee5c5eaab4a7b5
SHA1 ec7bbdad916fce556a4eeb8f843131d6e10d8ca2
SHA256 3b6e05da804384802bc073ed566f9cdfadc3bae8905f98de36ce2741eb0b9eb9
SHA512 8ab0c2a7ce75106cd3fb0bfd590ea1653d99636c1d81545d38a359d3f638cb302fcf3d698b5bbb7857eeb8a8839a3c08ceeb101782b826675b42b71bd31ff4da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3529b35c797b39ffe0fd4833e40a82f
SHA1 e71643a6d3d7fefb4ea302e36e3f79490c46957e
SHA256 a63efaa6f209485cc11c9334fe481181d5972a5a69468fda5e315fd882b59416
SHA512 7435899d91542772f46820c6147fcecdaf1ac584155f9423857066218a250d726a2f9d3fefd280f4470a14590b1008917a53663abb1e2743f4d34cf27c49ec5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7e159a8e9b34cc9c8cc7414c0e091a8
SHA1 8b96fd0ebb7c1c73bced5248bf2cfa869ed30af4
SHA256 a7961957f7068050583d572f81725530265a294bcf7a209e226f9af5846dcc70
SHA512 5dc3aa246f53dde258aa006f6279314f41ad19bfc567818af20251d4749ec75883f2ece5d8b1971bb9dc2538184bbf3580b3f8c8ad650305604aa416cd881d3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50ac275fc3f99ec01f473ad20e9876c9
SHA1 8301d3e5229dfee18ca908c1a386f7d5d6488a1a
SHA256 bcc946c21aa3bc13f37ed68c6b53fb20934df3f562e62ed1249f0e6ae3780243
SHA512 58ec3aa87ead576cf3c2bdbff8c4a70c00f086fd0fd674d634ecdf43279a61051783c442670c8e7adeb6e26b63f142fc79df722108dc942d18899089845fa763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d82aef46e5a87ae97a659971062a0c24
SHA1 63239a4852fcd1269283aeaa60cd8ff6e9219f4a
SHA256 ce3c6e79d8161b3dec81d32fdf894256d3ffa93b265c57c66ee48ea71c57fa8b
SHA512 e71b792e621af6fb4f16b9adb4c8733296a3eed41254709ad4042a8589d07cf71f851a7ea715289a0ebcee2c30447312632615bb29183516cd2e2febb4df122f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80e27914f0f3bd232b67fe78c0269e30
SHA1 88fe4ce8a1e53f4e056cd91bf85132938fc0d6bf
SHA256 54e2f0a4ac17d1f088fee3af2b4aa5c9376abc2f88b13ad53a69a900ccf6ba2e
SHA512 12ee733070d4440b55772ca73495cbcbc39b5f2e0497219f6005539856c0d26036c01966da01462c996896e5f919bae45c486713b18dc9de34736fbe9df2d661

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6767daaf6156a59e9e1c78c91c79c54
SHA1 05a3a10062b129e47c54489360e3efafa7c9f0fa
SHA256 4e93afd7afe5f45bdeaa4d8e079fd877b32311eaf0baf392d8696aa1cda8fc82
SHA512 1b440e42a8ca77d21b7b628e1bb7e5e08111c429f8e0df23e18422bf6887f1291ea1bc4ad2658b419449b5b634857002ab921e9c6e760128e19dea1418868858

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b025cdd529c7aaa53d66fc10f63b432
SHA1 81750a9b50490c53c7bf1042bc3b8b1e41f710d5
SHA256 b42b467ec33fc4c1c6275e7458ef0beec9e9ab9cfc95288fa9f304202e056cb3
SHA512 22c2fbe29c57463c943c5d576a6daf3a811b3558e25046bbeffa5f11f5c6c4113415d2ad622d9a5c38eefbd7deab4813969b20202de1bbdc45579fd29732f487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 663d5528fbe48bc503126391b1017b80
SHA1 e8250f5c94e91ea04c2e8bea9597283cd2b4c771
SHA256 9b4aab74cc89b3bd61747dff2eb2bd4a544120230f4b19b65822a03eb3c6c570
SHA512 d5b63e92fd549e87d3e3db86246804c033aa30ce143461734648204888a4d32effdb5d52882fda580aff42c245a665838f29c65b6919b8284020dd4a2cc5de91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf90bbf2a83a9e33018c522186332fd1
SHA1 19388dba742ee37b9d225b3cfef4aeed6240409c
SHA256 5f63d31dcf8ccc49bbccb1335bf54e4ea8aecd1f9cda73d0832e04478156c059
SHA512 23ab7440d609ff232ec92a794d7a03ad4c9492a988cbb458290b2ee3e8aa68d255b0c182e71d6fc2b16982b86f62cf663b8c59f32de19c6d2c2165e631e4aeed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a8d27e04d8852b644a15c410af52495
SHA1 149b0ff6ad55b4873d564c5dc56d14da6280c1ed
SHA256 25f2c8e962311b5756b34c76e0d45747c4a9e96fc959112a3aea0704f3c3eee9
SHA512 0c560edb14a18ff35e5cd8181eb8b31fd64d2917f67b8b4ce1393dc7941e4fa3b6194392aaec5bc84552d6b9d1af7f00873cf33ab7759cb0152d5799c7be96bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d08326e0361914a3da37a7f22eb1199c
SHA1 325ac17787fe37d6da08247d0b784e88cdca2778
SHA256 017001aa172816aa84264eb30c7c4b241eb56248f207eb0ed79599c675eb1a4c
SHA512 ac85427ba6489acd83f229019471aa1c1f1e14d48d099cb75274996c3f86f1238555343081b58442b82aaa3a63e9456cd0dcb980fc927526aeee7de9d2c766f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3981a963073e32fd19978f7174c72979
SHA1 48f6fe1e767eb1c8ba8c5efc631a4cab5606738f
SHA256 be682468f2ea434b258d4e1b0906c1e54e6f159fe0984ad834cd8f74edb38a67
SHA512 52c678d257f554d339d66b30cc23d14919bac6dc827fd57fe7b3399a16f950e1126d3a654bb800a710b6f98e63a353d9522cf0f010c20206e509e1422bd98389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 660162642dab34f7677cdc3723834693
SHA1 061730d650c7abc5e544e13e38bdfbdeb745aeb8
SHA256 f947b93e0651f145659a23efddcf4475e9ed2417e169b25ae184d5a56d6b8c19
SHA512 8706b22d225f84502cacb13a41eb1f7b370b74adc28f211b1a98ecb2380092f61714de666277431886dc2b4301acce82822554e891a747fd9eefcf1761502379

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e7652dc18011388b7bc0be864641c23
SHA1 03c1c18c5b0963c69242d39e855cb6f93576b9a8
SHA256 a8ac2a13114a80131c62f870f977ac4b8b8c9f7c32c245ea213bd4e275a7823a
SHA512 5eca24d26cfa49b654e976b4c5a302d4e7e138bad0706cb9ff173c1b312f0bcfd4a68f239d2b33c81830d76296d8c4c3f19424bb6c29c25635df7041fa27b5a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\acfd92f0-4a2c-4e46-9096-42c3c4490208.tmp

MD5 011d8aced71b31ecb116ee796619a48d
SHA1 94afee6ab51e93fe993fc486369aba137683200a
SHA256 eabff01f3d15df520d878bd131f2f199349a42861c3469970f822ab3327cb5dc
SHA512 c7d0e8eed83770cc5c72db423f822875e2eb12e4fef3d666c88b38ddb025048ce5fb4335fc21aaec614ddf7632380f7dc5059be8130ad46c3fa9599eaa3799e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18107c821955c28a7d4863092b0be2cb
SHA1 5af096a582bce15b2391a713b5bbd6b2f49aa215
SHA256 8dd44bd0bdc028f491c340d835575bfafe614a6ebba37880cd13840ffc69e608
SHA512 30a450fc4fbbb86eb9c461706cd5e410905de9929a5a68f9b499244ca96f98219f7d7d72032563a4454f56cb60a5b8ed87162a7963e5f2a7797e630ffef48c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7589f8f1917988a658f76982f2414bf2
SHA1 504c351aa2f92c09af06c9beb153347d187d1ec3
SHA256 75f74022697e675fbeedb89a323ff70b6a268c93c64f0b21c9c7de52451861c4
SHA512 d7b14c7640d11164f1df8aef9d9a680cd526fe7f9570ba63e2db2eba7a6ce60d93812c181843525519800a88373aa14845799a7a4f6c993b1b03f2350049b518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 603081cd999382474fefaf852be7c6dc
SHA1 0afd96756b9886e9efb575f21bb479523cfe2df7
SHA256 200bce155674206a2bcc43dd7dc705f6061cc8906925a9d81f86fa35eb8b06a2
SHA512 76dc349592dc7dd491b7b9181c167ce4836730d3c6841bb046a37a62013f869dfdf6f91a5d4d2a56cfb32dbe3d9219893394b4ed4e7ea6f19e0899755664833d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8069f37a7af747cc29da090e7b33a720
SHA1 4133efea9e5a9181579d7977170e553be3801439
SHA256 c5125cf19a5716b0d9036e86705a5f1b3b6ad09188ab09a7e6c7a9de6b5e07f4
SHA512 64569da385a3378c5a606fc7fc4482d2ec0f22f86d9cbf918f5fd37be14f13e259ae28cac38fcb140101a0fb7f379c647c18ae2e680df6f682ad3008777ce4fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a52ff82b00d47907ff42d44bf59f1c97
SHA1 5c9c72b6edb98a558c449f21dfe5c4d0428f4717
SHA256 66c01f10d5a6f831b313b7dca1e3f54495cbbc4c7de4012213b45b431e1500f9
SHA512 3998d25e45f2335155265f352c1968e2f169da24c0b2f45d72a9d34e5889f8ed0951090f6d0d7b8391b3498bf15c4b4f1f4040600f6f6fcaed4f3bcd3097cb92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b676e85220e5e833ba5cf8e51303c57
SHA1 784a430b200392a5476c5463655f49dd3b2dc853
SHA256 a793b5e729f3da6c65e8acf46c68bbd992852028639b58d4ca2956ecca6cdad2
SHA512 e4f0b2bccf496126a6f500226f30d0e73bee913a3dce66a17adf981cf486048aaeaf4b59ae074ab07e9757c427d4d23e42a99a5d73c22910f898afdb0ffc1bce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab2ee039ab6f4751a5011fb044de24d9
SHA1 72ae50c905bf7bb6409c310e3ed8a903fdb9caab
SHA256 0c4638db371c45201016dc42b64ac66317bc020984b1f65685957bcd988942dc
SHA512 7bea3880c1be803ec6a5d1238fb8556edaad2ecaec9734b23f87232f5e08fcb03fbc3687d08dfda5ed46a53297d935a8adac898f6c7f75ce64f105a96a6cb953

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f393bbd7e9c228c95d0f6bb57228fdbb
SHA1 e41704ff1dbcb65a926a70119a4eb35e6eaf8516
SHA256 0ac35e7d1c2b3d2bfaeedd6a45eb99d0e69cc346823888a9a5c2029d1d422b6a
SHA512 f8d62f51aa1af5b0d73ec744ef1ff366802a40e047441bca2b10921adb5967893bc0303510ce067390a3dcfccf9ae49ee5dfea9fee721dfc4a500cf59c4e5a6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c389311b523856ddec9933d59550106
SHA1 181c2bfbd213ee626747c3af6464a9f18b276020
SHA256 453153f0ba4bad16c180c340a4a1a770a96aeb6176ff999b318bf809e338a23a
SHA512 cb30f5fa363c1b625fde849f952160b5aa9af4e2817c4faa7c3948792d9f41637e698657b9fd55d55ffa6046c87a9cd3b7cd53fc43d7daeb3352b374510f4b97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88be9edbd4c7526c82b170ebc902dafa
SHA1 de756c6ed2a1becb43dd5e97830582dd8a3c0d58
SHA256 ae54eefa95b4ce495c21bfbd14e3ba05b7ba7e41dd72400d0c10ad057bf86ecf
SHA512 e98dc221d72d4460de35f0ed0b7e0ead301619271bb1819f56eacd0a83e71a2d8b7d14aca5d7821562faa40c786ea74df1a3eb2e72e73fe30da71ff0b86f8b61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74dbe33ac8637562d6f0162cabe66349
SHA1 407a38323d5ea02a2a58acd83b51f388df3554c9
SHA256 63a0d534d712b3e4500dd025b5f2b42c77afba878496bc7d59c8fb8483813cc0
SHA512 a81309f3f9f4d4920ab53939db09fb9600fa0c7c1bf049fa2bcc3b27dbe3edaf96a6f59b2846019c0ab4613f8414a92c29494b005d2e465b627be088b2968540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b448b3e4df90eae6e1d0c3fede3d292
SHA1 9319aa6edd596532cf445cd4f5752a8610210216
SHA256 686d47642be0aa5ea60257e898ceee5d9c20353d9e7e90e852764aaacb452868
SHA512 e99c03919d1a81d5ffb184d8eae35556b723a14feb13ca9a9926d15300c51259b8b41288160752d8e233d15878c0ccc05338aeeb0b0d784210c80d4d15a91adb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6fbf4c8d0845bba20b90c0837fd80b8
SHA1 1d3666bc0842c658dd33aac3c13475815a37b526
SHA256 8793cbc35fad59b39262364f962c38ec3db5257f21a08856e7219e5f7eaddaf9
SHA512 c83f4ae6bbebe1c3249c280265cfee07ba2567bc7457dcbff85a10836bdd27a1c78afcbedd2f3e26a439b9781feab0c422a2eefb91bc9d993e6efbd47ed1a665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ba7b54d4331ab5ae74821922af1b6cb
SHA1 a9555e6bb2e4ebd02824bf1fd81a9bc248db9fd1
SHA256 8ef712df98d81d25433aafb02e3b5ba0972bbc9ee73ea2e811df8d249917a903
SHA512 9fc289945b0c5b38577ee952899e6ea95ade0757a000c5db93985d69f759e5a38fa6ae3340d997e0438d63716017f984bcdbb49cc4a8b4cb9b4878ca809cf9cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf1e5dda4a00fe39c6c88b0788f24067
SHA1 dff40cd5643c8ea889041d0f49e2ebbbda636c08
SHA256 60ba5e649c58fb836f91b6f7c5629fe23cd932be9ad912ce05d13c8780703d8b
SHA512 2dd860ac91de15a2a7b5224ae1ec8e7987013079daec5912acf1297585777478a5cb38f26f26ea27139e84708d3acbc8a6a1070f0a33682b408c6acef8186719

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b440b62f3fb1bc76e7b5d36c66e03d5c
SHA1 126ada0ac01eefdf72b70600fb43d0d7f1678304
SHA256 d1c32cf4a7fac693f4f68609f2d49ee170c5e6fe15dbcd3a74e2c294940563c7
SHA512 f5f782850b38a112b6b555b8ff0b71fb7c264ae504b6d4a7b0b7f1716910c96442b0c266721978b0dcfacfbfa4d22bef9717275e91b9d6900324184c8058d417

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7875f170772a07b57ff3e1a4b2a812f0
SHA1 0c2992a9fce267af3628e09bc4547739b825e8a1
SHA256 53651a3e33a2d9dc85466c29131c0f29bd83459b39644ae19a09c199f1145e7e
SHA512 783dc51a46121e6ad7b3f7c50c210b796949af94af2f21f304f09f4889c2f4bd9695f9517aede63b93eb6526ab1c47191aeab995bc855433a528c6b3674b7665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 250a590ae2ef64739b4c0af697399656
SHA1 f7210f38e2f6fa66b0a167ec321a5eec38b88030
SHA256 930fdabf807dba0bfd5e4288d9132d2728bdcdbb3eaa05b4a3d30c23c5de9969
SHA512 6072d3a63c1d8a1058f9769e9dc5c535a26bc01d04b658655b2fe12b37f7e0110a2d5fb52945280d054dbcd5e742abc1b11fbfef2bfdbaf9e487353cf808de74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1532da34fae196042b5989ff1ebc4648
SHA1 c22b8b4528c92ebaab4cf49f20ccb4fb810f3277
SHA256 ff961edd97f9227d5a1da3f0f432731ec033470a418b0076737a5aab8a9e480a
SHA512 1579203e7ff1e3f8c3cc5fc3c7bfe0f9649e007b0dd6cab7847d21c277d5b3c147d3ba2573abf5f3192d0ee7d5dd3186671f1f1b980734f911e6f8ea80ff5f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9213792b955e3af213d97e79db3586c
SHA1 142febc91edd6d146cc4bfa5b86a73de5e541332
SHA256 cb3ae119ea9e18b26a3fb903a55f617a93da115af03e9778f36ee347e5fd0df0
SHA512 82c1baa6321fb33b1bdbe4e1f53247160774bd9ab2d803feaea6878b002d4121fe52ff73978b205df1949908fc9d788abeed52866f4384929e455089ebaf5eca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc6f81df1a2d721344e12ac254d0fa62
SHA1 889aaee56b75b403885fdc35d26f88f3c1f88447
SHA256 a3cbf24d4d4103d63006db7a123a8256041c5450daf27779588c900a1fc4b9c9
SHA512 0998a644c0353252e744cbf05680fa981c1367a4b7af61601b32f5688d5466d44298bf8480bb71ae42a4f451f17d24c9addce72903e3a80f2a4f06027cc048f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce964142d22e5116c8c3ba342d2a6aad
SHA1 90b3bb3073413ce45ee8aec63fb43328ec3f38dd
SHA256 774eebafeeedad4506d9d3463e398494fc8e3091a0216c2b8618ffb5b2faec58
SHA512 ecc257af0bec33e1dafba68189b2d06e99e810f9fb18a6e4becd414ac590703ee0208929639459e158aecacdeccef96f77ded1e30e7a9daecffdee103d0045f5