Analysis Overview
SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Threat Level: Shows suspicious behavior
The file Solara New Bootstrapper_10282148.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Blocklisted process makes network request
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Loads dropped DLL
Drops file in Program Files directory
Executes dropped EXE
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Reads user/profile data of web browsers
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Uses Volume Shadow Copy WMI provider
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Gathers network information
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 21:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 21:55
Reported
2024-11-08 22:25
Platform
win7-20240708-en
Max time kernel
1213s
Max time network
1771s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Bootstrapper 3.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\system32\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\system32\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\system32\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\system32\WerFault.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe
"C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c39758,0x7fef6c39768,0x7fef6c39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1528 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3524 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4084 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4124 --field-trial-handle=1236,i,17908230913079343417,15417248264660525737,131072 /prefetch:8
C:\Users\Admin\Downloads\Bootstrapper 3.exe
"C:\Users\Admin\Downloads\Bootstrapper 3.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2596 -s 976
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| FR | 52.222.201.92:443 | dpd.securestudies.com | tcp |
| FR | 52.222.201.92:443 | dpd.securestudies.com | tcp |
| FR | 52.222.201.92:443 | dpd.securestudies.com | tcp |
| FR | 52.222.201.92:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 8.8.8.8:53 | post.securestudies.com | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCF14.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCFB3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\link.txt
| MD5 | 0ed76d0a948f021916b8c255fb16ba99 |
| SHA1 | 1f3af610b441cb151f89009d4d1343be66c875cd |
| SHA256 | eca0a517e62a864b0e05633b9bf1a14b401e350d3788a17569569b8076ddba99 |
| SHA512 | a0259b538e8931ca4505224e5070b30ee202d6529d41a032b2921a26be8868eeb4403d9da582bae9478b53ed7a5e8b4325f681d03a5726b981686b0ffaa46b25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_532_KEIXQPIDWWGQUABF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e4973c1d19da5e051ced993810ec4ab1 |
| SHA1 | 11673afbe9a2b996de4795ac11da53e660ab45fa |
| SHA256 | 0d9a04838c0c56943ef125422f34bdf8b2b0774fc62007da4cf51732692b5bd0 |
| SHA512 | feae66646d33bb3be7a95c2f1422927674e3aece1d609007a80d5da324505bf12e7c513c0f5ef0fe888c43593270362a97513f1c7d924c6258762afb69648e23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 04aa1b25f53682aa1f27b48d0115d3c5 |
| SHA1 | 20f5ab3031f8d17a834977341eb8d62576286625 |
| SHA256 | 0630fe3c74cf55473780bdcb0faa1f8c3c1be86375341d2fd143ee8722dcd663 |
| SHA512 | 7e1da3066e73145782a00fd77f3b6be1c494c7f866785995065348bd6a0cf6e263e2335b723158eeb1edfef3658ab1c980f7a6dd5830055fc37d4a1f72616c2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 44cb3e168a31a4aa989a25fd50ae2d7c |
| SHA1 | 13916ceed04ba893e55b7672c09788ca6d3a28b5 |
| SHA256 | 1d29580c50744e2548c792029c0af17e81889ba2f5679382f12b9835a0d7ec0c |
| SHA512 | 258dae21de8c8597d90c8c6bb1ff48d2df8ce358f2d06f35759be4e0eb9a566993247384304a4884185d9b2b8f22bf5e63da341e76dfe302724e258a965a8820 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Downloads\Bootstrapper 3.exe
| MD5 | 4b94b989b0fe7bec6311153b309dfe81 |
| SHA1 | bb50a4bb8a66f0105c5b74f32cd114c672010b22 |
| SHA256 | 7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659 |
| SHA512 | fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d |
memory/2596-326-0x0000000000890000-0x000000000095E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0761d2862b137a678d6a8a9db673e138 |
| SHA1 | df5fb0ff21fc8c289ba533f3b4c8f10dc461bc2e |
| SHA256 | 530e76d0be66c04ab0fa8453e8808abddd043c5166c9c2dcbcd7118330aac29b |
| SHA512 | 7bd6cebeecd55c5f41b1f3f9ff3ec773eba95c52201f645f0ae91ce58dfa578aa44e04a7547794d9975cdaec677111f0aed3e863d5191edde46afa94ddf9df59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6829f567fc29249f0d305ca6a91096a1 |
| SHA1 | 89ea569f90c50e07fe2b0840bdbd5787fbc82441 |
| SHA256 | 378ac81875dd77041e14e887386a41997d3c5c61f2032a9bef7abbd8bfa22691 |
| SHA512 | 28707f92ce450eaf0824c916b1608192aa2b84761260ec70c25c4e9ca07c7c187fbe2b28c74a8eafb22f43403fbde9a84e7798febf5cf106a8c5ad2942377d56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a63d08970d64e1116f48f9f9f8c03b7 |
| SHA1 | 46d3a7affef66cac6fb7e7067081d39dd9db32a3 |
| SHA256 | 0742801439d5d2ffe72326b759e170f9823bde0bef2663b24180865285489edd |
| SHA512 | 13ca3fe8cc44222dc780c57098a71bc336db98c9a851293ec1ed005aab74575e932a902d96cca47bfac17a9c7ccd9c55af403dafc01072c49305913b57a69798 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ef6c7d67008a8ff377696c7aea6581ef |
| SHA1 | eb867fc3f78574caf103a0ff56e80983c2629f3d |
| SHA256 | dd03584e1f5f7855f64de4895b8ee0280a0cd0bda55b794b6f1b1f0e35c9934f |
| SHA512 | d6acc3f6e2b20aa7ec322e5dd922fec98670e1146f8fe39dc3742d153f22aad9dcc257ad104a158d47a2b3888d98f4a1e10c0656c86bdd6c7726284b0e4c3824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6966dfe4baf55f092e1e9db47cd399d4 |
| SHA1 | 68aba61a342f24ea69587d3d45052a31a02fbb6a |
| SHA256 | 331b47fe538e84deddeeeac8c0e267e60fb528823a32adf099e0a46b030d58db |
| SHA512 | 8e73db79addf80402b7e3c52bd52c82453cf41ea69e52ce70f2b31a42f45c3a252a083b2ad59255ce7a10b5cdc48cb5e1d9e89b3ac110313f0faeaf0b04cc092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 68116845df6e3ad7119469535a7b6d96 |
| SHA1 | 9308d7bc61e55bb4f2c8235b2cd7cc95709de49e |
| SHA256 | 130103e644946964a4d032322863398fb943914970fa3b7f117783aa1f6ff587 |
| SHA512 | 8b564c32d4958c8680ff5aac561f105fb43632cbb355db435d9a634701d1f649fc06a22bc9bfeb808b0eb75ad37ab82bd2d8c292cf3b64bd0a8af2d6feeab41d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-08 21:55
Reported
2024-11-08 22:25
Platform
win10v2004-20241007-en
Max time kernel
1799s
Max time network
1782s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bootstrapper 3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperV1.22.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\abbrev\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\walk-up-path\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\events\security.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\base.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\browser.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.umd.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\audit.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\brace-expansion\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\emoji-regex\es2015\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\relpath.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\response.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\normalize-windows-path.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\_stream_writable.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\license | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\set-interval.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\ours\util.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\parse-proxy-response.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\util\tmp.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\lib\constants.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\listeners-side-effects.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-root.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\Force-npm-to-use-global-node-gyp.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\format.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\pax.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\minor.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-team.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\json-stringify-nice\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-bugs.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\error.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\patch\parse.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\yallist\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\prefix.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\base.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\run-unit-tests.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\lib\tracker.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\signal-exit\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\err-code\index.umd.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\is-lambda\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\util.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\balanced-match\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\find.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\developers.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\src\layout-manager.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\word.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\yarn | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\socks\typings\common\util.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pyproject.toml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\system\has-flag.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\bin\npm.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\node-gyp.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmfund\README.md | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC8EA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE965.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF1B4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59b31a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e59b31a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB7AE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC90A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8F7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59b31e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB82C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBEE4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC176.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC1A5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB86B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEB6A.tmp | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755766434979018" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV1.22.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV1.22.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV1.22.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV1.22.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe
"C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_10282148.exe"
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe --silent --allusers=0 --server-tracking-blob=N2UxZjc1MWU1YTVhMmQ2ZmU2MDM2ZWNmMzNkMDMxMjYzNTFmMmJkMTUzMDg1OTFlYmU2ZjM5MmNjZTlkNzcxYzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04Y2E0Nzg5OTMwZWE0ZWVkYTQzNDIzOWI4Nzg0ZjE5YiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzExMDI5NTcuMzg5NiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiOGNhNDc4OTkzMGVhNGVlZGE0MzQyMzliODc4NGYxOWIiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIwY2RkYzJmZC1jNmFlLTQ3MzMtOTRjNi0zN2FkOGJhMDA3M2UifQ==
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71cc8c5c,0x71cc8c68,0x71cc8c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4380 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241108215600" --session-guid=1ab224ed-3c5b-4210-82d6-c43f90d0ca3b --server-tracking-blob=MWExNGI4MzBiYjZmNDk1MTg3N2RkMGU0ZGYzNzY3MmI1ZGJmZmMzNThmODkzNGZjZjAxZDExMjNmMzY0YzMzZTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD04Y2E0Nzg5OTMwZWE0ZWVkYTQzNDIzOWI4Nzg0ZjE5YiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTEwMjk1Ny4zODk2IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiI4Y2E0Nzg5OTMwZWE0ZWVkYTQzNDIzOWI4Nzg0ZjE5YiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjBjZGRjMmZkLWM2YWUtNDczMy05NGM2LTM3YWQ4YmEwMDczZSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E405000000000000
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x330,0x334,0x338,0x2f8,0x33c,0x70ea8c5c,0x70ea8c68,0x70ea8c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x24c,0x278,0xc74f48,0xc74f58,0xc74f64
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\874a2837e3cc4a28929b93cf7efb0afc /t 3908 /p 4004
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeec48cc40,0x7ffeec48cc4c,0x7ffeec48cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5320,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:2
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5492,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4636,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4588,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:8
C:\Users\Admin\Downloads\Bootstrapper 3.exe
"C:\Users\Admin\Downloads\Bootstrapper 3.exe"
C:\Users\Admin\Downloads\BootstrapperV1.22.exe
"C:\Users\Admin\Downloads\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper 3.exe" --isUpdate true
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
C:\Windows\System32\Wbem\WMIC.exe
wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 2AE49510C002DEB4EFD55D299113EA43
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D57C78A36DDB14678BE7DA05372380D4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 97DD5E2FEC9A2242F2325A648B37D27F E Global\MSI0000
C:\Windows\SysWOW64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4356,i,7932635765396612518,5970145132495101003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=864 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| FR | 52.222.201.47:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 47.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 8.8.8.8:53 | post.securestudies.com | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.78.193.165.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 111.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.47:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 2.22.249.200:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 47.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.249.22.2.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 89.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| N/A | 127.0.0.1:53313 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:53316 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | 27.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | b37c8755.solaraweb-alj.pages.dev | udp |
| US | 172.66.47.197:443 | b37c8755.solaraweb-alj.pages.dev | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.47.66.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | getsolara.dev | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 1.1.1.1:53 | clientsettings.roblox.com | udp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 1.1.1.1:53 | www.nodejs.org | udp |
| US | 104.20.22.46:443 | www.nodejs.org | tcp |
| US | 1.1.1.1:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 1.1.1.1:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 1.1.1.1:53 | 46.22.20.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | b37c8755.solaraweb-alj.pages.dev | udp |
| US | 172.66.44.59:443 | b37c8755.solaraweb-alj.pages.dev | tcp |
| US | 1.1.1.1:53 | 59.44.66.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 215.143.182.52.in-addr.arpa | udp |
| US | 1.1.1.1:53 | pastebin.com | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 1.1.1.1:53 | 235.3.20.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | 885c2d25e65016f83bbad5f570c8b373 |
| SHA1 | 4c4205c578f504c87569fc9122ebeebc3c1e5cef |
| SHA256 | 9aecba8c96759f4f5400c4a222984a8f24af3f56f116d86eec2be3c2d9448bcc |
| SHA512 | eda3fc75e19eb7154ae0dd65f4cc471c37e148a845045173bdefa4b7deb2c4f891b0aae4bd7c7bf201c106b8804b112d7f5fbc4976457ca19f76ef1e5659e936 |
C:\Users\Admin\AppData\Local\Temp\7zS855B99F7\setup.exe
| MD5 | dcc0d15e77a7872758e65deb0bfc6745 |
| SHA1 | 1efb89e143bf5edd34d46ae8370ecc13d4c3339f |
| SHA256 | 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64 |
| SHA512 | 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411082155584144380.dll
| MD5 | 1b07ce60bc1c77f0cadf13c2e62b1383 |
| SHA1 | ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d |
| SHA256 | e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f |
| SHA512 | 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 0a94d3e0b5c29962758cf4846de3f1af |
| SHA1 | 7f833881309c34da1515fcc47bf5da47060605fa |
| SHA256 | 0f1dcb95951b3ec852c9f43cf7df84ad1c86c5157877f8da7f8c1cd54ebc2596 |
| SHA512 | 8902ec32f9335a5c6f31d65e62667033fa2db337cb749a0212ab742588789da5ce3c3a76f45c4c01e206eed6fc0e8b3627d6072aa7b5f34a7affbc54c9a41a82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 15d3275729c41399a33c2af7b77a5aaf |
| SHA1 | 4d6618ec611736689a4a0f181ec7ec2f4a96b096 |
| SHA256 | 25f71eda34dd6fe869863a96305fba283c873d6f98a89af57651f2d112e8bcb8 |
| SHA512 | 750da7509f07708e08b7086ee0d9d80ad31dbe77adf2479f799fd536e8f442430485546919af8be118a36af6ec546b86665060976d5832f0f4230c81644979c1 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 1cb83040e345d9d4c0639a8cc01c687b |
| SHA1 | 84feeac5f1f2bb709fe846bbc0869626663113c4 |
| SHA256 | 51b871fa7e5a011a47d8db9fffd4038c9a0f1be07247d887722d54cd5ddc29d8 |
| SHA512 | 1b7be27e3cd2aeb061c00d2f02e8f1f4a21643f4e703b9c485e9c930a1a9e3152ec9eb290b32d47cadab6c0b5d640f64fbc7243857e5c8ff5346490fe4ff603a |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082156001\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | bf6eed6cdc17a0130189a33a55ef5209 |
| SHA1 | e337f5a0931f69c464f162385f1330b4d27b372f |
| SHA256 | ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168 |
| SHA512 | 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d |
\??\pipe\crashpad_4092_OIQANGSIEDSNUZMX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\5ac4ce77-dec2-4ed2-b838-f0355d971b30.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4092_1371937038\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5009305b4d8bc2b33b4df74fa8ce3661 |
| SHA1 | ac96003f25f69592b85463ce5af50135337b1d52 |
| SHA256 | 3cec25a9925f3b28388bf47a374506f3ef243aacbb6db2ec2c57daed4d4ffca3 |
| SHA512 | f52df0c62d6114ff46e506d8a04ee1188995775ccb49e4db0f4af99fc0af9ab4da06a352d1ee9ad7332f3d2a29c9c4fe199b8e698a3d2561fb84c849ef841c7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 155c972e3e483dd79acb712127d4c71b |
| SHA1 | 010dd29bfed27beba9c5a7546064a265a96eab49 |
| SHA256 | db061b35f1039888817c8cfc1b8ea38ed65a3289537c724d206e32c66952c5c4 |
| SHA512 | 74eba62a71a9f4f975dca9a1fa335d998f51dd87e5ee6a6744a42a8292a32b4fd9f9fe1c6e836e158dba4ba6ed9e1da7d9dc840b7a6e17d3535a68cb46f77347 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18da5a235b181490556b0f242b69e8f2 |
| SHA1 | 3a773f747a31d06d0dc82235012524d9a29d8515 |
| SHA256 | 9187a72c1e5eb4c952550f43c24492676fdc616dcb51f7286b5b428ea1bdebc3 |
| SHA512 | 99528915e3aef741c98c2f34035a14d8a908c52114f166408c239bdcb1566621de2d58b5b018b49a145495e80acf5d2d8f5fa27d4042125363c994e9cb7ab2ed |
C:\Users\Admin\AppData\Local\link.txt
| MD5 | 0ed76d0a948f021916b8c255fb16ba99 |
| SHA1 | 1f3af610b441cb151f89009d4d1343be66c875cd |
| SHA256 | eca0a517e62a864b0e05633b9bf1a14b401e350d3788a17569569b8076ddba99 |
| SHA512 | a0259b538e8931ca4505224e5070b30ee202d6529d41a032b2921a26be8868eeb4403d9da582bae9478b53ed7a5e8b4325f681d03a5726b981686b0ffaa46b25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 44f0189d25e58c737dfcb599fc3fcff9 |
| SHA1 | 4f95d189c8f2a5cc5b656aada88810b14b72597d |
| SHA256 | e5aa0f98c490be4883ce319bc1067b69c9e2d0f7bea4c7e7b6e8c45967ac5fb8 |
| SHA512 | 3f9c9ad813290fbc9f8292e39402a4529311054c1e393a3c30aad3b7f9f9115cd9ababcdf8c1112bc65c22460cc214f5607b0d1ef0ff2ea0b8e73aebf4175270 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 1d5c03305da080c75a854bf40a1ec09e |
| SHA1 | 692178d801a1177b0ac538385da017199afb044b |
| SHA256 | 36d75c6bf942a64b1f0a8a5614c8c809159fe8190cdccc615860d5df2b843ac2 |
| SHA512 | fe70485157909884d768e7c1f9b6858e875ec5acaa5f44c43641155b1a9517f66598ce1bf1adf63dbe372c1f3ac5acfc6727844ded86087da183825c3b887e10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5f45a84caa88c12e269a3606bd347e2 |
| SHA1 | 30f3acf6dd98ea3a94570890557e0e3f41c991db |
| SHA256 | b1afe8db6de82ee91a3229b7fd8a6b44828be3421b9b601bca68aa697c50a627 |
| SHA512 | 3fae9b300d3ee5c6e62d65ba75e8ccf73b7ce6fbc53b0b38e385fd477d62566c4e0a643e0e76be2f92733b1b0b210ad68130b5a0de5d66c392fe088ea4e69bc3 |
C:\Users\Admin\Downloads\Bootstrapper 3.exe
| MD5 | 4b94b989b0fe7bec6311153b309dfe81 |
| SHA1 | bb50a4bb8a66f0105c5b74f32cd114c672010b22 |
| SHA256 | 7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659 |
| SHA512 | fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d |
memory/3964-652-0x0000023A10400000-0x0000023A104CE000-memory.dmp
memory/3964-654-0x0000023A120D0000-0x0000023A120F2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | aa402de386679aa5e6fa5378766ea8ad |
| SHA1 | 55c608e3ad190696f3bf5440142ed0bcbcd67f4b |
| SHA256 | 2be267983ac43a57db561cec9bc214287c5db7e1f6f4173b847dc07aec05d674 |
| SHA512 | 1158d89c2440cb9be24f49ecd4d01172a4ec59ddcd430aead2647b074378533ec2b9dabcb1fda7158178f46b82e2a7576ed523b71afc5004556ae22621479353 |
C:\Users\Admin\Downloads\BootstrapperV1.22.exe
| MD5 | 2a4dcf20b82896be94eb538260c5fb93 |
| SHA1 | 21f232c2fd8132f8677e53258562ad98b455e679 |
| SHA256 | ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a |
| SHA512 | 4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288 |
memory/1880-672-0x000002519C970000-0x000002519CA3E000-memory.dmp
C:\Users\Admin\Downloads\DISCORD
| MD5 | b016dafca051f817c6ba098c096cb450 |
| SHA1 | 4cc74827c4b2ed534613c7764e6121ceb041b459 |
| SHA256 | b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9 |
| SHA512 | d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 876b12d1565a8ccfc26e49be32564562 |
| SHA1 | 2e12383951f020f14ad9d197d4c41ea1512417a1 |
| SHA256 | 6f35b10f9294bbe9011f0bf0007f4db9959d0827033486213148d36090a70acf |
| SHA512 | ce1665f865a8ec503fdc42188d272d2e395526cc48e28ca3da041d3d4c9447f448caaa5aac4efc2b182624e30157182598f150190bba8e000480ee90227d63dd |
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Windows\Installer\MSIB7AE.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
C:\Windows\Installer\MSIB86B.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d3b567140ae7dbb251196caf222a4f56 |
| SHA1 | f32bdaea29243ff0042f567669ea55606d1c7949 |
| SHA256 | b345411bfbf17327a866a0e7bee82eb8793b35a47926888314b296e9c2c9e72a |
| SHA512 | 286b40ca7553b30930dc4241eef9d63ae8d4e3385ed6c07975c7abaac8059c46a13382160c7a861f902eb5e30c9d7d6c21e2cd8f431c02c2aed3d1602f1b1f28 |
C:\Windows\Installer\MSIC176.tmp
| MD5 | 7a86ce1a899262dd3c1df656bff3fb2c |
| SHA1 | 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541 |
| SHA256 | b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c |
| SHA512 | 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec |
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
| MD5 | f0bd53316e08991d94586331f9c11d97 |
| SHA1 | f5a7a6dc0da46c3e077764cfb3e928c4a75d383e |
| SHA256 | dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef |
| SHA512 | fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
| MD5 | 1d7c74bcd1904d125f6aff37749dc069 |
| SHA1 | 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab |
| SHA256 | 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9 |
| SHA512 | b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
| MD5 | e9dc66f98e5f7ff720bf603fff36ebc5 |
| SHA1 | f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b |
| SHA256 | b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79 |
| SHA512 | 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
| MD5 | 201e90f8b5c85d71adf8712f687f63c8 |
| SHA1 | d7d4452a1cea9cc80c36eca473b980943d738e73 |
| SHA256 | 411393f7d65e9253d89c5e3e1a1227f154b829298e04155d0675c880991363d8 |
| SHA512 | 77683bb82db9b29953e18008a21fcfb2bf4a4dac9312795f268cf295ff722fb5a3609df2a34e4006a95b406f02ae7f19f40486c15c65c09b8da37ab3441db2cc |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
| MD5 | db7dbbc86e432573e54dedbcc02cb4a1 |
| SHA1 | cff9cfb98cff2d86b35dc680b405e8036bbbda47 |
| SHA256 | 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9 |
| SHA512 | 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec |
C:\Config.Msi\e59b31d.rbs
| MD5 | 02894b4dca0fa72432f4766225be7c06 |
| SHA1 | 5ebcd436443dc7f90039571ac15e24c5cdaacf6d |
| SHA256 | 0fc8672e90c2572e7289840b451eef1403094a64ed8d29b32b2b636e24a0b739 |
| SHA512 | dd5002c52f20f304794d7b10050117b0a19551408119a5f22ccf8545efaab2e8dced85d9f506e01e396d107e800b2b954b7899624b444b6a98cfc272528a5f2b |
memory/1880-3058-0x00000251B6FA0000-0x00000251B6FAA000-memory.dmp
memory/1880-3060-0x00000251B7020000-0x00000251B7032000-memory.dmp
C:\ProgramData\Solara\Solara.exe
| MD5 | c6f770cbb24248537558c1f06f7ff855 |
| SHA1 | fdc2aaae292c32a58ea4d9974a31ece26628fdd7 |
| SHA256 | d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b |
| SHA512 | cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a |
memory/5572-3474-0x000001FBB5BE0000-0x000001FBB5C04000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e55f1d23e2b357a3435984b33771e71 |
| SHA1 | d02f4b5203410138b66d3cf819861b7a19b4586c |
| SHA256 | beb2d40c7b22fd1648457b6a44a3db3d5f9dabd32d0a4ffed863500abbac5b46 |
| SHA512 | a9cb68345d1bbde6b0e7b9959f4435f025daf9d8f079789c21bfc3c848b445f3228977f93068b0587d6d2aaf16eb9a0b755728d1297a29d12f4322839f9fc92b |
memory/5572-3484-0x000001FBD0930000-0x000001FBD0E6C000-memory.dmp
memory/5572-3486-0x000001FBD03F0000-0x000001FBD04AA000-memory.dmp
memory/5572-3487-0x000001FBD04B0000-0x000001FBD0562000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 818a77310dc8a94706d50f4e2d52e805 |
| SHA1 | 4597087fd4e306dcb07713a8432f998cd84ee290 |
| SHA256 | b59704b064eecf5466676f02263cf76ce8159191518415c364a9227627434546 |
| SHA512 | fc13d78267c3ae859d1fd4952dd62b62376a6981d45d746e66eb49f0e2a027dc9c3864fae7fc0be80386b45ed33d607b01e4230faaa3566d9657bf6dafb7175d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 24297e56b912c14937aa22d152597c8c |
| SHA1 | 7fe8ddf5fe3ccac5b6fa743bdd17dd3a0bc07548 |
| SHA256 | 52dd8a730c85863768cd2488eb867648f0a174a96e18fcbbd896361d0ffcf715 |
| SHA512 | 7910c273b4cd8136e4d803a38808be428cdc74fe3f84b4551b39c04aff728d02e47566e09a0b66b33a359a7c2811d49b512efbc26b92128d3d97bffc98e6211b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce5665797be5a563771eedfac4930510 |
| SHA1 | 4a4dc086f9584a5eae118c314f77d9cd7dbf472d |
| SHA256 | bf9d675c83e75caa93b88ef29759c21b478e29a8c0930c892595679269029092 |
| SHA512 | ce041ddf3577ecad0bd279a2ec8b4779f82d66bc8cb9c8a1ceff61ee8c33063972bde685229fbc384cbab93eedd7194b318547ba34d3b030e99ecc32df3257d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdb34259b0bf52e345b37824eb8cdcaa |
| SHA1 | d65df9590c259028a3692bd47e4b230ecd770fe5 |
| SHA256 | 26c47f704e4c6e7d5b3621e21cb86f4e4dc9581879b2654ff25c95da71521d03 |
| SHA512 | 6c141befe010c5a58a0ad982eaf3a7e9da6e89866de5a6885397741d2295b0dad8e0aec7e022efbe1f56a1ec414a1e9ee38f425eaf6dd08b204f8a628020d6cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27ac8c966dd7cf9668f915dd499f3594 |
| SHA1 | 577e0950ed603bb55408b1f643da3a35915d3740 |
| SHA256 | ade4857fffbfaa0b911c35ae4f904e3dcbd9e9f05759a7661e224488b663b15a |
| SHA512 | 8f84eb73b316c83005ccedbda2805b755ffaa038b01eb4d74b32c548888c3fcf5a5ef8e17390eb71e135a1122d6b4a3488da71a9ff34e24f543e9b01fe206380 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad4d1955683f8d18cca8225e1b5a175f |
| SHA1 | f850010d538c089fed38ff85d23286c732ce2d4d |
| SHA256 | 939252650b05ee410f440c9e6248124c5f048af9cbecb17bf3946bc46d75a568 |
| SHA512 | cc6a6b871f10499a647c4eeb76e021080ed244f1e026fea6a2de19c104224a5922ed02a5a8e0c9848034f3d45596234c02f58991a84459b128891080354d9eb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 82e91430227f93230a257bda2a657461 |
| SHA1 | 479768f821a022cfb1073464886ef76b17ba5e1b |
| SHA256 | 71e64e9a1d9574504a7bf3a91174bef14c55ead5115e754ef637bcf4f5c290d9 |
| SHA512 | 6a063b0febcd539a0e7a9c88a0bab681a84ad213cf0e69b4d7eba0befa22931428763ba7dbcd6a67116fe68ae2f1e0847ef3032483964fed69ba6630dd874698 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9cd95295918f10df13c10ac10db4b84f |
| SHA1 | d9d90778805d51fb0228d540756d9e3e67cd2c4f |
| SHA256 | 9f9235511a86cc8240c1e515b7b427f58886bade1cb8d7c2577e96b8468b79f6 |
| SHA512 | 27260fbdf8d86f1ada3c7642213dbfe6f776c5a4cdd67886c89697d25af4406dfc71eb197b5fa584f9a7d8e8410bcd04fb0743d739f1070f147e6ece8bb708b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd40085600ae9db02da55599c92f355d |
| SHA1 | a5d77d02121fa9c6e77a5081b9f4727aec1d46c2 |
| SHA256 | 62397ce5f92be8120c8675832c6b1ed6a07286f8bd73526ac12c6340c0fbd8d3 |
| SHA512 | cf0fa0093f5e05fdf3f9493de98d7156b3bb970b030a06c41ff813795eaa8102b9dbf1fb10d5e5083f34863c857588d18eee476b408f02619707e46ea43643bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1eb49df3f3952e7852052ac848511406 |
| SHA1 | f82d26f17d948a0e5bca4066c247464cbac87357 |
| SHA256 | dde89268bcb61a795722981425c8ad62a84961ac7903b758958c1cdddefca547 |
| SHA512 | 765d461067ac1db199e202e36a7c62fe1bf160730ee84b323bf0358fe95d7f5ecae0f98ae2f33b78e03bf252c35b148f76600a6ee012d85ec2981dee66f54536 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8776071b4be5a3adc63c0646c32c9e7 |
| SHA1 | 461fdf547f4b8f8e8bf2db5192c63caa4dd814ce |
| SHA256 | e741bde008506ebf4ea8a5addef1fe3e10b2c20b909dcf0e5ea6eda91e845ff2 |
| SHA512 | 1e28dd85b8d25518b825fdd9c731b74b74d4e9552841c9be9428c412b0a58dfdb8556b5c9f69182142868e11581859ccdb329b13284c5002db82dbf2a7f4a5cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c915bff4a84f96ee77c156362c06f36c |
| SHA1 | e61c7982d9dfb927398b1d4577cb3e5ada63c824 |
| SHA256 | 001f70f2ab60c6feb98fd4399c00087103f0cb680060be0cfe92dbf88d34e90f |
| SHA512 | 417b050f631241ae3e62da4692144a7484ad7be6e3c5d9e4e7ef809bc01e675c647e08ea9d72f6862bd7cc0bda78447496a78e74eeee7cb56737bfdf00fd1d3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 728946636addfc6895832ca945257167 |
| SHA1 | 88f73ed54aefa2333b7dbef2f9bb893d6513e2ff |
| SHA256 | d611eff05303a57d69039ff1e8226cc6c4b5db79c00d5a1b55acc1364ec4b788 |
| SHA512 | 4a5039779893bb3a243e3d3282014f7148362d0e0249270f23d37546e9673d1d22f5cb891564c1ce0c9a288dd2a471856379c438e19304d1d5c48fa0fd38e1f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6986fbf07060fdcfb5b82bfc822ac028 |
| SHA1 | bc3a30780189cff901c569548edc042ba17ed8bb |
| SHA256 | 7f2d83be918b91e7f609b871b19f6557938c79f2cf6f9d0549bb1c3a9192da36 |
| SHA512 | 1d23942315c18ca8c1790ea56d7e65c59bb4bc90487dc8d89b8bf8810070e69507f1a60baf7e699c32015f00d86b9f2a87ab1f4701d178f9aae80bb4e9af157c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5881c669380067279abef33152045194 |
| SHA1 | 55aa8b4f813b616f612654ae81111c635111cb1e |
| SHA256 | eaed0919d39b4d6d3948d6ce543221ea9d5a8190d737efcc8daf47a7281aa534 |
| SHA512 | f5063a0524eba2b676bb45d1e75a53ff38feee3611e7c562319c380daf52bd8e4c6b47dc3c68a1c3b0b526d8a60aea4cb70d5d665bf884fead68d9acb10d7549 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29dff90b971f2f71f7aa11efab630df6 |
| SHA1 | 7fa2483042c742d17197da44711f3c8f273cd129 |
| SHA256 | 0dcc7476d04fb6bcb8c14b74c3e7a45c233b9bcfffaf6bac365cfe06ed9763f5 |
| SHA512 | 81ddfd1ab2e46718bc7bd76e64827e3ce144bec2e5ffc764c916e7a649de9d4dde7f24b53ecbe89a23136d7a620b5be000d394c974e56c1e9bd4e7e1437fe8ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa4496c0e16f54cfd03cc1f43ab4a3da |
| SHA1 | be8c7682ed59af4616d2271b284048733e30fd84 |
| SHA256 | cf4c5138949188168dd99f5afa63747bf338b6ae487a864bd19eed298c8b18cc |
| SHA512 | 3bd00b0e3d3fcdbe13bf29de21a62f30461a2a3b7a23d119ef2fac0e376da7d59ea256b5ddf77f333dfc47b66b39d732ad96ad9cadd5b0e92ae6bda23841f271 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0590cc8777d927c23781059d537fd8d6 |
| SHA1 | 4aa1df330bbd5743386df433d613baf2de9fd592 |
| SHA256 | d7d21a78b6eee03285c4b7acadfefe90422b228818e8437dc3b32ec5bd58b8e1 |
| SHA512 | 31b088482f2cc6bdae255819bd29ec8c2037be9353c5912d284a5ae91bd7dbe7a29c04f7e4e76abef4dbe6c4ed7929dda4f5533cc37397ad486d850d2609d43a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9bf8ba2086b0839dbe05a2f25353fcb9 |
| SHA1 | f204990c822f4a6be659c2590b85dc86326147cc |
| SHA256 | 89001b1a0e6f2502b54b3c5121a21eabc01ccf2355427c6634ba3363b94320bd |
| SHA512 | 5547f8baefbf58c7bc36c0b9c10a514b8483ead8b47f831faf70212026772542e644ebf718309d9daaac026b69335cf32e089b93e46240d139c29f2219a8a582 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 519fb36925526fd9ece68c1b029bc67f |
| SHA1 | f19bf6b86a1bd96a02ab0167641e0f897a12b2be |
| SHA256 | 2676c76881dd9caeffc9d0c715571e64288319759514232b27a1bdf60f295d32 |
| SHA512 | 27c3e9e137a5e28c452d01734011c4c0d7608efb34b39fb654fb213ad91e567c84a72f12a4f471da61d74b8446fab2bf9ae7dc1c16446121879352988f844b3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e72b881d2a92d6b69766f5d5125898fc |
| SHA1 | 8dde581f8bd6f8738f76f4f35dacf22d47836829 |
| SHA256 | 1203c7363df44a9a82de08de77e389b0302846254e7378e9c512649e090ef13c |
| SHA512 | cfc0451d5fa80f8c04ffa5eeb40336496ba02cfee61e64ffc5ee93eebf1b0c0683b8a1c48350652c90d22095e431301c77423c95c8b9feaea1944f2cc7e293a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\40a513b4-c724-42b2-a044-9668bfcb138d.tmp
| MD5 | 5dc1b2b9e8559d8a73eee322046282a2 |
| SHA1 | 2cd9c398dedc69592aa12880ac679473965cfbe2 |
| SHA256 | 5474e6f67de3510199659707b31730991210bdd7243c96c3e446b75f4d1cd916 |
| SHA512 | 861f93d14786b5a96ea89aacd9bdac501c9068f5f2d641d82eaa5872b2e6c5ffc2199a8d5b86f8d2d2e2a12f84c162cead53d4923cd197ecb77cff47cf782ccf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a380095a04414b9c155d9ff16cc22a37 |
| SHA1 | 6de2ce30dd833ea9658f9d4879befa41db3b0fe1 |
| SHA256 | 55215018777890ddf7d6c55d4887a471d25079db5dc6a8823a2bde064508add3 |
| SHA512 | e0eae8d6fc9f4e879dcd0f57d2e900e512972ea652cd3ba37016f01ccdf6fce1291956a6d51b6bf39e0a49457d7c8da3867252f15e099b8ae83fc21f5aab5a58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0586da1f242d460228a07a92073bb486 |
| SHA1 | ab3d27322502212f910755d643d233b7861c7dbc |
| SHA256 | b344bc69b63c429d50945ea71e95ed5fc90c6c0a117e507ea5be7ebaf927d1c9 |
| SHA512 | 55bbff606eb131426d4e3174da7909ec1f78802648c82a659ed7a0b7535dcd5c120045ce71237c15b02fb45133718d8532ed5df1c2802fcb661f53790ac90f7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc33de2a11049ae6236dc6bfe58b3033 |
| SHA1 | eba8c5ee0588a7f4f1d55226cf3af26e02150522 |
| SHA256 | 8f9c3324571b1e656444966a56f653f27fff367c82c39f3ac77609eae7c5da82 |
| SHA512 | a39113307d9bf25424ddc27f75237555ef55c1a91953038db1884788f5cb0b923d272bfccbe2184f89c3a27f5ee940cf2587a7415b09a4555a1540d62bc5d55f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b27af0e52a156dacbc39393e7c76624 |
| SHA1 | 61ecf6129be29b7ebb5f2cd414cd95d06645edf5 |
| SHA256 | 5e13bee84a0aac47c9ce9a30038ecdbc72ae60b069713245ebf0aebabcaf23e7 |
| SHA512 | 01f1359f98e6346fa1aef55527aac53c5ae9e6892dbdfbd95f8775635287671654f4778f79afd14e0276bb449eb561d685f9327fe5e62499a6cc854dc0a9407c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1fd0023af00b38ceb71c5eae595a8916 |
| SHA1 | edfd173e91496b930f16888c440604ca09e53868 |
| SHA256 | 6eb907707c1fdbd2fedd75aa9074aeeb670100eb3688f479231a06935b4480a3 |
| SHA512 | 5eb1f4b780b959d696a3037d33bdabff405b9eff3c67ad077e635eaad39fa3066207525e692801f60e11aa2f2b3cc9e9ecab6ff5afcc8d4685a03dee17825bda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37eff0e8f0d1af1cb2733749e35689b7 |
| SHA1 | 5082bc7942de9f467b42b13d1b1fd3ea16ad5533 |
| SHA256 | b3e35e379b0a9dac54db6a0c96b5172182745429c78c1f6c1aa0a0be7003d334 |
| SHA512 | e1fcf0b65a836b13bdc3b773828b2c833134f85292f5ec84898adf35531b63db01609b863658355434b3011db3f2a1094e57ebe337c548df12e2491186c987d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f54326a2173d8c8ff09b50f1dae7b8f |
| SHA1 | 0e954d840c4cfabe3930e3e761db6ca4a417043e |
| SHA256 | cc89f363f13515bcb6aac932c0456231ff464cc3231c5ad0d49604c20031ad56 |
| SHA512 | f29f8da9d5915c95cd7a95acf5628d46d3b3a1ab6b49f5bc7dfec11a55450cc43867385099058872016ee306ea3787719b41455f8827a667a2da79eeacc54b3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52811a0735c175fa70e79333ae673774 |
| SHA1 | b92f343f5e57d750d27ca00c7862c2ba853717f6 |
| SHA256 | eaecce59d66c5c3166038c456c610c8885a1a528c21e42bcff81540793a16ca0 |
| SHA512 | 2ab1311511e7607e1f7411d40eff4c4a29d7769e97657f4ec8b4f818e0d98219ee846a1939187d083369acb5a95c9a57aa2c4f6d4ce7e06e1dae899cd56859c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22cf1caca9458c4218c7a676a055b85d |
| SHA1 | ba0d257e034e347c67273775d3c7982b1b35d6ac |
| SHA256 | 3dd8e460092c06f9be408a310bac87941c218a257dff8da480d639870c309324 |
| SHA512 | 54364da284d6ab3acb7c13421e4f4b2a833d1fd2b76784f06e39bbe0744f28687a6224dae07baca43736212ba9e46fc8128acaf8c261accc5e15c218ab3c0364 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e7ad2410-283d-4edc-8936-7df9f6ac08eb.tmp
| MD5 | bda631807265afd7baa011616913f64d |
| SHA1 | 063150e52e27148d26212d0b647e66c7b0533c4d |
| SHA256 | c993f1fa7a9e9579ff48d29da6eeda3d0235ed9b8ea9001473fd746b5005b661 |
| SHA512 | c6e0999cb764483324603dc8f3d346e4e91edd99cb575eef4c0f82af38ae39113a5899a57691a8067b81b07074c15bc374f38bfde9679306b6fc816ca5038b01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f2abeea253d6a5e8b3c178fed1e1252 |
| SHA1 | 4b9a757367a26cd8ae2fa41e38e605df14b8eb55 |
| SHA256 | 3f17b47c7b323c376ad888e2bf70a0acad58cb41f4a3d64ee79b67243db6b5fc |
| SHA512 | 72df45449768415f954bf12ad94dcbbb6d8fa4c70744f8ed5935035c87f9f412b710a984f41347e142cc7b8d6a54f609ece3df10c1ab188acc9f234d6ef69fdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a925516ec8f9e5fd0af6f394d7f859c |
| SHA1 | 07b716321065f29dadfb984af0aad9307ed6ae4a |
| SHA256 | b3dce5ed8ffd1e613b789909085748a24e707a346b0c63f02f283cc7b130e58d |
| SHA512 | 75e0d002be14b243773fe0ac5e31871b3e44605c072057aa8da53891ede4c34539265f3a5597b39d3603cd0ac988b051b2df5de59e2dc891efdf1df56460555e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a8656475033d26f9aba0784eefac07f |
| SHA1 | 103e7fa41a8c40e058e73ca428bd6ea75188cc7d |
| SHA256 | 3af0c8d546dd003fb3611b0d0a3ad3d0528a829b7293c30e19e884a4bb1f0778 |
| SHA512 | 206ac57910e6545f0fca517b14ce4e5e960e693f6249526eaf65083f8642b370f7a1b5346c730417a205cd3535a127c62309b05d49181a89303f277e565cbb76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e5b4b36279132a54434cc745a15df16 |
| SHA1 | 785780412eb7fbec44486500e778c0f678d54618 |
| SHA256 | 978f7c411bb33b578619d9ccb4d87d5058f11253d9a18dc68922f56d19f41ca7 |
| SHA512 | 79df99747313474ab640c99f3ce05eaf948a027c424f70a6ade7b6b893c16c016d30b9b5d2814114c536e099b13c1304ef686ff6305400177baadd1a8d812aed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 209361fb50444049256ffccaed9bf226 |
| SHA1 | 402b3b682312dc2dfe5464af72d3b68c6ecdf0c1 |
| SHA256 | cc3fbc3a90cd87d54a3d98ad48898f91ac9d5745db4ac0d9f9428098d5526d0e |
| SHA512 | fac65a3440d2d76eb70908ae96eeedf9a1aa8cdf8a6c97420fa820d696dce609383111f2e563c72e3d427cdbb63ae6238c9f055657b8c8b64319b23b33c99452 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3bc99df5da3b57e7a4ee5c5eaab4a7b5 |
| SHA1 | ec7bbdad916fce556a4eeb8f843131d6e10d8ca2 |
| SHA256 | 3b6e05da804384802bc073ed566f9cdfadc3bae8905f98de36ce2741eb0b9eb9 |
| SHA512 | 8ab0c2a7ce75106cd3fb0bfd590ea1653d99636c1d81545d38a359d3f638cb302fcf3d698b5bbb7857eeb8a8839a3c08ceeb101782b826675b42b71bd31ff4da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3529b35c797b39ffe0fd4833e40a82f |
| SHA1 | e71643a6d3d7fefb4ea302e36e3f79490c46957e |
| SHA256 | a63efaa6f209485cc11c9334fe481181d5972a5a69468fda5e315fd882b59416 |
| SHA512 | 7435899d91542772f46820c6147fcecdaf1ac584155f9423857066218a250d726a2f9d3fefd280f4470a14590b1008917a53663abb1e2743f4d34cf27c49ec5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7e159a8e9b34cc9c8cc7414c0e091a8 |
| SHA1 | 8b96fd0ebb7c1c73bced5248bf2cfa869ed30af4 |
| SHA256 | a7961957f7068050583d572f81725530265a294bcf7a209e226f9af5846dcc70 |
| SHA512 | 5dc3aa246f53dde258aa006f6279314f41ad19bfc567818af20251d4749ec75883f2ece5d8b1971bb9dc2538184bbf3580b3f8c8ad650305604aa416cd881d3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 50ac275fc3f99ec01f473ad20e9876c9 |
| SHA1 | 8301d3e5229dfee18ca908c1a386f7d5d6488a1a |
| SHA256 | bcc946c21aa3bc13f37ed68c6b53fb20934df3f562e62ed1249f0e6ae3780243 |
| SHA512 | 58ec3aa87ead576cf3c2bdbff8c4a70c00f086fd0fd674d634ecdf43279a61051783c442670c8e7adeb6e26b63f142fc79df722108dc942d18899089845fa763 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d82aef46e5a87ae97a659971062a0c24 |
| SHA1 | 63239a4852fcd1269283aeaa60cd8ff6e9219f4a |
| SHA256 | ce3c6e79d8161b3dec81d32fdf894256d3ffa93b265c57c66ee48ea71c57fa8b |
| SHA512 | e71b792e621af6fb4f16b9adb4c8733296a3eed41254709ad4042a8589d07cf71f851a7ea715289a0ebcee2c30447312632615bb29183516cd2e2febb4df122f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80e27914f0f3bd232b67fe78c0269e30 |
| SHA1 | 88fe4ce8a1e53f4e056cd91bf85132938fc0d6bf |
| SHA256 | 54e2f0a4ac17d1f088fee3af2b4aa5c9376abc2f88b13ad53a69a900ccf6ba2e |
| SHA512 | 12ee733070d4440b55772ca73495cbcbc39b5f2e0497219f6005539856c0d26036c01966da01462c996896e5f919bae45c486713b18dc9de34736fbe9df2d661 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6767daaf6156a59e9e1c78c91c79c54 |
| SHA1 | 05a3a10062b129e47c54489360e3efafa7c9f0fa |
| SHA256 | 4e93afd7afe5f45bdeaa4d8e079fd877b32311eaf0baf392d8696aa1cda8fc82 |
| SHA512 | 1b440e42a8ca77d21b7b628e1bb7e5e08111c429f8e0df23e18422bf6887f1291ea1bc4ad2658b419449b5b634857002ab921e9c6e760128e19dea1418868858 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b025cdd529c7aaa53d66fc10f63b432 |
| SHA1 | 81750a9b50490c53c7bf1042bc3b8b1e41f710d5 |
| SHA256 | b42b467ec33fc4c1c6275e7458ef0beec9e9ab9cfc95288fa9f304202e056cb3 |
| SHA512 | 22c2fbe29c57463c943c5d576a6daf3a811b3558e25046bbeffa5f11f5c6c4113415d2ad622d9a5c38eefbd7deab4813969b20202de1bbdc45579fd29732f487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 663d5528fbe48bc503126391b1017b80 |
| SHA1 | e8250f5c94e91ea04c2e8bea9597283cd2b4c771 |
| SHA256 | 9b4aab74cc89b3bd61747dff2eb2bd4a544120230f4b19b65822a03eb3c6c570 |
| SHA512 | d5b63e92fd549e87d3e3db86246804c033aa30ce143461734648204888a4d32effdb5d52882fda580aff42c245a665838f29c65b6919b8284020dd4a2cc5de91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf90bbf2a83a9e33018c522186332fd1 |
| SHA1 | 19388dba742ee37b9d225b3cfef4aeed6240409c |
| SHA256 | 5f63d31dcf8ccc49bbccb1335bf54e4ea8aecd1f9cda73d0832e04478156c059 |
| SHA512 | 23ab7440d609ff232ec92a794d7a03ad4c9492a988cbb458290b2ee3e8aa68d255b0c182e71d6fc2b16982b86f62cf663b8c59f32de19c6d2c2165e631e4aeed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a8d27e04d8852b644a15c410af52495 |
| SHA1 | 149b0ff6ad55b4873d564c5dc56d14da6280c1ed |
| SHA256 | 25f2c8e962311b5756b34c76e0d45747c4a9e96fc959112a3aea0704f3c3eee9 |
| SHA512 | 0c560edb14a18ff35e5cd8181eb8b31fd64d2917f67b8b4ce1393dc7941e4fa3b6194392aaec5bc84552d6b9d1af7f00873cf33ab7759cb0152d5799c7be96bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d08326e0361914a3da37a7f22eb1199c |
| SHA1 | 325ac17787fe37d6da08247d0b784e88cdca2778 |
| SHA256 | 017001aa172816aa84264eb30c7c4b241eb56248f207eb0ed79599c675eb1a4c |
| SHA512 | ac85427ba6489acd83f229019471aa1c1f1e14d48d099cb75274996c3f86f1238555343081b58442b82aaa3a63e9456cd0dcb980fc927526aeee7de9d2c766f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3981a963073e32fd19978f7174c72979 |
| SHA1 | 48f6fe1e767eb1c8ba8c5efc631a4cab5606738f |
| SHA256 | be682468f2ea434b258d4e1b0906c1e54e6f159fe0984ad834cd8f74edb38a67 |
| SHA512 | 52c678d257f554d339d66b30cc23d14919bac6dc827fd57fe7b3399a16f950e1126d3a654bb800a710b6f98e63a353d9522cf0f010c20206e509e1422bd98389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 660162642dab34f7677cdc3723834693 |
| SHA1 | 061730d650c7abc5e544e13e38bdfbdeb745aeb8 |
| SHA256 | f947b93e0651f145659a23efddcf4475e9ed2417e169b25ae184d5a56d6b8c19 |
| SHA512 | 8706b22d225f84502cacb13a41eb1f7b370b74adc28f211b1a98ecb2380092f61714de666277431886dc2b4301acce82822554e891a747fd9eefcf1761502379 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e7652dc18011388b7bc0be864641c23 |
| SHA1 | 03c1c18c5b0963c69242d39e855cb6f93576b9a8 |
| SHA256 | a8ac2a13114a80131c62f870f977ac4b8b8c9f7c32c245ea213bd4e275a7823a |
| SHA512 | 5eca24d26cfa49b654e976b4c5a302d4e7e138bad0706cb9ff173c1b312f0bcfd4a68f239d2b33c81830d76296d8c4c3f19424bb6c29c25635df7041fa27b5a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\acfd92f0-4a2c-4e46-9096-42c3c4490208.tmp
| MD5 | 011d8aced71b31ecb116ee796619a48d |
| SHA1 | 94afee6ab51e93fe993fc486369aba137683200a |
| SHA256 | eabff01f3d15df520d878bd131f2f199349a42861c3469970f822ab3327cb5dc |
| SHA512 | c7d0e8eed83770cc5c72db423f822875e2eb12e4fef3d666c88b38ddb025048ce5fb4335fc21aaec614ddf7632380f7dc5059be8130ad46c3fa9599eaa3799e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18107c821955c28a7d4863092b0be2cb |
| SHA1 | 5af096a582bce15b2391a713b5bbd6b2f49aa215 |
| SHA256 | 8dd44bd0bdc028f491c340d835575bfafe614a6ebba37880cd13840ffc69e608 |
| SHA512 | 30a450fc4fbbb86eb9c461706cd5e410905de9929a5a68f9b499244ca96f98219f7d7d72032563a4454f56cb60a5b8ed87162a7963e5f2a7797e630ffef48c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7589f8f1917988a658f76982f2414bf2 |
| SHA1 | 504c351aa2f92c09af06c9beb153347d187d1ec3 |
| SHA256 | 75f74022697e675fbeedb89a323ff70b6a268c93c64f0b21c9c7de52451861c4 |
| SHA512 | d7b14c7640d11164f1df8aef9d9a680cd526fe7f9570ba63e2db2eba7a6ce60d93812c181843525519800a88373aa14845799a7a4f6c993b1b03f2350049b518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 603081cd999382474fefaf852be7c6dc |
| SHA1 | 0afd96756b9886e9efb575f21bb479523cfe2df7 |
| SHA256 | 200bce155674206a2bcc43dd7dc705f6061cc8906925a9d81f86fa35eb8b06a2 |
| SHA512 | 76dc349592dc7dd491b7b9181c167ce4836730d3c6841bb046a37a62013f869dfdf6f91a5d4d2a56cfb32dbe3d9219893394b4ed4e7ea6f19e0899755664833d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8069f37a7af747cc29da090e7b33a720 |
| SHA1 | 4133efea9e5a9181579d7977170e553be3801439 |
| SHA256 | c5125cf19a5716b0d9036e86705a5f1b3b6ad09188ab09a7e6c7a9de6b5e07f4 |
| SHA512 | 64569da385a3378c5a606fc7fc4482d2ec0f22f86d9cbf918f5fd37be14f13e259ae28cac38fcb140101a0fb7f379c647c18ae2e680df6f682ad3008777ce4fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a52ff82b00d47907ff42d44bf59f1c97 |
| SHA1 | 5c9c72b6edb98a558c449f21dfe5c4d0428f4717 |
| SHA256 | 66c01f10d5a6f831b313b7dca1e3f54495cbbc4c7de4012213b45b431e1500f9 |
| SHA512 | 3998d25e45f2335155265f352c1968e2f169da24c0b2f45d72a9d34e5889f8ed0951090f6d0d7b8391b3498bf15c4b4f1f4040600f6f6fcaed4f3bcd3097cb92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b676e85220e5e833ba5cf8e51303c57 |
| SHA1 | 784a430b200392a5476c5463655f49dd3b2dc853 |
| SHA256 | a793b5e729f3da6c65e8acf46c68bbd992852028639b58d4ca2956ecca6cdad2 |
| SHA512 | e4f0b2bccf496126a6f500226f30d0e73bee913a3dce66a17adf981cf486048aaeaf4b59ae074ab07e9757c427d4d23e42a99a5d73c22910f898afdb0ffc1bce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab2ee039ab6f4751a5011fb044de24d9 |
| SHA1 | 72ae50c905bf7bb6409c310e3ed8a903fdb9caab |
| SHA256 | 0c4638db371c45201016dc42b64ac66317bc020984b1f65685957bcd988942dc |
| SHA512 | 7bea3880c1be803ec6a5d1238fb8556edaad2ecaec9734b23f87232f5e08fcb03fbc3687d08dfda5ed46a53297d935a8adac898f6c7f75ce64f105a96a6cb953 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f393bbd7e9c228c95d0f6bb57228fdbb |
| SHA1 | e41704ff1dbcb65a926a70119a4eb35e6eaf8516 |
| SHA256 | 0ac35e7d1c2b3d2bfaeedd6a45eb99d0e69cc346823888a9a5c2029d1d422b6a |
| SHA512 | f8d62f51aa1af5b0d73ec744ef1ff366802a40e047441bca2b10921adb5967893bc0303510ce067390a3dcfccf9ae49ee5dfea9fee721dfc4a500cf59c4e5a6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c389311b523856ddec9933d59550106 |
| SHA1 | 181c2bfbd213ee626747c3af6464a9f18b276020 |
| SHA256 | 453153f0ba4bad16c180c340a4a1a770a96aeb6176ff999b318bf809e338a23a |
| SHA512 | cb30f5fa363c1b625fde849f952160b5aa9af4e2817c4faa7c3948792d9f41637e698657b9fd55d55ffa6046c87a9cd3b7cd53fc43d7daeb3352b374510f4b97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88be9edbd4c7526c82b170ebc902dafa |
| SHA1 | de756c6ed2a1becb43dd5e97830582dd8a3c0d58 |
| SHA256 | ae54eefa95b4ce495c21bfbd14e3ba05b7ba7e41dd72400d0c10ad057bf86ecf |
| SHA512 | e98dc221d72d4460de35f0ed0b7e0ead301619271bb1819f56eacd0a83e71a2d8b7d14aca5d7821562faa40c786ea74df1a3eb2e72e73fe30da71ff0b86f8b61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74dbe33ac8637562d6f0162cabe66349 |
| SHA1 | 407a38323d5ea02a2a58acd83b51f388df3554c9 |
| SHA256 | 63a0d534d712b3e4500dd025b5f2b42c77afba878496bc7d59c8fb8483813cc0 |
| SHA512 | a81309f3f9f4d4920ab53939db09fb9600fa0c7c1bf049fa2bcc3b27dbe3edaf96a6f59b2846019c0ab4613f8414a92c29494b005d2e465b627be088b2968540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b448b3e4df90eae6e1d0c3fede3d292 |
| SHA1 | 9319aa6edd596532cf445cd4f5752a8610210216 |
| SHA256 | 686d47642be0aa5ea60257e898ceee5d9c20353d9e7e90e852764aaacb452868 |
| SHA512 | e99c03919d1a81d5ffb184d8eae35556b723a14feb13ca9a9926d15300c51259b8b41288160752d8e233d15878c0ccc05338aeeb0b0d784210c80d4d15a91adb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6fbf4c8d0845bba20b90c0837fd80b8 |
| SHA1 | 1d3666bc0842c658dd33aac3c13475815a37b526 |
| SHA256 | 8793cbc35fad59b39262364f962c38ec3db5257f21a08856e7219e5f7eaddaf9 |
| SHA512 | c83f4ae6bbebe1c3249c280265cfee07ba2567bc7457dcbff85a10836bdd27a1c78afcbedd2f3e26a439b9781feab0c422a2eefb91bc9d993e6efbd47ed1a665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ba7b54d4331ab5ae74821922af1b6cb |
| SHA1 | a9555e6bb2e4ebd02824bf1fd81a9bc248db9fd1 |
| SHA256 | 8ef712df98d81d25433aafb02e3b5ba0972bbc9ee73ea2e811df8d249917a903 |
| SHA512 | 9fc289945b0c5b38577ee952899e6ea95ade0757a000c5db93985d69f759e5a38fa6ae3340d997e0438d63716017f984bcdbb49cc4a8b4cb9b4878ca809cf9cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf1e5dda4a00fe39c6c88b0788f24067 |
| SHA1 | dff40cd5643c8ea889041d0f49e2ebbbda636c08 |
| SHA256 | 60ba5e649c58fb836f91b6f7c5629fe23cd932be9ad912ce05d13c8780703d8b |
| SHA512 | 2dd860ac91de15a2a7b5224ae1ec8e7987013079daec5912acf1297585777478a5cb38f26f26ea27139e84708d3acbc8a6a1070f0a33682b408c6acef8186719 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b440b62f3fb1bc76e7b5d36c66e03d5c |
| SHA1 | 126ada0ac01eefdf72b70600fb43d0d7f1678304 |
| SHA256 | d1c32cf4a7fac693f4f68609f2d49ee170c5e6fe15dbcd3a74e2c294940563c7 |
| SHA512 | f5f782850b38a112b6b555b8ff0b71fb7c264ae504b6d4a7b0b7f1716910c96442b0c266721978b0dcfacfbfa4d22bef9717275e91b9d6900324184c8058d417 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7875f170772a07b57ff3e1a4b2a812f0 |
| SHA1 | 0c2992a9fce267af3628e09bc4547739b825e8a1 |
| SHA256 | 53651a3e33a2d9dc85466c29131c0f29bd83459b39644ae19a09c199f1145e7e |
| SHA512 | 783dc51a46121e6ad7b3f7c50c210b796949af94af2f21f304f09f4889c2f4bd9695f9517aede63b93eb6526ab1c47191aeab995bc855433a528c6b3674b7665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 250a590ae2ef64739b4c0af697399656 |
| SHA1 | f7210f38e2f6fa66b0a167ec321a5eec38b88030 |
| SHA256 | 930fdabf807dba0bfd5e4288d9132d2728bdcdbb3eaa05b4a3d30c23c5de9969 |
| SHA512 | 6072d3a63c1d8a1058f9769e9dc5c535a26bc01d04b658655b2fe12b37f7e0110a2d5fb52945280d054dbcd5e742abc1b11fbfef2bfdbaf9e487353cf808de74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1532da34fae196042b5989ff1ebc4648 |
| SHA1 | c22b8b4528c92ebaab4cf49f20ccb4fb810f3277 |
| SHA256 | ff961edd97f9227d5a1da3f0f432731ec033470a418b0076737a5aab8a9e480a |
| SHA512 | 1579203e7ff1e3f8c3cc5fc3c7bfe0f9649e007b0dd6cab7847d21c277d5b3c147d3ba2573abf5f3192d0ee7d5dd3186671f1f1b980734f911e6f8ea80ff5f11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e9213792b955e3af213d97e79db3586c |
| SHA1 | 142febc91edd6d146cc4bfa5b86a73de5e541332 |
| SHA256 | cb3ae119ea9e18b26a3fb903a55f617a93da115af03e9778f36ee347e5fd0df0 |
| SHA512 | 82c1baa6321fb33b1bdbe4e1f53247160774bd9ab2d803feaea6878b002d4121fe52ff73978b205df1949908fc9d788abeed52866f4384929e455089ebaf5eca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc6f81df1a2d721344e12ac254d0fa62 |
| SHA1 | 889aaee56b75b403885fdc35d26f88f3c1f88447 |
| SHA256 | a3cbf24d4d4103d63006db7a123a8256041c5450daf27779588c900a1fc4b9c9 |
| SHA512 | 0998a644c0353252e744cbf05680fa981c1367a4b7af61601b32f5688d5466d44298bf8480bb71ae42a4f451f17d24c9addce72903e3a80f2a4f06027cc048f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce964142d22e5116c8c3ba342d2a6aad |
| SHA1 | 90b3bb3073413ce45ee8aec63fb43328ec3f38dd |
| SHA256 | 774eebafeeedad4506d9d3463e398494fc8e3091a0216c2b8618ffb5b2faec58 |
| SHA512 | ecc257af0bec33e1dafba68189b2d06e99e810f9fb18a6e4becd414ac590703ee0208929639459e158aecacdeccef96f77ded1e30e7a9daecffdee103d0045f5 |