8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

discovery motw phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: =@L
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Executes dropped EXE 5 IoCs

pid	Process
5016	Solara.exe
6892	OperaSetup.exe
6976	setup.exe
7016	setup.exe
7116	setup.exe

Loads dropped DLL 14 IoCs

pid	Process
3492	MsiExec.exe
3492	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
1856	MsiExec.exe
1856	MsiExec.exe
1856	MsiExec.exe
3492	MsiExec.exe
6976	setup.exe
7016	setup.exe
7116	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
41	2440	msiexec.exe
43	2440	msiexec.exe

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
1270	sites.google.com
1273	sites.google.com
1274	sites.google.com
57	pastebin.com
58	pastebin.com
1269	sites.google.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
664	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\override-resolves.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\once\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\.npmrc	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\src\index.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\dependency-selectors.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\response.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-start.md	msiexec.exe
File created	C:\Program Files\nodejs\corepack.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\cert.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\.flake8	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-org.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\npmlog\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\lib\tracker-stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\node_modules\brace-expansion\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\query\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-completion.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\transform.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\lib\charset.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ls.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\selector.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\utility.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\exec.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\read-cmd-shim\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-deprecate.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\tmpfile.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\p-map\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\glob\sync.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-expression-parse\parse.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\constants.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\minor.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npx.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\comparator.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\character.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-exceptions\index.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man5\install.5	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\gb18030-ranges.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-explore.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\dist\src\promisify.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\duplexify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\package-spec.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man5\npm-global.5	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\simplify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\abbrev\abbrev.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safer-buffer\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\path-reservations.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\concat-map\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpm	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\crypto.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-outdated.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has-flag\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-core-module\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\index.js	msiexec.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSICBEE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICDA5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID2A8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF45E.tmp	msiexec.exe
File created	C:\Windows\Installer\e57c0b0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC42C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC43C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57c0b4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57c0b0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF045.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1AD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC3FC.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICD76.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID2C8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF69.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1424	ipconfig.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768565915943692"	chrome.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2940	Bootstrapper.exe
2940	Bootstrapper.exe
2440	msiexec.exe
2440	msiexec.exe
5016	Solara.exe
2696	chrome.exe
2696	chrome.exe
3036	chrome.exe
3036	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
392	chrome.exe
6396	msedge.exe
6396	msedge.exe
5992	msedge.exe
5992	msedge.exe
5328	identity_helper.exe
5328	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4580	WMIC.exe
Token: SeSecurityPrivilege	4580	WMIC.exe
Token: SeTakeOwnershipPrivilege	4580	WMIC.exe
Token: SeLoadDriverPrivilege	4580	WMIC.exe
Token: SeSystemProfilePrivilege	4580	WMIC.exe
Token: SeSystemtimePrivilege	4580	WMIC.exe
Token: SeProfSingleProcessPrivilege	4580	WMIC.exe
Token: SeIncBasePriorityPrivilege	4580	WMIC.exe
Token: SeCreatePagefilePrivilege	4580	WMIC.exe
Token: SeBackupPrivilege	4580	WMIC.exe
Token: SeRestorePrivilege	4580	WMIC.exe
Token: SeShutdownPrivilege	4580	WMIC.exe
Token: SeDebugPrivilege	4580	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4580	WMIC.exe
Token: SeRemoteShutdownPrivilege	4580	WMIC.exe
Token: SeUndockPrivilege	4580	WMIC.exe
Token: SeManageVolumePrivilege	4580	WMIC.exe
Token: 33	4580	WMIC.exe
Token: 34	4580	WMIC.exe
Token: 35	4580	WMIC.exe
Token: 36	4580	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4580	WMIC.exe
Token: SeSecurityPrivilege	4580	WMIC.exe
Token: SeTakeOwnershipPrivilege	4580	WMIC.exe
Token: SeLoadDriverPrivilege	4580	WMIC.exe
Token: SeSystemProfilePrivilege	4580	WMIC.exe
Token: SeSystemtimePrivilege	4580	WMIC.exe
Token: SeProfSingleProcessPrivilege	4580	WMIC.exe
Token: SeIncBasePriorityPrivilege	4580	WMIC.exe
Token: SeCreatePagefilePrivilege	4580	WMIC.exe
Token: SeBackupPrivilege	4580	WMIC.exe
Token: SeRestorePrivilege	4580	WMIC.exe
Token: SeShutdownPrivilege	4580	WMIC.exe
Token: SeDebugPrivilege	4580	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4580	WMIC.exe
Token: SeRemoteShutdownPrivilege	4580	WMIC.exe
Token: SeUndockPrivilege	4580	WMIC.exe
Token: SeManageVolumePrivilege	4580	WMIC.exe
Token: 33	4580	WMIC.exe
Token: 34	4580	WMIC.exe
Token: 35	4580	WMIC.exe
Token: 36	4580	WMIC.exe
Token: SeDebugPrivilege	2940	Bootstrapper.exe
Token: SeShutdownPrivilege	820	msiexec.exe
Token: SeIncreaseQuotaPrivilege	820	msiexec.exe
Token: SeSecurityPrivilege	2440	msiexec.exe
Token: SeCreateTokenPrivilege	820	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	820	msiexec.exe
Token: SeLockMemoryPrivilege	820	msiexec.exe
Token: SeIncreaseQuotaPrivilege	820	msiexec.exe
Token: SeMachineAccountPrivilege	820	msiexec.exe
Token: SeTcbPrivilege	820	msiexec.exe
Token: SeSecurityPrivilege	820	msiexec.exe
Token: SeTakeOwnershipPrivilege	820	msiexec.exe
Token: SeLoadDriverPrivilege	820	msiexec.exe
Token: SeSystemProfilePrivilege	820	msiexec.exe
Token: SeSystemtimePrivilege	820	msiexec.exe
Token: SeProfSingleProcessPrivilege	820	msiexec.exe
Token: SeIncBasePriorityPrivilege	820	msiexec.exe
Token: SeCreatePagefilePrivilege	820	msiexec.exe
Token: SeCreatePermanentPrivilege	820	msiexec.exe
Token: SeBackupPrivilege	820	msiexec.exe
Token: SeRestorePrivilege	820	msiexec.exe
Token: SeShutdownPrivilege	820	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6976	setup.exe
6976	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 4008	2940	Bootstrapper.exe	85
PID 2940 wrote to memory of 4008	2940	Bootstrapper.exe	85
PID 4008 wrote to memory of 1424	4008	cmd.exe	87
PID 4008 wrote to memory of 1424	4008	cmd.exe	87
PID 2940 wrote to memory of 2076	2940	Bootstrapper.exe	92
PID 2940 wrote to memory of 2076	2940	Bootstrapper.exe	92
PID 2076 wrote to memory of 4580	2076	cmd.exe	94
PID 2076 wrote to memory of 4580	2076	cmd.exe	94
PID 2940 wrote to memory of 820	2940	Bootstrapper.exe	99
PID 2940 wrote to memory of 820	2940	Bootstrapper.exe	99
PID 2440 wrote to memory of 3492	2440	msiexec.exe	102
PID 2440 wrote to memory of 3492	2440	msiexec.exe	102
PID 2440 wrote to memory of 4108	2440	msiexec.exe	103
PID 2440 wrote to memory of 4108	2440	msiexec.exe	103
PID 2440 wrote to memory of 4108	2440	msiexec.exe	103
PID 2440 wrote to memory of 1856	2440	msiexec.exe	104
PID 2440 wrote to memory of 1856	2440	msiexec.exe	104
PID 2440 wrote to memory of 1856	2440	msiexec.exe	104
PID 1856 wrote to memory of 1984	1856	MsiExec.exe	105
PID 1856 wrote to memory of 1984	1856	MsiExec.exe	105
PID 1856 wrote to memory of 1984	1856	MsiExec.exe	105
PID 1984 wrote to memory of 1552	1984	wevtutil.exe	107
PID 1984 wrote to memory of 1552	1984	wevtutil.exe	107
PID 2940 wrote to memory of 5016	2940	Bootstrapper.exe	110
PID 2940 wrote to memory of 5016	2940	Bootstrapper.exe	110
PID 2696 wrote to memory of 1540	2696	chrome.exe	116
PID 2696 wrote to memory of 1540	2696	chrome.exe	116
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 2424	2696	chrome.exe	117
PID 2696 wrote to memory of 988	2696	chrome.exe	118
PID 2696 wrote to memory of 988	2696	chrome.exe	118
PID 2696 wrote to memory of 1176	2696	chrome.exe	119
PID 2696 wrote to memory of 1176	2696	chrome.exe	119
PID 2696 wrote to memory of 1176	2696	chrome.exe	119
PID 2696 wrote to memory of 1176	2696	chrome.exe	119
PID 2696 wrote to memory of 1176	2696	chrome.exe	119

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4008
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:1424
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4580
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:820
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding F012EEAE50142DCA023BB2BCA1A18637
  2⤵
  - Loads dropped DLL
  PID:3492
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 556600253EF95D4A9CF4DBD6CC41545E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 36558B0007F925D208A994F4D53427DC E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1984
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd6c2cc40,0x7ffcd6c2cc4c,0x7ffcd6c2cc58
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5268,i,1098828708774135435,6718452713275761420,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:736

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd6c2cc40,0x7ffcd6c2cc4c,0x7ffcd6c2cc58
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4048,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4816,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4892,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3468,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4996,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5348,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5312,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5616,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6044,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5808,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6160,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5840,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6444,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6480,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6784,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6928,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6940,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7256,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7488,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7404 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7476,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7672,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7192,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7920,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7932,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7972,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7980,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7280,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8524 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8512,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8688 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8380,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8808 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8796,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8972,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8944,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9320,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9412 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7640,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9112 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8708,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8672,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6808,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7564,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7516,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9536,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9260 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6884,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9428 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8688,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9276 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7196,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7484,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9284,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9184 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5584,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=5540,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9632,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9800,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9840 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9640,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9976,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10048 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7176,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10212 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=10316,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10336 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=10492,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10524 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=5512,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10540 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10644,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10696 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10660,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10808 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10668,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=11060 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=10984,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=11000 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9776,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:6740
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6892
- - C:\Users\Admin\AppData\Local\Temp\7zSCEA69EB9\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSCEA69EB9\setup.exe --server-tracking-blob=ZjQ3ZmYxMjZjZjM4ZDE5ZDNiNGUxYTMyNmQwYjNlNTEzYmVlMGQzZmU2NGYyYzRjOTYyNTcyYjc3ZjhjNTU4YTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3N5bmFwc2UteC5lbi5zb2Z0b25pYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9c29mdG9uaWMmdXRtX2NvbnRlbnQ9TURGX1BCJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1DUElfV0lOIiwidGltZXN0YW1wIjoiMTczMjM4MzA5NC4zMjc3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiQ1BJX1dJTiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiODUwZmRjYzUtOTg2Yi00YzllLWFiNzAtNDI5ODI1Zjk2M2U0In0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\7zSCEA69EB9\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSCEA69EB9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x314,0x304,0x334,0x318,0x338,0x74c7fb14,0x74c7fb20,0x74c7fb2c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7912,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=11088,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=6276,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=6056,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=10064,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=10168,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=10156,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10312 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=8608,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8900 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9240,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=10616,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9280 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=8612,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10076 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=10792,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8744 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=9092,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=7308,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=6112,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8564 /prefetch:1
  2⤵
  PID:7108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=10804,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=8368,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8496 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=7996,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9936 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=8296,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=10796,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=6468,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=10464,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10176 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=3436,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=7668,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6380,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=8088,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=10352 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=6756,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=6592,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=9020,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=9868,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=8956,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=6872,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=3648,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=7452,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=11344,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=6904,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=4776,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=8792 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=9444,i,6963376765698637018,15559716536961507091,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:6920

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd70846f8,0x7ffcd7084708,0x7ffcd7084718
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:6344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:6924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14064387123510260413,15698093860596959323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x41c
1⤵
PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57c0b3.rbs

Filesize
1.0MB

MD5
1af9e30c1bb6f7cc14828654c32338fd

SHA1
de245fd9d56dbec759b68997c8efba6b003cf471

SHA256
9ce65e41c3d34c6b5d56a0d15c91c14b5d9c27f986c56e3f3136393c89ec0097

SHA512
ea27f1e7b5a9e952fa66c1504aa0a1b5cd439759b13830613aa7319f979301028309783c2a1d8ef5dcf44b7c963921234971abf27ee8f43ade56499e98f40c48

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b65d667045a646269e3eb65f457698f1

SHA1
a263ce582c0157238655530107dbec05a3475c54

SHA256
23848757826358c47263fa65d53bb5ec49286b717f7f2c9c8e83192a39e35bb6

SHA512
87f10412feee145f16f790fbbcf0353db1b0097bda352c2cd147028db69a1e98779be880e133fed17af6ed73eb615a51e5616966c8a7b7de364ec75f37c67567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
21ec75be3ed9812a7bca54c2d5c690a0

SHA1
9e866dfab68a59c6dacf733ff2310248378ff98b

SHA256
5f13463d5429c2ba2d525113f1a65e15d8a2c1156165ad8f8750cae7f89ab4bf

SHA512
b26383123344a4f2d00199ca5d452eacb1d76da642d4240e27685a4b7ecd63582c7711cf042440475d5bc475e71adf1095bf39940910028215413a82137e9bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0b572b1f5bf3f0584382b9086706cccb

SHA1
7da6793dd7ceaabca5edf124ca0275bb66926f5e

SHA256
26de4c58d01d14a12a4e5d143d4e9d2b2e0cd22f7775eab336c02275d3f0e7a2

SHA512
b87001b29a10f9ea6974fd613b2893d47d9a2dae857c6df954184a21383ca27a725908060ac8e0aa5c888d7d41344103a6c0bf5896645d4be8bf52c94243771b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
07bfe84adb14e16866d5fdede2d3ef2e

SHA1
695b1db8561695fcdcd85c41abc9a51d81b4a12b

SHA256
0f95c30ccf792abef3a3075a64228762b85d5077122e7231aaeac91eba234ed3

SHA512
f5e45726bb4d81d7c01b75ea9649986d363fa0bcde2104ce5b9cc8d7a1987a98fc103b13540d33ca319cde2bc9f635a2f499a6c98eccd22ef61ce2f3812894b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
600d791b8e21bbea64540753c3497e0e

SHA1
d641c7858a844b56a9ec073998503437f3f0623e

SHA256
7f69687a46f885555266cff83f594f5eed838caa09708ee1431fe36b096abc91

SHA512
c94ff4666f7bcfb761cd115ed40adfd20630b44a74345e08f41e6535d09763a56d2bdc4176582a0c9c595d2bd9f412ded5568822d793e09d6c9af693c4821e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0bd2c564247196e4c23ee424d3bcdb55

SHA1
072625d55cfa60d08d9b4b56f44438d0fd37601b

SHA256
7b58815c177a3842caaa47dff301125994fbe26bec2472c0a84eccc7d0ae675e

SHA512
27bc5c1113134ed37793b01bb6d6980a4ca9866299201cf757a174750ccc94a8a906b4b0975004256e6fd6eb768a9c530c9a6e5acb0f2fb1f9ca92e4049ae2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
135KB

MD5
718b3940c04a82c28395bdd9694ea436

SHA1
bd22b1cd30bc1210e094b16ff31a23d045ba59bf

SHA256
3fce9cd54b92097df6743948398887726d12f675cf449e73757ea37b937b7902

SHA512
aad930608df39fd658d435014177eaaa3d471b2b58b1e9d8bc178641da08c79c374c1978aa9484bf4ef8283f065991e310c61f792680f6ad0b4948a93932c890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
eefb3b7038040a2b45001d9b00e3614c

SHA1
64f409fcd8dba116aa15366783133833ea2e29e1

SHA256
d6def6ae11d1cf9bc2c244af00ffe3c6161263c26212e4009c613a02c8a9ea76

SHA512
d463a84948b07ac2b1c51f471e21e592f84b249f6a0f58853f3e38a357068b8a6e9d33de1146e187bee9c586bbb3525b7397f2f1b4f2a2c66d784e50385bc121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
411KB

MD5
5a322b316bc8745d39d83b130a9ef6e6

SHA1
f2e8ebc252d92722555b6fab8e38fbccbf6003cd

SHA256
b6fe2ea8d85c1ee73bf4e45c34247fec18e2efa340d009e0c2c1b41cc42e3f47

SHA512
97fc03ce19046d14f561bd812c4853eebb608185d20b9e8f319098b866e820c09c35d42b4354d0a6ed519408fab7a5ecdcf4b33456561400c8e3acf256846535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
106KB

MD5
d1464ae78096f332a41a1b299dbc3653

SHA1
9ac07f6fffc033de9e2c8a5f38578bbb81cacd7a

SHA256
129cc38dee4cb5493176532c2ffe1ef44f670ba48a14fa8a845b48e3e6bc9fbc

SHA512
e76627113afe29c295be41ce4ad92b0639eb88c2c54ec71ade9889637aaa4db91b38d6c9c2a9c356993a76221f308c33ab3fa71bf14787c8e38d2d2a34ece3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
795a0a7a4ce02bc0eb7e8c8a094e8b3e

SHA1
e10ec4bfc990c0adde24c7e3db6b32310330edf7

SHA256
4c0f1246421db208435a7981ed75ab22f337460d7bcf1b5952b7a4c4378f107a

SHA512
95b81873d72430a39010c12c7106d6d92a3ef84233a25b1db131de4d36a966f1cc7110df7b227c87ee1d8ad4385321ae9d585960920c472aef7d193d15f26265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
52KB

MD5
562f3f8613cee744f88caedfd5e897e2

SHA1
7b8480dfd4c572ce0703cb44bdb6adffd1dbba59

SHA256
b475dbc5f92d5d7eaa2d1d9071e11635f2a4eb787e6c26b9ffd01db3c5bbedd2

SHA512
606719efaffb735969b627c22bcc9558363848702d5c782feaabf555ba179e63e5275e0d15776f529e708307f1ec762adb2fd4d36b3e66ac18dd60113e1ffe6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
17KB

MD5
9f2385157e4637a0426a9bf25312627a

SHA1
395b7c1428ee59ebd152d6917494ae39edc460ad

SHA256
6b20ede33b01a5b351c42913c5478fd87bda02c26c07782ba22a1112e16b896b

SHA512
e220fc5181801c0f02bfae8784057f0800ff31ff05e1233bea9d6f95f94b501c2f1215e38590bec76ba00d3ddee29ef41158d60d3bca0613dcc73ea7b58c5e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
32KB

MD5
bf2732eb472320606bdff5fec5e049cb

SHA1
3541c90445fcf111c364512ecfcb65c9fd2379fb

SHA256
18b1ada1bb101b03b328e64cb622ca37d4eecffcbd989c46444f1f9b5f05bb94

SHA512
4785b29a91ce377e5fb047bdc5ef61426d6acf4b8c009a63c63e95f425d2efb84c33ad702716652316001a42f34c81dcfcdf6ef07b658392033893fb438c1414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
94KB

MD5
8945bbd48be1aa69e79753833acb342e

SHA1
de816021a8d20724ff06fdae92a3536ad480e013

SHA256
2116ce31f8e183191d0a2c0028fddb404dde3a609ea9a86fd3b3037169e6a72f

SHA512
c5a7527924a63009a6e6c5d76ca2dd2a8e18d3a395eba2d8844d8687995c4ece59adff1a692ceab508183e78940e938156c1c10d3992cee5f6c1d86c456cb538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
19KB

MD5
43e938feba1c5d3f13b480e5939831aa

SHA1
41300f992edc0cbcb20669b33253290f9e969aec

SHA256
998e2a9c21058b6d6bf46bc02e77d9261d8c57de10a039d38ea58c9fa00494f3

SHA512
c2760b3b53e783e038749523fe8c2454a50016a74d46856bd2f0fda03051d7668c7b03b58d5d566591eb0433fb5efd1486a32e3b6c19749c84443d80edec5f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
141KB

MD5
e9bbc93c1461dbd8360380f4878a01df

SHA1
5e91eaa3bf8b4de1c6d4ee0d56ebabea9c8a5aa6

SHA256
100d461551415e38fa28305636680654dad43cb28e60aa00f86ec992d187cb75

SHA512
ed7a5ce90429a207904c94268da2d3a6d55adf9f1b9d41bbd2720f42860ec4120f8def798f9d41ff8f4b9c4f7aa9d27dd62c17bf5a30f65fc78b5ab9953cbd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
88KB

MD5
362e66284dfee6fe5fee35c01294fe92

SHA1
6b58ff66ebed941818548b1e104e153a50b05609

SHA256
d853aca3f4b4edd2d7ff47e698272c98a8ad9a10c69eb21d273b3f31279041c8

SHA512
6171be32e8a0f942163c79cb5ac3e5335259515188a38692c8d7f910849be74e7af1a766a4096f45c76a1747342a0c5d3ca68640d1d3d540300c799d73de0b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
93KB

MD5
6eb667c93da9c829e5d41f0d415b851a

SHA1
5c7d82b9b8b3ff16e653a901e1bbc26f61e79ce8

SHA256
6cc912b6877acdab1d3d80fff968576ad468166cde70b6fad54805ca3e03e466

SHA512
cc01b83764a2edb00abca21eeabd458256fc85696d78a011dc27e0b219f8a5b4c5b834b7114ba43a1ef6e977638840c8db14ceab527ca1296c4a67111b8dafe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
152KB

MD5
4521b6fb0d76ba6fbde6dacf5a6a2a51

SHA1
8ffdc57f21502f0164760f9e2bf4dc10bb3fb43b

SHA256
4f9e8f4c4e21819683335f73bd1e7d2b3afaa30d3449508472294885afe8f0d4

SHA512
13819a3a6357cd44717fe768154f8117115b22043e9ddf024b5b7ebc5ca427d733261e0a0aa0237be54dda49fd3010853b1692dfb74fe42695d201cfddeff552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
84KB

MD5
18883e2161975a28c6a3387ea3243a2f

SHA1
49ed21eac6197f0848e71e3012f267cf0d8aed3e

SHA256
8fa045a24858f99c08d64f1270c3659dabed8810244ac6cf523983e94a02110d

SHA512
2d62ccabbfe5ecbee55542fe39887752c04725661fc78bcc4c8469429faf980adf2537c5daaec7c3638949c4c529067f72828585a483afc3f28df8ebb0873ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
20KB

MD5
d95d8acc06b1b8ee3b6461b3e03038e0

SHA1
33ee8605380c3598e223e90d0f6b1d77cff99f1c

SHA256
6204dee01c755f688d8bf79cab7ec4767a368f332e5471506556a7915a56becf

SHA512
7feced5181e6e6eb63adffe5929834ba1412806640bc04252bde3c8cdd589e452122e1306af19ec610b0624df7b824764a46beccee0d503260ad6e9f6c93725d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
88KB

MD5
3f9b5c2245619e15b356ff4cef0cb620

SHA1
747580292cf66f4875729fc2697e64c17ae6ff8f

SHA256
2e352ff54358b53cb6cec583241064d170e7212667625d66b98348c96aa22140

SHA512
5b0c7cd17ce6856340cdd5b54c06bd7a1365a31fef49d15d64cab91e11eed40614018e210ba72689db30e34a1728af0fa02ff15731658fe13cd6ee6ff1c0e401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
28KB

MD5
4b8bc7dbb3c8676f717839b838295d36

SHA1
52516ed283ff5baf3b28ff2d1773a354e17a3a32

SHA256
c284a654994d1033e95c8b412904989cea28fd08568af97e29a9aee11507cb76

SHA512
3d943a9d7ff1a02d79531e2db1b295a39244052b69d0aae6dceab38fb98f05dc77e91937db1bd93c00e9d2268f3d102e8c721146fb3628cfcabb19c1913acdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
43KB

MD5
49c6c2017aae0313785979c3734c8e4e

SHA1
9b5019fe772209480c613918bf8173dcf245c97f

SHA256
5b5869a12179f7bbd951275b641935a69d6c028b485c2ac12c01fd9bf20fe08c

SHA512
e3a69e015c440752744f0bec7b673192ce3d3a7a801c59da5646ee91c7a2dac2a148f1bb8c79027c44d7d809d414bc0847f452548e870e1f175084eecedbfce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
123KB

MD5
33e1ea059a811b769b8697283e5de336

SHA1
74221fcc7a4673c2078607576c73e40c3b8917bb

SHA256
6142496b8cea43c5c8930d591b4d8642971aa7b8701339de99cd010f683532d4

SHA512
f225c14f2874b5bc699c89fe35577686b476e210555127c43836f13c3e9f5cdcc3320cb21818fbf59b51ec9cb8e45dfe293a74fb585dd236724e2449d2d14e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
60KB

MD5
b100307705c311e8ae4d31d8b2a4a93c

SHA1
3b1ec50ed6b09f7b3c14f6e8e201f2a2b1c98975

SHA256
4a9f5d41f5ac4c03f7772f676247d201dadf15f9ac01a31ac26685d2f559c2fc

SHA512
213f7dbe76418eaf912a232d0650215b481674943ed689ed8ea4716caa6f5293b4495597040822a62ed9372f3703245a9498e28b852f00a2256fd28a54899ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
20KB

MD5
2250a7cff51c2196c0d631eed736d9e0

SHA1
5d147d17648ed7f44ac107a9fd2255cdb51affe3

SHA256
7428a7ac2591a86c1bc2438c5edef31b16a4937d55f4b7cb7ac78a753a8e36a0

SHA512
66f18fbc58eb1355ef0cbb944b037df7dceb35f79cec0167b18b7b7a7347ac965d43445a989e7c53fd484c38c91d873d099fece7b78a2978efd9e99a660c9e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15008b327caa7137_0

Filesize
289B

MD5
626f68de7fb8a1789f65b5f7faddbd43

SHA1
20044aa9366b7b141b027c6c1fd9398bb209b304

SHA256
b4ae8144662e07d1948e6b9d38a46a9dfd1346a888592f46f37c3419a4977697

SHA512
77b239c32ae3b155bfa4f25d065e39c9a88084011a0179b9e23a70813367da15e63f6bf72c77a3432eee2def134d92d76bfa2e15412133a0554b56b22c0e33bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a29c5989d22056f_0

Filesize
260B

MD5
dcc7f3ed6e241c6220d21da66d51bd0f

SHA1
6dc6b855fb439902759cacb68de50f380a7884f5

SHA256
b4405ed9ee6bd74f5752a398a900aa24f3e9a1429769c59381fc007fd94f8de2

SHA512
fa6c46cd6430e7828b122136d04b46eec4411bd38fae08aaac7fe5e40cefdc9ac1c1293b24609a3514755df30baf6721ec48f9e9fd51b2319f22d032748ab6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a29c5989d22056f_0

Filesize
6KB

MD5
d9a38a30d341a29d4f5188d68b125971

SHA1
1bee7d66bde99b792e71c8d895a776166a268e12

SHA256
cadfa99c5e301aec6440570454dcfb9be064b1e6eb017cbcb57308a22434f923

SHA512
56f7ece6ad5d54a38fa43f159bf93e9fff5dd312436ffa23886a2d4688a3af6e30f5424d3404d2434910d23a04a96cfa7821c4cfe3dd742b70b8faf1c80d2d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
d321c6ab2ce7359ea64e8018b549bf6e

SHA1
98612cc3bee468149ac77f8910030d1984588fa1

SHA256
560dd7b92b4cf5fc8059bd73cd57a5711e96a26ea77efbb06ae183c32919c124

SHA512
6d2abc3179b2826c2a3a08cb2f265f822f42ef9bb61adcc284f0c84ad812eb8197d533b85ade7f1aac07faca3760304372da1a39d873913ad4378c07c2b958c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3545a9e694a7a24c_0

Filesize
289B

MD5
5c5944d6f0fdcf5717d99ea4c4f5eab4

SHA1
ecb20733e5516d2ff0c27e8d82103d31828a7f83

SHA256
5477d1c58b8ac8497c0414bd2f2405e1deea1bd428d9207692f074aa231b9325

SHA512
fed702bbd797482f9bec8bf9ced7a7fc8dbee8fbe6909df18254f7ad5c753cdc4d18a691dac554932f4ecd6b01a3cee4cb9699b825e7f4b40d77ef3098ab1142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
276B

MD5
623b3f711220b03b702317a54f95983c

SHA1
bde73890e0bb1bb55c4826a156fe926e5c79d1cd

SHA256
08f1cb5dd7f458212894543b88ae42dc4a34112185c581e8205c6044169de0c8

SHA512
afd342df07400e9f24c7d66224708ee8b21d4e5c2f3fffd57b6005b4837a3bbb92b541ad147927028324946d96bc794541aa8a26283e701f24b4a68e1db4f482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\69030d265fdaf671_0

Filesize
26KB

MD5
2ff4a5e7aa72eafe9f614ad3759105af

SHA1
ae87783f7b1eedef56f94bbe53703e0dbefac5bc

SHA256
7c6ab983fbdd093b903158e6cb48ea1aac7625974e732ef41ca36ca8f495410f

SHA512
e2375285c2aade97e67036aeeeac1bf1965616db133fd28ba23a833017960fd0a20bb82f7fcfe54ba4400a3ca2af32940d22ede3d248c413535046e97760f650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8a40b958501a4af3_0

Filesize
34KB

MD5
e095f0fde7cdb78f9e561e2c877577c4

SHA1
0f5bfb8cc5a3e1ed13c8f50561a15c65bc6ca847

SHA256
d7bac7db8e1aa673e0b0e4bece371d1b3e07ed403cbb6d10c06568af97150144

SHA512
357c2694c851908dc3b41368b54f7a22f28f13d52b12bec3f2178b8e440ed7d8d5f34faa1d78546e2cdeeec98a4fd5d8080ef7bb65b6b1385b21df1dbf83dcc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a9e52664de271446_0

Filesize
34KB

MD5
15487b4d45fe419cf8f53626d6d8152a

SHA1
ef5ed3bf95c5c0316a637d7f3135ef9e6a659228

SHA256
16e54bce5d286bc1dc266451c50f1c087d7d0885296742075569418f88d92640

SHA512
774dd8d5bd1cd0589920fc6ce9750cff5c4313e243236deb4fe83404f48746ed7644824081b8cf9cabc380cd243afa79ec59bf2dbc5c9eb247731145cd8b0b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b389095db6a3c4d9_0

Filesize
298B

MD5
81ebcf52785aa519beae947105d30cce

SHA1
2e6a2f34c313242d2b705d8d1826e0a4d6168aec

SHA256
e2bb5ffd3062dd20d00da4b59a8f1a8908a6d13486a890d42cdb66e7b248d50f

SHA512
21dba5f207df73b9fe970cbd9f7dfea44ac6b31f4d4853c7c85c2cc5b72fe9a1312ab72fb5617e2e7c589ce3229c5cd38cff362f8b3c0d598ded4b50d103b089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd7ada3a2b89b394_0

Filesize
427KB

MD5
5192e93da4e7270ba39294a94f25aefa

SHA1
1a949a7ebc06f0b43ea964b69d7aec38ff7ad9dd

SHA256
b4c4ee5eee5ef602e8536d6524a55c4d8dd086f85f6c3b39c9aae8d9d9f91cc4

SHA512
37b857f2640ad39543280d33a18c2097a7ce2851c7c52e5be8aa6a4247a2e168ec7f3c1fd5a91038d7b5595ad59db8a354af2485437d970fd7fdaa41a02ad963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c57b831ebaa8aed1_0

Filesize
383KB

MD5
1b9e60671d437ccd87ec7033a6877109

SHA1
591b30039704b21ce3009f84ca801f0cf1bac260

SHA256
93f88365f8653c1856267837d6dd1e7eeacbf85e28366ac78b947dd60307e787

SHA512
031dd9412fd705b281b06220b5d86d8852cc7ce4e5dda37f47fb484173449ddeb5aa40d3aac243d578b5349577b54d8706f57e13dd3878b0f6646acaaaa009b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5210762620f4a77e1fc7275221a458e3

SHA1
5ad6bd43a992db2f0827466c74433edf6eb26e3d

SHA256
9b70309b986f64222db436b2415c7d9b1c7b99c50b2cb7eb77a5d3d29326db25

SHA512
99e699f4bf9ca0d20ca393d9633db42fcf465911c9a7f72204ba5a9a2efe5d6018146b0b565dc95791ba252d5cb7f04589b406a245d8408fd4e86e319c18be97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
757befcb419f15b6e14977a2f8bd48ec

SHA1
a5bb41aecbb96104227f5d48fa75f57d6bebae30

SHA256
837a04e29209d1addfe39f4abe16ff5f86ec60cb960949ba556d05f4b6c59e01

SHA512
e9bb798e7b625a4a20c4691fc16e523d1eee2a5ba2f1dd85ceb87d15aa00a8497368b1b3c70da714521ce7f517b7e722f09e60f9135ee59da52dddd3519e5fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c285fe063fba29dc259e0880c87563b3

SHA1
ea110aef275e0d4bd958be5112f768bf83fb3a89

SHA256
fa28bada9ca64cb46d7af9cb829e5a63dba5d248940df75b6fc1052b87aae8a1

SHA512
fbd1cb3a124ce7b6e521b84bcd31ddf77bb351bbbb14d5254777bf1e17487b72014479f0711ace228c1464ed1ab209d528e2f501c39939000b4ff41551230f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
7a1f4aea22b3e8ebeb25d63be41984a2

SHA1
669d9a33e04c595652a8eb52a45058d87c46189b

SHA256
aba0177d8d6f679931997ac3e0504b4c9bc988c63c17160b6dbbb890f6330477

SHA512
0f8ce87d704b105343699cf28a75ab7c8984c600d351ea47482e8e10188d6c770097c2de3dae20ae2727a6de27160b8f5fd21d20d9f2b4bdd79b7408de015b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
4bc0e319415e1fb539b1d12fa563f090

SHA1
a0da89937e37fde1f25580de1f46d970f3900f9d

SHA256
b77d8c4c67c820ded239d6ed4a0d151f9f923a2b8eb5e8db967249f3adcee186

SHA512
172146934b2fa65bfc11e8e5b994df4ceb1f62ec986dfeb930cfbaaba2be0ddd9aaeabbf5ca6659f6fa012251159d7827b638a36400dd3bdb5962e599b49f476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
6320bdcd25edf8e89ba66edb7a12ac35

SHA1
8e5ccb23cda97c65896fbfebf0b29989fe5c75f1

SHA256
2140b3e84cde2a378c4d5ea51f8296dd068bf0790f5c5370cfac111ff274ec31

SHA512
b2cffca1af9d6d8aed327c0bc410e3255a7c0b1e8c1b92798612ef37cf3a649606802382b25aa35a069f6880e77302508c17d4596e16f9321ef63eee53823358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9728d34780d423d6b21f548d7d6b8d0d

SHA1
6ba98e2e51cb50c07c9cfbd323988718d41f6dba

SHA256
49efef3f276c6d5318f2093e2df0960416b271751347e9278a8dca89c3435e60

SHA512
661e94e52f9f0725299858b514fee0c597986ae5de4a8f0bdd194092e212badd2c77a79e0026477e5fbb042c714d3d22adea024df8e6ec0ecbedd3d787c4632e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
e3b9d8e2ffd4eea68dc904a8c7e1c3fd

SHA1
bfd5ff6262627ed617d0c6e9fd1816f52ec1d058

SHA256
0142069c49491c04d19b0b6c8870cee7013f115ef57a0e5a2a4db8c7bcae47c6

SHA512
70f10154cbe45ba1064193af52b706ae2614051373fac165a224fa1a99f2ee275bf2534b9fd1db6ea76a85b083287dd23044d051e3a9a5e492715ce4691b5516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
46KB

MD5
d0265e751d8747420ea7353a5a631bf5

SHA1
9907ec7a8571a4d64abc3bbbfba1ea8a0be7e473

SHA256
34f17c32b614ad772d19f711a1eec426a010d47790e9a7ad533ed0c3463bc170

SHA512
d6a0dc9d6668147924f3d2d2b379f50d1a142ff22c419e3f14c5d3b0418dbd58ae61400cda012ae5993b519f89c0820a1e180a9d3af4d9e9021e226e4b47b205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fe33941495c31ecde9e3d9547431983d

SHA1
04e3c581934add7b7b6a932989e1f4e2e674590b

SHA256
c58c03459100eaa8082a4cc7b3ee610b762dcc4099926249ca5144019ac1b537

SHA512
5850c4b6612158d8ad0f39102e72beaef8e5f8356944ddb6a6ae82ea66e78c6ce03f2f5f905860a7b2ec65b9e86776f79107b65762e7faec5497900a46967802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6f1d05f55aed178a5188f1e71dd20512

SHA1
9faa5429dca1ebd8cedf09e3a05b0320b077c0d5

SHA256
998051a6241bcda91c8ebc538c6c02fc31e2b1e3e39039a19ecf2e148d290a37

SHA512
cd303ee38ce4838eb2694f6dd6f06a319ea9b7119aea812b4a5000ba38549ad561aacac590b758a48c4a73433a1f410b61a766ac0b7efb82525e9653bef4012d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
652b62ceb15cdca93fc1b7aaec09c6e3

SHA1
1fc722afff750944d358776c6476fe37d7b6b150

SHA256
dd09131bb38106c425e2a2137ecb76609d06498ba013eeb4af3c2fe04139d4c8

SHA512
36ffc58b640d1297341cf52b071ca2056b14f294751ec129f933afb1e22ac2c1ad449a1d1064473fe52cba902831bd102da6c9bc0f0ffd9f44484ae4ab20a770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
233b3478f054a6959a705c41d89a9b2d

SHA1
b7551b7d62f97fc4e56c8d62779df5b044accbc1

SHA256
f7355bef8bf5ae0166ef1f078e20ec0ca561628765666efec6d94f35113f92a8

SHA512
11db54f005bf3927e9957c90b2684729ed3e861703246003f6b31068eb158b049893ca01e24ff5824a67697e251ad65fbab8e0d588cf11f5c50b42452e483e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5019419b5a13e258efdf37be1d93001d

SHA1
908bff42e0fd010c3de5044629773d2cae7ea1b3

SHA256
57400dc70cf3a60652fc3398e48e7504c9b9ed8110d6dafaee90e436a6861a2f

SHA512
1803cce4b10c47fc7bacc7bf8b66aaaf8463815ba76cde9b0e3aacbcbc0582d8ba9c50f0eac043e71e9dc7c0419dd5c88448932f8d23c9f08074a2d1b1c4f49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
400e59e0632efc598f7ccd39f3db02c2

SHA1
45bdd72a23299949e01d20b935c7f629f43b22ed

SHA256
fead8b1317897a76819f3d770e662a92fc70fed8bf95587324df7efbff5d9075

SHA512
e7911d65915c54e7c488f63c4e136a410c29697c6460549c30ddbd27cbbd98da134a3b6a97e66136dac7bd4adcc7aa25d8e6df9e5a13a6287ee3f7a1c764fdbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
963ae1d6179f20b806809584e231871e

SHA1
ff7f9bb238450a2ce69014cc52ce85553790e539

SHA256
a949f9ca21fdbb6ed0e00832dc0a98395edacf3e813efdb91cdef38e991295de

SHA512
9e2466a7a0242c50859760c639d2384edf2b76d4d297321e916754c621df9364de3d0ec0e0c780235ca9199cc078a44881e47470da280ad8fe0cd4a33eaa7d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9392482706f6d0b9fd530ae5b4302090

SHA1
d5d3bd6ff3155d647eac9e32544ac7360b01795a

SHA256
22efab6ebbef290fc1073e9d684f28fbe256309eba0fe2e57a67bf582594f636

SHA512
24ea00185e46b77ad06620944314434192756c4c412fd965fcba244f3fbe2769383db9fb77d7efe1d4217307760e3c2110a305b0f92449c05c3806305e2338bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
9b254beb345e3765669a061a99e96f68

SHA1
52addc8c3cc18d3b0c47ee12580ba4d10da3ea87

SHA256
d30638cad378e16d733652be6aba551fa85ade602d690728802688960c300285

SHA512
1ccb8b316bde906c55e661029eb98e580b0cb54a1c41e6941b67f104154113d7256fed4c94f042b3130159db09bb38b481fbf43411f17045543172af55fc57e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9a1d357abb047f39ff14fa7863b39041

SHA1
8474b944c68c65692c39e85ceb78fd8c839cc983

SHA256
6313082d455004e4277255b90bf385e0cf626cec4f40386a3f3de02a3e805ef4

SHA512
d03d7901e49fcf723dddd7e5c69db493af18bff7f2b8b11f26a0f471345afba5f844793c3ca92a9198ad44cf11e8b67e606d645aaa3aef34e2bf8e2b8bc2a27e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
981b396277bc8ecc66ebf88ed7cfb7a5

SHA1
9a07e535ae2221d5fdb523967d7324b09c38e28e

SHA256
aa8cca7daabbb06588ec00601e92d5c04581912f046a58bed335587d774d4cb5

SHA512
434ee34a02f377edd562304494908f9fbf340c5ba11948af086bd20f5a7c268ad0fc822e860db5ae8306bece11cc01fcd1bd1a6ff6ac7cdab952f001ed77034b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71326753fedda0284a2e25c3ecacba68

SHA1
01e6f2e7f4f4e4f589cc68567245a85b39549b5e

SHA256
35635456b1ca793f230d594eb4e1dcb23d5f96d4626596cee4d217f28397e6e1

SHA512
41346e02a56663795379f20127e3c8c340c523f2904b194027e9fe42814a1b3a4e21d076fd870960a98c54a72f3d79fabda56102577a9956088bd27d891bede7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
664d32a1c27ad7fd731b07fa881eb540

SHA1
67c93ca7a886e6e04874daa8aa3f30f82976f682

SHA256
eea1ea41827fb5314f804a86f9930213afaa919ee3e8b45c9c9b04dfff11878c

SHA512
51f30d5f51c5aaeb2d6181e9e44f2a8bca51365876692391fb7477afbf4e1af542b7e9dc2cfec9f06fc4861a8d9dacc3b411c409a5b6b455d0cf6d64f1a2c8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c877ee9a365f1ee8d1bd45c610832ff6

SHA1
6a96673dafce32b90a0eea86c2045e7cbc60f23c

SHA256
b2454d951450a08bbf616df9c8bdb63b8c460fbca757210a17b66999295a6625

SHA512
3c6f0dbbe3c9d0371e28b09eaf797f054d8e5c027822d0065656e6db6b5b3bfcbf63fe4cd758ab575d00e5acbda3881df7596726d0b012e53218ee78bc241a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d6047fdadb80015883759459c8c04de

SHA1
aee6f09ea55eb7cf8ca75cc7b31c4ae439a2ab25

SHA256
92747aa70c9da5205d668987050ddc5fecf74a993ea17e01e91ca8c6110f7a4e

SHA512
04d9ae06419ade1ce447605eeed6a1a6b5dcbf539785535052e502b0ec64b424b482acedfca1b9f4a33473553e80a2b2a725ec2623365c7403761f853b24d090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2a2eab60fcb202b21c65354ef0e4584

SHA1
283fb84c2a618e5f479277e2f6987639d922ec5c

SHA256
73634e6d39040234f1322e72ce3c58bb23eedfd412da5a2473f424d7d934f87a

SHA512
976cc27cfbc9eabd4cf6424fc4d1a0a9875bb2daf1ce786c5036968459bc6a5119f4ffc192264a7bdb51ed3e841ec8119b1aba67b270073720cbae6678f5a076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea4ba76d34faafa172115a2da3b400b5

SHA1
d083b9e18408fed21891226749576679840157c0

SHA256
43e5ec848605b6e5666b63575253ffdfae1bbf7d32558a03b9b17824fec42cdd

SHA512
4b4565c70b2355a979ee43474aa20ddd92171482d363e31b006f4b3d36f319f8df6588dd077aa5e4df0c8426d77bf7f9aac12e8ac02c74adbfca7563607b3a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
569293dce2521946198872246997f5d6

SHA1
95c4bef7f59f12c68f82586b640f1373a2b922b5

SHA256
d875570f6bcb88a2e59c973c276991bccb15a9942ab00a07635ba3045371e31d

SHA512
2e0354a0b1ad464c3736284b3d3a9433b21038e32a939ba15547dbbe56d98b214610e457a069b74cd52e06ae146d122a09e135a9ae5fc6e10d3e141c3cb1135a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5733d449039baee423cfdeed6b7f4427

SHA1
638d362bf1514217b5dd1e624837aca1caa932cd

SHA256
2f0cccf4c3ad3f86e47f97765b109055012249e8bfd6f61d87dc456b6e083f21

SHA512
a80b7c71bcf7b060c2b0f145250182d51d1847088f525fc8b73af2e1a84a66cbf811eca4696cd323af52a4fca89d6b1fe573394b236336bd370037b6d7af1505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9f0a97ceae048a25cf448b77a91e1952

SHA1
919fd3ebdf87d9d021cd8f24a75450f7213d64b9

SHA256
cb6a12529e50320eea69af24d99c68e108e09135519191c85e955ff285f10dde

SHA512
bcd82302103e3b218bb3aa8ab11d45eefa13dc8c498436def20947d46450f38a5a38db6d35400f3325a5d221243583ed9d934b2a4d9bf2004a0924e3c0f92cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cbdce1c2ba425663557e971e44a97103

SHA1
19b338a6832827a79cb6bfed225e0a63c6d32cac

SHA256
b4f15d088b82d477156572cd4b8f4af3416b30cfbe39c2b895f0e133518beb3d

SHA512
e428f9e014334d32cb3df8c289cdcff271856e51df2145d9f7ef0b71090e2980f22b1c86f09be85099bf2890fbb73b7a3f097f04a1205cd74db5c1d0a1ede66f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04673d6fcee3297b93806c69352dab92

SHA1
c96b1ebfeeb00575b118d5fc0c3053ba850bc6b9

SHA256
5f706b8b84557b0055cbbddc66e0df8fdc2906068497fd111ec6c5a416991149

SHA512
82080cccea91246b203634b0fc513f317005ce404f3b0d460af6ca89537c4930756ac15a622c28241055eba923e568533679979b41531ed4b7d518f7487b16be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
505f33cfe095232f5028406aa2779a0a

SHA1
f44a074d98198d9664b978d243d6ef606b49f4a0

SHA256
cf244f6e09b34302adc3be0db7fb185f1cce56d1ac9a8218f7caeb02d9d696c0

SHA512
d320a7655f5120330f118939c58116dd99828beb64d24e2d1747dc17668b4930a2d40455998281893a0c55cc186713b0374ed507697b7a1d157731752f5e4946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
540abe21e2d12662c2676d11f875af18

SHA1
ab4ab85c76380a471129bd1b76e844a7e252a5a6

SHA256
a70e37c649e410b2631d4eea55d87491cb11166572faba9050ad9dc7e99e41e7

SHA512
0afce85b97487dd30c849761870b78749c46157f4177c2a00d729121f75a825a6fecd2cd48a16e2860459a44e49729b65df55c24f06eb831ee2cc28c090f6c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
24861eb82a16e82ccf30c8931426ba41

SHA1
1a7c6950be2b4af56e532a2c34f0eb25f9df7eb8

SHA256
e3114781e982ab9d4e4f1694d6bf8c76377daf6eeb2a4d483ff538a68f18c58b

SHA512
1c84b357f8d69847d0c5fd7fa7261375a83bc8a03d9ea7485ed664c4580598ddce2c36c2d7ecc171f298f62e015754e596083b139a362cb71e8df1aaff0f86b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6578784e2e41bd79d418139e22d91e65

SHA1
f20c578a3f8d544f95712bbc81e3d00420b1e846

SHA256
985e1e107e674eda82d7482ffbc7340cdf1b6d7d859a33052ae5f14768c1f57b

SHA512
050a368d775042f136b7a75b5279fad72217bd1e3bc098f5089440a3cc7cdd35f9a124e87b69a1d408816f64971c805afd410c8435ecc6610ac39c931e56e18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
dd9b988956f37e96aad9d53ce68e5ffe

SHA1
a0658a01e535bd1a7132f14f24121e886f278561

SHA256
ac2cd87c4cebaa34c01688328d0f3c5ebdd88a4237d4c631545b5083784ad895

SHA512
91ce414a43066e8563fca2685d26948e1c7b0eec539bb5e30d7e52e4404562040da82475f4a210f45db6c9ea3316c986b0eb9e1b09ee4b9e2d76037ef921c6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
45dc27045c287e29cd91e5c9b2d5d1bc

SHA1
cd0eb5724adf232d582fdbc19ece83ee6ee9b4cd

SHA256
16983c574b0d2c851ec8230f48a2fb2508509c31beb31e2dde92b69ab7061f62

SHA512
0458246289c59520c083bf2c1c696a000205349c93cfb4bc0f763f89462356edbeaa31f33c33fa03f989a504e174f31f289d8c95d8a539a6b96849096dffb39f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
da30dfc2d8705475fcd0d1d8ca764726

SHA1
efe811ba66de44dbba5af80999ea670bd33c6bfa

SHA256
51dddbf47124b38df91b311cffb25bcda4f137e61dd2660fda6ae6040b67b25e

SHA512
d7532289a1b2a4019f4400b8b2023d3f71dfda5071ee07cdc399d8dc0a1e03f1b15151b0c335b27c32035d329b947a3f8591e51839c72c00b2700d25455a51d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
594e7642ec32c6a6555e8b4f1be00cb4

SHA1
71041cd1531f785e8484520e1962f535d8966ace

SHA256
94b6740c31bb854031905042e928198064b474eabcd38901c82124e42697ac10

SHA512
fb37be608e01da989e6d08bea33a0d87b78c0e2d405d3a68c36ca61cd7fee8a5e92de0e7ef49351a8c1545fbe51aeca1d078de8957339f271055d02589f62766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0850bbcb35680b027bb8037d04bae6b8

SHA1
94dac80ceed6787cf2f35a1030c123f70f7930ed

SHA256
6b91b0eff42241e938c5da20e3206fd6c60898b2dcf635968d176892795b30c0

SHA512
8a4ef49871e00a1903eeba204636a7e45b6dc571c746bbbdc11028178fb9ea2adc2bcebdc0545dedfedf0e20c7a335dcb56dbbebaa0007ebedb67bd5ec4053c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f2a49e578c1ea043c810832c1d703aeb

SHA1
3011626940aefd8d887fcbefaa9c0602a1fa5b44

SHA256
f2a190f4a3fae8ac4dc7270d5f2e01d20a92147a15fc115159d29596e1e10870

SHA512
eee953d968a5a6fbff252e2701f16c1d2d0825ae5d48f8c089ba2ceff1d9266715726d713f7274272bc6ab7c2d5c866465a21ff3d65c402990f49cd6484d0a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
fc4e33f980c0c020a368e011d3213961

SHA1
1eff6bf79154c28807967b3c2c705805906c9aca

SHA256
a458bf3322e71b2c2ac5b9e839baaf983f97352ccec80266d59b3cc065f523bb

SHA512
d344396035e8fcf3c8ec77e43d4904a302d4ff2f129d9abc006e36631f953c0899848a9e03b4931045dcac0dc66f43b7910b86f68c6bcff020d13e316fe60167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
f3ac6304e2cd59cdfe273fa3082200bc

SHA1
311a6f5871c0f3f7df479652a4dcc9fc175a7cc2

SHA256
28d08ae1b4533636fb4d7bd3e04ac75ed9bb2370ead23131901a34ffe89001c8

SHA512
c3c68033642d6df5dea485801c9b487c29f38b59db3ea1cedc8ebeca4321961199cdd09f25cc69069ac5d06edd7c7ab99253c241a42f464c998fca0b2081755a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
1bf06a66063d465708dea2d888ab6938

SHA1
ab152b958969a8b2b4b9b86586fc675500ed3b03

SHA256
007d703cf50002534976c2e8f773b09a23695abd6be4c4f597bc40f4bd18f7e5

SHA512
1f59ed1557b19a6f157ace679dc7de1fa64193c2ec4f9f63c9ac6252b587a0bf663c6b1dda1f8745f4a1c8bb254d3f81c833ea7d8669d84f204e7a74d70c9ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
478601602a14997a39d36b91264b103f

SHA1
0deacb8811d3f407132b9642b62dfaa8b676b51e

SHA256
67c050ba82ee3ebf01cbb81352f8b9ece55efd799258d8350ac0c81d3217f577

SHA512
0f5f0016de9ffbf745d97aa8c7a63806c559b39ac58d61cc3f03e9b044d35bfb864691b77fc59831e1da8acabdd33e29c943c473af0dfe26dca8c70da1cbba43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
5fb765f89b5d435387138a8c44d004bb

SHA1
02bfc7022e9bc8e0bc9039188399ac25f4fa008f

SHA256
809797425989029c80b04d782915a99894f7e5d971b17ac00bf05d2e8d195c0f

SHA512
0f77dd0fd7179e03a6879953dc4a9cb7e9a11cb5ef39b4c02785a788bc897c5666d6940a62d8ac3c2e4717f323df5d2a00a91f727ec9d5cf0a0e35bc75cad278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4c1cc906-8694-480f-a925-cbbabc081a6d.tmp

Filesize
10KB

MD5
fdd4f30f80a9563619746d50f2afc97e

SHA1
ceceaef184aeca77f66e3b67765811b7a161ebab

SHA256
2544289545fa8e68880479fbd61ff0973a250e2cf341317122250fca85c4b1de

SHA512
30e01b5fa4d3e601b963578b55351c8ea8795fc2873dcc2e69742015ff9544081e4d90d96c93643cac6651213266be55925de63a6a6b7d5455f6eb1fa2af2f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7531c964-c4e5-48a9-a0f2-c98140d8d913.tmp

Filesize
10KB

MD5
45aeb9a7810daafb9ab04c90cabf6671

SHA1
5211d053831a74358873cedc4a06717c1b295373

SHA256
49ce39f7f79c94a422185bd6a866752b758cbcebb76de99c5d4bdc3f76f432ed

SHA512
5d98497de4b614dc14f99b0dd02bab9e34c4533a801b44bf4371e3e9bf1fbb129aae3ccf7d233249aae3c048898d803ab27d94a2cce18a3c3d1b4bb7d64e6d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2485823f-1069-4e20-b3f9-6ab7db98f2ae.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
122aaa37fa3f7d5eb7c4c04f72f69e18

SHA1
662283679f6f67291245ef05a57b454a14e99f92

SHA256
691ede7251c425271a77dacba752a18a1deaf6948dfd4d246e9b02afa9a578f6

SHA512
17b977e1f31053e921501e3d7d3a9e85d1412aac0cbe25ac6cb360556081308af74331e0c24a4fa83413799bce98c0cf62babc09d221ad91d8c60f21598d8c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bfe9e098f0e08f32a0d5c9b84bf0c9c8

SHA1
b13133dcce5e17fd48dd9f985f7f54509842bee9

SHA256
1386de72f8ad72c6cf51de5b3dd5343bce8e8db87a4c7abcf25dfd6aa4b4239e

SHA512
89ab32830979b8c8dc18040ebe1f0e5bbe6abbc41f993ab3be9d7570afa6a6ea4576730ce9dad3ca9b966276007a026f383ca7779b59226a512d4cc106e791e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
722c16a8e3a5a8f09f1959ff9302e677

SHA1
158cff85d454e2af666b3a52edd51f147b8e1c29

SHA256
72a09e2c2a8d18da92b23ccfa98947602ce7ed9a70a692bc6559dfccf341060a

SHA512
78ed60c9bbe408dc0fbb1db2c84b726e7ff6010a38e3a7ef54032e11f2a0ab10fe5df86b96c705917c94dc2836d17ec160eb8df8720b600f6f61b8ff1e1b7946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6fe9a856b989582d6cbb19e8b2ac20bd

SHA1
448c6edf8179b7aeca6da4e068be271d886eab38

SHA256
0fde07e56954f974f63851e2b088480896ae4409730a3302c32ea748a1d884c5

SHA512
4fb98d8ff28a6c51f13eb61ba58a66530c5f4b5cb18b5fee03f695af7f8cf0f97ef2bd7e252dd540442e592cfea994030e790a65152e7aaadfd5d5e597f1ed8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71606bf1ffec8c2bfe765e5fd40cb9d3

SHA1
f91b7daf259ecb526d7b1951f78397a3e51a2ed7

SHA256
4e1cf2afb9d1ba5a38beec0b5e9a9af30f32d35a9ed7b721480ba615202b2c1f

SHA512
173eeddbf4611dcbbf78dc5c52a203f0174bf12201610155717f2d2706ba6d50140b8d31815dfba5ad0ffe73c20666dd6731c843661d72218175ad6d490ae7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
31b81120746a15b5c317aac921df6428

SHA1
5ba9d2d2c811ece395ebe2e3eac900d527089c9e

SHA256
7c99e5e94c6fba71661b3f6e6ea8805007d8db2da7fb5751a7be876fdc96b04f

SHA512
7445d2f263ed72c93cffa006b10037953750d669acb140f38973e948a5d7fea5bda51775bda218cc2961cf24c70bdd7045a062c6dfbf23251980da091d39581f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
057a6415f1e9e914c5783219da55837d

SHA1
fffa538f2e8b7776ea3e64c1a3512794e4bab167

SHA256
891bcd983fd7cea74ffbc5c6e8b5e664eb5b53a098c69c8be5373b55d77f8b35

SHA512
a3195f8a2289d556ec042b6b61ef6534b2bf029674002d5144be87cfdd87414962af6920195fb7720c76b1e1a5a7903ab09c10e0e9594409aad0f18d308aff18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
165047f30476a3437e7e9eae7a4da311

SHA1
31fd19de776506036da1bc5ec0dbbaafa2ddeb43

SHA256
a9cc9c6f52a607eb1524ad9aa16bdb3eb8de50da0823c77a9ea58c6cd9bda502

SHA512
f386b85eabce56f4666592ff717882363642101371a0031cd8992b1e5ba13cfbf154e2089b890d320a5e131d9731b62155bf71ebc8f70bab34e7e41ac7fa485e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
968623e37ce859f6f364543d8a5ec0af

SHA1
00961e568e1b1026277339a82c40ffac7f00bb5c

SHA256
7e5bf4d5648f369169c0e9b029f850a3e3c2b578d8bd7375424eec5e4f28171c

SHA512
6e5c880095c9aae09dfbe5f48ba3a1edbf1eb420bfb2a0b1100d9652bda5601cc61e6e00a13bac48d1e9e7eb69a392461a4d474ed2b45d099d067cdf00cfa3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ec6724ff84766322e6a655200d94586

SHA1
44d94d2ec43a3216dcb61d626cad3fe13ea20be0

SHA256
947db80ca76abc3c1afdd30f0f62bcbb472dbe12fdf5443dc95e07291566aee6

SHA512
c9d4a9bc1e532a158150fab8c0a85eb0ceef4b07d7b0cf19be7feca651742d03a722758b7dea2a0ba84bf2d5442dabb2b2f2d657197e2ab70da30b83b1358be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b3af45862a81f619610c99086ce7ec1

SHA1
27f64bc9be7783f5f503d3af1da50a28c52d6ad4

SHA256
609deb2ce7556b30ca2213e24274a59323e9603702b26d23264c9781ffc61728

SHA512
1ad67ec3468a8cc19e63d6a73d1435c84e3b985e9229fbdb97da417a56cd11937722f1b5ee8f009b1b1354fcc727b26427a9e4bdcb33dbf9e1e4eb70f260d856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d856c9d3f12fced1fe02810584bf8d9d

SHA1
221dc8f64d7fe7b37be63c59296485a698898e42

SHA256
1e201d5b5f2b09dc8e52023963617a739bacb9cc823a971f23a5b486a3d4d1b7

SHA512
c2240ac24e7a029ea09300866c865fa820b89468db37c9a7d0382c45fca85a6d80c4f43275c7631e3e0084bca329619139a4c6029efa379a5f19de9654009d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4544f9a6a81de02a4bdffdc2b69668fa

SHA1
e6618ff35c6f776648becd0a2aef47c8bc76d3e8

SHA256
21bb0de7ddd0259fda0c454475b72802edacfc3b4003ab7b5acc39f2aef05df7

SHA512
54623e917dff59bc1b87167731e88bf47b88a935ac9d390f7404c31a2360c446abcd09edcf55e647ec641e6d94767329a8e4119dec9ebfbc5703c800264cebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b315d.TMP

Filesize
538B

MD5
a1c10b8703a842dcbc64ce0b739b3395

SHA1
a2c4d8630be5dcdc4b373aa7c411049b276b2974

SHA256
4e9bad80923b47798e778bbf1648bab089275ed2eca27d2a1354b9ab31a57c7b

SHA512
d6f22a81cd17eb6a57e6bedce26e7fd4fa3d12f6d18ad22aa2d6b22e2de72a45b9b4a447c887396d9c48e39867ddfcded2827e056e385e73944557127c0c368b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f4bef533-f60d-469b-b935-bbc74de395bc.tmp

Filesize
6KB

MD5
f361e16a2fcc657aa886c8ad8f989136

SHA1
1cc9a145d732d13e7646d34a5454f635e9ea8119

SHA256
11aa9c1e669c57e83aad4935d4329dd93d2d806fe45e1ef5b6db4361760871cd

SHA512
b2dc9f612f4ce18bcdcf2971a28198813972376ed9390bd9c39add21160fa2e3eec51e668a22fabd11bb2aa69b1a622b2928a25bd9961f1494d210daaeb3924f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

Filesize
5.3MB

MD5
7e293ea90477b4293d42b35b9a7eefbc

SHA1
32d9c1e87d9f8cbecc4794a106b6baddbeb0fa82

SHA256
61325bf8db458c0f321b7d3e0a0b968313556e84cd74ef062b1ab8f4d37f1af3

SHA512
6966e8a5658455a561c891b0b0d0fa2158a98a06695c3f76794def1629317ed7f29ae1762c2564154c20c0fb3285196a791583761ee65c5f274838f5cd833e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411231731435967016.dll

Filesize
4.8MB

MD5
90f1c76397815e9755e2c266f79c5a4b

SHA1
85f9e93c084ab61f6e4d7eacc9a00575bd48f191

SHA256
6bae4a4046069b92479a475da99b408a2fd767e921e43eebe2ceea0fa8b330c5

SHA512
6992facb8d0b658be74f243dba4af807dc45ae51dc310360e3de1ebdf1e6dc5c91cf1e39e19b8074ea74285f03969e32bd89411af9c41d794437a765d7ac2704

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
aa90e4562cb3943cd8ab4c282e9ce961

SHA1
9feb4160ae09fc2f59045d9d031fb9409aeef124

SHA256
1261ca0fd689b4c0c90da57702a2ac4c64537de6f81603a4eec15872b46dba5d

SHA512
93f908f20a1d8b773ad26d1ee97a1124a16c19c5e2145b8c4ae2317caccff84f88994074cee4be5eea1872d294646260db8b3130e8fe981873bea6b4af7dcedb

Download Submit
C:\Windows\Installer\MSIC3FC.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIC43C.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSICD76.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/2940-2385-0x0000029A4C7C0000-0x0000029A4C7D2000-memory.dmp

Filesize
72KB

Download
memory/2940-2383-0x0000029A4C730000-0x0000029A4C73A000-memory.dmp

Filesize
40KB

Download
memory/2940-1-0x0000029A32110000-0x0000029A321DE000-memory.dmp

Filesize
824KB

Download
memory/2940-2808-0x00007FFCC7680000-0x00007FFCC8141000-memory.dmp

Filesize
10.8MB

Download
memory/2940-30-0x00007FFCC7680000-0x00007FFCC8141000-memory.dmp

Filesize
10.8MB

Download
memory/2940-0-0x00007FFCC7683000-0x00007FFCC7685000-memory.dmp

Filesize
8KB

Download
memory/2940-5-0x0000029A33F90000-0x0000029A33FB2000-memory.dmp

Filesize
136KB

Download
memory/2940-4-0x00007FFCC7683000-0x00007FFCC7685000-memory.dmp

Filesize
8KB

Download
memory/2940-2-0x00007FFCC7680000-0x00007FFCC8141000-memory.dmp

Filesize
10.8MB

Download
memory/5016-2803-0x0000025043EB0000-0x0000025043ED4000-memory.dmp

Filesize
144KB

Download
memory/5016-2805-0x000002505F310000-0x000002505F84C000-memory.dmp

Filesize
5.2MB

Download
memory/5016-2807-0x000002505EE90000-0x000002505EF4A000-memory.dmp

Filesize
744KB

Download
memory/5016-2810-0x000002505EF50000-0x000002505F002000-memory.dmp

Filesize
712KB

Download