8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
851s
max time network
847s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-12-2024 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper (1).exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion spyware stealer themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Bootstrapper (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Bootstrapper (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	Selene Exploit_32951752.exe

Executes dropped EXE 16 IoCs

pid	Process
2852	Solara.exe
1696	node.exe
904	Solara.exe
1492	node.exe
2544	Selene Exploit_32951752.exe
2592	OperaGX.exe
188	setup.exe
828	setup.exe
4076	setup.exe
4368	setup.exe
388	setup.exe
4692	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4340	assistant_installer.exe
1008	assistant_installer.exe
2692	winrar-x64-701.exe
2112	winrar-x64-701.exe

Loads dropped DLL 18 IoCs

pid	Process
2516	MsiExec.exe
2516	MsiExec.exe
2504	MsiExec.exe
2504	MsiExec.exe
2504	MsiExec.exe
2504	MsiExec.exe
2504	MsiExec.exe
2852	MsiExec.exe
2852	MsiExec.exe
2852	MsiExec.exe
2516	MsiExec.exe
904	Solara.exe
904	Solara.exe
188	setup.exe
828	setup.exe
4076	setup.exe
4368	setup.exe
388	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Themida packer 64 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0007000000045eb2-3400.dat	themida
behavioral1/memory/904-3404-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3419-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3418-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3420-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3433-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3434-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3444-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3454-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3459-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3469-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3479-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3506-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3525-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3547-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3585-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3631-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3653-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3656-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3729-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3757-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3769-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3779-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3818-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3828-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3847-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3865-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3866-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3885-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3886-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3901-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3922-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3923-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3951-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-3977-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4002-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4017-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4036-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4053-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4072-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4102-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4125-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4135-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4145-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4146-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4156-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4166-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4167-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4186-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4196-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4197-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4207-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4208-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4209-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4219-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4229-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4230-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4250-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4281-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4282-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4292-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4302-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4303-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/904-4314-0x0000000180000000-0x0000000181168000-memory.dmp	themida

Unexpected DNS network traffic destination 60 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
64	3128	msiexec.exe
68	3128	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 27 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
85	pastebin.com
86	pastebin.com
106	pastebin.com
107	pastebin.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
904	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\CHANGELOG.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\issuer.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\lib\browser\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fs.realpath\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\macOS_Catalina.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\base-theme.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npm.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-access.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\rm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clone\clone.iml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\enforce-clean.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\npm-usage.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\node_modules\minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\indent-string\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\emoji-regex\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\get-prefix.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\lib\tarball.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\unique-slug\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-update.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\configure.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\.airtap.yml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\node_modules\brace-expansion\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\buffer\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-unpublish.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\parse-options.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\parse-conflict-json\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-convert\route.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\prerelease.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\History.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-audit.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\deepest-nesting-target.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\docs\index.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.umd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-pkg.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\create-config-gypi.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-inflight\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\common\owner-sync.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\config.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\example\basic.png	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-codec.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\type-description.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpx.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\getProp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-fund.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSToolFile.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@gar\promisify\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\node-gyp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\Updating-npm-bundled-node-gyp.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\types\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.umd.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\explain.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-repo.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\write-entry.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\quiet.js	msiexec.exe

Drops file in Windows directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIDA18.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDA57.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE805.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57b48b.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F63.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE7A7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI21C4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57b48b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB98C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBC4D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID61F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2521.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBC2D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI22CE.tmp	msiexec.exe
File created	C:\Windows\Installer\e57b48f.msi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Selene Exploit_32951752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2632	ipconfig.exe
3836	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778028535136742"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Selene Exploit_32951752.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Opera GXStable	Selene Exploit_32951752.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings	Selene Exploit_32951752.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1816	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4808	WMIC.exe
4808	WMIC.exe
4808	WMIC.exe
4808	WMIC.exe
2024	Bootstrapper (1).exe
2024	Bootstrapper (1).exe
832	chrome.exe
832	chrome.exe
3128	msiexec.exe
3128	msiexec.exe
2852	Solara.exe
2852	Solara.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
2208	Bootstrapper (1).exe
2208	Bootstrapper (1).exe
2208	Bootstrapper (1).exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe
904	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4808	WMIC.exe
Token: SeSecurityPrivilege	4808	WMIC.exe
Token: SeTakeOwnershipPrivilege	4808	WMIC.exe
Token: SeLoadDriverPrivilege	4808	WMIC.exe
Token: SeSystemProfilePrivilege	4808	WMIC.exe
Token: SeSystemtimePrivilege	4808	WMIC.exe
Token: SeProfSingleProcessPrivilege	4808	WMIC.exe
Token: SeIncBasePriorityPrivilege	4808	WMIC.exe
Token: SeCreatePagefilePrivilege	4808	WMIC.exe
Token: SeBackupPrivilege	4808	WMIC.exe
Token: SeRestorePrivilege	4808	WMIC.exe
Token: SeShutdownPrivilege	4808	WMIC.exe
Token: SeDebugPrivilege	4808	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4808	WMIC.exe
Token: SeRemoteShutdownPrivilege	4808	WMIC.exe
Token: SeUndockPrivilege	4808	WMIC.exe
Token: SeManageVolumePrivilege	4808	WMIC.exe
Token: 33	4808	WMIC.exe
Token: 34	4808	WMIC.exe
Token: 35	4808	WMIC.exe
Token: 36	4808	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4808	WMIC.exe
Token: SeSecurityPrivilege	4808	WMIC.exe
Token: SeTakeOwnershipPrivilege	4808	WMIC.exe
Token: SeLoadDriverPrivilege	4808	WMIC.exe
Token: SeSystemProfilePrivilege	4808	WMIC.exe
Token: SeSystemtimePrivilege	4808	WMIC.exe
Token: SeProfSingleProcessPrivilege	4808	WMIC.exe
Token: SeIncBasePriorityPrivilege	4808	WMIC.exe
Token: SeCreatePagefilePrivilege	4808	WMIC.exe
Token: SeBackupPrivilege	4808	WMIC.exe
Token: SeRestorePrivilege	4808	WMIC.exe
Token: SeShutdownPrivilege	4808	WMIC.exe
Token: SeDebugPrivilege	4808	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4808	WMIC.exe
Token: SeRemoteShutdownPrivilege	4808	WMIC.exe
Token: SeUndockPrivilege	4808	WMIC.exe
Token: SeManageVolumePrivilege	4808	WMIC.exe
Token: 33	4808	WMIC.exe
Token: 34	4808	WMIC.exe
Token: 35	4808	WMIC.exe
Token: 36	4808	WMIC.exe
Token: SeDebugPrivilege	2024	Bootstrapper (1).exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	756	msiexec.exe
Token: SeIncreaseQuotaPrivilege	756	msiexec.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeSecurityPrivilege	3128	msiexec.exe
Token: SeCreateTokenPrivilege	756	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	756	msiexec.exe
Token: SeLockMemoryPrivilege	756	msiexec.exe
Token: SeIncreaseQuotaPrivilege	756	msiexec.exe
Token: SeMachineAccountPrivilege	756	msiexec.exe
Token: SeTcbPrivilege	756	msiexec.exe
Token: SeSecurityPrivilege	756	msiexec.exe
Token: SeTakeOwnershipPrivilege	756	msiexec.exe
Token: SeLoadDriverPrivilege	756	msiexec.exe
Token: SeSystemProfilePrivilege	756	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
1696	node.exe
1492	node.exe
2544	Selene Exploit_32951752.exe
2544	Selene Exploit_32951752.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
4544	OpenWith.exe
2692	winrar-x64-701.exe
2692	winrar-x64-701.exe
2112	winrar-x64-701.exe
2112	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1608	2024	Bootstrapper (1).exe	82
PID 2024 wrote to memory of 1608	2024	Bootstrapper (1).exe	82
PID 1608 wrote to memory of 2632	1608	cmd.exe	84
PID 1608 wrote to memory of 2632	1608	cmd.exe	84
PID 2024 wrote to memory of 3228	2024	Bootstrapper (1).exe	89
PID 2024 wrote to memory of 3228	2024	Bootstrapper (1).exe	89
PID 3228 wrote to memory of 4808	3228	cmd.exe	91
PID 3228 wrote to memory of 4808	3228	cmd.exe	91
PID 832 wrote to memory of 4100	832	chrome.exe	98
PID 832 wrote to memory of 4100	832	chrome.exe	98
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 4660	832	chrome.exe	99
PID 832 wrote to memory of 1168	832	chrome.exe	100
PID 832 wrote to memory of 1168	832	chrome.exe	100
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101
PID 832 wrote to memory of 60	832	chrome.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

cURL User-Agent 10 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	116	curl/8.9.1-DEV
HTTP User-Agent header	117	curl/8.9.1-DEV
HTTP User-Agent header	234	curl/8.9.1-DEV
HTTP User-Agent header	302	curl/8.9.1-DEV
HTTP User-Agent header	329	curl/8.9.1-DEV
HTTP User-Agent header	110	curl/8.9.1-DEV
HTTP User-Agent header	113	curl/8.9.1-DEV
HTTP User-Agent header	114	curl/8.9.1-DEV
HTTP User-Agent header	115	curl/8.9.1-DEV
HTTP User-Agent header	346	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2632
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4808
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:756
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc369acc40,0x7ffc369acc4c,0x7ffc369acc58
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2148,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4392 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4420,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5724,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5196,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=2752,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3272,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4900,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4884,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5480,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3700
- C:\Users\Admin\Downloads\Selene Exploit_32951752.exe
  "C:\Users\Admin\Downloads\Selene Exploit_32951752.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2544
- - C:\Users\Admin\AppData\Local\OperaGX.exe
    C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe --silent --allusers=0 --server-tracking-blob=ODIyNDgzZDU0NjJlNGE2MDAxZWMxZGU4ZmM5ZWE3YmVkNjVkZTkxYzJlYTBjNTA2Y2NiYjM3ZGRiMmJhYzJlMzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1kMmZiN2RlZDM0YmU0Njk2OTM2N2ZmZjkzMzgxMmI2NCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzMzMjk1NjEuODQ0MSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiZDJmYjdkZWQzNGJlNDY5NjkzNjdmZmY5MzM4MTJiNjQiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIyN2E4OTQxZi04OGZjLTQ4NjktYjA3ZC1mYTBhNTU3MGZlM2EifQ==
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      PID:188
    - - C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.243 --initial-client-data=0x334,0x338,0x33c,0x314,0x340,0x719f6d4c,0x719f6d58,0x719f6d64
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=188 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241204162604" --session-guid=60330370-1c06-486c-9ab9-a18595ee37fb --server-tracking-blob=OTRjY2Y1ZDk1MDlhNTkzOTNjYWJlZmI1YTlkZDZmOGNkMjRkNGUyMjY4MDU1OWE1MWQzNmMwOGNlYjM2YzIxZDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1kMmZiN2RlZDM0YmU0Njk2OTM2N2ZmZjkzMzgxMmI2NCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMzMyOTU2MS44NDQxIiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiJkMmZiN2RlZDM0YmU0Njk2OTM2N2ZmZjkzMzgxMmI2NCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjI3YTg5NDFmLTg4ZmMtNDg2OS1iMDdkLWZhMGE1NTcwZmUzYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1806000000000000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS02AE055C\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.243 --initial-client-data=0x32c,0x330,0x340,0x308,0x344,0x70bd6d4c,0x70bd6d58,0x70bd6d64
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\assistant_installer.exe" --version
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x8b4f48,0x8b4f58,0x8b4f64
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1008
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
    3⤵
    - System Location Discovery: System Language Discovery
    - Opens file in notepad (likely ransom note)
    PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4748,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5172,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5228,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5888,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:4544
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SELENE DIRECT LINK DOWNLOAD.txt
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4408,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5868,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4896,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6180,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6108,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6368,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6236,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6268,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5296,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4372,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6416,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6260,i,9427613418532952077,2266728476005593492,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:4012
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2692
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2112

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4292

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3128
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E56C3D5497402BE0E16728601F993E0C
  2⤵
  - Loads dropped DLL
  PID:2516
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6AF52681D72E6061BF2056CD4F63CEBD
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2504
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6CE97F52E7A4DD181777F920485E9E71 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2852
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2296
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:5072

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4812

C:\Users\Admin\Desktop\New folder\Bootstrapper (1).exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper (1).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2208
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:1160
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3836
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1696
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:904
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 1445cba1ec774b69
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4544

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d8f943a034fd4bbdb1a1d8bf63d89109 /t 5004 /p 2692
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57b48e.rbs

Filesize
1.0MB

MD5
342bebd4967c8f753879f0022f0ffa8c

SHA1
4e77c40fc8c56de2c84f3a73054109741cc11a1a

SHA256
a68c1e304d60903745bca0fee0320011289e163a24ffd5fee3b35bbfd855ca11

SHA512
d692c8fca000fb3b22cd89a5f758b49d176ead207cb1696222f79c8a53f9a0169aef999135e5f6a50699814f9fe3f2b834a4518d580e986ef0d6ace13d1df4c9

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\index.js

Filesize
6KB

MD5
0e709bfb5675ff0531c925b909b58008

SHA1
25a8634dd21c082d74a7dead157568b6a8fc9825

SHA256
ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

SHA512
35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\index.js

Filesize
2KB

MD5
b9e991c0e57c4d5adde68a2f4f063bc7

SHA1
0cb6b9eb7b310c37e5950bbcaf672943657c94b5

SHA256
9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241

SHA512
3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\package.json

Filesize
1KB

MD5
826bd4315438573ba1a6d88ae2a2aa65

SHA1
3e27986a947e7d10488739c9afb75f96b646c4c5

SHA256
0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956

SHA512
2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\index.js

Filesize
10KB

MD5
002a1f3e813cc05d9e3cc011f6601628

SHA1
1690c27457637ec234d6b7658f1b96e547a0eb99

SHA256
4d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91

SHA512
ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\package.json

Filesize
1KB

MD5
7f0a9d228c79f0ee4b89fc6117f1c687

SHA1
3c10082c1464a6f589aa10cda88285e780ebf857

SHA256
5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99

SHA512
7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js

Filesize
224B

MD5
866e37a4d9fb8799d5415d32ac413465

SHA1
3f41478fdab31acabab8fa1d26126483a141ffb6

SHA256
4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140

SHA512
766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\application.js

Filesize
14KB

MD5
15cf9c2f48c7ba6583c59d28908e3e27

SHA1
19c7718f6a3d0f9dcd4ca692c19718ec29aae092

SHA256
5901b32f609ba349351bf7406dbdc0c4c57b77ce6f7215ea67ccca5ac2a28e88

SHA512
c063277a59b83dffc085116769475ec5cce1c47c167b9bd2246e8bda04f0ebc2773b5f06e3b44fc5ed057e043f6d33e77741f34d15e22542134e3865574a29be

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js

Filesize
2KB

MD5
d467bc485eddf6d38278bc6b1dc16389

SHA1
e233882de62eb095b3cae0b2956e8776e6af3d6a

SHA256
2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d

SHA512
2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json

Filesize
2KB

MD5
3b5b76b70b0a549dce72c5a02756d2a8

SHA1
07786baebb5c52882e28a8bd281c9a36d63dd116

SHA256
bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859

SHA512
bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\index.js

Filesize
6KB

MD5
d50e9637775204f194d629000189f69c

SHA1
50d1a1725cb273b0a8e30433dabc43d65f55169b

SHA256
96900b458b12085ea16f228151439d9a7bae6b5d45248e355ad617f4dc213540

SHA512
563a8375e3ab7936162a9d209800f8b41c416c1500fe24de817871c3e5489e8faf5a4dcb7fb239f697a8736432356e60ecf1578d0aafc0de80d6e0ae90c34aad

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\package.json

Filesize
1KB

MD5
3d09ac571e0b6eaf8fdb9806118b6d30

SHA1
eb758bb6a7d3e4f32f0fa2f941265678539e74f1

SHA256
243d853d4386c4132508ae9a99e5176b25be7f5cb6967bc1bab241f20e937e72

SHA512
0207cf364e3eac974cae61ec68fe3975fd1f1eb6150f51293ce67f62dbb0f27a3d9c193101ef282dcd099fc653ca73cd3c875c18e5e266964038e3334697b5b4

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\index.js

Filesize
1KB

MD5
b4d3859e603602c87a45682862055af0

SHA1
e95cb1c14d70be457eba2ce61b2f4e90a13b21b1

SHA256
88564234b9eeb2f0fe2cc5d03f617a97eb4802f126bdd21aa223c3c87c02531c

SHA512
b17bb8c8b652f27d8037ed60f28b0d19a68e77bcc45d1e2be7dd304c942f6e85570e9720011f983fb8783d670eb66c0c3174d5fd90690b2aa79c2b402adcd00a

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\package.json

Filesize
931B

MD5
570e06d8ce0167e07a32ba70fdd56795

SHA1
39dc652dfa419d46d6fed0835444c603c57077f8

SHA256
45ebe570483c48b6460767fc4a0bb69e4dee4bf4becc645b0e0627172a30a580

SHA512
9c8ddf41b3207016935affce00108d87f176a9e473a01f03f1110456397c88ee2fbaf34f9e497e6cbff2b65c4f4c7f254a5129b4c1eaa2b85fbebffb8fe43777

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\package.json

Filesize
53B

MD5
b9f2ca8a50d6d71642dd920c76a851e5

SHA1
8ca43e514f808364d0eb51e7a595e309a77fdfce

SHA256
f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde

SHA512
81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.8MB

MD5
c3d8a566119d8fee7fb2d0db4dea86e4

SHA1
c8094d474337ccf4dda2b1888a8235f73c20eaf3

SHA256
ca8df8f0b5d9981ed0e284f809472e8013252e59bed1a0f08c98a4b0726920ee

SHA512
0cd41d5d7c90e4f780dd92b03ac0938dbbf082c5658ee660c31986cd8e9d9c68f386b9989373cdd25c34a21943c266495c4f4c85b44487bb97d0edebb96555f7

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
5B

MD5
a550e39a1b99146581652915aa853a6b

SHA1
3509c9a74b8fbdce7069149a65b86c70d1fb37c0

SHA256
f637e389c425692bb6ea379c4bdebef58ae2aea6aef7d28488816613e7bf9374

SHA512
4a62903c599ca8cc0ed9f48c9dfbf1cadc4953e2c87a9c5fdd71bfd8f689809c9223bf51f0190e177eb477cd7322c64812c8b4061065346d22a95b79d1c52104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0a80e943-7a66-4d65-9e2a-b1c946e32214.tmp

Filesize
9KB

MD5
0fdaf08c5460989bed7e6e047efd725f

SHA1
47f0439b7a69fec2267cc3ae360bc6939edb2963

SHA256
022522c821f014ae323ceb1001a3c8f61d6af0a18fbc24ea02164a9d3a0aed87

SHA512
6e2a18e5e4fc528ed646b025bc2d079ecd73a572ae9b38b60fa0c0f4b0847f3c013028adfc7ab1e1682810c70af6c1fd4fb5a8f1c2c61bab3546418ea8220be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7c22eb97df6c13b81cfcd40b7d4df3a2

SHA1
190a91812944268517d3ae258cf1e114eed904da

SHA256
d07d7aec1cdede824ec07dda0982c2eb46a4d013fd40dc5782e9cee12c28e9be

SHA512
9a19198d7a7ea28a41d2f2139f5ff14d35d3f2dab46b7b1fc67594e732f576b304b7b58bd8b5e9eb1d9d9c36434e0cde8ae718ed0f8d014146e66cc105790237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b979a2e7f186552b38846d0de28bc66f

SHA1
e3f35e5ae245eda56e0e7b9a4d8b43ff2b574961

SHA256
16efd03f3ad9f211ae6a349127e1631839003f27bab6eec820498265c5c8890d

SHA512
dea6d4f748cbe36d4cde6384f05bbb71d6ac0438564f0a460c662622f837d9f229c854e8a802578033dc5e8caaab58643a091276d0305c3e138e5de3a8498975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ce4f43e9b4390c56d3206089d180ce1a

SHA1
f7a63e020fea80fa454238c74f67ed6fefa40d44

SHA256
99801763314d7948e1b09120049814352776e9ee6f4e021b35d59213c9ea94d3

SHA512
dae7ef04e4f782a90995900a4190282c9fe0ef6632505c74628ec4d58090dd3fdfabcc740ebde11706efab757d9612d892fc12fe024404ccdc3bc94363fdd205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
756d7ff474356acb6279b1f1f57ad220

SHA1
035f25af50a5d5c5271a0519f635b3d7875b84ae

SHA256
ec4ef9a46ae48a2c3611d2b4538f4569425d3ffee80f76435730167ec52341c4

SHA512
77a6b54ac5a9b99b12b37268c4107536abce297c64f87942489e439852d5c88ae334b8cd1fc42a7143f37a5a834c1c86e13ae5d24dbd917b380b258aab1450f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5bae92695ff7bb7e2f60a4ae178c250b

SHA1
d5075e385c3460daa48c87f0e09e5649da94f0c3

SHA256
4b0fd808222e7c6a4b2d4f2b7030801d190ac7ec1074e734067a4473ecb3bc7a

SHA512
46dbbc27621a7797172aef2138e70bb36a8e1af248036b44f79967c3d5ffa4bf5679f932cab11370bac6ee011ea0f27e685b3e5622876d2a39d89d5232440d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d4e2cdc67c6b4b696f20410ea3dfb687

SHA1
868b597a9cb319fc6c36e8f93603dcd6a9a0482b

SHA256
bd8de00b607af1d6202c037d27e01b337b8f839acd739b9fc0b9d334b4dbcc60

SHA512
ab198839a707cffc1640090c37ab1e184a41b4ab0a48d27a7edad00ddda86db90962da4086ebcffab8d3474f6f23c5eb2e4744c51d9e5545ed8d0f0094a03925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8f622cd21aa134d7ae39179d78d60574

SHA1
0b2557826f3a58047741345a7afb943430bfdeb5

SHA256
21fc2101354ca17b288632e7daba3ab622fade5e01acacd7247d2f5d272d52d0

SHA512
a0e4edbfb15d00e5f207eb140ae1bf4aea84361bfa3474cbd2dcff25699b6c44de252858023d73b2b1c3b4afd9184207008c6bb6948eb35146281f8562756712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f55de73a0b85ee15838671907e225b5b

SHA1
990f8c59a35fded49a4aa198bedfb4dc97f77139

SHA256
4ae5fe0a21b2c1ca294146aed48c666ec50110a41b862451821db6f4d99248b5

SHA512
5bb91100fd37f89317fc0e2d9c90860762f8f95ecf083d7732685972b5c119f96dc5f6f779b9f7a6a4570dd3f9d33f5c03ca86f0b898071612dc68139ee44530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4d3f97372c9c75af4b58aab60fbed0dd

SHA1
643141353a906bc3356e6909a0de3920a83e366c

SHA256
52e8166eb2fa8c8f15e4b5616ba0a1d47fa51e0e0ed6d3d78209c5fd7119fe79

SHA512
4ae0c8d2e86e70fee361d75cc35615051e87710d55b3addda0d6591fd7ced2560a7770fbc2e9dd6c7296e8763343efd8ea2ba7780f69b1a882758e41d8dbf268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
09ef0f35c2ebc6f7185db3df6e2dc4ae

SHA1
d4bc5598011d96e9cf031e7a294bca733534dd61

SHA256
74179d0208832d176082a2d72401a7c47cdbcfc29f8823b4f5d73bcba421fedf

SHA512
0994ae53052fde7a0052050a684fa9362366d9c3aec6a005a359d25958fd59d949bdf45ac9f42b958ad686a050c09c8123f92eb98b0f784f242c3468671e2424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8b19d2eccfa67d7afbac1ddfb77a7fe3

SHA1
e63a89a347000537896d9a513b07d3bc862c12d1

SHA256
c705ad8fed17e4f3d5f9566af7ed39754339c406ae7790af56988ae5876a4afc

SHA512
63f1eeccd83cef50b91458d5c7f75f836ddb11467bd48c5441f3b8a25b01378d8caf857deb13824aca0dcf16738b84488269abf4d270ad0bc87f2de4e097e4cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
2e591f543eab8ab16e12501c10d64c7d

SHA1
f9cd578d17d85ac9977cb005dcf1dac0efe189c9

SHA256
b15ac6f3edc5a2d7397ff2cda919a5097efe49ca4fc42eac42912b823062fde0

SHA512
c027bb02537e64c5087971cdf77eb1dd844f987f2708fd98c409696fc7a1eeb5ffc0a812c5dd08e75d1207ed33bd13b02b16d6e8c0fa402940e071d8a6d27119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3ce57485ca8c10f8c451d765508f36bb

SHA1
b1ae08f82ffd4fb8e4b4e06fae6328dae1f72084

SHA256
bf76d52be3d6f365a7ad61143490d6b9acb5ea32fed86bd55cfd97ff50a53f00

SHA512
25898cac8c48fd2e8be5c072f5f28477077b55a18fdea999e05d7462ba2b94b8d24e0ae265c31d79606aadb939e7d8a17bc02704be7f15cf8b0a4930374d9bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
695dcefee4f628ef9daa7b9d283c4f26

SHA1
9cab32c1f40dbc4511b834d420acbd1a1d6531c4

SHA256
bcd8bfd7ae7eb8800eba1540da181e956103cf6bd0a20dac7581d6b90a622db5

SHA512
c8ec2905cc3473ce3ce72938b5a23f7fd8af95b949dfe1edb7360bc5a5a133d0d2c65caf0a354ca7ee1d8fc33c6f209e55e063347742103fba801b34d0860182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
7f28f062dbe5fee3fa3676431a1842e1

SHA1
f8ad8375249c38ee42323ea8d73127275d285ad2

SHA256
aae4e6190a94373af91e2c3241cab25f3fe306755cdbd32063f292117ab97c21

SHA512
6b3515e433545a30fc0f717e56b208e7facfdb4fc082988e1b6eb7deb0033c0a54fcfa1e5b3ba84d8843f283e7a14b2abcf067e651143b39cde17fbeff09b8ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c2c95f5cb88d188dbd072bdb1a8ce5c

SHA1
84546eb1c75cd870e5588eddbeb400c105d93a90

SHA256
127fb164e9092ea32737cebf33f10d6be6600bbb5d962ea686b9cb86e2660c45

SHA512
90c46e70edd4dc6f42a4fde74c6564286374e50bbb0a13a23172ee00e1eca84ee3efbe6c848905839a3c28160f94e28b70d73b83c02c3ab89946861798c1140f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f046dd4f8ad4c0bfe26d37e4bdb49a30

SHA1
c7ebf40fb7fdb3f76045ebe23c8c417c00620af4

SHA256
1f018552a4b9deb4317e271e52679d067bf5aa17fa8c119b6dc75a1be4d3b229

SHA512
ef2ffdcdf1ecb9d846863cfdf502b43e2f7fe846ff1e62db94018bd7ef0472ffc874bf664b909a3d59cd3d50dbf52a4508f9b977dad1fe41d74e2e9c3134dc9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c084c0e70a985464e3624a6d5df2c5e

SHA1
ee2117ad6dc4cad0a001e966441d5918e1291a80

SHA256
fb789605791b5c748fe900a2794ce2f022a8e1b6e8adb08c8ff54676bd0455ba

SHA512
e5e750aca9eba24d7e6b69ba2bf1ada2a895d2207a6c965db1cfb1ad147a8ab283e1f0b2fdd7853b6aaf4927e83413d27b3c82627c0a6165b95280fabec67483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1264a3b7061b570b910efca67a0a705

SHA1
fc04dacb52be722ca6e2b2b2b9e19fb9952e612c

SHA256
7aebaef8f5d7da833b21f5fab29e9bc31132154b6440448e4970863d49d50c91

SHA512
a1db9c38cceb52111aca313f38881f8ac41878cab331c38bc99245956baf67dc1aeb69053dd8765994f437a8c5741e1b811b2909329065f955b786bd57cbf46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d82c6f0822500bbf755c3b48ade1445

SHA1
b99ab5275a1eeefc08cf20c76ee58b98dbb3a8e4

SHA256
6ba98728f8ca6f0f9b27d8da5eebb48ecd276941c61f1a6d50a3d248cd7ec249

SHA512
34061c89050a5dd94b1e851bf1b6f281687ec7db91026c576d806c003f18abfdead2cbcd16f751b501ba9db7ea31543785d4da2a261acb2c42fe15b7c3d136b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15d3c4da3a44dad7d70302b8e1b20d7c

SHA1
ba3c4cb2de0f910f8cbb329e13a757f4ebdc0422

SHA256
76061f6d8e6e9b90781129d90175237880f89da699cffdcb8fa5dd98fa191f18

SHA512
0a3c2799c41c5e1f382b51d7465cbde19029cd6a5cb0f1ad3064544da02c7c2c7c48d64ef76a96e0977438ce058d47c06ab3010f4e2d52a97ee29b6dca2c9f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
393cb86aff69a9e7d0ce4cfaf9707d8a

SHA1
9806911703edd692e96e3df0ebdb827153fa446c

SHA256
2c475efa14a35093c2304b6a57f097a5d8e680c4bf1a12ec8b4c56a7b657d4e1

SHA512
a7dd7b52b9df35647e25d7da17c104300a08303623f026c07ecddeeadacf46eace9d41840490c9d9ac3611ba16c3629597e8bbc3243a5fc2106c54423f4e6f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa1b37d34fade27f9add01fa34e6b942

SHA1
78331c648e990d5a738a765a4201172dde12fb0e

SHA256
a47061f80d0967386be25e0b5cbd66fd49828912536c1cad247721bd86e7dc3b

SHA512
9a459de0586d2c5f8c63117a7176c286c0ec5afd122cb4eca3df45725950df150a1864d06707dcfaa07eaa479df5240c5613d4a960875cc444b8a336c2d02d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dadb9849c076048ae2cc891f2aeb613d

SHA1
3d9a6ce407e31c87e5c83c8fc796a60c16279b77

SHA256
9aee28de8d1bb4f5105201e06f288ca6863809340793fb1a59cf61a8207f6f68

SHA512
0a7bb62b9def991b8e340dc589ecae1702e5e2b945761d053f8d1217556a7bf60779e3e8a6a4dd862c8aabcdc0014c8c79ff8612323b33fe5e18deba996fb5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d92f6496ab0d05c756e20d834ee41219

SHA1
f3cd7fb48de155b6103ce2d84c907100bf0d3e1a

SHA256
fd626c6b11127291c83d63360f2a97158c7f2926b84426a552aaec66f8eb0a1f

SHA512
df20a01bd2cc215685d837d4ec01e97051a4fe65e47e4631aa3712a3e680f8665ee831575f16fb881f647d1fe0482606e134a187a49a43d5529bbe0a294cffd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c538a4d93e4847a90b04b24dd9f13f82

SHA1
76d2fef01a32bfad156fc000990c69e1966090e2

SHA256
6ae4c5c01928021ca6f5a3ffadd9c28b189bcb473b13b355b0e04cf1fc96972c

SHA512
1173601b53060f5de45acffd921285d92f5b4503323b913f1205001bb2ac7852d6d7cceff3ba99f10d9095ea331ed9d3edbd1320b2689b080c30703285e8fddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c70b9102121fc0cca17a3a78d401267

SHA1
a50b3517d46d747d1aa7f2999330dc84631f0d25

SHA256
ad24884abeb858f63e4a443d019984317c257b1ea5e545e37d379555bc53ea5c

SHA512
7d43f4f44fe89f838705f6b508a8d8800e7f00275f67e050ee9f334d7552eb904c428f42ecaa42bedd96003cdbce3e98f542d3c765b598382c55c10c21b566c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8100a70b175e83280ff1b4a81c5199c7

SHA1
13719ae34b6ffde8e8ed6a6b9449e59bbd6882ef

SHA256
31a3e912720528b71d6904c1b614c7c63477c9923ae2323c71ef1bf79e10690b

SHA512
c4e1ca5782aed3a944f641e95a9c684dd81507be19434509acb2f7958978d9b82eb0ca8341607ce1703a6ed91bba33f4bf682678915b8c0b7512f1a00853c17d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f59661fcd39cf28ee084da50627dd52

SHA1
93088e84064033fc91cfda49dff5d087b3f9bdf1

SHA256
42134edf08eaf8846a650db6231effcfb40cf10e4763081b2a928b1815cd3e7f

SHA512
b8ef759394f6a10d5d901341b542d93142ec4e1ee46bb0a40552360ab3a2e059f013b41b194a589fcf39ac96d589c514bf96efd621bba8d283601bc760de1645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcf68f61504a0a98b09014cd77c48076

SHA1
5842e2d7b4e91f2cb781d396fdbca7a4585fa026

SHA256
9c2df948187f9cf31d20866765fea45c9cd54eeb3b592d3e140f6dddf54d8cea

SHA512
8c16680e57487f0885f4d5bdbc9277cec6daa46c695d0461ccf2be45f4aa78354a5089f3fd0ae0d83564029ea0c0e63a87c0409e12af99f3351d59272c25e3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
335ab2596ab42fde987fde50209eb97b

SHA1
3a33581657f8a68adf4582a9ff04dd5429a06cad

SHA256
a61e31c8288b7c1e574f9e02fe3abbe675a5ce8c2f4b43fb92f393b1ffff06b0

SHA512
bf36014cca8cf3794d289493e96d3832a99a555d1bdc3c7d9c049afc84dfd1982410ce14361c6f14a986605a3053f1f8bf357a5b3e872687ac92aa2556fb8636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7de361717f765419883143e966208fbc

SHA1
481af0293e3687b40a9962f553b74a65dba7371d

SHA256
92b18a75e8e9e123201fac495ee11634019ee8709550468f187ba7948e8733af

SHA512
fa20a71ff0e55789ccb2741b71f9c4c138917b084179f43f3861f4a204f622a4d66d997698f7f78a694db7cf6c6e6844196b4f1bef0ef833990b81d8207e4e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
474c12f8ddf2c3cbf6a9358c9a8ce2b2

SHA1
9a3b391a9455720c913a88667d5367ec69ace94b

SHA256
ff9ea133e51876ef370808a18f20eb4d1573e32adccb46a8ce5288725b1f8c10

SHA512
00cec9975905fdfc500455f0ff407ad218f9e18de552762b3252021fd17dd7163570787b15e3e2d4418d78ba629dca6dc777f00733ab85b1583050d082801c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c0094c44170d1487dbd4b4216ff83675

SHA1
cd1cb7613751708e65bf2aa8e75f3524c1a708a4

SHA256
07c0087032e3e24f600124e23c7fb57e1cdca5411c1ee6abda5c82af7b5c7c61

SHA512
f1f618662f9cf179d81adb543a9bc7662fa9ba648dd8e70e0b6b9af8834e8c93c09a636325454a514047cd25d8bd540b6fc0a2863bbbb3b6f23d9f4b3ef8e60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c03033e15f654f3e4f3ed2ab338b51d

SHA1
ab1769a38e27e60cf4c34baedebd6ebc4c77ef85

SHA256
8dc01d8671018bf6b21c9e3af1e9a454f95e879321b0f5730226d20ff509de90

SHA512
f43fec2b3f0392b14a27688c532f4a938d96aaac0305d23db457e7658480c5ba1f5dcaa4ec6f7f35f0338a1354040393f9ca68ef65d30bdb9af49fbcdb91715a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9aa1cedcac6c7e9875e1308b1b8421fc

SHA1
ef44a21bc5f9d4d96d34b3e978e0bdf9f32b5d59

SHA256
09fe77a6e8d602e7600ae24a64522721875dd4c6166fcc2a9cfff8386ba56e98

SHA512
38d6ecde109f9eba1115655522c098e880a03df6758695b3764bf9f25469b207365277ded369243ff07ffcdb3001c2ded1a39079da83e063e7609605176a3ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a0e963ac94a3a662a7aa8aac45cbf04

SHA1
a3e4d80a4c5c6c12a7503ce660c3ae5607aa6ef6

SHA256
06edbc52c486b2fdbb2b7af81f3463ec41ea32116520bdd0fab479b4d24e66ac

SHA512
0f64dc7323e5eade7f65c038b99bdaee3a6cabbf37311dfe6edbd996cd2caa228f2d760f781e2113aed6534facdd6a9baae25d4d7b8ffc7d5602da233eb68b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b8ab24a710ff0ff4c8f462bebac943e8

SHA1
71267f3c645488f7abdcf182447fc962152dee7c

SHA256
2688ec6e84335e48cb4119f8972b913fea6ff5f4aec980a6d63cf0be8f45fbfc

SHA512
87b487bc4f5c553446546ebd548eab2816add2f3fc0517c419c443b19a7213dfebea2e64b00da23dce871761bd3a1574bef09718bc4ed6b43965402af4181833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2327cea78e6eea19cbe53e1a42cd454

SHA1
663e3ddd737f6d273dbefe4f51c91c4153454f80

SHA256
8977f7a74da01b82674f2dbfcec31874ddfd64e51414e8126aca0b97cd2ccd07

SHA512
571eb01acf96435fda469eccc6e0468d06a91881d39b87e5e6ddac3ead1d8152c7c16ead6eae427b46b541c7490d66040249d3e534560ea42eb03864d711c83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9427a728ab2cef0587a375645f7a4cdd

SHA1
a57b4d53b30e079ab3025f07a9e784cb0551179a

SHA256
2628c77e6bbf8581ff44c485e0f196fbf810a66268c3f57cfdf99ab091f585da

SHA512
97c6c6502ef6c97490050b6c2820f519e90789cb99799f54e09ad7f9c032e5f61bead7e5e818cc1516713e04e56b0e00fa923a78acb1163c85f349e71fa7b6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c71da8edcf270d2cd768859fa69ece55

SHA1
6f2562da165678070525d05a427a201a2c26fd4d

SHA256
e1032d1993c56f6ec327615ebdbbe696233e29dc316b3299ec2f43869891a418

SHA512
c44b7deb647d1d0560a75365ed228f9b7ca3733bf88ddf5422d4bbc2139910ea93f9cbad16df0ab70740fcdf71e24bdc44e8e8649dac8506e4eb9a4d95701440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb3ee6592066764a7fd51ebd3b74b10a

SHA1
ba681de0b83457df343d3ae45c9c7b46aed6bb54

SHA256
1f8b8e6c00af98e03f10fbf7615027e0c7ab0d45a5e7d51d7de870eaf85d5004

SHA512
61bb0621e665edaf48d7b4ef00e7a17151bf3b59c46107156ad397f80659816bcc9e558318125353f558eb5cdcf7414958563f89c6d1a9cb8d7e8129290ec52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7020234eaa910ab9a000c2e0cfb7cdce

SHA1
222716eb0e6e6371ca9c6c070ce391f06d0f9508

SHA256
29b593bab131933d2faa49e58d233eff7ec007535a2c10cd8ec95a7fe6b4cfc4

SHA512
d86a52a901747e14209a4423e24b8561315db59d35095a0711882d2c41ab01580736f2d65c966270badbb99fd737a49a538a27f1d8c93e6e35a6ef521bbf6519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6394d50cc882d7ecc10df87538e2e6c0

SHA1
44895acd9a6887ec22c148cfaaa82df98dfdef23

SHA256
3877d31a383ada5323a41509a01006595c9ad97684c607ea3c176fdd956c00ce

SHA512
9df9abc2066d192a9ff7f91072413aac7a85dc1057786a0607275f082e372e98d625d1c4e7e5b12bd6ec9b132dcd5015629c6e1d9378ae0377e3c273ea1239d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c101bfc10b41437b2a028c333c16dff7

SHA1
8a1084cfc056b9b0212d8935952421f55c08507a

SHA256
ffb0065d6413a1c306323537c66aab9a3c7f82f9e26e33ea2dd496cdd6492e77

SHA512
3cd46e3230a78c375892a46aa66723268bd65982974eade0ceea601609f6402bb4305c5897722f555d6be0b7331966fdf29d60d5dd87d5fefe227a0e5773b284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c1e6444de8f8f83fdb21587ccaeae54

SHA1
d3ff5d0d21d0a9eac5e9b6c68d445ad50e699720

SHA256
a318c53a308bf836c046e1a789ed0a9644491480d379255a7f2403731c0be7f4

SHA512
7677c80d8a5264c597d5ab2e8164d53edf2bd48df55c16d1aed875da597af25c2375a2a4eb19d406f1a36a5b82fc805c40dcecf61d7f0ca85feadd90676663f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1af8edfe141f4dd0203a62bb5956efa1

SHA1
c7f193cf54bdae450b67bb30ccdc23f3c01d19c5

SHA256
80635bdc8d47f8d4eb44109d0e31866e47aa8902f001a806f1a1c20468b712a0

SHA512
a41cd1b43d975699b61f85c151b734094ab12118de52dd7c0e4064b0e6a22c371cc864b4403fbc1fb2a25e41316033b6cb6a26780a499b4ee0141518814f93e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2679ad2f248579683896155116473e06

SHA1
88b3a9998dbc924966142e560487ed09d6760341

SHA256
b404010726f32ed1c38ca4cde89a4c7acf635e03b446acddc4d37658fef53cf1

SHA512
40ee29446d467c6a44f448b81bfcc420b13251368aa07702c135ed13b4136122b73f930900fb288fe7ddf82ed5f7f659682d5ccf39abc0767fbbfecb676b8fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
215e8d8fe7b4a5faa6e581858348b316

SHA1
696c38ea0760d2b6f564485cc1352a1825b14006

SHA256
a8fdff2c158c04561c351a0805d89b256937e87cbcf2a4134b0107886f9b8167

SHA512
34d77fc8a987c65720410531646147edd489f465df3d68cd50c7cf5a541d2c26284ec52374515f4c335bf2e9130110f1073afaa1faa3ccbee60779fbbfe39381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5f2ec7066607256dc597eb9e751043cf

SHA1
3a8322420d7221192a7e6b90d7ea10adfe306c83

SHA256
6784827b6f248cd049beca8e4dc9cefadd8d6e490189d52d9041e6bcb81e3aec

SHA512
1fa7a99ecb435fcd9261970ceec2c829e4304dbd870754976dade9e04f34c646b2c60d5997a4aa7649c3d54902ade3610eb884f275e1b8f5a0d5cd36856dd31d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eadeb7e47379f8c84e62780a20368320

SHA1
87c8a51ea491bb9e78aff8b2fa2bce95e7f0743c

SHA256
a4a9faceebdfb7370283d0fde5b9e923139fde483fdc55bdf20bdaeeb93f86df

SHA512
15d7a788e59e36de3209771dde2bc877cdf7a918b195924b43a7c49aa751f9e79bdde1eed4e85c2bfef38e33e7e0a05103839c684f05725f2b8bc7016d4d8d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ec029162f6414b1aed29da87a273be5

SHA1
6c56fa15a19e4d1231b4604b72a41707684cc7d6

SHA256
12baa43d97e401969aa74023766562d7d392486d6f4433dd2e4042310ff4c7a3

SHA512
615d2042f4b2617238696a85bb2e2346d2f558261c5f0d370fa2652374494147f2b1e048eb89d01148689c303e55e736bd32ebb6bb2f81c54e9c9927987c848c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
541f6c548ecdc9d85d1c2e070e2567ac

SHA1
4de8ed3bb1f506b38d4d29cd743e2651100240a5

SHA256
82466f32c08c26a7c51d02faca1c60dac3634ccf586a663e9d6235f966e7a14c

SHA512
84fe5de7d31f3fb9516564f92fbcd2b8479bf15cdbef9a3b1b1abf8b21ed4b3b8b03da7eb89c72d438781551607f156c328c49da7eeefc0d11b933087c6546e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ab32d71512ff5635d6de16d51c3785a

SHA1
96247d4807ba13f869ff1cf97f9a9c0d47c35fa5

SHA256
a5db38d3b5415642ecb62eb70a501f209aaee370e53cf7eb47cbb80afaca7f09

SHA512
70c6f20da9b19dd33e91640b0f63171294a223a4fb644975e4cd73bcf18f23ada68ae4e4766346a213c6fb448d3d1c1b27de0a9d7ec9f73b0a31f99a80329726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8d287c073216525ed1924013ddcb7a61

SHA1
d841b8a3816b90fea1bd67f43a57bf3d6a905d2b

SHA256
deda93bea67c43ff1b6420c546cf05cf39ccc32cdc7f91173a3db9c70623888a

SHA512
fc87c99dd24571b96ef64e1350c44a29eb0e72906a053b1e7b0fc60cbfdaa70709c4a756780c1e666c4bd7e5a8eaaa98dcb254779af411579bcc964d9ae02953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a786bc286510a094a1a3f1c479ad7e28

SHA1
9fffa7aa2f85ac67ffce6b6ffc977bdb9894fafb

SHA256
1c8dc2a4d723efc5ab59f64e6b70ea74a2e715f6abf5fd63e29fc258dbb44228

SHA512
acc41b789874a3b0013a7935ae2c103f47465371eb60fea2c483758a30dac2d208dba1b16e7b34d2fbcf1edcabf7314a89e1f44e1e88ac0333eb45644bc8ef32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
615a740047900c769132d5f4424c83d6

SHA1
fea173182e6ae292fe66cc1c4deba19c2edc333e

SHA256
0e44fc887663dc442cf2af407645d8e8b978ef6c3eee6d754ed121e222372c90

SHA512
d69f105a035e06fe42c21b6f38283c8ea1a1f7e6ccf238975af1f78f05a3d11d66e2a961ba46bb10efb9be6e661b3f43af015ea6c339700c1c71af88cdecf399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f21c2a7feaea3369a15731f4dd6faf95

SHA1
392848bb4142e5d0d7beaca25890763dc333d3a5

SHA256
df7609d04e3ce47a085d85513ead0d2c6f5fd71be312616863da905036527fa5

SHA512
177f7507f8dc2488296a7f7fe28e051ae4156d44ed4eb64c8d1256761aa0a033969dc52f2a78772faf29d69c57bd2a08b82dc7577f75ba494135031a3aa119c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a7d6ccf03f8778ca6fc5fcc9f4cd1f8a

SHA1
f589e2e04d2ea00a3552e078c6202b147d36d69b

SHA256
62003706007e4722644a9f398de87a9651207971567c08290bd0f389aa0cf3bb

SHA512
3c1778f21e3f7d55ea0ffe336bd7b70c4a0767da9e602393b8dd3f186ed26eb744d48715b5606a71f91c16b1bf12497f60fc7864655453a63b71bece205a1d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
594d883a244cc67383df39e80cb88388

SHA1
019b48f8df22d6f0e34b437040834462a72d2b44

SHA256
514536a7f9326af309e40330f0f771772424a8714eab8c8d11ef803824da9ead

SHA512
8076116640d1fae21867d9e1110654b41ee8c38b13a4da1907fdcfaf91364132ee252aaed5ce1f93562ece8f21f3ed37846a5bf16734ab8a05a334f7b8706bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d40778b4fd8269f26430e9b5f7bc5370

SHA1
f51344a2ade98c1ddaec18a186e5ac088a1e6206

SHA256
07bd5f3c7a65e2352d37bf9be651014dff27df852eb8d431bbdc76367457d68b

SHA512
8924c851ec2f9d7a4cdc2f9152b3d674a7d5f1ef40b1cb3db235c93f468fe17c4e011c7090c8616e5069ced6a0c84ced7939654db3a9cdb0a656853a2fb0c10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ec10bba85acdd72776f195cd96be5f4

SHA1
bf2e9ec856d99c0bf3330f2927daceb78e014e31

SHA256
7ba8b9e2a541418817ba80cec56a3920e587fe34b8ae24f15d09e2ef39fe8462

SHA512
ba751bc90868893ef6cfba7b9d04209f1b4cd6ff5cf9c2880864a36ee2b1f9c034391c560fc988a4798ba70955f94d71339526ba566d332092e6e9003db254fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
014be9ea49ff9a0963ed8ff08bee306e

SHA1
0964bc5862a34ca7d71e01c36c063856e6eb4a2d

SHA256
9088f4e96ce88b0ea5310a4af5c7b76108542203dc0d3ae07598c6fe19befd95

SHA512
067a5ae5c78a21b0b76c0d24c8cf98bed41555152055ab624ed05d1aa15dc9c1d90a209e7d34ed4e4669aa72eabb1be020285712007c17f8c5735f235e092da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a821283e4060affc233d6b643278b5c

SHA1
913755ccd1ba4b8462315fe884c679717f411117

SHA256
e6f38cf679a25fa870bf3db8693e571300aea7bb1dfa5316085650118303edf8

SHA512
76d46f48d0bd0594aa5172f2db42a9c3df3f9c90a980a580e29328f90f9b2445e122aeaf3761984bed8bf60bc7617aaf68ec8d084b2ff95e5da366b763b1d07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f7b0355138b28723f629ce9f96bab88

SHA1
ccf622eaf34842e237bb2aa2e9fb3ceaaa0fd7bd

SHA256
9521e8fd8c66772c3a9e98743b03fcd271d62f8362164d24d036a1f7e50c3a8d

SHA512
3005b42929fc6ae727454bf8b2dd2250f9fa5208f0644f9126484b27a1eea1778eba671267e5bab38c1a383d1a9966b2d0e5c1427f5455ab1303808b20cdf853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba5738d179259884766c31f8bf3e59c4

SHA1
b455725c42d9286aaf28bf071bee872a50eef20d

SHA256
5fa3d19f717fd3372bcb480d747f0b9bb039d3201793adb3bec56d2dff43a8ad

SHA512
80a25f3d0003c4426f8286130447b991899b17651e194e97786f652b37be6b297d88fd31e0b703252b575bd8d9042340e45f07cdd27e0fb5a3cd4d589c2b177c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d67a023d76f4595430a37a0e7c1fa6c

SHA1
e450ddc7bdeb3a4fcfc224ac401843b1bcddca0a

SHA256
5c8dc25930c23addfc9965660c22aad4a9f33250abc6032b46b21275b40a29c9

SHA512
7c6aacf59a665eb65f8d694d88e1ad2d7735f5397040cc3b31fd91fe8e7ccdab211301a017749ac4b6996d5dd50fb377d1622a004f43c6821e7a1002ec8c070e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99c21bee35994cd18d1fe18adea7aea4

SHA1
bc4da56c31dc007c815269a76293e2fdfbd10a11

SHA256
36f5a119279f6717e6c4704362ecf09efe439700a9601491d9b353baf064a448

SHA512
fe1633ee72f1e9b8eb7f2e5bd9249c5f6e93be7cf241f8e6dc420646d032cef0415dec916075ce5b27d497414bdf81e7eed7c3d124fb930c9a7936c43cb3491f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f0306c18512dc685bd512dd698d1e7f

SHA1
4d8c5c9bbbe25e090efaaf1afbfaa002db1019df

SHA256
088abb2939d1843d2cd9d51fa2fc419127cbc4fa754856050c3513f9fa33a3f5

SHA512
8d0515577ef05f4a3bbdbdac7034b560552dda07c7d8c77a972552cdb7bbdb98f2f05924b62f915a8127c609472e22748d779c03ebbcd4487651c91815674c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b88be2507d382fa1022bca7c4dfae464

SHA1
285b9c7a8d6df1ec356f0399ea2ad0641f3f1fc6

SHA256
54de1df60e46d6c8aec16c4d20b2e33360cb0872e92cccbd545ac5b36b3248bc

SHA512
1fd0e7a8a9ee0e3520e9e8827bba6f8b1a2e006fb6125cbce430f3b3db278e87d4f1a1f41506609057942810c39a6bd6e76fa9c732ec95c443e0265910d9a556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e78ff7d594c9b796d6be2ee0a111af81

SHA1
b16e25fb823d0c8e5930200f039d0a868a31005b

SHA256
3c4fd7ffccf6301a6d6a87833b1a96ecee21323be898b14a7f035b8caf47c69c

SHA512
1b5859c9dc1f70583ca4de706d4c9690561bc3b66e371695d0045a3a3f9d3b736d21f5269c88c5b06df789c485a539fd795905493266187b71f63e0f28ca2f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
35c5969510be103469a0e3d98f85cedb

SHA1
7cded71af28feaaa23dc8fd27424bff4641d16eb

SHA256
169bd095806ef9f45458fc12317af71c582e5edb1bd26454155e3bf0e1977b68

SHA512
bb12fa8d91b3cf03cfa52ecc17803381489abc3aeecd8fb0ed674d5de5d163533611aa982c6b1cc8af8e9ab3c7bc54d393376943266aaaafbf4ebec0b992bb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
62b68a9c5c83aa046ad4c259a88838cd

SHA1
28a44e274c80b0e7ba011746e1d534a22c465b41

SHA256
dae936b807394a629f9f1054b93ec7fc36ad23b08f8b03cd5a2de084245aa60b

SHA512
f41eaf451be553afa38959a0b88d8056084788781137f271aa887530875b87ca3f43aecd40dc71e1f5d7d11951ac0253cef38e3bc10fe28df77cefb0414f308a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
ab9e80ffb68fa675897110687ebaa54f

SHA1
01a97648ea93f14915a6d2c0efd391617bd7562e

SHA256
d30e8379ac25c330910f72048e3779c76c6fc3a402f254ef70bfe5e9f322a875

SHA512
2fe008dd74b0ce23634c0af6f561e9424d1414585bb80429e5645303a90e14f656ed55f0bea174e862b3caf58288a01ab58e13fe881c316404a91a394f5454c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
29cbcc2049fcad64748f217158d17f74

SHA1
75098862978d1fe11f3d24359389861187751057

SHA256
8f164fc3ab4047813887567da2b5b3be9262652074f6c0a3dba13c573abc3bbe

SHA512
e05447cb800fefa3afc7db5c9e474a6a7ebe9343a30f5f41b0a4c832666ca578ff541a057977e1d8e36cd367b4e0b7b5190c97c6996147e1a32b71d67d66cfd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
b759de8bebbba49018d1fc493a956b7f

SHA1
7b87de7834bdc5e9fbcd958dd821a11183da091e

SHA256
f4a20191308bdf39e58cd62caae05332e288a7dd659684b026521f23e6c0ba34

SHA512
fc740f9e1942c60cfa3ddbc6e06680e94fbd0d66c5d019cc723a4357ebabe6f3c22ad4f7e7f9ac673d9c6212ba856f2b5aba36bc0cfb614e07a8da7cf390a048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
35e387268336800f2d30f61246122c0e

SHA1
3f9b859416c302f769c9ab63db0dcdcd4d08ac3b

SHA256
847045f0cc0ce8762b9220d933c8938015a7d5f4d35a74604589d8365d0d8333

SHA512
753472ba8ad13959c9218a19d5d945b520d9ddcb28ea7d566940fd3bd5d7ce53304507fff7d648b6bd83eefea5d764f2f022be67cb01af09149c0e6f5f2793f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
cd3b6bd78f3137393c3a55ae2b07ae14

SHA1
8641149ca308cbdfc238236c51b12bb37d01fc67

SHA256
cbab706cb6bfddfb1348921a8e41dfc70c0e0c1d68cf3fa92a5303f0cf55ad1d

SHA512
90a9564aecd6c07cfc88e976d2de5522ab4b4511fda9133d99c6eb21fab2c2a3f8d3cab02712b03498563da9f7b054d2803b0f6c92dfcc472d72a6cc6b668371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
adfc99a000b576c17a40f4ab3b2df3cc

SHA1
c2d608af3a24f0b98e7fadb004285992c3c5d438

SHA256
45224994da7afe720e5ac232584aed5856c9a676a42f3f32d323f16a93168bd5

SHA512
d7053584b6c0f2b8236193e95baffe6f3e2e7ec48dcb6292cf25a103d1025436f031ad2d9e69d4b0572f0b78d90e37a8b96d9d6553c055bad56f49f92fa4c9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
1262a961898e1a408434a67b6fab256e

SHA1
6b8a5fe00698650878818a7f50371ec853edfa70

SHA256
65f47f080d31095a4321d371ec09d816df75899e224033ff26611611d1c056c3

SHA512
82c9a85203a5a8bbbe92933ab70583768eed6b4ae93ae944ae8d6d9512bf632cb34f1f6272ab4d77cf8b5da3325552f81b5bce6eeee1b3a1bb068ce98c73729c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper (1).exe.log

Filesize
1KB

MD5
7227f2974903a25d032dca018f1860dc

SHA1
3480b1382e44c150bb50edac56e8661fe57a97bf

SHA256
27113670aaa6b62a004b9f3c7562c3f9bb55e6df47d166e32af39118a27b0ff1

SHA512
952cc7522a27d0cbe05162d60c5df874f25897cdfbadf77f60aa522ab5e582f991268e5b0ec6034b16486d17c85b12791667fc887e8f450e0f767c9ae84642e3

Download Submit
C:\Users\Admin\AppData\Local\OperaGX.exe

Filesize
3.2MB

MD5
17b38f46606dba3b411c5cafa35dd35b

SHA1
d96c8fa435ede915f1825074d2cf8a23ab9a9ec3

SHA256
a7173413446249c9bf0ca28d7d3a1ba993384dbadbcd7ee3fa719e46d549c348

SHA512
d344e64120d64a45265d556d57879e3d1b34a7913d4fae71dd23914e489f77c1e2fcdaa6decf71a5efccb69acb15dda0400481e8d16c3786bec98cf920b94be3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412041626041\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_241204162603907828.dll

Filesize
6.0MB

MD5
3ad82de7d250ebea2cc0c59176e6a585

SHA1
67206829a134366e8187500bf48b2e19e6c0374f

SHA256
074d00669ef2f3f899916f79b0e06a9f073529b204aa9015f79498848adfc58e

SHA512
0bb4e0f50164769238264d00ba4c3a78cf0e5adb6cd70899c07cf2f9ed73c7480ed62986c33c28ed0fdd4a0d6ad8aec1222774e235ffc82c6c9eb6c007599df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir832_1947355768\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\link.txt

Filesize
57B

MD5
6e3d9b82bdc45ce83646df01cf8cd26c

SHA1
a9aff0eb05b6c76ac4a5aa88bca8ca0e7e46d06e

SHA256
7ec7e0806aa0a904e91a30425b860231cfedc318f41db13fcb5a2d5cc5e9ec2f

SHA512
9d4409a3b22b9f20f060e8fbacaa5c10d487003a9b14079c335dc8e30b2e76669158d0a5ec9643daddaa560b4847781ddca628d285b2c300e8bad3d5d1c235c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
d194d8de9e4c6f7fd36be9e475341411

SHA1
560f2dec1f69decba7b84593353ca72f23686e44

SHA256
6bfceb0fb4452b854356ce076864cfbb68003103ad74368f2647df54086ba48b

SHA512
f4be2d54f6d08a56a7e39dcee2d94a62c2a5be84bec719bca53d0e609cb60085f69ceace6362d5775a93f2134c01e53c09710348b55c0a31c8e451a25f9be178

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
16KB

MD5
b44f12521d8e6d2e192b9081baed0d4d

SHA1
6439acc0cf02545154fbb4af802f3d0eb40fc8e4

SHA256
9ed39aa0a7bc72220b2bc6308a615160ce5fd21639db6d49e7c4b4a012feb682

SHA512
f4a3b6a67e9970eecaadd9988991073bf5fd56ad5654f87d998b5a204bc07d21d8d5b3601e5d479231894def37434c3c120cf0b7a43f3adf4db8c3341f996792

Download Submit
C:\Users\Admin\Downloads\SELENE DIRECT LINK DOWNLOAD.txt

Filesize
43B

MD5
f0b47278c40f21e60b439a6bab81fc56

SHA1
391f0915391e0bc438f8c10243bfc870d7dd072d

SHA256
7cb78585e4611950743c805ede0071d37975750995d6ad12718c9c36a71a315d

SHA512
acb4a00ae17ffd28788fab85fb522b11ed21f0875b5a0d6b53fb65e98f35785b2d30cbdc28e9f2e945faddfe967004d694d08d1f2a4a8b0e07f9ca133f9d4ebd

Download Submit
C:\Users\Admin\Downloads\Selene Exploit_32951752.exe

Filesize
5.7MB

MD5
15d1c495ff66bf7cea8a6d14bfdf0a20

SHA1
942814521fa406a225522f208ac67f90dbde0ae7

SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42

SHA512
063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Windows\Installer\MSIB98C.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIBC4D.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIDA18.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/904-3656-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4229-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3865-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3866-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3828-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3818-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3885-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3886-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3779-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3901-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3422-0x00000246A9FD0000-0x00000246A9FE0000-memory.dmp

Filesize
64KB

Download
memory/904-3922-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3923-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3769-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3757-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3420-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3951-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3423-0x00000246AB700000-0x00000246AB790000-memory.dmp

Filesize
576KB

Download
memory/904-3729-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3977-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4315-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4314-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4002-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3433-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4017-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3418-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4303-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4036-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4053-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3653-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4302-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4072-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3434-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4292-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3419-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4102-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3631-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3585-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4125-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4135-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4282-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4145-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4146-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3547-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4156-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3525-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4166-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4167-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4281-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3506-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4186-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3479-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4196-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4197-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3469-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4207-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4208-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4209-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3404-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4219-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3459-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3847-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-4230-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3457-0x00000246AB900000-0x00000246AB938000-memory.dmp

Filesize
224KB

Download
memory/904-4250-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3458-0x00000246AB8D0000-0x00000246AB8DE000-memory.dmp

Filesize
56KB

Download
memory/904-3455-0x00000246AA520000-0x00000246AA528000-memory.dmp

Filesize
32KB

Download
memory/904-3454-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/904-3444-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/2024-52-0x00007FFC3DE70000-0x00007FFC3E932000-memory.dmp

Filesize
10.8MB

Download
memory/2024-2-0x00007FFC3DE70000-0x00007FFC3E932000-memory.dmp

Filesize
10.8MB

Download
memory/2024-4-0x00000214FEE80000-0x00000214FEEA2000-memory.dmp

Filesize
136KB

Download
memory/2024-5-0x00007FFC3DE73000-0x00007FFC3DE75000-memory.dmp

Filesize
8KB

Download
memory/2024-0-0x00007FFC3DE73000-0x00007FFC3DE75000-memory.dmp

Filesize
8KB

Download
memory/2024-3256-0x00007FFC3DE70000-0x00007FFC3E932000-memory.dmp

Filesize
10.8MB

Download
memory/2024-1-0x00000214E1D10000-0x00000214E1DDE000-memory.dmp

Filesize
824KB

Download
memory/2024-2830-0x00000214FC410000-0x00000214FC422000-memory.dmp

Filesize
72KB

Download
memory/2024-2828-0x00000214FC350000-0x00000214FC35A000-memory.dmp

Filesize
40KB

Download
memory/2852-3258-0x000002701FEF0000-0x000002701FFA2000-memory.dmp

Filesize
712KB

Download
memory/2852-3255-0x000002701FE30000-0x000002701FEEA000-memory.dmp

Filesize
744KB

Download
memory/2852-3253-0x0000027020370000-0x00000270208AC000-memory.dmp

Filesize
5.2MB

Download
memory/2852-3251-0x00000270057B0000-0x00000270057D4000-memory.dmp

Filesize
144KB

Download