hxxps://github[.]com/demidpython/solara

Analysis

max time kernel
65s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/demidpython/solara

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3884	msedge.exe
3884	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
2576	msedge.exe
2576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 1856	3884	msedge.exe	84
PID 3884 wrote to memory of 1856	3884	msedge.exe	84
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 4704	3884	msedge.exe	86
PID 3884 wrote to memory of 3984	3884	msedge.exe	87
PID 3884 wrote to memory of 3984	3884	msedge.exe	87
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88
PID 3884 wrote to memory of 4408	3884	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/demidpython/solara
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd511b46f8,0x7ffd511b4708,0x7ffd511b4718
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1984469841381137493,11949791393619119121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5284

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\solara-main\solara-main\README.txt
1⤵
PID:5760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
37KB

MD5
f9a90d58144602c12373f3a51ae11c3e

SHA1
50930fadc719a0cf689f480f053fe55eaab64817

SHA256
477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82

SHA512
0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
f379276efec34127fed6f06101a024d3

SHA1
279e8e9dc86c622343e5bba17043d893c9224086

SHA256
1f92cc266344c34ab3ba73fd7107c0b7d53de896e47f3683c9e7ea4b1e74b8cf

SHA512
a87e994179341eedf39393fd4b7a57e8ac341f43bcd846c3bc16da9632921c08566be9ccb1b3afc0a1b9a9152c6a1339bff584401aaeb7f1cff7a36af66db5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
21KB

MD5
1d360b4556cb737bc22f87dc83cdec12

SHA1
2401ae1c316e52652ec9a309d5db2e0801ec4bd1

SHA256
5bc8f420585a110767d782fc3bc079c38cbbde4cae27e7c9ee0f4316e2c75805

SHA512
305d885a19fd8fbfbd7b9c13de9461dc07392ecf1a351388c60bdbf51862ed3d7ab995b578f884de4702388d332a5a8b6b8204cf4519ffbf303642b401dd3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
015dfbcf0c986f99bc0c1d6ab9fc162e

SHA1
6dff455e6dcdec9ee55ca25edb5f8edd1803f3f1

SHA256
291c3acf9855517f481cf0d64ba43f4e085381d857589ed5fc75905c82133951

SHA512
1d34e7bd775cc7b70371a579de085824a0eee0c6ae81dda89d51500c51eb0163987055a2dbcbd9ea191ee8b35ee0cfe4813bde076bfa5df0428ba7e043a6522a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2be1d9c0beb511e45fe1f5f273dd14cf

SHA1
25251c209c92b64e597e5d0a2c4d12d6b5614a9e

SHA256
d3d415c996b6127426c4c4ad70c153090676777e6e3f6853b7f58cfb2710348c

SHA512
6b2a31efb8e02d2e80eb0624fbd3b071b9a47bbd3ae52f726934dfbb3d539e56fa92be8f3734a96926cbb6cd911edc7cd26a53f040cd76594d5d81c0632b7a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec50f9b271456dcace5885d006b93418

SHA1
9ae3d45d2203d7300636fca296092c6b5908f7f3

SHA256
dc5ea915748f306e31d8f9b6e5e51ec133bfed11da56a230b6416281c02306b1

SHA512
c0546b5e2e8f8f055a8c5813eae49324b0fa820c8a2cb51ab785c605d2a4f695198a06421503bee1581cbd5e0c08ae8e3ceea8083efce03a07ea452beafee211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
404038d96cf53b863634706e12189497

SHA1
1643d867159ce659ffbcdc5d68db0056eb4b9e79

SHA256
74322484dad04a403c83c67d4b3f9f9ad4cc88b32f5b0d80b691faabfb744b27

SHA512
21307dde1da6ef8de900c95c40545378f933d2fb12ac271ff39ddb7a38079855862f083cbd7d5a53ae62230d4ff39c8b4db088d20464da4a873137b1aac49aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4a59013824a4ba03d41e8b9e8508655

SHA1
23d0e28a3d15d47991a30c580e7c267728d33e44

SHA256
97c917252b45753a520055d7fbfc728fd5261ed3754c23e7a4e80931c8b60183

SHA512
4cee9cf34da8c3acbfbee020296023183dd202ee929e4833758cc4600507dd400b57f83e25365909af5caf173101206432378fd4b292067b6890c141d3d002e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc380a8f4bfbe75ae957f1275ba9e89f

SHA1
d843297a1ca4d6d09fe55e75419d3b85beaee8b4

SHA256
0f8ddb7628cabaacd0a81d12bb2a8bd05dc36605302a81cf2f4f662f8f988ee9

SHA512
0f35640839df15ca1ba4d806a7062e09dd5401655bd7e2bc1437a1d5a8e03c80ae8f8f79ddd4438b90353da282d62d2e494d82b0465e10951431a3690b02b2f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12c28776cc055934110d1b816f9dfb0a

SHA1
da92a46619ca05f6a5cfef08fb0934e6a1982008

SHA256
d8257d345a66c0093609be34a2487c1d1e01e706e1716c38d3553e2196d19356

SHA512
d1ee732be6103100587f3fd21be65dd677ee45302f0bde1c68c10fc4cc64b49a1cf07e4a321a84dd4c20996a8f7f4fe92f61a5e14257f8153b481312ca3d91cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f453.TMP

Filesize
874B

MD5
9edf712642f4e9ed0a2527731212f4ff

SHA1
8285794414c66e154e950c75354e6d1cdc610d66

SHA256
5f2172d3acfab7e2fefb405c9e0bc8b4dfef565aaf767df87b01751b52ee6c79

SHA512
c26ad6dffde4b441a95f120d9c931b7a090d42c0f4fd81a35820b8228eb893e095ce3e7dfb99572f33f5d2f56b2f93937d26c905fe4f48efaede0c5b7defee82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1363074b55d39107245ce8e7860c55a7

SHA1
e20a7d9499fd903550eb5c043a97483e92e533eb

SHA256
69a5e1f0285869be6c021427a7dbc72df470e8437cf7574ccf2e3be6b825e67e

SHA512
c0316b3393d5ac7fbef3fe4f18e133e197bdefb93645e13b9ff2247448fbc3a9ba90ccf02829c1aa1927fff84dd103160700d2e35d6719c85b1ee027e4284d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4601b583a75b501dbf2d3e7d0accb82

SHA1
845bcba8c89b67d07d8296c9e0e55b132cda7a77

SHA256
23934594353eda5db3e2690cd1f11fda3ada559d2e4583c8028f8ee625f63d3f

SHA512
88b8869984d4e4514ffa1a48f05661837967ae89bf9d17fb8fc49949aab6b6dc59caf40c75f55150b913b6bffb8f000f2543354beb22cfcc4143d78a7c9d1636

Download Submit