924d9a9013f8c45b618804cf462e038d7558c38ad62f69ca3a0efff6e7fcb747

Analysis

max time kernel
76s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 15:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SolaraFixer.bat
Size

6KB
MD5

b7f1cf544aab254124c5adb93e3b182c
SHA1

2d66808950b4d262369755c15c49e6cb91327abd
SHA256

924d9a9013f8c45b618804cf462e038d7558c38ad62f69ca3a0efff6e7fcb747
SHA512

9f66f61150184c8b026e9d5eec52706d1408c70dc929d0eaf805567a653a4f8c35f8ce24b46a8387467f49e51651d6e635b8cfe439e7aaa2a542a2982ef423de
SSDEEP

48:KWMHemgS3/8B7iHP7EHi5aw0Ihj5eIhjKIhjbhK5G6QL7nX8LUiyEEhzhxFBZ0DV:K5HemgU8BqqOfiyTO/uAld

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
42	discord.com
43	discord.com
62	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 8 IoCs

evasion

pid	Process
4292	timeout.exe
2680	timeout.exe
4008	timeout.exe
1800	timeout.exe
2988	timeout.exe
1796	timeout.exe
3696	timeout.exe
4260	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3608	taskkill.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1403246978-718555486-3105247137-1000\{D06C6DF1-0362-403D-9650-B708F4D2FD52}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1403246978-718555486-3105247137-1000\{A4FE6658-4E39-45A5-B214-9BAE30A8B135}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1403246978-718555486-3105247137-1000\{D5965210-C5C3-4F21-9233-20C3DBFECFF6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4048	msedge.exe
4048	msedge.exe
1500	msedge.exe
1500	msedge.exe
4004	msedge.exe
4004	msedge.exe
4664	msedge.exe
4664	msedge.exe
2476	msedge.exe
2476	msedge.exe
1760	msedge.exe
1760	msedge.exe
3996	msedge.exe
3996	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3608	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 1800	4960	cmd.exe	96
PID 4960 wrote to memory of 1800	4960	cmd.exe	96
PID 4960 wrote to memory of 3608	4960	cmd.exe	97
PID 4960 wrote to memory of 3608	4960	cmd.exe	97
PID 4960 wrote to memory of 4048	4960	cmd.exe	98
PID 4960 wrote to memory of 4048	4960	cmd.exe	98
PID 4048 wrote to memory of 4332	4048	msedge.exe	100
PID 4048 wrote to memory of 4332	4048	msedge.exe	100
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 2024	4048	msedge.exe	101
PID 4048 wrote to memory of 4856	4048	msedge.exe	102
PID 4048 wrote to memory of 4856	4048	msedge.exe	102
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103
PID 4048 wrote to memory of 400	4048	msedge.exe	103

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SolaraFixer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1800
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM node.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/realsolara
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda63846f8,0x7ffda6384708,0x7ffda6384718
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
    3⤵
    PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4268 /prefetch:8
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,16735614134253795979,15975377628633532768,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4864 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1500
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2988
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1796
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/realsolara
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda63846f8,0x7ffda6384708,0x7ffda6384718
    3⤵
    PID:2768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
    3⤵
    PID:3412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3548 /prefetch:8
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,15533288389994421887,11837362280670509932,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4400 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2476
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4260
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2680
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/realsolara
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda63846f8,0x7ffda6384708,0x7ffda6384718
    3⤵
    PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
    3⤵
    PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
    3⤵
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:3608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
    3⤵
    PID:384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3996 /prefetch:8
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2232,7190040417560976179,6592570070784649363,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3916 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8980813065f382dd9054efd1b258d804

SHA1
a8f2ac14e19ea2318d467c097dbaee965f22a00f

SHA256
58d91c1767db01a50f12abdd11206d99fb42e99451954e321f398dd9e4e41523

SHA512
586d58de619cabbca6a0964a4ff442cd72311478af1ba222d65abd479a199c5207d1741e73f3d326d7f21c0af03da2e8cf5d522af4d2247e516385cd6264bc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e79bbfe8fca0ba9737e13afadfd785c3

SHA1
f4baaa203a2b2a11a91f77d5c4477abf00d2f6b4

SHA256
3e831dbbbd2ab9b6822a425961a9fd7e63fe51ceb259523732ea399588e77f70

SHA512
36421ff6dba2015712e90ab5d2985e7df1b6f6103de255fb082538888b9d3c4ca808a7c9e1289c18a80ff7e207c55ce972add79159f3609f37b55cd9a626a187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3df1494f-24d7-4c70-893e-cfd230024c06.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f193e676933cc5d89bcb9d1a3ba4c9f0

SHA1
c93e0105792786d0056733975680e8676a160937

SHA256
6e128cb29ceca39057ee9422e4c53db950380c06412c3fac8edaa20aa94c5981

SHA512
922ff9aa077549ff6af7a22d2567a46dc602b931e0f30956094132466ff10f8e2551b27e101d662804f2c1376eb3a8ab6af62d5fb353984a80dbb3933f90fc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0aca2de9cd92326fb7ae9cde3855e9c0

SHA1
352fd30d8605b266a4b08aecad30b21fde570cf3

SHA256
b9bf9bea0bdd9c83fb5881cca790f010d6966e39d413d818b0523f31e4734284

SHA512
36e7f0269c58bb0abfb90deb49346514fae6a78f68680204a8a931c3759944e3cd61c1c1f4ff38dbdbca239814ed09d0a4016ba80f2e1cff5e5bbdcf0fc8dadc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
8f7ef180bb2ef86858b155b458eabf34

SHA1
2594fa1520db86aaf108ad0f672f45c61dce0424

SHA256
94ded002402abe75bc08cd93925ef128fb61f2cd2f0d79e6421fc9b268d4f738

SHA512
09e66fc44ed8bc53e572b71827bb289d9d0889822efe1edaaf8a5f7568bc6528e9c454e87c21059f2265c6e45208a7815e4da1d4f794c2929bbd19f40c5410e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e51fa367b2db2a8f08f82546e3a178cd

SHA1
243726e7ce057c1e47456faeb5e170f086ac957d

SHA256
6227448f3c3eda167d60dd6f7abe623f55bf19b0476fee15a2b8b15985da72c6

SHA512
da9b6814a12cce7b7dc9bb52c27f3654a512ad5af1df19aeb06d6a96504a7aac3a9f9314f85edc9d3503e552f650c841705ccaf676b5212500a7dea521bf1830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
143KB

MD5
dbf311197d405794fe33413b06ee8fb3

SHA1
4fbcb11f789ca2a656df8ade33e32ba0ebed3d8a

SHA256
40606557e787d622ac770c7b56455518c1480845785558051713b45f457538d6

SHA512
90749adfc2adcde63bba8032b09777bc7d3c76470cd10ad68cb41012b0523955d9698f77f4dcaae72bed6b9b2acd7422d0e8a2472a05df0bac4f644c710ba19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
230KB

MD5
dc0ae852925370100d7a7b500cdd4b3c

SHA1
025c1557db50df97b7dd2444e3a118db0a420a43

SHA256
b70f108666f5be7fd2b867c30dc904df4410ff0ef5085f4bdc2e58d820d80d74

SHA512
a55e57c42c5ef0dbaffd2456ae2a79a6d23aaaef4ca8434b363f61cc42cde6ae68a1683eb0f40a55a4bbf2082601ee8e5319de285b76a2f45edb76e251970c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
3.4MB

MD5
d76adda0c16a38d8071029fc627121bf

SHA1
69d7edabbcf32e2386e1cdde7890109bcbc511f5

SHA256
603ff81ad650fc87e68763aeea01abed8182929daab56045119712c34192e1da

SHA512
d9179727a2c49aef2fe851aef7f00dc40dc343c7849b293edd42002128ed81fc90c2b63ed8a1dd7ed3d01e63547c146eaa28ffcc7d7d3210cd2e475fa097dc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35a7330a57a821c1_0

Filesize
215B

MD5
710855dad262d4b8f99d19e3fa87e19c

SHA1
47c3521c41bcc289078c078f222a34349050646b

SHA256
7615435fd526a2586d30145688eacffcd5bbb1a9a647b1f45ad8c5cf3a27909c

SHA512
0288e606d9801e945f26df51d79e468002a87d5ed9e98ecac45fd88927be1bd844c73d17b9dfd5d5f6814a0258c929bc2ac358d7ea85b37e37b4a207fbf8865d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74a9b998471d4dd2_0

Filesize
219B

MD5
f10c10356e005b6a40436b07b115da61

SHA1
b113b8989e4216f1edff8ebe0e3d21191bf12b62

SHA256
ead784596172d24d7368bfe7804036c1708ed976caacb302ad14d2ce1e50225c

SHA512
64050cae5d1c94e9e6f06e88444541a04bd1cb2b4d385cb9f7f94420b01a17b412beafd89f68f220958703293dcc98f4f18635c744ea46117989c85e1bc82522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c35b1b2c259b45803af78e444782575c

SHA1
5911f7512eb26566ae3342691fba60e903dcb09f

SHA256
487dadc15a6adad78c0c4d4176772688acb5254fac19ec71ecf9ece58f2f2eec

SHA512
bd6ab9e6252ace60b8005340abcdeae93edbe33cdbc661e74958d5d7282cd919711e1efc204566add03bc8887c6271cfa743808e590ae98a80b5e84becfb697f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
d8d6077c5dc986e992bcec2a67480b37

SHA1
842ffa62d98078dd2834de06039bce6808ef4485

SHA256
98c36597be7073f3c6775ba70ff5e423c68c3e0199f621b7081a5778cd474cef

SHA512
86163b5476bbd3f89c4c9c6066986e796f80a711802f90e812260c06ce7f489d07485691398faf715b8bcad5170d51b3205c5850b26b06ab9e6555a83405e1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
6732f47b2cbaa29282c17bb673df71ff

SHA1
ca0885267f6567ba7c936cce7ce18dff2fb5ead9

SHA256
2bdbcef43d3a4aae766b37db87e664081df78be466077c8ef875805f9da0ac9e

SHA512
6fb2aa159d0370bd0af5d58eedc12df96ad1155e13a1f6a8efc7603261de651f5b02c088578f53457449d8b707570be18294949c04cda33d51d814cb16bfc57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
d51ab70e315a220ff876118ecd28c091

SHA1
da19562c712f6606eab317938f5186050089c4f8

SHA256
f2442c461d04001a0304982d2f0cd021c56211b07004cbcc2b6976047668d3e3

SHA512
4941a751191b303279b47da4571f257cfe9daada6bf41f0b4d23033cb84e1ede3996d56d1c13834413002cce8e6ae04fa918ec356db363c119a237c511c9e92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
5b7e0573e25f709127b0f7914422df8b

SHA1
a7bc177af7d072bd7427867a10cd9bb3edf6a34b

SHA256
dbc801ab4c4db4ac05effebeebce68e6be7ca17f52edfc5f8d7eca290cd56ba0

SHA512
4af9ddb795c17ce65168fc0fcd8f33fd61561711571e3f9c27071f337e6048ff21da5b39357035240e6fbf7fb66f3b4e2bb8e79f43ff6f7c06e144804e1db39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
4b8bbeeb348830b8297f96ca1bde7a70

SHA1
20aec860d635d7b32beb6adababdc30a190dcc03

SHA256
4d3e59af4f0c1434b3f6513caa3f897473c76bdd242b4430251e9e7304626a99

SHA512
a6770b0543981648cb56357550cb5365457f905023c0db95d397627d49f1918df4c8ea07d2d1be84a3753d5908e5e847c23fef28e0532b281918e45bff333da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fe18eb178948e91519afbf20a7ebc768

SHA1
02aca59a09364ed0471d61630ceb4a71660414f2

SHA256
9229514ace0bffbb642c93855f256161889b015fda3049eb83f2d2abf17b2809

SHA512
10bd956f263fbca0352126207f7b0132d2b3420a547243d5d49691104d6eee1bd4ed78e8f87499b7eb401ecb91c2d67feb1ead744dae46cefb12d98739eacca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
546B

MD5
155f9551674ef32958e6b4fb4cac264b

SHA1
1b57df207738260eabc5d08971f8300d755dabbc

SHA256
decd4b9f7d099725dfa3fe434bd28fe1639d9391edaf67ab3093d6a9ec9f1976

SHA512
a8fef08b4a98cf41731cb407099904c593e1aad67aac0f06482d15b7b030ac0d1742e78f6d08d36726c36d214a1522ee0bc4fa6a501e5983bdfebcc00d2c9c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
e46c9b70f71a48ec43090f94db646f6e

SHA1
3240dae55be7e6d300685037e93c3ab4a9300d98

SHA256
59b15fe7b06c477d9a2533487815b105cde80e9fdf18ba14ff06b17bad2bb03a

SHA512
d2a6278c0f98c58118b05d422f4b2a8217dd837500a7626e9460b20e05c90dd55b8c2318da40445bdf8c723397a04b3895fd6d82e8e679f09f7a087608c43f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
691B

MD5
1cfd30893cdb9aac184ed8673b1e55fc

SHA1
dfef42cd803c6d0f2e68bbaf80d9921e320bccfc

SHA256
4deea4b707e20078740770acf4f60e39c59b6862f012ba102cd165d2408926fa

SHA512
8956ea9729dd8ba06704e301fa992a39f4c05cad0a35c680ef9de707f8cc715464cd9bc36f916834b94d6a45bb00c0ffdd2c1063b813cb80dafe33b18ca2be32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
a794bb2170b22f45c9eee422cdcfaa7b

SHA1
4bec0aa2e5c439ae1133d72678add8b6bc953a65

SHA256
bab42b6fa759309a1832e60286e9c9d65c4f05154c2b2210c4c80a556a83f996

SHA512
d765608e6acf03434948fa20cb339b93d75609b0cedc169622d7eee1b5180645bcb53c4a9dd62a049d60a8f2fee660738273b020838a011396b50f79d83d86e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
247B

MD5
94bd83393ee4e3c749f28c3414160cbc

SHA1
68effb04ecc392f2ae4ad7bdc1e99b9116da474c

SHA256
e1dbf44fca250f32925910fcd7f59276e46d0d916eff30fdf9f85ef91bcd3d4b

SHA512
203109a405cd685a195e6cdae5d0a624abcd6c6a9333b88f312e50f96bafa03057366bd78bf62df8784ec97f14677d56f8b78b472000044618a784bcf7af3e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
649B

MD5
f72d31bbd8d21001ebaa019326c80669

SHA1
20b7c49d4ec4ec93d00c04763fdc765bba82eb0c

SHA256
86de22c1514921bedf2daa9bb02198078030c08684be5140c48acdfcd85c56a4

SHA512
f8fe7b4d8ff377e602c50f3c11001110df887d8fb7ecb9d12e1500f0960ef7817d31e2ccd161c061ddcba887907c9146510fb53313deac083b77f6b59f72c579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
455B

MD5
39f56f37b8102666a7ee2304dad7212b

SHA1
40a4720de382940385339ccc260604ee8593c62f

SHA256
69aff34d260b680d0977048fbc5f68248980c8b29484991c4fe1904f8aa7b87f

SHA512
f0b5b9b48c4e3cdf3068eea48599419e905fa4daf59d9472665559e821830a314600d5ea93416ec7dd5ff2e72bbcd53b67191ac1fa77a1bd32650b5c0b0618f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
12b098ce35c91bd15b5002cd4fee8565

SHA1
5602ac24d8acd8ee1f14ab3dd2fe94cfcfe02bba

SHA256
b90b5a45e10b0d99879cfc5c9d55fbb915ae21013464b217b97e4005d332a94a

SHA512
33fde44e356fe2cb4fa45383e8872b03710c6e3166c8fca2095a6f7b1498428c5f7981002253935f066f876bab65cdcbfa3baaaee9767c471d70dbdaa5d9b39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1750676ca2034d24f9f117d60d9b3acf

SHA1
9fabe98fc44a667cf36effb8852fd617c6c11181

SHA256
55df63b801731ab5efe79a4df8012c0bcbd3ed6074b6ed2a94afa6618b364384

SHA512
90cc23aabc8885cc1aa5f070f08c6b58bfe54e6721e7d2d1c54741641aad653b1001377987463d30d90b3dbd9fb929b68bd0dd46327bb203595ccab15623c447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45f5f02867e7dd738fb3e035b6d8531c

SHA1
acf462ed22b702f7e84fd14d43c202c451b58944

SHA256
57d25babedcda0902959fb257710e1e2cc22db2176788487f0d536f547622672

SHA512
46c0baf004f861a59f961a58ad327f4a88abf5aaf150645c6cc5c51fdfb8515fe4d52a518e3e4ed09d7162539b70cc0920347e3ae3a568c2d59c9a13ff45caf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63a2d4def7246365927bca22e291b121

SHA1
c1d1c488225965704bfafd88b74670982ce44dda

SHA256
b80da841d556bce63ff7427d761c17b90a63718481ab9542375a6fc6c114aebb

SHA512
b95de7caaa8cc34970af8f096524a45793b44ae4f58ba70886f0e291a4325f08636a01222a651655ce63cee7d1fd09b8d6e994b237dc32ad4886e98b3a8627db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c229b35b0b2293359566cee36cecdb29

SHA1
f3d7b7245a2d625bf5d0e597ef77f91794588fb6

SHA256
8d76d8f9b63df82c72fcc4b3a4c9b5618834a455f5ef72660d49baeb147b9601

SHA512
7fb246efbb6e4955ba0dbef49b81bb93365c1257a5dd8c2c568bf441328fcf4c1e1fabe58634139fa5d29d0313318e65f6ad718a46dcaf7ca80ddce807ac233a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8a35335908407bf7c94d21219a82836

SHA1
915056706857d9eafdc543dfe2dfc9f8264db3f2

SHA256
cb4ff80cc58f5125d5e679195c193023dc2669a041476390da10b52934761e7a

SHA512
22207011692e30ece3377ea198e91375b7bf82ccc98e91012adaefcecfa2bdab3ba42b589080cf1c5da9afdc8fc638e75adeca258435b40b3f0ae7d52f1bea30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
605eba9577e5e90ad1f779309a2f531a

SHA1
10792044069466272680f763f0531538130dec25

SHA256
0c0db0755d0557fee55d9094135ee62c717874cd4155d6262dbb29b20e13acfe

SHA512
a565cd5d5f6e3ca0c2ca0ac32ced6936f3cdb5329405de75f0fc5844e35eec21a2ebf5855faed999f721d55e7e62f71dffb4377c2d3ccee99edc92bae7939a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
24KB

MD5
1dc2bf12c7b50136c79ebf19bb2c64fc

SHA1
a8274ed022dc8d7fafcb916fc5749dffa9728f90

SHA256
aa84957e388dfc8ed5e230d29aae8c2a639c9d330a910583097e423e1f99ea60

SHA512
074d544d6b0286fbfdf0837786ca89ebde28403b09b1dea890050effbf111538da740763830c0a526a7545840ac6dbcaed67b676807a5ff1de5ccdf53a2470ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
501B

MD5
4171b949d35cadd7993710a9ac7c44d9

SHA1
75af1f718658fcb79f3292f443e77846d8e3815c

SHA256
8090798839ef2e421875bb66f14429fe8d3e431fffdab053b2df73427ca3b9b2

SHA512
2d3a9a734d7cca52b2cbc22535f11c3730fcd64142187d11698dd990f9d7105de969c090267afde7268f6ad653d7bf044593441838112c5accaa0b2a2b1578a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
1426c7c85022ecbc7391ee0b26e60508

SHA1
fea8896728faf0ba01efa839823f0ba19f101b05

SHA256
c4643802a648e5569fe7f2a7cd27c62c2daa9f2407b3dd1052a900cb490ae803

SHA512
78da40a9385bdd35ef64c73f9d1cab2dcc07272052f6c5021b8559793224db7e88a3600e35a789ed223e700e8db4a0340c66e56940740bbd71e4a8ffa9716194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366137162550161

Filesize
1KB

MD5
ef5774ef846843151de1e01df7d2c5ac

SHA1
5e2cdc3fa4992d6c3cb4e10202afdfe6503a3f45

SHA256
925a08b89f74f030fb55ddd9dd5a4ffce605a64ce452dc690b9fe7879dc58111

SHA512
0ad9c545b56d9273601115562119ed7f5f4cb3bc4b9e6086f20a9717524560d13fe66ea1c14b6f481a642a44856ee18b5a4efb90aadbd8c2eb131119116dcbf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366137162767161

Filesize
2KB

MD5
e4c8cf4c6bf26becacc297c92c80c7d0

SHA1
52a655c3646e5d85c515e001204a0901d3a6a9e7

SHA256
5b654cb4a40360204bd230237c0b40947b875e70dcb67af10b121dd1a45f17c2

SHA512
0db48f87a32e0a7045b23a4fb1c40b4993cd5e77095c75517d71920e4bf554f96bd29649a8adf58ccfe3a7ab6de9c54c65c03c2364145daabb14bb5c52d3c435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c1914e44b9fe43a410797abfee3df755

SHA1
1968dc76bcdb6b656455b28e35770d7c23c03a67

SHA256
3214ef70fcc8f2fdb2bc3c7c0259dc4d6497ba652344b04c985bdd590dd30aad

SHA512
7571d3a220326b05419457c800fdd9b2a6c038952df42488a61b41741d2a409c929aec5d68078519fdd8463615c2e2683b91aa37001462cab2bd77a7f994199f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
618234b3535749f094cc0d359a2be8df

SHA1
ea38bad8ebb70728541a7995050b5e3f3f93fb6e

SHA256
451121d512036f27fbf1916a6257c67d000012eae2baaac17ce08b5c1553458e

SHA512
0c963b653f025f36f8719fc65df318ff835adb6fffd7c942ef1abecb7021ac5ebf0d23a11b4d034c9540386b9663ab9e0ac65483245301a42168356d1cc9c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
9a68b5c380d12fee85ab49827d20c4b4

SHA1
931830045499f6a09f8ba1cfa6003d58278bad40

SHA256
b45936c415801566b4398391e85490dd1efc2faa400345896b0effea69f31990

SHA512
01a8bd49b0beff138e71d0ffb9451b0c5e135cbccf2951d46851d5c1ecb6c80d9ef978cf4eeba16a61f1910c3ea9024f0deea466b96b39e06f749ce985409b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
241d5ad61157b76e8015ba5e54b9a386

SHA1
4f20953d854dae49bb0c51519727766398a27728

SHA256
e0c31e1be93f1a6fe7a53bfb62f66a9e48d0cfe130c52cc87b837252c355d372

SHA512
f3f27db07a2a3b07b30aa530762fdce7bd13f026a2a831b40a5b78d101bf803792b23b5836c1222ea6b56c350b5144dcd3eb025dec7d7b0cab5c5b6bc68fb045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e06437ed1bd078986b913c09af11df24

SHA1
4826cdc0abcb7da9568b6fd8c1d21437794dd480

SHA256
e97d82ef95bf3fb8da3d7f575f3859ae6bb701cf455f09d6446b541dfce60e90

SHA512
8da8e3c7afb9099c6ec33ca3a1b720d3325f9ba5c0d64a6b235049bc1a1f9f00a8ea1a305c8195c429e3668b9f9a6e396d71eb43b0f1060c9638509d28a8d26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cc92015051316d2a1ea27209d051a75a

SHA1
5de5911467affb24bf065571b709831fc00709be

SHA256
0764cf7765dd6dd333ea4008605479a21e04ec735233509ad379816d565bd05a

SHA512
4f0146e3b9346209367ec0263dd3a03bdb616bd1c4bd625d98b7be900713540e2ad96a3a278f332cca08df2dd3dc0c1085e0a1a990ef1eb37a6096006f542126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
cf8ad843c5af3083a2e5f60ab8c5799d

SHA1
8e932c027fb63624e91f2df8bd8c8e9a052f6a99

SHA256
e5717d95a6841b2e8a4abea243626eaab026a9bfba766732f27e683848e71e8e

SHA512
29fd5043c1ed218ae31b03de2cbf2ca79a00ef22b1b9fedbd29248571a88eddeb17288a3b13645dfb9c578715a88fa867b75fec64c57ef6de4b58bd8e6b6b99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
cfc0507526a47e58d171463c09a8131a

SHA1
11646ad86037e268b1064578fa0e282a0a5604df

SHA256
fca265f11c80f6b3492e9bde2facbf85c51edd73fa043a1ae11ab09327a67d47

SHA512
ad9fc3c2551c7a23d4a292deed1601bef296211e326f38ff93c4bfdf576fb0037ea3012b4cfc2a9cdb14f444f2f41f5e700addcfad318558266e17f35031b7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
3259c4482a5014c2f00a6ade22cef162

SHA1
ac96efc95877d79166f87aa4938e556e03e5e4fa

SHA256
12e2e42d43aced21d07a4ee18423f8e68f378f267c5ff4963155bd247afede93

SHA512
386431d526d71766f1d9da6b9aa3e37ee5256ac776264d97b540d97511f5250007bb50916a3c77e557f6cb4392a59c6d8dfc246c40ea64dbc117b20d514ee96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
6d70e7c051ac0f42ec8dda42d924e0ac

SHA1
91ae582e3e290f1ec7268e3126c9db69171593c1

SHA256
87fb9b939fa090ff8f8048c6e725690de8aec77fd04d78988429ba374c556150

SHA512
81741cd3194e360283d9890265716f9f7310aac8e4f4cf202fef56834a38a88d07d1b2077203e035522cb3b1a8fb8e26c0bae95e5a7a6fc0f44d83f910e3dda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
033aeddfac92b1f6b6825e5612dd6761

SHA1
f9ec68d046477e07a49362076b46edbc0947cda2

SHA256
bd9fba29660c495915c6285ce80aa6b66c18884bf9ff28a1eabdf2b44932e74a

SHA512
2c3ba6fa73c213566bc722fe26774628ac92c6d46b628071f30a00d7b346953123cf789318bfec0b70bbe8811595d045bcb882d7103993e34fb98b6a46886518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
863545d297d288d09e15f85d31d50718

SHA1
78c2046e11746a63bec4997090671573d91456f9

SHA256
a3b153833effad5b4862470c6e5ab0909056bc7aae657b5725c9365bfbfb709a

SHA512
531a2d4d91ac2c3dc9d6e2b70330d7516e544094f923cf9f8669493e9c35e61dab7a531c7f4c5fb0d66a532b647ded24d859a894a13b401e19a82730273bd2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e774d82e25de4df0b038d6fb2c3dc6a8

SHA1
234fc9566b601407b75d0583535a358bd7dd10b4

SHA256
c4af53eea518fffe59144a0b2b37fd35765b698ed684bdc1c55a39900189be17

SHA512
a0ca04fcbc0634ae55342b06ac4d5ace3609a6e574367e25880ae923d05c581da9dfc53d52b4113ed2daf67b984683ad82d446c20b8cd68f6d614874463591ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
77d3c8a82dd9053f9759d7881981a5ee

SHA1
b206ed01a92c7fff4eef903e7451c0529629619a

SHA256
600fc71eeb2926e6f400bc1e770dbbc780e38d24acd91dc89672eb1744e26e27

SHA512
6246c0e59d7ff799308f1e921bef445fc431f952974e0a369f7e2497d47e7070831ff59ca9c703e625d0f2dab96860cad1f67642cb431b587629960570b517d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32c581d1b7432fa8f48d6e1fbdebe9b6

SHA1
254e23f9b136a178e8de550b3a902a22a9499c7e

SHA256
41c6abb1be8109176b923d30c0b3d625bdca263d3c053ac13287c83ca3c32ba4

SHA512
11bd3007ab4ce7e2c0f95e170f6240e0d7b0eb3793daf72d5c1281f7379ecdbb526cf893e8877129c874577aa669984921550ad96450d70f999e5f77059f83dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
2db9197b497d0a9da88c0de7c549d80d

SHA1
47cba347c8bd831028198243019dd2a8f6314861

SHA256
5165230e45d1cb497e85f80de683bc11a6334e0b871261fed0e2574ef727292b

SHA512
5ccafc746638dbafac19ff0726c05215665e2f2102423e2b54c86da561f32cd0a8c00aebb33d111687498904281b422066a4bd5ae6f26db07e174e93dfdd9df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
81e540d2563337b36def33e255f160c0

SHA1
17d766f45c808a3a1642c598e4b791c6b3e68f99

SHA256
526326571a1ec5641aa141f714e204d1d3341dcb8a39fbc1b4a6f5b61d2f9c4a

SHA512
692e32f1da91b7c6a1974d108293fcb92e56b45c22e6004ea1887ca74d8c537c56dfbe478ce98d130ac19017841c303af28bb9ed412dc49ec2dfb6c9646ea19e

Download Submit