Analysis Overview
Threat Level: Known bad
The file http://getsolara.dev was found to be: Known bad.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-22 23:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-22 23:36
Reported
2024-08-22 23:36
Platform
win10v2004-20240802-en
Max time kernel
31s
Max time network
35s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{4338948F-88AE-40A5-974D-607DDF83BE3B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbe2f46f8,0x7ffdbe2f4708,0x7ffdbe2f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15115317968103930894,8469752913972379731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 172.67.203.125:80 | getsolara.dev | tcp |
| US | 172.67.203.125:80 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | link-hub.net | udp |
| US | 172.67.135.50:443 | link-hub.net | tcp |
| US | 172.67.135.50:443 | link-hub.net | tcp |
| US | 8.8.8.8:53 | linkvertise.com | udp |
| US | 104.22.22.72:443 | linkvertise.com | tcp |
| US | 8.8.8.8:53 | 50.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 72.22.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn1.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.15.3:443 | cdn1.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 3.15.111.34.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_1568_VLCFQSXHSFQGRMGJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 280877c2b569daa1bd69b0d5782a70dc |
| SHA1 | c91e21c18cfb0ff5ba84935b78db5d7ab92a3b8f |
| SHA256 | 9a1e545d79d575ce8918a0075c872ce92b52bd040b7b2158463d9112196f3a4a |
| SHA512 | ddc537770dbd61c6e5ecafae0c7a0b05fd625062ef93599b22f1cdf96cfacc0b926c517887203b537e164e291cd5dbd2a3872f4de1b2827707e191ba4fad23aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5c0e5577b453a2136621e4a761d556b |
| SHA1 | 1d33cd12b487ef96118e40fc5e6f4cb14fb737df |
| SHA256 | 00f39543d59cef2121dc6f366cbf82a18c69721b1554b63ce1dd27c21f0b7532 |
| SHA512 | c4e1ace41b0a6733257b2a22129720c55752f19d6235390f6c6295dcc806f5fdc1c5abfb369c913dfc20d4e1102cff5a163567c5090fca86384bb7b5cf24f99c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13d6ee7c4fc7b185b7742ff19a63cdbd |
| SHA1 | 7c65852c62c633132fe9eac0650702ff68c24097 |
| SHA256 | 6d9750d5fd3a8488d7d07229ed6a72d268d903c13ebad1fcac077eb5be35018b |
| SHA512 | 959ef834766e0b527e1f23e3452c1d3a878e173a90b32dac0f3cb79321e0df69ec8b1783ad3136a30e71de6e9284df2ca2b33a00d204028e0f325046d993c53f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | afb2cc0d2fa79e82c02af060515ce6e0 |
| SHA1 | ad57a44cc52279ee56d83ea0cd63953262dd5d6e |
| SHA256 | 3f5b192892eb2cdd1c1ed288e3775aab2736484e2bb6e910c4f2e6ec82c1dd2e |
| SHA512 | a656eb89dff94ed010effcbc582538c5d7eb56fa2d382704bb6536aeed5d2b4bf1c587dee57c1fed70de9d23a57eb7d18af6893a3ccc99bd5252759c914b5b81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 28e2fe68ee3f898c71ce7c000a17594b |
| SHA1 | 0be7abea29ba2a0d47bf8751f7c57b01a8419323 |
| SHA256 | 43e9c758cf2a08ca3a0896a24d0f0662be934aec559662f6fbc1173faa19c525 |
| SHA512 | e126aca6dd55b58cd516facf6b91009a81f1d5d9a73b472bd253ccf8d9bc3fbc8a291ff7c7bfc9b0279711f24e086e1c0dad976a0bfad36caa073eda21e971c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 31e601f30b501eb492e1881052d993b5 |
| SHA1 | 019779d4741886edcadc1dd3bd546d43032a4e3d |
| SHA256 | 756faee404ffa9c87f01cd050fead8d4579d6dcf01deeaa509173675fde050f5 |
| SHA512 | 09859056ef3da3383d1ab4092701fa97a945baf7e2e0e84e6b48d1b4502533a09de917b8ae9570c1c08da903927a1ca892c09acb8cb064fdebe1274b081554d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 91d07e85b11f25fb9b58387d6ee74347 |
| SHA1 | 9ecbc486b6d0af2c4503e006a82a78a0833798da |
| SHA256 | 806c0ad749df8102146e580c28d6869a750d97866414ce2d43f9ee7e0944540f |
| SHA512 | 6a8a00a5a09f3610312317da8389890192dca0ab586b8cb71462fb1e32f2e1a481f4a52f8f3337ea1421b5526e0685872f60ff0e0ee0acae3581b7fcadc88a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 64b98f55f67dec85559273ec790e9fea |
| SHA1 | f8754712f265dab71814931239640a8ad8e77509 |
| SHA256 | dafc69368255faee47481a29fef6f8f58b925313131d879bad09a4865b9ab1a1 |
| SHA512 | ed8cd5406fce708b7bc33bf7f6710c280e410eb1d61d557093c92000c6111a8de155fb7383cae98d9b0253b560fa4fab890c8b1b02c9eaa534534cecc9bac8e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | be8d3235af81a452ce2c12f6fd041137 |
| SHA1 | 78d1419de5447ee740c75aed08eb1b2443097fdb |
| SHA256 | a97c727c2e4273d5db399fdd0cd3ffa299d4354fae08a63d70856b0263971d39 |
| SHA512 | 51c99b9aeccb49252791505589c6a5d6cde5c9e9f2eb43e4c4f8df27534ccf646c62ef043c979802c71e44d0f305a59dbd8b7f1c3b015fc34880d9b2deb26c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f971b58f5bc8c5abcda02d8055826f51 |
| SHA1 | 4008742281c019c02b3ddaec237218faa70af1a3 |
| SHA256 | c3f677f2293f69e536748fdb696764fb6f7adb39dd2730328b1c5594d507b03a |
| SHA512 | 3564cadde44ea7dc126ec258f2193aad8973eabdc78fc4cb25869aa85a057c95abc9fdbeb64cb0f27c832165c8a24d86fc4856042df8852512d945285fa026a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f8a516ffbd175c6c37e48b80f88e9286 |
| SHA1 | b113e42f931623418fe73679aaab497ed694d628 |
| SHA256 | 45673dd5d7b812af76990401156caab961d35337c2a1cff2aeb3bb92e20b7df3 |
| SHA512 | 386a7643f1785604894f701670555574127034aec15fb9008738bc7351526b6bafa3d5d5ca79d9e9087d9b7c492e0e9f548584c55040451f00ceb04583e42d01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 360437605cf7641c44fd7270bd29a5a9 |
| SHA1 | 851ab5e65bba8548562794a86ddd5b97100ae3d5 |
| SHA256 | c74fdd78a156d1af41382891a509d331392ff0263fb0ed6eff75e9f82e1d36f5 |
| SHA512 | 20c1c1a5b7f3f263f48574625e47aa89b6116b9adddc3551e66c17cb71f0bff65cdd25f975c0fcd5b7ac93919ad1fad0dfd72c173018bbd4caa6ca205adce73c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26e50a7ba2068120d2349044eb8a5103 |
| SHA1 | 51f399af1492061ac5c20cb222d892b202b699dd |
| SHA256 | 7dfcbd59dda0828044571819e91735efa02bc447ede041133710ec119c31e93f |
| SHA512 | a93cb0ce1baff56b23a162021e72c252d5b8885580c1973dbfe3fe28688adae338187cf4473767484f96a5e0dae742a818e34ceeee469694bcaa9d1974355f4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da43.TMP
| MD5 | 661760f65468e15dd28c1fd21fb55e6d |
| SHA1 | 207638003735c9b113b1f47bb043cdcdbf4b0b5f |
| SHA256 | 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e |
| SHA512 | 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e5549dde3e6624bb21fd850dcafc91d7 |
| SHA1 | 6ae37fa8a672570f9ba2592c4d987d183aeabc3e |
| SHA256 | 3b3a929d11954bee416c6c5649183e89f560c8406a174768ebea10c89bbbaff3 |
| SHA512 | ca348507691df0ec2c00f33ba4d3544357f5e6f12cbe8eaa39aa9277ac76b9971f91d90a67d6307be647cc96c043709c98bbacc5d167fbf6e99704a348927c51 |