Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 03:32

General

  • Target

    https://getsolara.dev/

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getsolara.dev/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff354718
      2⤵
        PID:4656
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:4116
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
          2⤵
            PID:3568
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
            2⤵
              PID:1224
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:1596
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
                2⤵
                  PID:1356
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3536
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                  2⤵
                    PID:2964
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                    2⤵
                      PID:2372
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                      2⤵
                        PID:800
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                        2⤵
                          PID:3484
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                          2⤵
                            PID:1880
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                            2⤵
                              PID:2452
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3888 /prefetch:8
                              2⤵
                                PID:3940
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                                2⤵
                                  PID:5100
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                  2⤵
                                    PID:1252
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                                    2⤵
                                      PID:4080
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                      2⤵
                                        PID:2888
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                                        2⤵
                                          PID:3052
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                                          2⤵
                                            PID:2492
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                                            2⤵
                                              PID:5720
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                                              2⤵
                                                PID:6124
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                                2⤵
                                                  PID:1892
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
                                                  2⤵
                                                    PID:828
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
                                                    2⤵
                                                      PID:5712
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
                                                      2⤵
                                                        PID:5884
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
                                                        2⤵
                                                          PID:5984
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
                                                          2⤵
                                                            PID:5156
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
                                                            2⤵
                                                              PID:3212
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:1256
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:2472

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                9e3fc58a8fb86c93d19e1500b873ef6f

                                                                SHA1

                                                                c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                                SHA256

                                                                828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                                SHA512

                                                                e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                27304926d60324abe74d7a4b571c35ea

                                                                SHA1

                                                                78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                                SHA256

                                                                7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                                SHA512

                                                                f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

                                                                Filesize

                                                                17KB

                                                                MD5

                                                                8c40080ce790a71c9b85accbbec7a2e8

                                                                SHA1

                                                                ddf9ab694c9fd5799f8bc82cbf58dddc85d507f6

                                                                SHA256

                                                                4de75bbe04ddd6afb222da24d1dcd6ba1f361142c174efacc8f7708b8b27a214

                                                                SHA512

                                                                ef6baa1de2eeb62b63799bd070e193c2cf367f42adfa7f37e0f2cd9c9957e922c8343413e03fedcad1114be515c52bf1b3eec3aed329945628883fc65b2f38c2

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dfcbed07853ff0b_0

                                                                Filesize

                                                                256B

                                                                MD5

                                                                25eeceb50d9328111e72de49acdc9aed

                                                                SHA1

                                                                95332485673ccf0b4fd53992c9f2eb9650e44253

                                                                SHA256

                                                                4dae5e0ce9fe6a7cc7c79437240e6220140509e4caaed7a78356b8ae1ea7d443

                                                                SHA512

                                                                6aed98bcd7f8f2e55cc80dec104bc0efd8cfc7b170470cdd100151b70d1cbb693e02b569b9dcb4121a53066b40a5f70d9cd0902c7927157a36b296fc7aa4e16f

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                72B

                                                                MD5

                                                                e969c11ea37b2a39dc5a4b52b451b445

                                                                SHA1

                                                                b57d40715af9c7d0a82827c730905ebc47b0c2eb

                                                                SHA256

                                                                222dea6ad4a1b389ee5913eb23effc2fcc9c73234311ad10b8c5c949e4214bdc

                                                                SHA512

                                                                2744d3e2dd6246bda0c5f0d9788a4936eeaa74204077bcc1fe6ee92520fcde5746caf1cf3f33ae1171263ce8a3c115898293b106e7751fbc77e8b9e8f116d360

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                576B

                                                                MD5

                                                                cfccd6c6d6be8ab283721f4390f13143

                                                                SHA1

                                                                0daa9862ca08519b2476c88b74414a22d57b1bce

                                                                SHA256

                                                                4f831d0adde28868249a0ff7269b209c62d9cea0b41d8b3cd50783b4869a158d

                                                                SHA512

                                                                3fccbda328848b016c3b78b40a647d0663539d8f9aba367ca69c2f34401dc9226ebacaac905ff794a778ac86c8edfa6bd025a5e3a03c69ad0e67ccafd1c4bb48

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                9afc5abc58ce9f76a44ae4c2c098f2a2

                                                                SHA1

                                                                4147c77d5c13a77bef830d84e61a52f868838c3a

                                                                SHA256

                                                                c9edb83a6769e5fd099424a8b451c886c1b72f9e553f64a884c05c9699791bf5

                                                                SHA512

                                                                521737c0ee19312f7f24ff771e303f6517c264b62f37100b6537149223a33992d4de970ac9f2ec3af292f297a3239d78a461485ba77b3445d2725cdcb202a24b

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                54f5d90ea8bc5f6e2b7efd7de8111bee

                                                                SHA1

                                                                c4b3a2a67ddcc8f4ed72f60f6da1df1a7ba937f1

                                                                SHA256

                                                                b28ed20b12dad262d8997008c2fef725114c8cdb167c08d8b2bcbd0c2d18c872

                                                                SHA512

                                                                431494c9e6c218c82ef513ad1347032ccff7670979d9e38dcd6e5790ddcd35adf4e8084cc01d19a4e8b721be6394bacb3f4f0adf1acc4ba8c6af8ed097b60802

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                431a02272b5d916cceafe27bae4e9a3f

                                                                SHA1

                                                                d03e9f0fabf1f766cece59d33238b923c67c6e7c

                                                                SHA256

                                                                0818e8be3fb73e42fec0f6519d0849d317ed28efbe42f9c9b0a2f1798a0b9308

                                                                SHA512

                                                                dddb5de065bd169078ea721310f2a7d4cd3dd9fb49475622479da27046cb522b315638d084cc2b144caa5f59adc28b163754c267acfda2375f6f895e946b5a4c

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                cd0e8c9e5bebeb0cf659c3d9de08b451

                                                                SHA1

                                                                6cf3ef7754dac554e355179291e68416a1f59e14

                                                                SHA256

                                                                e79d14f359813ee6d65ba3532b2cc9c3a8066ace043763b84d6ccccb50184e3b

                                                                SHA512

                                                                11d3e542a844bcb7d03295bf406a457bfc36b2656095779240341895de600ee2ff2b3e4a08bc120f82302a0156f04b2cc9518f59739ed5751782f37183b9a5f7

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                375657cb31f12ae808a1bc472f6a7a39

                                                                SHA1

                                                                6d681b9792e2096df19ddb0fe0ff0e6adc816a14

                                                                SHA256

                                                                c625353a449ce5f520ab47e6bff523ee32b75a9a88eb15c5a16b72416661b9b5

                                                                SHA512

                                                                7b1a9c9c6068d1039b49f876a553f46c2fbdfd7075aba39a67c4931f73074e8d9b007fe6ea6520812be2163a844c0072823d7bf5270d3fb90682d835ff9d0046

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                05832567122957fed809b034f52d5aba

                                                                SHA1

                                                                413f13defb5d5cb7eebd782f4046cc1d9f9a1305

                                                                SHA256

                                                                33da7baf3a52ed452c0e02db7bd3079fd2497b4e84de89e1f295b830435830ac

                                                                SHA512

                                                                39ec40a8d0237fec73c5821d3c66cf503a2f3834431199edac06182e7c61788bd994702cce2f16167fed7ae3b281fd2f8bad907fb052883bf15d354ca837b7e1

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                dc3dab1790fcee2c21bdb604f8874ac1

                                                                SHA1

                                                                961b2476a1241e342ba73114608b9cbae5e7adb4

                                                                SHA256

                                                                393c153851106c75f1fbff808e2051227c048eb119cfe8353b710fb7513a37d0

                                                                SHA512

                                                                a17ad1a057b2a392035b5ffc8b930895ddb8ff6c723abc033c4af560f6c6a5e30db07579754d4371f339d9bbeb4908ff13e4ee1a84fbc86a24db88b7752ae297

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                261d5bc2552ce3ad65f1442db9618ff6

                                                                SHA1

                                                                9a39f18b0f070584237c1867dc344543efcc30e5

                                                                SHA256

                                                                ebd6fb2be01d2b25482f9aa3cab5881135ea2e3b6b3a75eea7a28ac6aede4bad

                                                                SHA512

                                                                c24aebe1d0a2736e5a523458878679097512cf658e476e2faa1fee7c3fa84cd08ccd80e85c6461854d8bd166051af9e5b3d506f9151590346bbcd3248c214df6

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\c9e5a3e1-32cd-4dce-a6ad-94edd40bb5a8\index-dir\the-real-index

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                d234201f3a4db6f3fc979d3b91ad0132

                                                                SHA1

                                                                8964f591d0cdf3f761124afd69f489fbc2b7b2fd

                                                                SHA256

                                                                7d40caccef0eae291db365aa234d34d66c7a17f6cf87f668c645d91e97e19cfb

                                                                SHA512

                                                                f8a9cb5b75eee433ec907e06a35eac885751b1faa74fca75c5aebf78df39072c9f446c7a7ea7c4b68685b5900915681581b7dccf2c08bb394ccf477bab64843b

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\c9e5a3e1-32cd-4dce-a6ad-94edd40bb5a8\index-dir\the-real-index~RFe58b783.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                dd21c6598e2d0bb2f82cd15a67658def

                                                                SHA1

                                                                aa91d1258b86f68f028f6b40a58bcb4031494cdb

                                                                SHA256

                                                                b152d842801e4b0eaaa44c2e1c28669196f0ceb139b578abe20f841dc69d2913

                                                                SHA512

                                                                d3baf9972e490a00e018c0f5ded3c2edb6f9c30fbbbdb5180e80ced8b76b8b26756ae18599eee2f976a2e0e8dac8642dec0d079110655cb10e44dcab8b5bacd8

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\dd5aa796-3563-4c1a-9de5-129054e4eec0\925a02cd30dd2ad1_0

                                                                Filesize

                                                                125KB

                                                                MD5

                                                                304cc8ea0de19bea45ed8d5f367176ee

                                                                SHA1

                                                                367a05708a9b31608f4f80c38f4bb5ecc002b264

                                                                SHA256

                                                                45d5a64eb3fffd9bdcfb3d49ef7b8f13b67b48ec2b83fa60c25300c4eb53e018

                                                                SHA512

                                                                a92bf41a5c6336fa8fa2eed35084711caa4207e34c21b1d93b7a5af68528326d7f2d42c2fdaecdeb1a20159f71f8fd41cbac4e485c80ace806e1d6b7bf2a68db

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\dd5aa796-3563-4c1a-9de5-129054e4eec0\index-dir\the-real-index

                                                                Filesize

                                                                72B

                                                                MD5

                                                                042c5eba26fb356dacf68d56efc0bb72

                                                                SHA1

                                                                0b5a7c243252515793cb54071fb83e0aaf01a895

                                                                SHA256

                                                                1a1e641c9b3fd85e059fe0c5281c664a204c71c82451d3d32e2561458386b043

                                                                SHA512

                                                                7d81055020097d1b3be9f141e4dea8e0987ddd3febb18cbdcef732fe2ea36fe5848850b4d4a4541f2aaf4b360c9011ca626446033e5dd6d02afc33d305eee65e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\dd5aa796-3563-4c1a-9de5-129054e4eec0\index-dir\the-real-index~RFe58b800.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                57c58f24852764085fe43f4cfe6c2f77

                                                                SHA1

                                                                9c1de64136448d5e4d3e1847391887f446c2b279

                                                                SHA256

                                                                f109717cc2096e9384a79297db2b161d847627647b2d25ab8171edb3ff62d552

                                                                SHA512

                                                                d1086d5d725bf7c56e7ea8d7145edd4d196032e646bcec33c2b3a62821816bfe2cf26ef73ff409138ae194a46f3699520532fc16a642105a9c949219bf0baac3

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                Filesize

                                                                86B

                                                                MD5

                                                                a4017bb8241ef3bfc3711352d8ab91b5

                                                                SHA1

                                                                60aaf37273c06fa772113a26e3d732095bab5420

                                                                SHA256

                                                                36b386614e402c2f044dbaeec0203c3b257b1dc7f2bdee5b83221b14bf397025

                                                                SHA512

                                                                32a6d902813a44be6e69f5a87f960644f9339ea3f5cb8072ebdbece558015f8e30d6ba30a7766f7949b374a7a813985bf5478918bb6864c29f3a930c9326948c

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                Filesize

                                                                176B

                                                                MD5

                                                                ce689fa1c710b5864485f8aea90054d1

                                                                SHA1

                                                                1b2b0b12cdfed2b7dfb802c1c42c63b45a29e22f

                                                                SHA256

                                                                a191455d6f2023a93aea524d893b78850152b81831aa152c75a56fdb1320c6e9

                                                                SHA512

                                                                2dfba8d6f5e355a13e72d2c05e289c38fc5f807aa54ad84cfd9c10f9ab1de4b46d2f4cc7951058a246511981e9a95de78c0dd57f6e03dec81caca28aaf1fc455

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                Filesize

                                                                236B

                                                                MD5

                                                                5a367718dac331ed7b2a5ffdcb0cbbde

                                                                SHA1

                                                                79800c919850fe7658dc3cf35ed440c9efaf49a4

                                                                SHA256

                                                                de54ff9c03ea2d8ed927417282b2e2081c50275b2ab0fbe3f074ffcefefc08f2

                                                                SHA512

                                                                745849739ae7b9b6763350a00658da500c76fbc01c9ebfc4687fddd37801c12e5a3af3541447a2193cd4e286082c3f4ef9144ef54b9bfcb16c5297019adfc47c

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                Filesize

                                                                229B

                                                                MD5

                                                                5c79667eb6c87d86b6a4604ee1dc527d

                                                                SHA1

                                                                d7448ada6bf509ff66fd70ca4813b4511839dba5

                                                                SHA256

                                                                f57e61f3cab07b6449ad729cdf6760aafad46adceddc151d9ea67f27d9f9ba79

                                                                SHA512

                                                                7ab2da5fadb9252606bee7c5355e31811c32ad8e6d1c36f19696cfeac1e9b6ecc0a354939b71e6c93703289e57f97bd246ecc51f1a4b122733e9c74a072b6a26

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                46295cac801e5d4857d09837238a6394

                                                                SHA1

                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                SHA256

                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                SHA512

                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                Filesize

                                                                120B

                                                                MD5

                                                                8522ced6d7f663584e64f0f393150183

                                                                SHA1

                                                                fab249532824b1cee1277dcbd743ce03e6f46ebf

                                                                SHA256

                                                                8e85bdab27b6130f9a4f1a4991661b83f5a51ceedd88a5659430313351bb751a

                                                                SHA512

                                                                51e1a8ac7a54aba07f0e2682e2c7558949975f9e4af25f9d3c1fbe24ce6397bd7f8389944cfd5b655b30533a050ab1490cb8a43372d3ac8a7001670d7f981d88

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588056.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                ac361d6cade4bcbd1e16e7955f97364c

                                                                SHA1

                                                                e039f0eb27e8707093563b4e9e178baa514c07c2

                                                                SHA256

                                                                b900a896d6ac9711189b6ed256d6929ef083b91f5fe0bffde3f684dd96629010

                                                                SHA512

                                                                fd90798baa6b1c09cfc50e9bdd2fab2775db727d7796647b18d40ba94eaeb2ed57ab6e295f4ec5e436a51c22de886f15c762974ac9d28a95b67da7f013bdde9c

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                Filesize

                                                                370B

                                                                MD5

                                                                44f54a7a6a27dda21b137d7cd07fe5b8

                                                                SHA1

                                                                a4ace903b9ada94db324feb5d9b53704fe15a86a

                                                                SHA256

                                                                29604f50ed500a4fef1e398e85031683533c49811931a51bccaaac53ef6017b7

                                                                SHA512

                                                                270050f8a10b304f320bef0b6164557ace0270a4f04fffdd9e6d8de23c1b5427f25450001ba90e6fa65d6b7ed3a8530759e513afcd3ff1625ece31549926b129

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                Filesize

                                                                537B

                                                                MD5

                                                                a202c243859bcfae8e17852ac0335da3

                                                                SHA1

                                                                5014b5119eb179e06acfe1054c75d1f171f3c86e

                                                                SHA256

                                                                7ef52b36d802c6b50de6cafe20782e5c131cb48ed67a7be456c121eeba470272

                                                                SHA512

                                                                6038fa79e1cf24deb54a53bbdc0626329cd89ce41507a57ac264426d83cb2bd0888be6e4f98b76ac3797bb6df08312346bd28753c87403cfc6e25d02705a2f05

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                Filesize

                                                                535B

                                                                MD5

                                                                4254ea616a7f468dd36cb96e5465a193

                                                                SHA1

                                                                d54b23b5303b40041b22ee79f686235ee0da9552

                                                                SHA256

                                                                5e17fad23335c40b086eae67c8c51d202567042948b7d1ae6230175572bcc4bf

                                                                SHA512

                                                                b8f478914adf3c5ef595e8fc324b0dc85e63fa433149e3847a871ac07d90e2a98b656f3d471bb8e21a92348998c1e78f4a4fda39fb8bbdbf79b95ff00cbd6598

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585724.TMP

                                                                Filesize

                                                                37B

                                                                MD5

                                                                661760f65468e15dd28c1fd21fb55e6d

                                                                SHA1

                                                                207638003735c9b113b1f47bb043cdcdbf4b0b5f

                                                                SHA256

                                                                0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

                                                                SHA512

                                                                6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                6752a1d65b201c13b62ea44016eb221f

                                                                SHA1

                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                SHA256

                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                SHA512

                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                78182d8783f6dae79180b4e1ab434e2b

                                                                SHA1

                                                                27a8a5c7dc2274c4209e33bc447db6ed3df8145e

                                                                SHA256

                                                                ad77a029bdeac6d61a0bacc5cf8f866d4bcbb6166cb42776a218e57cff694d92

                                                                SHA512

                                                                e64d3313bb759ff4e412c887d3d7ce233d4cbf4d4a5562f22a8323de31a1bd333ba488614e5977d0d0823c2913ca004485a89e4927185a9bb7040d06028fd36f

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                Filesize

                                                                2B

                                                                MD5

                                                                f3b25701fe362ec84616a93a45ce9998

                                                                SHA1

                                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                SHA256

                                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                SHA512

                                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                Filesize

                                                                13KB

                                                                MD5

                                                                4b4b8f440bbf53de359440c35859fa63

                                                                SHA1

                                                                3047a0739955e328b986d702e684232e6fd5cf5c

                                                                SHA256

                                                                8676237dc28a64f9758a6ef5e8de5f73a914005a77cefd3f0da222eb2abefe69

                                                                SHA512

                                                                e87ec27b7ec481fa1ab9d2496e97770cc1a7245238b370406348978ea69e930f524dc6b8a936af634d1753538e0a2a654e914721f34fc8d9969356819c0eeff5

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                ce12a3d624a8e176b08f2523f8039c28

                                                                SHA1

                                                                d90a07428687593330b882e059a24386e92932a8

                                                                SHA256

                                                                e98eb4ddbd3a54632ddc57c46769f9442d38fe31e01211e1c9e75a5a1bab214b

                                                                SHA512

                                                                49002c543f37d746dd6b7a16ff682882de203823f1329febee195b95a40fc53f45e33d6e8584d3b4a8d7258045798634aab138f7c30beb2a1fbfaf9410c85ba6

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                Filesize

                                                                16KB

                                                                MD5

                                                                9861b84d9d0082931b1bee502c9b6ad3

                                                                SHA1

                                                                bc7091a5f9b0f3989e0aa970cc99dff3a03318ae

                                                                SHA256

                                                                ba30c8a774bc6bf472bc26ca04a3c3837c381bc2b8e0473079a4f16c4e79e1bd

                                                                SHA512

                                                                18a991ecede00f420f604d39e2f0718bdcd4ff47b45b2f682c4f6f781c56eb2de9989986c0cfec442a8f68918b2abe10cd598ab3b23a317753fa01a72a53fe31

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                20594a71b9cbba4780d6d6a8b9749cb6

                                                                SHA1

                                                                70ac38268f2b43e66ea8643cfc5f01de4cd1b281

                                                                SHA256

                                                                ee9e961d3f5ac8a3452da83be3a30cc74adfff908aa56dfee8f06956dd20e1fd

                                                                SHA512

                                                                04c04c9b572276a25546f9dde3bfa3214428a504f8efad3f8a06bd242cc6303ed80c36a79d856e02b715736c8f81d60bd0f776b595e4fcfd72934f3666d0517c

                                                              • \??\pipe\LOCAL\crashpad_1924_ZPNTMLGPRTIJQYUF

                                                                MD5

                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                SHA1

                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                SHA256

                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                SHA512

                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e