hxxps://linkvertise[.]com/111941/solara-bootstrapper

Analysis

max time kernel
95s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/09/2024, 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/111941/solara-bootstrapper

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
41	api.ipify.org
47	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
2060	msedge.exe
2060	msedge.exe
2396	identity_helper.exe
2396	identity_helper.exe
3020	msedge.exe
3020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 708	2060	msedge.exe	81
PID 2060 wrote to memory of 708	2060	msedge.exe	81
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 2024	2060	msedge.exe	82
PID 2060 wrote to memory of 3860	2060	msedge.exe	83
PID 2060 wrote to memory of 3860	2060	msedge.exe	83
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84
PID 2060 wrote to memory of 3340	2060	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/111941/solara-bootstrapper
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fb063cb8,0x7ff9fb063cc8,0x7ff9fb063cd8
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,265929481937269257,5308771971203561464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
25KB

MD5
6c9f24607a85011c8fa145f30be632ad

SHA1
8f130cec0d0a6579fe8d398bc7e62451e7badda0

SHA256
7d5a1d5cc0ff324a2faa264a6d1a40115aa945a8d7c71808108da456125dc784

SHA512
79ef710010892897b208f4b4c61c043523454ae3bc9a765057ddf0b8e9f702d4a6ee1c13317b1fdf95caeda2b9d9fd182140614eb409b5fc72cbffc6c723b48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
16KB

MD5
61e4576e6aa91cd435fe92f085fb0a3c

SHA1
fa21a6bad3a461c8f0e27b75913c8f1cbe0b2b62

SHA256
78d8aca4e50e6ba58890b68f8c3d6e562ff0b16516a0c3df56be18b69dca6aa9

SHA512
b250c2940f7ca24b763bfcd4d39d0022d6441bad54c415b9848ef949f8871f219289f044301de03313bf8cfa53bb2797c5590acc1b32889b0641f7a13b710bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
899KB

MD5
67c3f7eb75236633cd57d6f69a5642ee

SHA1
eb85081c68c9787792ea7bd8d1f86ef4d9c47766

SHA256
8f9ff4ac03c2ff3709553865977dba53499e6d2addb5728a38fef43ce39d77c8

SHA512
60073a00bc3f25073dd5386672d6937c30b74c95d93f231b4bb140969411a99c22599d527b7ff0c16d419544f39f5a5ee542399755a6791de15bb3658a2e354f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
36KB

MD5
209793e7aac0b5cf93fd07b27e14bcc5

SHA1
f66a194ed34479253b3ebda2c2a2dce86633b461

SHA256
d2f062f5d1793d3c904ec9e12192bfeaa38b6c0b9dc40046b03f955dac4a894d

SHA512
b15ce5b81bc48999eb455f9f600caf47010db69fab3601e7caf6d3608479917da513bdb9bf5de65198f57d8f093e10b9ef6dc130fe03005a88e2bc9af3d97ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
73KB

MD5
918357f97f9692e481cf673fc470d9b1

SHA1
1151f4415e8cb769204615a555d65085ac49ec25

SHA256
35da0f8b964858ee9f070993d5d25629a91ad472eec23906f93f9819ee298f7a

SHA512
0fa082643306e7e0e0c46be5f595f893de6d0883d13c9a6c609826bfd3a41280766d1faba923424d869c8bb75b8b1ac2aafe68bbe5ac01666879e85f84badd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
51KB

MD5
1c63906ec3d88f2e6661a12042d03eb9

SHA1
26186d36ea2eca11aaffe75a5c8f6006296cdb64

SHA256
67cb1af3491fa60fec21d91473eb770112829d3203bd8dbd038e8d1a47162e9c

SHA512
f6b773da2c319efea80c141d938636e847b1af02219be1c28d6fe59cf3f7bba6c046411b5337aa7b5b6be621252332fc29e35981f57f79a6f32dc6b8cf61174e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
98KB

MD5
ab6510380db24f0e4de9d1fe372a9b83

SHA1
862e53fa911ea66f99f2f0e0f7a14bd92816e634

SHA256
0a0a793cbdad08bbd22508a1659eeeb58d7d6d31b2f6199188f038b01f0ab98f

SHA512
de4208d7ab23664fdef67c9ff9621b2dc1470a4a34fa103b532395d64e4db3f7842e2575bc0210b7fb26e9a6f17e0ac0efc323be3c6b00b0ae96f53d027aec9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
142KB

MD5
dc6bd43a2c79e7de011314566b2e22bd

SHA1
553978cd7fa9bf436aeb44dd24b2eafce75e63c2

SHA256
7bc9fbddbf0ef1ccd13ecf3856ea2e1a0212e17effd320d7804abe57c595e735

SHA512
beea7b251fb7bc9f038a29ccec56f754fdd1bc7e9b551430bb6c80254cf15118f4dee9d106a5f57a71f59eb127abe4f5fa24a3fb12faaa6c2068c742640e337d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
97a3bed6457d042c94c28ed74ec2d887

SHA1
02ce7a6171fb1261fde13a8c7cbb58992e9d5299

SHA256
ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

SHA512
6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
98a3c9faab6089f69ebab6fa26f8ec97

SHA1
c72dc16f5c523f1ecbe25626b758804c307492e3

SHA256
5c771a839e91fb87373f83b70ac4f68d12da2b58c6193b3012dcdc3c2521fa35

SHA512
c7372ee85e2e1743f2f31eea0c283b9a5617212eda35101d0ca94016a57dcc97a028fc603bd355f4607f46359a5b18e43d326b90a3853aac3347e143bbcfb67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
28KB

MD5
c7a48dd4166d9da9c538a9a7835f93c5

SHA1
2078d20567516670e0261c1c7914edc5f84485ee

SHA256
3845d06434e04a5efb327099162c2c39a21524bd6121d7afb92893de668515da

SHA512
e94294c9965a1fccc3ba9fdcc5d3cef1c23fc3274d1b2c0ca45b8a064a155c6aa9f2892310af1ed5d65c0ecd415bf9be5241328b63779006f92584470c5d948c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
bba0af32b15fbb4f039ecd0bb2f9b675

SHA1
d103f73564051c07550d1fcab75d6db7e6face17

SHA256
0ccde5df9182b4c66ec18d8e076f95fcdec5cd6070eaeb8e861329c4fc8fa112

SHA512
b25654ebc97abe5960d81deed5710fef9818d9511e34ba3ca33e5d7d7e9bc85881cc1e22509fa076d339c7a854a4654a99b694db6c4992fd2d2aa1fb797f75da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
75ee7abd9d7c6a2baf3bca5818a1e742

SHA1
58ed034dd8cc8ceb36788f49dd2f08010e7ea270

SHA256
f5c15415542edf02dd5b40bae3dacf1a56951a7dd159d6e94503d195b516fe55

SHA512
40f3000a43706b7a619eff7b6dac982aa241244e60f5e020a719194fbdf2a695fc8d8e6eff105e8a828f62c98ffce270d25fca053ed44a0f0f787121bc4e2cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c2dd6f1b8d1bfea58b25fd66f43cbb7e

SHA1
2680fef56bff45bd40d8bfae5dd2bb0750499250

SHA256
4d0a9be287d66a87bdac5a1fcbd14c5ac127698baaf55ce74b03e42d92a5667f

SHA512
7e0fa9badacd4f9840f981dd1abdae47f29fab08a74828d6b9a39ce5ec3a885d115a9bc18dc309e9ff288ad71a159e8f4444317b940a29b9dc662e6215815816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3392cc4832ad3abe358356a378d45d3a

SHA1
247ac796c70d45e295b27c5816cf588907669a74

SHA256
f1c8e3d95ed4dc2ae30c4dab0d6258222d5180b8a5f745ec1d8906f0ecdfdf75

SHA512
3e69972cf4516708a294beccf05bfe49677ca7458037c2129bbdda884495694cdb852bb48df719cdbe91fa127b7fc8ccb8f2f99ac490d36a29b2f620424d461e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef640d80478b1a3f8901044f9b1b60d0

SHA1
89f0f3f1789b44267beb774cfa50882186965ad1

SHA256
ffcb84d6466e45a0665c67a4ec7402326470c557850cd35aaa151a85b9b0f7c9

SHA512
196bdaf7942e4713b87dfb014f7e2e21222283d2e96d976b45d515821f9ea231eacbf6a524bf4a7a640781bb375f44dd0c0c5aba43ae3a417647990eb5c74d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b54f9c64dd5117d297cf9790b7a9e18

SHA1
97a80a37880abca373e2d0c59f88419ca8f7cb9f

SHA256
d62f559833dc0f70447f852528d21fd194de64c3ffd37d3b433ec61e013ff2a2

SHA512
29d665086e0f0a6fc60ac8c3a4eae68b46dc61afecf6d7947d0fe5f800d730b399db9d425a3c530b94785fce376d10f5f8f0831600037f9e10e9416103d429fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
238a8af370f99de771028cd1970d50fd

SHA1
037e27c1e23e9ce7a06ca2992828c6bf294b084d

SHA256
e2b86ecdca5ea75d8684796dac8d122c2188bcbd700c78c679c3bfa81275bd0d

SHA512
3ae7bf9fc5e7c72e8f9deccf415fbc9eb8fbc184ec4c48a5cb02507742b2bea64ce529250eb08e8b6c0cef31e26a95b8deb05efc4d1851d5d9948888d49bb932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58041dabdf7be00a5a49de9bf951ba30

SHA1
fb6df0fc799820490e756b2b3678e3787d438391

SHA256
a154f4ae8d85ebef6c32c1a6ce3b81ca86283a4a6ae563d559508d4a48028292

SHA512
fe43fea5328f82290d9e4c65136b3c7b2a5e97feac58d03f2ed2fb46020a71434a290a22d6569d4d0c2091203728e93baaa640008dd1408316a9bed432171914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
220475bdfec4d18f9d82d9eca0186283

SHA1
abaef06082bacd8fa1c44cc9c74d562009813997

SHA256
97c9b35e8078bcb751aad3680d9973612550b6d42c2414887a139a4b9d906622

SHA512
4649878a5f8fa2baa2192b9be7ad1f30be4fe126cafee74ecb38404567fd62d6f0c77d5d9a6ee62d18bce36c2ffb3a37ba0c82e7ff3c72129ae825cf2063594b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
209c640c2f0a9b285d7e05de4d6517e5

SHA1
cca77519459ba10bedc4e6228099d5c9646a0f60

SHA256
003f436336ef8db488d824cd92c2f9d79dc1765ea17656cf55ea652383cf1686

SHA512
e2245d34d8ea14c20da77f1a9f22df791affe6c6659ac78c02b2b6da9d5522beef5ec894479e1af4855f8403d7d6fe06649a1bd77ecec1a36a5396f05b97b4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e877de5d4c718e503ed9d43751d74b4d

SHA1
63cd861b282e56d53d94c010de2f0b4a2bf01a2b

SHA256
7bf819ff41f85503f3588b6c20cae96318830a0c20ef5f954b9fdac512273aef

SHA512
9bfa1ab23f30170fbd6d7d37b302b97ac1c0ab1b16104cab1b827f6a1ec2afbef0dccb6a4b31a140173ec5625761dbe30db852f2874cc5513641ecbca8e7e3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5824c9.TMP

Filesize
1KB

MD5
438c327573c547c471a8b4a4f64858b5

SHA1
7c4a510af111c272dabba307c7809003bf39bddd

SHA256
375b37349e07e49cbffdfff2808d5aa931962e94095f207ffbd1bd33af514cc9

SHA512
7bd57b2adbd9f055e096049b3f9c6c22b9e5ba281351d9f718a76f6cea060c8e04701dcce2782498d9712a759bf2cb06488a82a099bbd6831431bcc3588dc127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a17f87021d9f780e57f45112dfbf0d0

SHA1
ca5126fbf743e46b4be0e92ec1b9b4045a3cfcef

SHA256
9697be3d3a4d7b2d9dbd73e1c8220e88889df6329249c2885b3529a9f0437420

SHA512
c8c8b836248b3bd2d8ce011d2cb5610aecda895385a352d85d97e7a3bf738cfff07ea7e2464501429532decd1f8567594965695befce1d5252d40a8d67c573a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit