hxxps://github[.]com/pankoza2-pl/solaris-2[.]0

Analysis

max time kernel
147s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/10/2024, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/solaris-2.0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\solaris-2.0-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
3168	msedge.exe
3168	msedge.exe
2652	identity_helper.exe
2652	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
4572	msedge.exe
4572	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2432	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 8	3168	msedge.exe	78
PID 3168 wrote to memory of 8	3168	msedge.exe	78
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 660	3168	msedge.exe	79
PID 3168 wrote to memory of 4592	3168	msedge.exe	80
PID 3168 wrote to memory of 4592	3168	msedge.exe	80
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81
PID 3168 wrote to memory of 5064	3168	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/solaris-2.0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee15c3cb8,0x7ffee15c3cc8,0x7ffee15c3cd8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2570943518021181373,15134860035479571644,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:236

C:\Users\Admin\Downloads\solaris-2.0-main\solaris-2.0-main\ExternalLib.exe
"C:\Users\Admin\Downloads\solaris-2.0-main\solaris-2.0-main\ExternalLib.exe"
1⤵
PID:2488

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03b789ce6d753378f3e70d09922fcedd

SHA1
3b24d116b721b288bb465a733f43bafc72510b07

SHA256
c1969ea265cf78c990d965007a64a0c60d9bd767b35f58a525115731f6cc1ec0

SHA512
21183fed690071ac9d2c2f003e8d0ff600c6f73265f49c551dbeabd65e23fd63f2d99577c2ac82a646bb5f31a84ed38a1bcb49d10b50ed4b4e36c32a0e7df648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a60ac397243d8fb3c5625565164e5de0

SHA1
ed5dcc6e1eda8e1d07ea642328d68d66852fa505

SHA256
60a5e378b4be2bfc8252eda293746aea7a76ce69cc4bef9f0fe3c350491c9765

SHA512
41567f3e01eb47f43f45072a52c330df62f7346e727b40ddb50cef089ab9c799818e02fa0f1bbbf77289bcc7e688114b04ad9d9ee67473f41fa43b13ea3cf49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02b9bb2e4368261544d993dcc59ea2e2

SHA1
490ee76ab00fa449e244d0ba73114186724d0bf1

SHA256
78912b75234d8879377814d81e8bf01b206fc783bcce36a31ee898fbcc1db5ed

SHA512
50351415787c725f4a2c1faf8400155480d353736dbbbdf2fc1181b30bd83d377a0b893ab49d52329ca215aaf04f48b1453f0e57817f808e25a9df2a22eebd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f40e8adae17e8e76dca207538faa3722

SHA1
772c9074aebda61003af75e3b0fad04dcb054f0b

SHA256
cf3974abf654dde905899146d6824f130de46878b20e47c778ed7fbee6ca5457

SHA512
1f65ad47775bb889987a262dec037de5a55aac1464783c6b6064f57fc99d4b4a3b9d8a68076b5c13c2700b08332673c0ec9d574ecfc6bbf2a76083865dde9ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11c84348590521d8cff9a0be125b3ef1

SHA1
f0c16f9ccc7252588a32b2ebb17633282df1aafc

SHA256
a5b4546800ad5e6f750e77bfdd2a11975a19387a229d3333e044441420344ad0

SHA512
6b1595ce1cff1c5ddbd2f0d391edf429c324aaefb5d1453c8594c5fe65eb0aa3d2ced71a7cc1ad548c7f4afa4684e3b3d57bffdece33a8b9cd998caf625d23d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27d95269b89e10c2330b5cf8677a9be1

SHA1
c557d67228984d9668c5ff9f356a4e1e71d4059d

SHA256
151a722c1e1cc0ea655ab5e1786b03e5da98e2b39070bb58d718aedae9860929

SHA512
840d02a33be44453d226eccfcbb044d366259eb875e4f083a05f5a8caa5d13f3ae46110f39472e3261f6819a6348fe31b733255187072dad855f0b81994d4e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55637e74ee90d958d11c0abc4fdfc71f

SHA1
e4c257d25bbf10622e288bb4c3baca61bdc4471a

SHA256
61486ac7d6b2252ce21bc1d5c4a009343af37d11bbafcfb61f03f87465622d58

SHA512
cd981f2225b105bdb95b5419a81269107accad7eae7f98ee90836e8c65b2945e0365278babcdb1618035562921965be6e314b6fcdf37af7785aec0fa4ec9a780

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
cd6829f53a60318a54648f4ff9d694c2

SHA1
eda672c23f219a9cdbe740079412f5fbe04a157d

SHA256
5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906

SHA512
25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9

Download Submit
C:\Users\Admin\Downloads\solaris-2.0-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2488-314-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download