Analysis Overview
Threat Level: Known bad
The file https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe was found to be: Known bad.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Gathers network information
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-25 04:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-25 04:09
Reported
2024-12-25 04:12
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bootstrapper (1).exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bootstrapper (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 319408.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 586595.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 466704.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 523497.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 470574.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BootstrapperV2.04.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Bootstrapper (1).exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff267146f8,0x7fff26714708,0x7fff26714718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6356 /prefetch:8
C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
C:\Windows\System32\Wbem\WMIC.exe
wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
C:\Users\Admin\Downloads\BootstrapperV2.04.exe
"C:\Users\Admin\Downloads\BootstrapperV2.04.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper.exe" --isUpdate true
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Users\Admin\Downloads\BootstrapperV2.04.exe
"C:\Users\Admin\Downloads\BootstrapperV2.04.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper.exe" --isUpdate true
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\BootstrapperV2.04.exe
"C:\Users\Admin\Downloads\BootstrapperV2.04.exe"
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Users\Admin\Downloads\BootstrapperV2.04.exe
"C:\Users\Admin\Downloads\BootstrapperV2.04.exe"
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5336 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,15881808951892667348,5316924086483075445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Users\Admin\Downloads\Bootstrapper (1).exe
"C:\Users\Admin\Downloads\Bootstrapper (1).exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Users\Admin\Downloads\BootstrapperV2.04.exe
"C:\Users\Admin\Downloads\BootstrapperV2.04.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper (1).exe" --isUpdate true
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f29cc861.solaraweb-alj.pages.dev | udp |
| US | 172.66.47.197:443 | f29cc861.solaraweb-alj.pages.dev | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.47.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 1.1.1.1:53 | getsolara.dev | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 1.1.1.1:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 27.93.21.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 1.1.1.1:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 5a4f5693.solaraweb-alj.pages.dev | udp |
| US | 172.66.44.59:443 | 5a4f5693.solaraweb-alj.pages.dev | tcp |
| US | 1.1.1.1:53 | 59.44.66.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 172.66.44.59:443 | 5a4f5693.solaraweb-alj.pages.dev | tcp |
| US | 1.1.1.1:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 1.1.1.1:53 | clientsettings.roblox.com | udp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 1.1.1.1:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 172.66.44.59:443 | 5a4f5693.solaraweb-alj.pages.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 1.1.1.1:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 1.1.1.1:53 | f29cc861.solaraweb-alj.pages.dev | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 172.66.44.59:443 | f29cc861.solaraweb-alj.pages.dev | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_2000_GWTUCZZFWIOGIJDC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8089f66021c9d6812ee0aaa63d50b6c2 |
| SHA1 | a5a3c05666684025e627117c709ca1b3fa4e6a69 |
| SHA256 | adecbe42aee86f5a765350a37b567ca7adc34e1c9d652e1e2fa192b6246f3a28 |
| SHA512 | ee35a73a4c43834b60667938735435b67fd54f099974b3922f3dade678c2abbb1b9cbbfbe9c8a52b63c581c5ca17a769eca3950761273ccc14d194e8b3760f0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 586595.crdownload
| MD5 | 2a4dcf20b82896be94eb538260c5fb93 |
| SHA1 | 21f232c2fd8132f8677e53258562ad98b455e679 |
| SHA256 | ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a |
| SHA512 | 4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 833aa9461f9f5a181de16bc7adc214b1 |
| SHA1 | 1fabc84130542f0c822bfba2124752ceba802b12 |
| SHA256 | 2fc2610385ab83f861a225142a85774c91f99598bdbc65d8ddcccc733d0a406e |
| SHA512 | 2c7d3e63699f4ef5137eb8e716eafaca99868afc3827895fad18db865cfdcc6a4890fa7446f1d5f5bf48a1df9b5da03b60f62b98ae2f9f9faf15104bc3e001a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7dc93991153041c305760de75802bcb2 |
| SHA1 | ceb89840f1be9f52e77236004c113efac790d7f7 |
| SHA256 | cade5c8814cbabf47d188a38106f66d2f0af1b395822f0248045655eee9e5ce5 |
| SHA512 | 673348d51a8aee00e5f5d8de80c61a28efe148206432e9e490d7b0b80cf56fcada5d7af9f3683eef4fa545c3590de6c17c4805dee0a9244188def9097c1efe04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8fccaea94cb12bf73fdf2d4c73ae49ba |
| SHA1 | 10e2542df26e9d3c9002e938dea93447b38139ab |
| SHA256 | a0554aed4ad618859eeefbecfa2ff150b29ef318c5ee7a83f378b0418d1b13df |
| SHA512 | 992a3c47014d7e080dc84659cf0f351ff0f3d57acbfdee10f87c7a56407f9c45d31971947d5140ba3ce9c6f904849bb024fa19f53e8bbf893914c194aa38d012 |
memory/3384-116-0x00000206FDD90000-0x00000206FDE5E000-memory.dmp
memory/3384-127-0x00000206FE220000-0x00000206FE242000-memory.dmp
C:\Users\Admin\Downloads\BootstrapperV2.04.exe
| MD5 | be4da425d9b7593e358ffbfca29f9c70 |
| SHA1 | dc98530aad9728d779866ae957a738c52b13a565 |
| SHA256 | c5277ddb6e51181d2b8bad59acf5f2badf5613b1e73384a84b793f720aa76c0d |
| SHA512 | 35790944f5855038f8357c0f6d11ea81b260632e590c26f9342e8beb1a8dfd2e3eb9efa11f8378f8542cad45e7675af3d29cf27424accf35aaa6aeb34487155b |
memory/4232-140-0x00000211E2ED0000-0x00000211E31AA000-memory.dmp
memory/4232-141-0x00000211E4DB0000-0x00000211E4DC0000-memory.dmp
memory/4232-142-0x00000211FF670000-0x00000211FF678000-memory.dmp
memory/4232-144-0x00000211FF680000-0x00000211FF68E000-memory.dmp
memory/4232-150-0x00000211820D0000-0x00000211820DA000-memory.dmp
memory/4232-151-0x0000021182090000-0x000002118209A000-memory.dmp
memory/4232-149-0x0000021182DF0000-0x0000021182E06000-memory.dmp
memory/4232-148-0x00000211820E0000-0x00000211820E8000-memory.dmp
memory/4232-152-0x00000211FF690000-0x00000211FF698000-memory.dmp
memory/4232-147-0x00000211820A0000-0x00000211820C8000-memory.dmp
memory/4232-146-0x0000021182080000-0x000002118208A000-memory.dmp
memory/4232-145-0x0000021182CF0000-0x0000021182DF0000-memory.dmp
memory/4232-143-0x00000211FF6C0000-0x00000211FF6F8000-memory.dmp
memory/4232-159-0x0000021182000000-0x0000021182023000-memory.dmp
memory/4232-158-0x00000211FD790000-0x00000211FD987000-memory.dmp
memory/4232-164-0x00000211C0D20000-0x00000211C0DD2000-memory.dmp
memory/4232-166-0x00000211CD050000-0x00000211CD06E000-memory.dmp
memory/4232-167-0x00000211FF6A0000-0x00000211FF6AA000-memory.dmp
memory/4232-169-0x00000211FF760000-0x00000211FF772000-memory.dmp
C:\ProgramData\Solara\Solara.exe
| MD5 | c6f770cbb24248537558c1f06f7ff855 |
| SHA1 | fdc2aaae292c32a58ea4d9974a31ece26628fdd7 |
| SHA256 | d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b |
| SHA512 | cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a |
memory/1556-585-0x000001EE24A80000-0x000001EE24AA4000-memory.dmp
C:\ProgramData\Solara\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/1556-587-0x000001EE3F7C0000-0x000001EE3FCFC000-memory.dmp
memory/1556-597-0x000001EE3F430000-0x000001EE3F4EA000-memory.dmp
memory/1556-599-0x000001EE3F4F0000-0x000001EE3F5A2000-memory.dmp
C:\ProgramData\Solara\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/4232-602-0x0000021182000000-0x0000021182023000-memory.dmp
memory/4232-601-0x00000211FD790000-0x00000211FD987000-memory.dmp
memory/1556-603-0x000001EE3F010000-0x000001EE3F207000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper.exe.log
| MD5 | cde7fd64be09b0eba117a32e8f9fa5f8 |
| SHA1 | fd6ad41a1a33d453a1ac0bbe916b19be7bfd00b7 |
| SHA256 | 0db4af16047106c35f28911fb8ffc495c7e656ba2fd2a4606be1a6779abe39e0 |
| SHA512 | 65a6fb91efeba69d83209cbc23b22ac103b53bfc71b281f04debc662307e703e107f4273c472843eb420541ad88608bcb03be64e47be6b0649b3affacc86f823 |
C:\Users\Admin\Downloads\DISCORD
| MD5 | b016dafca051f817c6ba098c096cb450 |
| SHA1 | 4cc74827c4b2ed534613c7764e6121ceb041b459 |
| SHA256 | b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9 |
| SHA512 | d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BootstrapperV2.04.exe.log
| MD5 | ede267ce211bba2f46e802f160033800 |
| SHA1 | 2c70ce7e80e43082e6d183874e5d3c84bbc62cda |
| SHA256 | a34776cfc8b1030eb71a108d636d67c51aa73c1759caa65d5fe5e69d49dd6b60 |
| SHA512 | e2600730ac724065b72ea42b5fcf6a2e6857ad54905624225a86cac8dfe0233008ef218ca86e88b5db42729aa16c9d330228ab294431a549551ecc040e80acaf |
C:\Users\Admin\Downloads\CONFIG
| MD5 | 0284fa0391784125ad3b12be8c92c6ae |
| SHA1 | e4fe938288c6804d9c79947ad2e39939a595e9f3 |
| SHA256 | 789075b8c810f2b63f86dd1f8b7be836178ac679a32f2cb2376e013bc78c68c0 |
| SHA512 | 9dd8db4e0017ae906e7c4178a54ea16f03aaba4c17658ed96fc384d2cd51f44c6e514872ba5c7e5f43131eb4d25c063531291d70dfab4422260585742a37e235 |
C:\ProgramData\Solara\bin\version.txt
| MD5 | 37aa1f84af14327f56844e2a6e046b8e |
| SHA1 | 4ab41557ec631ee3866c62a76f31339f95da5c40 |
| SHA256 | 800febbfd5e51c2df3529c3dbd5ac3216cb3485be40ec10c9f9168382c4bfcd9 |
| SHA512 | ef7237d3f954790262bd73f129fda3db2fa7c3b4f9eb827d46d38a033c3198ed1e4921374a9d66a523de7d13bc5754e462b69dab93d7e62827453b0d813ba7de |
C:\ProgramData\Solara\bin\path.txt
| MD5 | a07b495c4f2cf418c610f373e05cf3c5 |
| SHA1 | 62440eae8c3749722a4a2d7a118b578fcd2bee62 |
| SHA256 | f0d93e3a408559e40649c7e367e1c51012b7caa80424ce8e9b46a17898de5586 |
| SHA512 | 816f7466c11372ff6ce1da7331abca7e44af6a6bb67112c6600cfb0c29f4fd84102aa1ee18c5d79608ccea56ac672c8c86b01c4cfefeba5364d31212f8f3952b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c540cd8f244377716366d53c0f3d6221 |
| SHA1 | d45b9c6069296c07440964b922c43e1e5847e896 |
| SHA256 | 909ea7f066e6b91d0b4d761de7dc42d6549d6c91e3d855f4dc4aafd7709281ce |
| SHA512 | a5a6982dfdf5c626d70903c13d236fe892d9a6355b483efc7fd73ec06c102534719ca5f88d4f016f83ff1627c9412c1cfcab8ef4a298cacba120302af0866b0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8246c65395ed97976730eef10c94baa9 |
| SHA1 | 0e2914b59b7bd60a53e7034bec2caefe947b27d9 |
| SHA256 | 9bf19e1269fd355c1e589d32ba4affdfdeb389e8f956179c921aaf57e9b49d91 |
| SHA512 | f199c2accb2373debfe8db4402962d280f26a8fa2ee4ad48e68b3af65ae885b277c2d5f6493716e0021b5830ebb36ebe265842c569b9d9bf882e4f754b6ff9b0 |
C:\Users\Admin\Downloads\Unconfirmed 319408.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83eb095fdbb0b1a98da32bc6b1d5804d |
| SHA1 | ff8a92edfb9e109f2cfde6d076c69fbaf2070893 |
| SHA256 | 44352bd450055eab1d3f4d5a1948c8e16c35fad39e4485c05b0c5bebb933d820 |
| SHA512 | fee4f6e961ed58d40a171b93db36683b21d542ddb6325ae4573e84e6ee0cdfe5e60f52b10fad8a0f421c60ae8b9b29d8adfd2a8396eb4439ef8fc1065669e03a |