fd2d329ffbd4a0b2806aabbd909fe70d899c4c4a43a3b87d64a23b23bb16ea38

Analysis

max time kernel
76s
max time network
73s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30-12-2024 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

solara.zip
Size

2.7MB
MD5

55f56644a331f6f8786a6f7478bd892e
SHA1

0b17d6e3c7fdb692e0b7d34fe973f96e30c284a6
SHA256

fd2d329ffbd4a0b2806aabbd909fe70d899c4c4a43a3b87d64a23b23bb16ea38
SHA512

e08ad2d266c5c3f6b9059244969bf5a402b5b29ecdf42a51463074c4b13f68cd531816faaeae02a6b14bbd1940354f523ea370f807718a356d8f874eb28fb42c
SSDEEP

49152:9iBl5SfH3DseM0yjdyzTvLfvzPQR4ktRQvsxJQivrfIuIoQjxnN6dxGNuAW16:9if5ETpgM/zzQmkisnfIuIoQjWcNaA

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2120	BootstrapperV2.08.exe
5016	BootstrapperV1.23.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
30	discord.com
34	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5a48c302-26d8-4e9c-8b85-6240eb2fda4c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241230193649.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
440	ipconfig.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1006597246-3150276181-3318461161-1000\{C7D7A972-D74B-4866-816C-FFDFA6313C28}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4124	msedge.exe
4124	msedge.exe
628	msedge.exe
628	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
3116	7zFM.exe
3116	7zFM.exe
3116	7zFM.exe
3116	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3116	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3116	7zFM.exe
Token: 35	3116	7zFM.exe
Token: SeSecurityPrivilege	3116	7zFM.exe
Token: SeSecurityPrivilege	3116	7zFM.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3116	7zFM.exe
3116	7zFM.exe
3116	7zFM.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 2120	3116	7zFM.exe	90
PID 3116 wrote to memory of 2120	3116	7zFM.exe	90
PID 2120 wrote to memory of 4124	2120	BootstrapperV2.08.exe	92
PID 2120 wrote to memory of 4124	2120	BootstrapperV2.08.exe	92
PID 4124 wrote to memory of 4016	4124	msedge.exe	93
PID 4124 wrote to memory of 4016	4124	msedge.exe	93
PID 3116 wrote to memory of 5016	3116	7zFM.exe	94
PID 3116 wrote to memory of 5016	3116	7zFM.exe	94
PID 5016 wrote to memory of 4888	5016	BootstrapperV1.23.exe	96
PID 5016 wrote to memory of 4888	5016	BootstrapperV1.23.exe	96
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 3660	4124	msedge.exe	98
PID 4124 wrote to memory of 4068	4124	msedge.exe	99
PID 4124 wrote to memory of 4068	4124	msedge.exe	99
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100
PID 4124 wrote to memory of 4804	4124	msedge.exe	100

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\solara.zip"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Users\Admin\AppData\Local\Temp\7zOC2C0CB38\BootstrapperV2.08.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOC2C0CB38\BootstrapperV2.08.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/8PgspRYAQu
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0xf8,0x14c,0x7ffc928546f8,0x7ffc92854708,0x7ffc92854718
      4⤵
      PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
      4⤵
      PID:3660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
      4⤵
      PID:4804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:3584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
      4⤵
      PID:4252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:3688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      PID:3900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5340 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
      4⤵
      PID:3272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:4892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x140,0x270,0x7ff62f1e5460,0x7ff62f1e5470,0x7ff62f1e5480
        5⤵
        
        PID:2472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
      4⤵
      PID:5136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
      4⤵
      PID:5144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
      4⤵
      PID:5308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5310642627367110184,11174327447320399088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
      4⤵
      PID:5316
- C:\Users\Admin\AppData\Local\Temp\7zOC2C6DF08\BootstrapperV1.23.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOC2C6DF08\BootstrapperV1.23.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:5016
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c ipconfig /all
    3⤵
    PID:4888
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
90d9cc370060ef5ae526755155220c89

SHA1
3d536fcef3ebde92ca496819539288686ba8528e

SHA256
db4df83a39030515b39da7becb9f640e86fe6daec54296ce4fccaf9423c29e27

SHA512
5179e5b0093b160b3f67fed92fb4edf97ff7439d970dce46c281cdcbf4589f157f7bcd1d8608cef03cc81258f3c0744f31b95db8c70f162bed255efad48e37b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
69cd4fbd25488dc00a347c8a390c8652

SHA1
22cf04f96e4af55a94c87105201f08cf7ff47aa5

SHA256
23ef6c8a50cc68d03460913947c655fb7c62854cca6108e5c85cc472edcdd5cf

SHA512
02ef1bcd904dcba1f0f035a61593dab52eff317762cebd59261b0d211b0b7f7447814ac5ec6c47481088761a338b6ea00a2865e759565980043b47bc4f60f5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
feb90883475b5fb60b9c8699c1bc5e28

SHA1
163bb4466e4b965617b82e7eea3e391c30a93973

SHA256
c7f791852bee88741e16d0b834c5fcc0ed4607e4e2a1e977c208e9b9526ba752

SHA512
a155424a72d6b2b81ff9e6b9f51ce3d7775f8dcc093040d18a8a23bc00a29b92aa5047ee9ace72c92ea3c73ea65ef53643f9511ece2b207225efeb4ca69fb739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
4b4abc1533247a9e3b02f011a925d948

SHA1
5ac10db00ea44b55f818f05699d5bf682153daff

SHA256
41831e7d3aa703cb6b00fc32bb8af9ff040aca545546cb176885afb874d465c0

SHA512
c969875fe46f98ae9167788b7e0a0aa4af891dd476d7debe9433222e1b63f1407436e008276a4fd158ea19295420c45bdf078fb05173505280fdec16c4cdd442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
a0738c2c636d74e4ac0d79600bb36b5c

SHA1
5ea574e30920d41b9a9b20c8f8e2b94db1d3b95a

SHA256
b84b96f54cfc2ac87b17ccaa00eb402bbcccebaab2fae439f40ef7ab708619c8

SHA512
a2bfafe0d52bddd0e86b96ea04522d7ddd92d19b759777a109ed0ca82f1e5af3c1bbcef57a083b74304209e7c30c519b4d85c507c8b0535daa5c66fba1ddfb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
692B

MD5
c5053d22ab63b6cec973c3fdc01280b5

SHA1
b5c6fab5e2a69726476adf81ef36478147fd141b

SHA256
ee424ed7f33e5b48260050df78d5baf80362c5fabc78712eb26fda9f5f0e0043

SHA512
c86db52e772ec6c004e7c0ff3207cd744705efbd84447599a2d2736a8813f0c6d5334f13088d38b23fba32bbe399318b389156e5a755670d142440ad0db3b8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe589e00.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3291df07ba5cb0b5f918a79ca2b7d5a7

SHA1
83da33740a9532e303424b4b86aaedd445e7a50f

SHA256
1ba9065afe9ebaa57fea2c5a32dbfbc539083ecfb523c75cf7d39a6d136946da

SHA512
bbbb0d4f9ae0d906be42da0052da3c881cdac87a3983bb0d189a887340b55b702eb67e7fa37162b540157abc4d9fb0d4b9a788debc3d82f0ba01a318afe46f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
d2bb514e40b94545e247741f9838dec4

SHA1
f8ebb1106b596202c4448a0b36e66f41d78c4042

SHA256
c8f765cad73be89b07c18a1324d4b6d18bcb07462ec83582faa150eca371406a

SHA512
8a96a62325971105770184e414a89a82cc4f6659dd46236211c1f127f288a8f706cc326f211856adc9929c05467bdde218cbaea9c498d2c53e30643d247eb72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4facd2ea98a039688146208d95990f75

SHA1
27d64a0d191ed9b799ba6b6b2d6563348f7af9a0

SHA256
32577083d37de8a6da7633e3c53bea0d384476e63d7648cc2c0a667bcdf6db1f

SHA512
2543c5d48aec1874550239968cbd76819898fbfe1ca617f362444ac8c0dc3674a8adb6c352a40b8f42f0b34165abad6c3111ced6af38d7aea10d9ebd5cd67cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d607f8923e0aa1247e63c23da3d62b9

SHA1
9f00c91bbd46d786492946448a63b619c73bc205

SHA256
345d9276af7f550c67efcc657d556230703165b8ab0a7b8f0acde43c8bacc39c

SHA512
ea1762e4a17aad51185814bf7fccd52050ecbc60aadbe30f01b9af6f28a10dc0dd82f6b78532bcfa5ed28cb183b1cd4ec6d8b04e83dd0fc05bafcd2e05b6e963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2cad20898338fbc7fb993756151e2fe1

SHA1
740566d988a46b18920bbb42ff71eb145a931aee

SHA256
4c2f60eb2a2e891ea30a7eed7813758fb7d3200f5938e7012a22233b26b9dfa6

SHA512
e1a82109629e89a57d803f1bf0433c07d01a1fcc9db30ca81eff4a415bb4f36dd772bc05272538fc0db97a20f7475f172164fbe3142d507088770a53ec1a0796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d8c86e7d523ce692226bc2731ee03459

SHA1
a63bb7eba70e607d9557d5f59caf383b5a66161e

SHA256
9c2edac30eb6825a955114fcb679842a742cbba2a06413d3976047c8f1250261

SHA512
e2342039ba773cb0121540b8eb2e2b421db155384c7e48d4e40267f95759120782a905cfcdfc96931f1908f24d0d7eb5179e15e121592c3efd3e812998019f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
5f0ef0a485ca555a8b90c51326bb30ca

SHA1
811a60a64b0834b0fafe5a79fab03b6394abe694

SHA256
2986631dcbb0e1227d3c129ba6d0f48cc46c88e218e6f860f800239bb22398db

SHA512
69588ff98887a058aeb159af3075af8486c4eb42fd0c2e8356439aafa6971019f7578fd2d59cd55168fbde6135154cd2a8c8a0984cecaf9eb78573122d58e4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
a3a9ef3346edb7551c5ba5d0d77914b4

SHA1
397d2971f7c5d2f201589caa9eaa9d8cc8bb1151

SHA256
1b295e5a54cd70b6075f0dc8824dc041dbfe8d690877803abb4e05456d3f4529

SHA512
bb52cf1cd64a6a203ded8f36aed97db2198fac740bd965ab4b8a24a616e8dd5ad00fb5ed36f9be24ed0c8fc91f9be4840c3870cbd7baaa0568af18eff25b2bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5876f0.TMP

Filesize
203B

MD5
d68135357612b87958fcc0c0f1780081

SHA1
e6270d06328361b3a6321fac150cc4509af92796

SHA256
55b5d62431f348724a1f288f0ab08047955645230233209cfb8021f53b7e873d

SHA512
ffe04c0358da2e6df6d965d86648834e552b8a3aaba7e59f0d9878a0453dc0e7269e47ab5eb44cc3f794105c8dc452bc71f39342e92d663aa59bd670319ce67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6bf24071a45abb831e624c9369a447dd

SHA1
900eac7bc4a5dba3adc82ed5b345324fd9ba4683

SHA256
4671a3bc18a69c9ba523654ec00c3949f4b34073038c7358e5c531795173c7ae

SHA512
a47d5f966dcfe659cc5a0b5c6779073cf3b8e58c06ab8900b3bd1e9dc3b3d52a92301ab7423da1c44d8c372f33169a4e526d1b02d337bcd2c1c63770855fc2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a61faeb00aab049c19b185a53d5e85ae

SHA1
71ffccf04931fe8df9d1a9ec4e9c4e9dc1a8a25e

SHA256
966fe8e99522146e6077239fc3bb8b19fc95e977751fc852dc8ca98709386301

SHA512
dab7d7722baed00e427c33dd3938a82952f2f8566ca7813376730455ed7b5f78c599be07107df42c4fc97d4432413681c6e9322bd13eb8ca4c72a864aed1b5d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC2C0CB38\BootstrapperV2.08.exe

Filesize
2.9MB

MD5
3f960b403cd616c9f59b3c22fc69aeca

SHA1
c9878d8dd7cada17525d0fb41626ef10387cb624

SHA256
8d0e9176ab99c1c4442f8529a5e06a84cf4573b79d21c15022f825ad9c36c84a

SHA512
bd48219ce56276114a411d4a3b19ff723cf20fe75571faebd43c2567b2a6cc73b77ffe5858ac5f80cec32d79ae3df84ebfc42b80b38af14691727f2c08399761

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC2C6DF08\BootstrapperV1.23.exe

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
dbd09f281a62d2c08dfb938fb6f4e16a

SHA1
d9c366159ca0d439b751c69f2a6875311711314a

SHA256
2d6a47f1d6513ec0d17ec13e6ca1ada0ef9b799116670f46ddf356b90fd39e7d

SHA512
dea8d25d13606b1b93528b4ba876e703780e7f3707a87f0663b8ca61aa6683e2bd34a769954cbbd43e0fe4eca0239aacabe319ac28210462cd2e9ad21b31f05f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
da2917219be3a2f2b529036820baaa05

SHA1
f7d757e60df0fd99c6a501c80c586028782cbfd7

SHA256
e815c866cdbec262a61e70a0dde4706ff3f8df7deb2b9a580e77c7210891841e

SHA512
0e96f380d4c809e5790fa8fa1f4ae1da1be951fe40838ae6d39900c08d45e5ad8497d12e4cd0eb1bd2875dee868068b71f64b5dfc6fbeb877d75b44ceb72bc0c

Download Submit
memory/2120-19-0x0000023DFCDD0000-0x0000023DFCDD8000-memory.dmp

Filesize
32KB

Download
memory/2120-21-0x0000023DFD220000-0x0000023DFD22E000-memory.dmp

Filesize
56KB

Download
memory/2120-27-0x0000023DFD250000-0x0000023DFD25A000-memory.dmp

Filesize
40KB

Download
memory/2120-301-0x00007FFC97E83000-0x00007FFC97E85000-memory.dmp

Filesize
8KB

Download
memory/2120-26-0x0000023DFE1F0000-0x0000023DFE206000-memory.dmp

Filesize
88KB

Download
memory/2120-24-0x0000023DFD2A0000-0x0000023DFD2C6000-memory.dmp

Filesize
152KB

Download
memory/2120-15-0x00007FFC97E83000-0x00007FFC97E85000-memory.dmp

Filesize
8KB

Download
memory/2120-308-0x00007FFC97E80000-0x00007FFC98942000-memory.dmp

Filesize
10.8MB

Download
memory/2120-23-0x0000023DFD240000-0x0000023DFD24A000-memory.dmp

Filesize
40KB

Download
memory/2120-28-0x0000023DFD230000-0x0000023DFD23A000-memory.dmp

Filesize
40KB

Download
memory/2120-22-0x0000023DFE0F0000-0x0000023DFE1F0000-memory.dmp

Filesize
1024KB

Download
memory/2120-20-0x0000023DFD260000-0x0000023DFD298000-memory.dmp

Filesize
224KB

Download
memory/2120-25-0x0000023DFD2D0000-0x0000023DFD2D8000-memory.dmp

Filesize
32KB

Download
memory/2120-18-0x0000023DDEF70000-0x0000023DDEF80000-memory.dmp

Filesize
64KB

Download
memory/2120-17-0x00007FFC97E80000-0x00007FFC98942000-memory.dmp

Filesize
10.8MB

Download
memory/2120-16-0x0000023DDD0C0000-0x0000023DDD3A2000-memory.dmp

Filesize
2.9MB

Download
memory/2120-29-0x0000023DFE210000-0x0000023DFE218000-memory.dmp

Filesize
32KB

Download
memory/5016-52-0x00000206A6950000-0x00000206A6A1E000-memory.dmp

Filesize
824KB

Download