xenorat | hxxps://getsolara[.]live/download/SolaraBootstrapper[.]exe

Analysis

max time kernel
91s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
06/04/2025, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getsolara.live/download/SolaraBootstrapper.exe

Score

10^/10

xenorat defense_evasion discovery rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Solara_Bootstrap

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Solara Executor

Signatures

Detect XenoRat Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x001900000002b3cf-49.dat	family_xenorat
behavioral1/memory/3148-753-0x0000000000FE0000-0x000000000102C000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
17	3300	msedge.exe

Executes dropped EXE 7 IoCs

pid	Process
3148	SolaraBootstrapper.exe
2228	SolaraBootstrapper.exe
2136	SolaraBootstrapper.exe
2628	SolaraBootstrapper.exe
3500	SolaraBootstrapper.exe
5892	SolaraBootstrapper.exe
5516	SolaraBootstrapper.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\dasherSettingSchema.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ne\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\128.png	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\km\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\hu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\el\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\cy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\sk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\hr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ml\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\eu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2840_189723392\protocols.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\offscreendocument_main.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\pa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\iw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\id\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\tr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ta\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ca\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2840_189723392\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ja\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\pl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\cs\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\kk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\nl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\fil\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ur\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\si\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\kn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\vi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\fa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ru\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\zu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\es\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\fr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\service_worker_bin_prod.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\page_embed_script.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\fi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\de\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\lo\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\sw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\en_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\es_419\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\bn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\af\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\gu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\is\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\mr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\offscreendocument.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\lt\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\be\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5808_826881956\_locales\lv\messages.json	msedge.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraBootstrapper.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133883735284684817"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920535620-1286624088-2946613906-1000\{F355D324-A449-4FE2-9D71-4B60DF619A94}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920535620-1286624088-2946613906-1000\{2AB7665D-DD56-45B9-8661-DADD04A749CC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraBootstrapper.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\XenoManager\SolaraBootstrapper.exe\:Zone.Identifier:$DATA	SolaraBootstrapper.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4996	schtasks.exe
5804	schtasks.exe
4492	schtasks.exe
3168	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5808 wrote to memory of 2476	5808	msedge.exe	78
PID 5808 wrote to memory of 2476	5808	msedge.exe	78
PID 5808 wrote to memory of 3300	5808	msedge.exe	79
PID 5808 wrote to memory of 3300	5808	msedge.exe	79
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 5092	5808	msedge.exe	80
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81
PID 5808 wrote to memory of 3580	5808	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://getsolara.live/download/SolaraBootstrapper.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ff9e9bef208,0x7ff9e9bef214,0x7ff9e9bef220
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2608,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:2
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2132,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=2652 /prefetch:13
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3468,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:14
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:14
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:14
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5580,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:14
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:14
  2⤵
  PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1140
    3⤵
    PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:14
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:14
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6512,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:14
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3556,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:14
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=4720,i,16305186664830170361,1100907321767074833,262144 --variations-seed-version --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7ff9e9bef208,0x7ff9e9bef214,0x7ff9e9bef220
    3⤵
    PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:11
    3⤵
    PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2156,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:1052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:13
    3⤵
    PID:3336
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:14
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:14
    3⤵
    PID:1200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4436,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:14
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4408,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:14
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4524,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:14
    3⤵
    PID:4340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:14
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4204,i,10183372217583153181,211325284940919508,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:14
    3⤵
    PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3144

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5848

C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:3148
- C:\Users\Admin\AppData\Roaming\XenoManager\SolaraBootstrapper.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\SolaraBootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2228
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "Solara Executor" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5B8.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:3168

C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2136
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "Solara Executor" /XML "C:\Users\Admin\AppData\Local\Temp\tmp42F0.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:4996

C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2628

C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3500
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "Solara Executor" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6666.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:5804

C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5892

C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5516
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "Solara Executor" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8ECE.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
38623c06e100113cf825efa6a44b2386

SHA1
479d8e0c6d7d10c05203a37707a6249d2537a9ed

SHA256
624eaf606d0845d9ef3f81652f29a5b8489b6543deb1e4fd4903c415238ee9d9

SHA512
452d7012b949688cabc6afbf4badfe9d02c090f30c06557f7f87b606cd716cda97771136964935eaa4d1668303889011f75ff599a79a6837c285ef84ebc2c8e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
509e630f2aea0919b6158790ecedff06

SHA1
ba9a6adff6f624a938f6ac99ece90fdeadcb47e7

SHA256
067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b

SHA512
1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
dfbbfbc6c218632c7df96ae4fe4b1f16

SHA1
f67874d7c415da11f10d7a15c5dd29459e915d10

SHA256
16b6ff59bb79b46ae307697606fd48a992b3bbde620c9e22cd75e0df4e77f577

SHA512
7350a43a810d3b369a45c524da4dfb6f2bb27ad639f2a2c590f57c0bec58deb05976539f58753373e9fe8d4e792d089309a1ed6a7dbcf833182ee6bc0a765394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0c39b6f319b77b8955d45aa4752520ce

SHA1
ec5c675b9430d973d28082377052151a442f3c36

SHA256
5aa6bdff9e1ba40b81e7b112b828af9dc2d7aa6456a0c8ff8b9f526235970480

SHA512
8afeadd40d9113b48d4b27aec6cd8e7045252570f340264505683684b4955d7528f63e6666c4e076297d74819baa4d6e0c6dc88da71f302a0e0a0591a4c10192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
70df17f84203933a3f3de00ef53d5c23

SHA1
a470aa539be26c65b19e13877a857b0c4306a2c0

SHA256
bfa23eb1fe9206cec4ef2d428b069c725c8d00601b387a27618d5f42999c8b68

SHA512
d81ab8ab698dd13e4b12c49b549b10fc3bb1ea2db281409aa4938d9276ac469bd2e77fb2d32b0c357df2133c58721223ef9f580524ce1b167c70e5dc91103a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e0f387ded088448aae6c3172b9b53fce

SHA1
33c5e8150ad079065fb56531011bffe9df614bba

SHA256
1e139fec8760649b63dc8742f5ea9def94e5c313158e3531de98a446ee7583a7

SHA512
8fb094bb82ff1ddeff455d40b6ac28f6847d35058fdadd6e56ee431651e8405e338bdb91d8c0b211815daea371e6a1c86f2430eb6088ed107f1cec2433261716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
b56f97f4ac740910765b885200b66824

SHA1
f5eadbf105adc4e60c40688089efc1df4211db97

SHA256
4982711f71d3c77e2ec7a064dcb2f579c5d558f614d70961b6663638c4f86c59

SHA512
d6848b268226baec2b435934a4f718e2aaa81082600dce8b49a7f3596a3ccecb2430c272e8061f80133c5b294e5e2364ea7f3c75a2447681233cb01ea5bfc897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
8037807783555fa956abc4f5e309828c

SHA1
6f5a0b30111f3f4ef403b36021bda3714e845e54

SHA256
4f7013d16719d806ef8b50a465e61258e6f5fba53e22f68e785e90066df4e8b1

SHA512
9afbac70d7276fa80675e9be7519c0348f6c55e4047f8d7c0481c6e9a41a48c1da6f4c207a6ca7f75e0e2557a031f11cf655a47d719b716505ef1f1501260bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
280KB

MD5
d98685e737277c335d49ebdf6d666e01

SHA1
7caa57fb859474646c473b01294454219672f024

SHA256
aea3014e89492b223e739bbdf53615d6210c487f1d548979ad2fd64ba5828dec

SHA512
9a434d22505d6b457e759ba45efdfc88f7370543948808383252f71af851435eac2cca436302a8e9dbcea8cb47732f6039c463e3036b45e8e002b3f269757957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
191KB

MD5
eaebb390ddb3b1c0e07904f935d29bd9

SHA1
dca8da5b24b1b18b3c8dbc2523f5d145fd4dae13

SHA256
9478515162e79256323883a5092b39e0045dc8213d7dcf7be5dcc1ec5b70e9e4

SHA512
e2dae28c4661b3bb65b3811803a9396e1c9b16eb187b60f2d4d1a8cc65e2ad6ce0931a48e942b5d920bdc263ea939b9164b649edc3752e83daabef9366a186e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aed8568ae577d3fbb2d1fc29b2703eb0

SHA1
f4445349ae9067b00e1d5a91cb7f5934270afc83

SHA256
e582ad75adf005f9b5e2680d183bb4fedf60411e26e249f0bc6fea14432dae60

SHA512
2d0523caef95d74c6ae3fa2ae4289877b6fc06dbd1a773901151bd29700b5bdea767fe46f441803e7075874383e07443e439610ea983d1a1d2aba862526a92bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
346B

MD5
98d424137af36bd9972e04084895072c

SHA1
a3514c448dbc622c7eaafcace65f2d199136db98

SHA256
cf5fc9563b0c08f32c8de57e1c37ff149625f27ee063e0c340e9b43ae939c43c

SHA512
7bd8cc392487315888ac75e8d1546819301da0aced2ed856191df3c24dff200acc38b9955ea6f0748978b2e4e96dfa2f604e8c06a60a2546f220f10795933585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
ec52ed2bf87be621af04758fc97350f8

SHA1
f98b8615fa6cb1f0d799442c81ab6dccba80d272

SHA256
94ff9d3d59ba69527ade34a37cb66266cd54df890ed1b487368c7481c233b3b2

SHA512
d02bb1620a72c2a85cee7ac6c209cd584bb5c3f999ec3875e93df6cabe09aa146c6a7b88c1d650e611d3e040159adc6aaa2e7c8ada3579f33f1210e9068f02a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
570B

MD5
d4ba0ae0bb0b9faff3da6f35fdbc3c8a

SHA1
fb3e9dec7f35a9b1d94e54a5659dd0de484055e7

SHA256
99def1b557f19f04c1affc6f247d0451f33fc10ec42e73792223c3215ac98be6

SHA512
86fd07c34b9abd4c52ba19eae291936f92bc6d38a75c021edc1dedbc15617669876180cd99f959c62476d82ec6bb9f5fe4c6cb4d82cb037efb76d99a4d3d9c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
9ea1ff868c24ed1055b8ff3f7a52357a

SHA1
14941370d08743204e094be86d1a1d5f8564eb44

SHA256
33ddadbfacbc044cd436307c962f222dbea517789bcbc7af43a0467c55da4532

SHA512
4675bd1f59ef83a38303450c811af9552fd8e77985986db24d8f698edf5195a4c5582c08a79515ef0c6d45fd24a89ba65b5df1f8f3971e0874e2803be376c124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
73ba5793748f3750129500ab18b41da2

SHA1
b1920672a76705a740bcc38b88a2680f53155f0d

SHA256
683164c6cc278fdbe7bb482e88a8de02ebb214848b8e0cf53c3ccc7d8d08e6f6

SHA512
11c5a3acc0796c7fedebbe40460505d9d6d50fc1489a105d796e5b2c2387581bdda802e54fefcfea32954af4d055e8105eccca2501d706efd510c6281b6a2ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
68878e740c5e122044766ce218ef9c57

SHA1
eea3f53f9661320aa4da0b9aab9644ceadd62764

SHA256
70045f322583cb57ab30acb56bf566e985684973864779ba947b9a26e27892ab

SHA512
8fdcf4cf25cd16f1d54f6213595ec66dcc13e716d12e64b5efefff33f0af22cd11b72be68b11c1b2aec7ee9cc156dd40d291e5ddb6feb0721248473d41be5606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1e85b778cf529420f218c2a7afc1b8ec

SHA1
ccd280e6978a7622e8c5b7e16019524907372ac4

SHA256
ef367ded8c881dadf222a3fce50ceff9ef33a1c3b3513f01ec26aa98027d6458

SHA512
a9dbd7ff73dfe2042564b43f68300b7359621983700a199f95a033da869d1f1c395d95184517f692e62946c3febfa981bfa97275cc5ffff49578f8f244686a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
187B

MD5
421e040431b6b0c864671d7316420504

SHA1
dfeb7482e4e690c76fa9c893c582d4d3c761ef0a

SHA256
2b3ba8807bf4735add98ac0a344b59293050701016d2803ba499cbbd21e9b041

SHA512
1dbe7d806f820d86fd98cb1dc1e47b90567a3e208addd41c5977681b303ec058b0d9911a1420b3277d904b3ce00833b8cf8ca0d6d1627b84d3328b257585967e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
55869e0d929a6b82771be4efd373f046

SHA1
dea0e1b6e46475e1c9f483748af4647898a6391f

SHA256
6de9b38dbfb3337baea6c56d5c3784ce872c686d2f9d7f686a3b5946f3ca7975

SHA512
bda481b12bbb2e554d5df824ce5b699a5edab0342f847f343a50ed4cb40ef18f66cd0bb5af54f5301ad22e672a73e2307e14e13f5b628403e7cbf481e1da7dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
89e1001c05aca0067a8caa9c7b84bc99

SHA1
0091783e707667609f199d031b4109f8ef2631e8

SHA256
b771c8f48efc7c2833a89dbb74ebb1259e8af39595a354c730d0f07f9e82f4bc

SHA512
fb233ac18a0c1c83978b55d47ad8b2cf9f0901a612f45f808112eeadd698b97535a66a273f5772c28a04654ce060c94842f21f1914de39947bfa0692d293409f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
ab76ca6ee339663575c3266b58ada84e

SHA1
f62a7c6b00b809eba53cbd4b9b65730a3bb7a19f

SHA256
99c3152bf9aa4fcfab34931e3f7d867635bbfac017e3b55b2a458c78cc2b9715

SHA512
199083e19d97ce3b33d3f70277080e2f0383dc5af4ae377d9eb7ee259f8178371af5dcbaa75ceebc7534b7766c5cbf37382ed98a4cebe3d1befb7f357a2e5a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
59f172e3d56a5dc8f869d49a5dff1612

SHA1
786536589b158524caef21548b7bc0618ee4db37

SHA256
7aded471b6955dd7bfc6e964f432cc33caeea1576ea460ba865eb73dd0d9cc02

SHA512
7362018d9458c3937d2587b08640ef7d8be4da860f13b1e3a2a57fc9bb999acb3359463c8a346c0d0862ab67d72ac87c527179d510780a45cebf9016729ef11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
4818c05c0c9f8b9b554799f5ba7303fa

SHA1
6eb7433a2f36abcd9888daaf49e2e03e8f51cc1a

SHA256
95bac4aa8ba4e1738c38d13a8c116980f1d97ced1523a9847a170dee0d366669

SHA512
708e154139994ba8e42ac030db1880513d53c0f05ff409c6dbcce1e8180926fbb2b8380aa1c14c8ad7b7d26213891330cda89d6b21e2327a28080f1be5d2314d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
146eb9d0fca851d512e25b11151f1aef

SHA1
a9c1b676034c9f10f2fe0ce7f7e26dccd0878cb7

SHA256
c1c2e3bf896a550205f8c8a0409e3592ac3bdfc5ebea7a087cf9c64631178972

SHA512
0f45fb3d592011ef2436a30c0a5a0e6b563b6a6ded6636d48968cdd58f0c65a4ceea5841f4101b021fbdb0190be76f010574c8a933d02b84b502ef3cd0234509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
80f45bccd9533fc9d536f9e9af92bf09

SHA1
6cae623324f60bd1a1ffd0f1054b875f8ce657fe

SHA256
2ea4c85c2530589e02a16b2868515dd8e57cf3a27afffcf6e72a65028cb3e270

SHA512
8051a25781fa3209913f4ff125bc14409f50a2c1191e01641ad5158ffb3e4157b347a93ce0821c4f10294cea9210348d8ec362f59964fa3bded68f8d7718ebea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
d1d5283e2e60a238ae74457d6bbb2731

SHA1
a63053aa2acdecf1e67fd55f99c7cc46f931cfa7

SHA256
20625c5a2fdfd813788358946d9e7e5daa18694686938b0ee9adf27a8da593b7

SHA512
c3af275bd99a9380482c2229c76092df71ad742a4044b96368f6a74cd9ed08a4a90beec6d083944b3bb3c431f93a682ac8fba5075da68bbbbf9ca738d3277bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
447ae9665639baa00bf37372a2a05eb4

SHA1
7658eb78152d2bd7034569608013e6be445a6cff

SHA256
e71a9216152b570251c36ef2bef721f6a49d54f130a87317f4ec675f5d6274c2

SHA512
84fbbc3277db8842bfbd23c8dc86132837f148ac6d6fcfdd84abe2e5e03220e7a5a0eb47a94c2f2d0c510281c001389c42be9e67afce32caf6bba4bec16ec8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c929df27-6934-470d-9f53-7b76dd704161.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
13KB

MD5
386d853fba7cc375ef35e8ba70f63ea2

SHA1
dfc21d9ca83df3eb7edf85617227aa8d71e09212

SHA256
9780e4198cdd2efe38f8928b1df39563cc54a9df557a9faf675ce20043746f72

SHA512
1ec1ead8f22d2460fcb481e567c501fc3058a02a05c68d7dc26c01d5d62f08dfe35f32a62a9f21d10cb30ea7458ac5ae6597bccb88d026bccb4835e0ff35e0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
38795bf9b3f2fa598586b15520872d57

SHA1
1de1aa0b43c11dca965591a7867bebd7badc0110

SHA256
a255c29ed774ad509f58abca7c91f3d6b0fa8583d46565cdd00295902b707e4a

SHA512
b6cf4a0a450932d180ed7779045c1df3475220499fd5d689607e6127d5f2f7a823cb59ba314f568673b992d484cf5c898f2f53591626772e6ef81e363db98a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
5e5b9de31a09458e074aa50824d52084

SHA1
41d9ff6daad8210674d969eb396e89ee92ecc79c

SHA256
3358323b40f0b72e17715e19c4a1673d0de397d5e2c840c28a2130aa351c8c7d

SHA512
6b4fd113b6abb735d774895cf49b12783cc84fc02e3b5ee995f62beccfa99aab0eeb77ce359b13cde29e577c7cabdc43842ec8441bc58792f7be654a8d77999a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
176cbaefb95e512890429940542ca223

SHA1
2421618e038d6ad4b9c0a7263c8deae8f1a8ba3c

SHA256
26704147b179ed7aff676a0282920e79cb6a75cf3231516a4d4c5a0dfd9d5f9d

SHA512
61af80f6b50f43d636aa1af90f124ac6660ce6c4c94ba06de3d823e0d632950aab0b220fa686eebcca0bb4482ddb233b8083a8ba495add62cac19255f7aa164d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
cc605bd96005b812f6fa309e78e6d46a

SHA1
538d555722989f9c1144ff77b978061b32329fea

SHA256
cd78408d763b2bc2c37b3eefed311bf6bd904a27af70a9bba069013ffad09c3b

SHA512
a6f7c90ea051722ef0f2398c65da7bd020ee173bedd21e2713c1cde260e28fe6175a85bcab93a77f8aab172ab4e251abff1f72c5aec837eacbaba9055902a4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
c459cb34000ee1ef9cf5715fe573d257

SHA1
2d479acea57744e7d067fe7b50944c932179e0ae

SHA256
7ee8c75b1de5d16c6202c4a4f835ac5ed57a5835a77ab7120406b26d5201b1a6

SHA512
6af936eccc818edf0e3ec05de047f5fe9bb49b4b6111f240f3b97204512da58d3b77210ac46a3cb64da5dd81b768b89401b70e5c10fd66e8733bb7c4bae358ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
892B

MD5
a5134d5f359039922b588f554a50d8a4

SHA1
5e373abcea90493a7d2ba180a24221e0b2f821ce

SHA256
a57e1372dd9dab0abf45f5f68a4ceec54a42eb3506f52ad3bae4f2990d2bb005

SHA512
ed7d9cbd8aa084b5d91b66387313a4e1d66d7de24d6e7645c40edca9d3bac73cfbbd922cd56493b12731e4664eac83c3311a0fcfec7819b2f89fa97432e73af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
82a63fc2e66205753ae3d6e98daa51b3

SHA1
e25593f6b05eec74e795a69dbe6543b1359bc805

SHA256
19d0373a60eb7e5ce06462c22ec30e93095b84e7096e6707b3eaf5fdd8749904

SHA512
1c30a542326511e99d6145e8e3077db093bbed3e7be4124cdd048aa8c7a3e91ae419e552e0bd4195da6771dbed6f68ddc1aa724cf7f5baf2418dc47acce115e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
0049aa557fec6065029ae0d6cc6585bf

SHA1
55029f1b86de4d4b29b69e16608abccffddf69a9

SHA256
61490b651299c53baf0f01d03ace778a70838a5ddc417d8854fb5a086fea40ff

SHA512
04b080864c94397af81e3a893b8fd090ff5804b89a0e7ded1e7aa13578da680b6453ab583ed692ca7b6e16470d3a54a8487ae7b19b115c110d5ce10e04e72ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
ce9ddb0bca0b91ce544bd43c030b3bdd

SHA1
e528e88d2c7b17c1a75286575a52849daaf70034

SHA256
9300ad19362e76e5a554270507c5640c6aa9f989c829692461992b8e34a3a2aa

SHA512
71f86efc622378521196c18d78f320dd65761de7235f4b52f200baffb357fb007b53735b6e54257aebfc5662a226b82abe7e657a82786525d29e77652e01e4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
bb056dd03faea9d1766bf3f5f3c1c68a

SHA1
a49c4cd1c697e34fda87ee7683d77719b7904c08

SHA256
e73b6bca58b8eab086edd1e82155fa4817cde09c100312e8e154bd49233e8979

SHA512
4542c06317c4471cc4f9986059527b523d0cd4bc6f12245046d0605d98418d227ca265e0ada8b1a6c8bb03127dc68f897f6c7a9e6aa22f642a1dba8ca72b5f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
23ec10127e3500ed407d1d2130bf3dc4

SHA1
43205b65d43a092fb897fd47e1273a2272694c87

SHA256
132649b3412d313ffb4fa4f2394382549f3da6ae0c6807beba56d1124a596323

SHA512
42d5e7a6ede9979385385cf29846fa6bd4fcc73f679595f33f2c2c55fc9b96cae7f00c36702ef504b1361891417695b9850258a5a3c7f90ee06de70c4730f70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
9b96a5f7dbb1d3af687e09ac63431515

SHA1
0c4d3bcf3ebafa0ee8c464ceb8fca47d84ff672d

SHA256
ce77628291fe19b56fff27d40557f3b47fad7cff708975339c3e9a40494d8b1e

SHA512
e8a3246fa401d600adca7bcaaa546843c0a6f765926c7bc2b71963e534ae72b559cd3fb33e5e0c99ed0dbb97217447035fc2cb8a1bcab9805923a301cf942957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
bd66ef2d5c876be75a13279e39e112eb

SHA1
b1d93ea4b72f10743fce1b754f23095eae8feadc

SHA256
229fc706461ce13f9db117d175c76969ba6efed6172e2d9ba4d3f812ee44781b

SHA512
9a05f6d01c7ed6b78acefbac29e557eb1b522525fd022b021a0abf6732ff608c5e21a0c8d588b1edbd6f94969e1a9bfceca6f1b4539a02d51ba4b8aec0c6add0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
184a434c9189320aa7b52debe5c658dd

SHA1
bad3502a8224211f0ee96472bbfc36677c9edd33

SHA256
98b8ba396af2b0e067cf597be1d83fa4d5a4132df0b43eb1ac58f8604623990d

SHA512
de8791627ab939600eecfbd2c77f61c9a46b7f2836bffd728122bcbb80d444129f9d2d9a36a6763011ff48b2dfa7212d9ebee5f68d885792bf22de2af3b07ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
50bf572269da8e46c406a3e6075f9883

SHA1
060507f1ea873ab7c78c23d8e12d6f48eede9c4a

SHA256
24ff29469360d4cae539be9a7c2bc2bd121caab26e6acda5e06ac77e2f0e9bb8

SHA512
4fb3895f654d7280a0558d15a1167fb88452b20c861f4caed1163599fdf4196fdf9c0fa98dc2e4e1921ac6d21f09a9442ca6a7a096829d3279f44ea5c5815228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
23281e07c5735583cb8718de879249cf

SHA1
d09ae1101503d7e8a47784a4a9644bbf5787bca0

SHA256
53715c043958194991228c80825cea7bc35d1a7bfe186774b2c02288688f58f5

SHA512
f4a3e3c793eee4998b3cafb12b493a4f1953637c11c2cccee4c4ac7ecc43068b193b6a7b7003547849c3afc82adfffce37e4d1e4cfd68511e2c533582d81b626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
533e132e5f89dd1ba58f20e9a62833bf

SHA1
c4455e3b63d3a0f98d7f586cf7b32a108097c52a

SHA256
b3889678d89db3834d9b20af4e0c4241e27864cd8b2275df886f97506214ad7b

SHA512
b563449dc554bd22f6f512aceb9c16342951f7f07730649820ba6cb5a896eb8bcd33db2d772558d3b1c50f60726483c437aaf9c35d3ee4e8bd5d67e3488a6348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
976d51301e0eccba10df829e2975f9be

SHA1
05f20d152d95e235144070e00f90551c4a714967

SHA256
86fc21991c33b0b9a4bbaab58e4f16d8c00e165fb4907e2cead99eb81e001d65

SHA512
c6512f06aa87173df9eabf72f68d7d32a5f9ff5634e61ab07b43d9580159b0f4f740b47a74cbc0382d93be67b7d01685f5d2aa58d8ce1ea4e6645807704a9554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\SolaraBootstrapper.exe:Zone.Identifier

Filesize
90B

MD5
2df5906bca1e9dc711c187cd6f071675

SHA1
bdea8a79cf9334236e8254c200ac2a2c2c2d78a0

SHA256
2d2711ff7f3606a9367fb9f35f5b68f0d5df9652275589bddb43896a9b91af85

SHA512
04401c527dba2c7855720a5f36ce1cbc9518fedf011103e3302f4234aa048594a1a4f82fa759d9e80381f3423971a877182c3c18011c8b1a96ba9659056ec68e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2840_189723392\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2840_189723392\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
memory/3148-753-0x0000000000FE0000-0x000000000102C000-memory.dmp

Filesize
304KB

Download