f3f8d21ef3d5c0988e10623016d6313c06d7b27cee556f4582641d3f3f6060f9

Analysis

max time kernel
145s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2023, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Soar Installer.exe
Size

53.1MB
MD5

331c5db4b79ffceedb352c6b49d0ac66
SHA1

e8aa7ba6e27a04d77370976cb6866e9ac1371234
SHA256

f3f8d21ef3d5c0988e10623016d6313c06d7b27cee556f4582641d3f3f6060f9
SHA512

dbecbe64c4c27da8345d54224d86e47c882f94db2a30ab3d0655b510936dcfc4b9dcdaded69fafa3098399a1fe15e6bf6724c178cadce6cf58d2fd00c2fa9959
SSDEEP

786432:ugiUxhx6xEawQDCqZ0Em1q1bz+LsUwk5w0RG65vTCzP6tVraUH8tQqs1gyq:uZUxhYxrN6Em1q1HkMGwbyTCzivOtLv/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4284	Soar Installer.tmp
2480	Soar Client.exe
4036	java.exe

Loads dropped DLL 12 IoCs

pid	Process
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe
4036	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4456	icacls.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4832	msedge.exe
4832	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp
4284	Soar Installer.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4036	java.exe
4036	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4284	2452	Soar Installer.exe	80
PID 2452 wrote to memory of 4284	2452	Soar Installer.exe	80
PID 2452 wrote to memory of 4284	2452	Soar Installer.exe	80
PID 4612 wrote to memory of 832	4612	msedge.exe	99
PID 4612 wrote to memory of 832	4612	msedge.exe	99
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 1548	4612	msedge.exe	101
PID 4612 wrote to memory of 4832	4612	msedge.exe	100
PID 4612 wrote to memory of 4832	4612	msedge.exe	100
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102
PID 4612 wrote to memory of 4560	4612	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\Soar Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Soar Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\is-OIO7M.tmp\Soar Installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OIO7M.tmp\Soar Installer.tmp" /SL5="$401D8,54705823,832512,C:\Users\Admin\AppData\Local\Temp\Soar Installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4284
- - C:\Users\Admin\AppData\Local\.soarclient\Soar Client.exe
    "C:\Users\Admin\AppData\Local\.soarclient\Soar Client.exe"
    3⤵
    - Executes dropped EXE
    PID:2480
  - - C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\java.exe
      "C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\java.exe" -jar "C:\Users\Admin\AppData\Local\.soarclient\Bootstrap.jar"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:4036
    - - C:\Windows\system32\icacls.exe
        
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        5⤵
        Modifies file permissions
        
        PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultca89164ah5c3eh47dehb6eeh8a890ec9f63a
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8233a46f8,0x7ff8233a4708,0x7ff8233a4718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9695323537327625209,10345802863301087850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9695323537327625209,10345802863301087850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9695323537327625209,10345802863301087850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\9960f62e1e527f9c.timestamp

Filesize
71B

MD5
0669ef1b2581da7e1c3dda5e534465ad

SHA1
9f7ef173d9ec80558b463dc5fee15f85ef99183b

SHA256
5d5102d297dec9ae1dcf15a98e7d931f8d622846f8c488173c2d64f13060e133

SHA512
b5c522959a91d787b0447044b75d69f4f7dc647898fb675dd74f36a072551e573bff3cfd34484e0c60e3456817512234c0c261af446214b0d0cae8da360e64de

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\Bootstrap.jar

Filesize
465KB

MD5
008a7a9dbf352fae5e358e85397ff9c8

SHA1
7e219dab0bb078eb2af35545e9c7861c56abd1e0

SHA256
6c1a734a0d463f257475b6cfc7e50cc876b8ac78e348640d14abab5b36f6d51b

SHA512
6d43c732d69657d4e91a3b107762d1625947233d628f843d0de339f49807bc42d1ebbea0216305e8af7334027121e3542c87313bb449fd5bc7d1c4e46950ebf5

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\Soar Client.exe

Filesize
310KB

MD5
a96885592aed55d1c77590b8e480a7d5

SHA1
37cf27b61630991c8a06648713179ef0d43ddf8f

SHA256
20c5aef99f121b02c625731d1df5d10a42e605e123f381ab848ab291b43f16a5

SHA512
06bc41c5f0b686ab00de1899d1b07898f611a6087ef3ea97ee66bd62cc8fc3081d69916ee25b2a0484aa594d63565e4f3cd387ce3dc73095aa452699cae8301b

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\Soar Client.exe

Filesize
310KB

MD5
a96885592aed55d1c77590b8e480a7d5

SHA1
37cf27b61630991c8a06648713179ef0d43ddf8f

SHA256
20c5aef99f121b02c625731d1df5d10a42e605e123f381ab848ab291b43f16a5

SHA512
06bc41c5f0b686ab00de1899d1b07898f611a6087ef3ea97ee66bd62cc8fc3081d69916ee25b2a0484aa594d63565e4f3cd387ce3dc73095aa452699cae8301b

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\Soar Client.exe

Filesize
310KB

MD5
a96885592aed55d1c77590b8e480a7d5

SHA1
37cf27b61630991c8a06648713179ef0d43ddf8f

SHA256
20c5aef99f121b02c625731d1df5d10a42e605e123f381ab848ab291b43f16a5

SHA512
06bc41c5f0b686ab00de1899d1b07898f611a6087ef3ea97ee66bd62cc8fc3081d69916ee25b2a0484aa594d63565e4f3cd387ce3dc73095aa452699cae8301b

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\Soar Client.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\awt.dll

Filesize
1.3MB

MD5
39a3de251306cbca47cf2fb10089ae9f

SHA1
cc3f3d1bc3ad172c9646961b18fe1d7bf98b59a5

SHA256
6d1c82cad959b7e4636d8fced4368f0f2c8da4ef609667396e8772ad8d63f736

SHA512
351a02453659d04a2943abc1da2b9541f97982ed3f94d288679dfd8d962bfb4b0dcdef9b06d329bdad64e032b0372733ff7d1577c49952accf86b971aed86f7e

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\awt.dll

Filesize
1.3MB

MD5
39a3de251306cbca47cf2fb10089ae9f

SHA1
cc3f3d1bc3ad172c9646961b18fe1d7bf98b59a5

SHA256
6d1c82cad959b7e4636d8fced4368f0f2c8da4ef609667396e8772ad8d63f736

SHA512
351a02453659d04a2943abc1da2b9541f97982ed3f94d288679dfd8d962bfb4b0dcdef9b06d329bdad64e032b0372733ff7d1577c49952accf86b971aed86f7e

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\fontmanager.dll

Filesize
300KB

MD5
80f541f9da85e791626275a140d7f2d7

SHA1
66eb0fb72d458a3c1eec721245b645fc43854ce8

SHA256
889f837c011beea74573837a9c0316f375512b08a863bf1ee08032b72dae2bff

SHA512
bc212eff3fe6f04b21f1e28d042bc5b192e4016578b9f7714bd996eeb5fee33b743248fbe5ef03ae5abfbbf10b263af77e7dc463e71d2847113233efebb43f10

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\fontmanager.dll

Filesize
300KB

MD5
80f541f9da85e791626275a140d7f2d7

SHA1
66eb0fb72d458a3c1eec721245b645fc43854ce8

SHA256
889f837c011beea74573837a9c0316f375512b08a863bf1ee08032b72dae2bff

SHA512
bc212eff3fe6f04b21f1e28d042bc5b192e4016578b9f7714bd996eeb5fee33b743248fbe5ef03ae5abfbbf10b263af77e7dc463e71d2847113233efebb43f10

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\java.dll

Filesize
162KB

MD5
4e6dfd5867f4cea96dad1d59a0ca43fe

SHA1
6a08abc0b5a2cab00eb6d7543c661aa6620890a1

SHA256
179df744661b659d50fd6943834d81476287c2075448d2dc783fb32c69a00e54

SHA512
2565197c75eca66600a530aa6b033d4985fcb05edf73e096ebba37f06016e6ae5c4fc516a182bf674ff18e3f3b031353c9ff187a6b8804058b5d2b47c914e60b

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\java.dll

Filesize
162KB

MD5
4e6dfd5867f4cea96dad1d59a0ca43fe

SHA1
6a08abc0b5a2cab00eb6d7543c661aa6620890a1

SHA256
179df744661b659d50fd6943834d81476287c2075448d2dc783fb32c69a00e54

SHA512
2565197c75eca66600a530aa6b033d4985fcb05edf73e096ebba37f06016e6ae5c4fc516a182bf674ff18e3f3b031353c9ff187a6b8804058b5d2b47c914e60b

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\java.exe

Filesize
285KB

MD5
dafb5fbb0614c19eccdab9bef8f89c22

SHA1
91ab91eb4a90f02c4950c3e5da80f3eb24bddb52

SHA256
af62c3850cd7a84db64bbaf68533e2769da619a8a4bccf0ac4836d2ec86e4b5e

SHA512
81cf8e04b595052e67db73454a67e2098e1df9353e2c3cc842b8ab2a9fa837b90a2101d5a097a6b0af0030869e788de1aa73ebb958f1428a3952ce0464db3e93

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\java.exe

Filesize
285KB

MD5
dafb5fbb0614c19eccdab9bef8f89c22

SHA1
91ab91eb4a90f02c4950c3e5da80f3eb24bddb52

SHA256
af62c3850cd7a84db64bbaf68533e2769da619a8a4bccf0ac4836d2ec86e4b5e

SHA512
81cf8e04b595052e67db73454a67e2098e1df9353e2c3cc842b8ab2a9fa837b90a2101d5a097a6b0af0030869e788de1aa73ebb958f1428a3952ce0464db3e93

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\net.dll

Filesize
64KB

MD5
f2b034411e975ee88efc16050b04f2b0

SHA1
8f014db2a4db94c77227ff66945491099c6ebf83

SHA256
111789b60756c94974df0acbfeb42e22d543c1a24833eb9d8cd2b79924f73ff8

SHA512
17379ee620163094a586ac7287f4710f3346f0c5ed7e70ee3b428764d140f33756a82a1576ff815b5ab2a7eb4f200c7371e9fc1046b4f5f714863b6cc92390c6

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\net.dll

Filesize
64KB

MD5
f2b034411e975ee88efc16050b04f2b0

SHA1
8f014db2a4db94c77227ff66945491099c6ebf83

SHA256
111789b60756c94974df0acbfeb42e22d543c1a24833eb9d8cd2b79924f73ff8

SHA512
17379ee620163094a586ac7287f4710f3346f0c5ed7e70ee3b428764d140f33756a82a1576ff815b5ab2a7eb4f200c7371e9fc1046b4f5f714863b6cc92390c6

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\server\jvm.dll

Filesize
8.5MB

MD5
dceeb4fb6af9bb2ea7a2eed1d921afb5

SHA1
af1463a499f7d6eed5efcb9c9515e82335e9c1b6

SHA256
6707043f0b609a0b3677cd11f6526d8ecfcbeab079a394019d648c9039e7da21

SHA512
e4688d2264dda88e90beeb394adc48064012ed458ab9015ecef744a86ab76b4f65845f77a3d02b131aa5c342e6a572f79f471b5dc8df178b2d7483c04b1f4763

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\server\jvm.dll

Filesize
8.5MB

MD5
dceeb4fb6af9bb2ea7a2eed1d921afb5

SHA1
af1463a499f7d6eed5efcb9c9515e82335e9c1b6

SHA256
6707043f0b609a0b3677cd11f6526d8ecfcbeab079a394019d648c9039e7da21

SHA512
e4688d2264dda88e90beeb394adc48064012ed458ab9015ecef744a86ab76b4f65845f77a3d02b131aa5c342e6a572f79f471b5dc8df178b2d7483c04b1f4763

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\sunec.dll

Filesize
142KB

MD5
2632b6d90868ff1ece67f76b86a23d79

SHA1
90ddedde02a4cc37ae361caabc36a6a686c24bd1

SHA256
86106645d9e3801911808d6343a7fead7b6e9d8b740bad63a4cd9851ff599283

SHA512
61e0581c3dde45db74383b93e56396c65435714e746fe4f000c53465e8e6750bd787b5895a987bbdbe4badb5ad3570394c82476c2b4d65099f0b923002153b18

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\sunec.dll

Filesize
142KB

MD5
2632b6d90868ff1ece67f76b86a23d79

SHA1
90ddedde02a4cc37ae361caabc36a6a686c24bd1

SHA256
86106645d9e3801911808d6343a7fead7b6e9d8b740bad63a4cd9851ff599283

SHA512
61e0581c3dde45db74383b93e56396c65435714e746fe4f000c53465e8e6750bd787b5895a987bbdbe4badb5ad3570394c82476c2b4d65099f0b923002153b18

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\verify.dll

Filesize
55KB

MD5
82bb3a2292372acbf8bb25e30a3e169c

SHA1
c09c134561213cd67c670f60a2c52cf947e51a74

SHA256
9c99e6591c73eda0dfd6bb9a55d0a175cf5bdb583115477cedc627fd793c3deb

SHA512
db4802fe0e3a6dc1678765af559e9c1f6e8639dd5c7c8f18f08296b1b4d15cfe748e391459253a3dde0ca2bda74c6772af262e5b194c78c6bdefbcc2c5377db7

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\verify.dll

Filesize
55KB

MD5
82bb3a2292372acbf8bb25e30a3e169c

SHA1
c09c134561213cd67c670f60a2c52cf947e51a74

SHA256
9c99e6591c73eda0dfd6bb9a55d0a175cf5bdb583115477cedc627fd793c3deb

SHA512
db4802fe0e3a6dc1678765af559e9c1f6e8639dd5c7c8f18f08296b1b4d15cfe748e391459253a3dde0ca2bda74c6772af262e5b194c78c6bdefbcc2c5377db7

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\zip.dll

Filesize
87KB

MD5
0d56a7ff632826362768b3edd5e5174f

SHA1
8b96856f8fe3175039d1a7cf3ac0910467844a08

SHA256
27cf17beab60d7f9a62aac7622eefa06eee78796db585f9ae5d3a5b5022d56a9

SHA512
b4fe51874b9ba7a2325ae3c0b96f32065f7cee7c846a9028495070f1f91cedd9445cb91248acd1ec134a72b2c07e49afcaef01b58af1dfb0ff417033c2d0e595

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\bin\zip.dll

Filesize
87KB

MD5
0d56a7ff632826362768b3edd5e5174f

SHA1
8b96856f8fe3175039d1a7cf3ac0910467844a08

SHA256
27cf17beab60d7f9a62aac7622eefa06eee78796db585f9ae5d3a5b5022d56a9

SHA512
b4fe51874b9ba7a2325ae3c0b96f32065f7cee7c846a9028495070f1f91cedd9445cb91248acd1ec134a72b2c07e49afcaef01b58af1dfb0ff417033c2d0e595

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\accessibility.properties

Filesize
149B

MD5
2ed483df31645d3d00c625c00c1e5a14

SHA1
27c9b302d2d47aae04fc1f4ef9127a2835a77853

SHA256
68ef2f3c6d7636e39c6626ed1bd700e3a6b796c25a9e5feca4533abfacd61cdf

SHA512
4bf6d06f2ceaf070df4bd734370def74a6dd545fd40efd64a948e1422470ef39e37a4909feeb8f0731d5badb3dd9086e96dace6bdca7bbd3078e8383b16894da

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\charsets.jar

Filesize
2.9MB

MD5
bfdb22624544f02100cd37cff954f64c

SHA1
f699b290845f487cb7050d41a83b85446ea202b1

SHA256
04a6bc7af4d41fda5ca6c7584df50c5d0881fada89b4788e8ee4e5919345f143

SHA512
70c5f501c5e1cc67341bb3f4d190179a79fb8bee7292ff8cca0749368ae4475387ce121e8d33adc7e4e6fad5a10eab378fff17e3da0422d4cca0837c95574b95

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\ext\sunec.jar

Filesize
46KB

MD5
1227482c65dc231e3607b002950f5497

SHA1
709ff3738d5da8db225818df2966f04c13cb7d02

SHA256
cfe84c5292f9ddef96fecf118377565bbaf769eee7ff4cca81652fe1134f9809

SHA512
87c4f5fa1e6dad6f2fab8a0371380fa7be9f63b05f8ff6740a4208ec115f8db9c512de9e40b4b853be35effed2804d0774c0e9426571a129cb6bdecd527cdb8c

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\fontconfig.bfc

Filesize
3KB

MD5
ad8365719b70a2deade79683d8986a15

SHA1
88cbf37d05f28691b7f82e74fa891792e93b41b9

SHA256
b2ab990df3c4c1c2ec4317aaf22c946df17f0796727dbda712402307c56558ac

SHA512
287b19b6996a189baa3cf2894a57917b14b0615d551c5248ad55860678e5d6e58dd21247799bebe91b8236fc2f5300399fcfc1bb159edb9ae8d663805c6a30f1

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\images\cursors\is-9UL47.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\jce.jar

Filesize
119KB

MD5
e0b7e0f36b9fc43d13403145db82e758

SHA1
def42078cfa315e98393c69963efb4e35e2e28a8

SHA256
4362c179bb78107777d6a0557693e65eb2b318c26642162f89509dfdab8c97fe

SHA512
5074a7ceb9621096f3bbf419d32ac260ea6d9d09c758544c2761121026c2b9db0b6617806d3b692347b685d541123f4eda99dcbaa29d9c9a2d740b22c44bf7bb

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\jfr.jar

Filesize
560KB

MD5
530b1ee313390d5d51ae8f5aa0be9070

SHA1
d5de5ee8bd7275b5b20f466ba0869251679b24b3

SHA256
bded3bbadd255c856ed7fb9900cbf0445e980a669a3aa043cf095e18539eb48f

SHA512
50671ca7de240c38921849304ae482a52ae481d0ff5a2f02aef90c20b9f49842bf2ea32b9caabde57a955b8d638a017b6b3cdd662b679a2d743e029f97b88937

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\jsse.jar

Filesize
1.7MB

MD5
01408480f5c65da8c74ecfde0eed1a72

SHA1
2f1cb5df6d4879de8b0827d160e9bb281f829a3a

SHA256
fffafe7e2bacef79280a4565b5d1075320a8ec38dff7978c8fe6c033b6df49d0

SHA512
ae585f4825073da19f611bb7d11a1d075b4998bc3f7d53a67cdba778e0729e0b5134ce8fc49897f67d39e46f1209524ab53ab4551defc6a4127012e332f15d61

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\resources.jar

Filesize
3.4MB

MD5
c5152884c2676dd45109cfeba088a549

SHA1
8fe4fd1980bdc4139491b0dd963eb830b70bb8d6

SHA256
65a6d0d74b193af857dd5252d59e8bf9214ddb360b26c1da816b029bf0cf208c

SHA512
ed8d4777609024960a7037f42937de41c434df4ff7062b43f03f0060e326bdef7917e941c9d3db5a8ec7a65f4890ef3dd53c87401f9568e6f068f2930d558e61

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\rt.jar

Filesize
22.8MB

MD5
142befc498746f37be958417c92e2afe

SHA1
674ba46b6c04280cb45eeda5bba04a0cded90579

SHA256
eca9704f15b63b954e873145fee373f293890fa573f54381995e825691d02683

SHA512
2a109027d981ab317c67a3f4d97c7c9dc22cba676bf3d4f1ad3bde6f42747a6c23adb71f96205bfec58c40f0b1aea54f45493878be1eb0a1f120a5e0f20efad7

Download Submit
C:\Users\Admin\AppData\Local\.soarclient\jre-1.8.0_381\lib\security\java.security

Filesize
55KB

MD5
8f0e3440fffdbcaa9d26be4730492a66

SHA1
20a3e5a8ecbec20d41d7124120d264f61de96613

SHA256
b5e8205764b83f46b50187b2021de7c86a890df908a8d6c17275a68924f832c6

SHA512
c04528769ce780e730ef71803ca8191c217f571f62703daca273499b90e93101383a3699263458c205cd7a8733399c3c2ca6afc85b6843c2c5e2ba0890e762cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e86e4f8857384e5a4fa46a56b0143e36

SHA1
cb80e22eaca69ad1ecb92af66257e32fe095ef31

SHA256
c75eba72a7f21899822c63944d39c23d8b1fb10a2363ff6766fa796e69224b37

SHA512
2f9e5bc224d924b78e2d428fd28f218b26221963eac0c68cb6a7d23354daa330626171bce5dc845354c3b6ab2874ec204d68e95b5a72f9b0fdce746a528be58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
1ce002d69603c59c7f895320c8e97f0e

SHA1
0398ad9aecda76bb73bd40763af1d8e1a4ce154c

SHA256
00b394abe062439ee5500906557724923e76e86ca56872ad1f6f5042abd58956

SHA512
80f5b012b3c858c6e2f3a8087d255252866851dddb595e370ebc789e45423b51a90fb963096fa6d000f28240f42cbcae346550b18673861ac8b5dfea62b09170

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OIO7M.tmp\Soar Installer.tmp

Filesize
3.1MB

MD5
c7ff15e1725048e7650f873cd9d9f530

SHA1
008d4f3fea7318b50fd27337cfd335eac27f307a

SHA256
22de764c66e6bc53e7dc380d483027fba1ef44cb9133e231127bed4d49a4f657

SHA512
faaf142a52a03d4a43627e4a31b80ecd6b3c64c64ef62fb6c5eab7916d8f0025aeb2e5b960a0e437f6b68a0e82cc44baab316d3aa621f333d105bf410c98c530

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OIO7M.tmp\Soar Installer.tmp

Filesize
3.1MB

MD5
c7ff15e1725048e7650f873cd9d9f530

SHA1
008d4f3fea7318b50fd27337cfd335eac27f307a

SHA256
22de764c66e6bc53e7dc380d483027fba1ef44cb9133e231127bed4d49a4f657

SHA512
faaf142a52a03d4a43627e4a31b80ecd6b3c64c64ef62fb6c5eab7916d8f0025aeb2e5b960a0e437f6b68a0e82cc44baab316d3aa621f333d105bf410c98c530

Download Submit
memory/2452-834-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2452-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2452-141-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2480-800-0x00000000738F0000-0x00000000740A0000-memory.dmp

Filesize
7.7MB

Download
memory/2480-799-0x0000000000060000-0x00000000000B4000-memory.dmp

Filesize
336KB

Download
memory/2480-820-0x00000000738F0000-0x00000000740A0000-memory.dmp

Filesize
7.7MB

Download
memory/4036-867-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-853-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-864-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-865-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-843-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-838-0x000001F7968D0000-0x000001F7978D0000-memory.dmp

Filesize
16.0MB

Download
memory/4036-856-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-851-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-885-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4036-884-0x000001F795090000-0x000001F795091000-memory.dmp

Filesize
4KB

Download
memory/4284-756-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4284-143-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4284-142-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4284-831-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4284-139-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4284-448-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download