hxxps://delta-force-black-hawk-down-official[.]en[.]softonic[.]com/download

Resubmissions

11/09/2024, 10:50

240911-mxgzvswhqe 9

11/09/2024, 10:30

240911-mj8knavfmr 7

11/09/2024, 10:28

240911-mhntvsvepq 4

11/09/2024, 10:24

240911-mfv56avdpn 3

Analysis

max time kernel
216s
max time network
220s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 10:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://delta-force-black-hawk-down-official.en.softonic.com/download

Score

9^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Loads dropped DLL 2 IoCs

pid	Process
3156	SolaraBootstrapper.exe
3784	SolaraBootstrapper.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3156 set thread context of 1372	3156	SolaraBootstrapper.exe	146
PID 3784 set thread context of 2920	3784	SolaraBootstrapper.exe	150

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{F22C8F84-CDA0-44DD-96D6-626B6FDF4CD8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
1668	msedge.exe
1668	msedge.exe
4132	identity_helper.exe
4132	identity_helper.exe
1492	msedge.exe
1492	msedge.exe
5084	msedge.exe
5084	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
1372	MSBuild.exe
2920	MSBuild.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: 33	5728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5728	AUDIODG.EXE
Token: SeBackupPrivilege	1372	MSBuild.exe
Token: SeSecurityPrivilege	1372	MSBuild.exe
Token: SeSecurityPrivilege	1372	MSBuild.exe
Token: SeSecurityPrivilege	1372	MSBuild.exe
Token: SeSecurityPrivilege	1372	MSBuild.exe
Token: SeDebugPrivilege	1372	MSBuild.exe
Token: SeBackupPrivilege	2920	MSBuild.exe
Token: SeSecurityPrivilege	2920	MSBuild.exe
Token: SeSecurityPrivilege	2920	MSBuild.exe
Token: SeSecurityPrivilege	2920	MSBuild.exe
Token: SeSecurityPrivilege	2920	MSBuild.exe
Token: SeDebugPrivilege	2920	MSBuild.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 4416	1668	msedge.exe	83
PID 1668 wrote to memory of 4416	1668	msedge.exe	83
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4896	1668	msedge.exe	84
PID 1668 wrote to memory of 4104	1668	msedge.exe	85
PID 1668 wrote to memory of 4104	1668	msedge.exe	85
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86
PID 1668 wrote to memory of 3396	1668	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://delta-force-black-hawk-down-official.en.softonic.com/download
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0b4346f8,0x7ffa0b434708,0x7ffa0b434718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1232453212646873632,16088131989468247280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3600

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_SoLBVً.zip\ReadMe.txt
1⤵
PID:1620

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_SoLBVً.zip\ReadMe.txt
1⤵
PID:4560

C:\Users\Admin\Documents\SolarVً\SolarV\SolaraBootstrapper.exe
"C:\Users\Admin\Documents\SolarVً\SolarV\SolaraBootstrapper.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3156
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1372

C:\Users\Admin\Documents\SolarVً\SolarV\SolaraBootstrapper.exe
"C:\Users\Admin\Documents\SolarVً\SolarV\SolaraBootstrapper.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3784
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

Filesize
2KB

MD5
dacc82e6e6b88e8e99998baa34b684c5

SHA1
c10ffeebbfea0522f5cb3a3afd159d362c90a89a

SHA256
3961907179b99e833cdd64406120a73363c21cfa05cbbb13826450f71b374046

SHA512
b2fbd2ace8a9ef986932c90cb5d78ec9fd6a2ab4e8793bb47e879edfab328ca05a34076c1b729f45e861030c85e2f435e215b7144c5c248e48573ba3ade03749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SolaraBootstrapper.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\009df145-3d96-4ebc-bbf8-8b36eb634e92.tmp

Filesize
1KB

MD5
59bccf99790cb202f56854b716f94f24

SHA1
e4c0a84d99e2baf23940133e786d72d76c2d4b4e

SHA256
f44cd4aef8f227cae02693353944bc0c1b549bc575a14f6542a4bfef88c12e2d

SHA512
1aa1603e0cdf301fb3be33b1ce9d79f7ca0568695b0fce9522f2a199a208c255215e4f19924cbf8d5555e3258921785b41dc87538f9c1f4d3e23908ea05250c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
232KB

MD5
efde650967f54e45c8737eff98b90365

SHA1
f2139d2784be093f32d26d374b0ad2d9c4f7cff1

SHA256
4d26eaacc25960cec1e8a3a3435f1be9899c44d375334d4201cd2d9676841282

SHA512
05f3a338711860b3cbb4c1031da4d3b5028a47d18d866bd62834f437a299cb6777cd98b06bf62b7395ad886bddc31e05f9e41d68a004ada036da43cc0bd9ea56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
d5d8e40a8678d66d97b7532ebd8fa448

SHA1
d058d27cb733dc0923a03a3659c857937f31d6e0

SHA256
a074ca9ee23b367ad56c954cbe4a4e7956f459d5eaa16075542f1263db10a100

SHA512
072d0a08096413e3522cddb592a4ae0186c5ce95febb9f285eae3b6dc1e3b22f3088f9d9af33015d097c4e144fe0ab6d3d118f7ac78336fa355cfea5775e90f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
47KB

MD5
213af7ac1aa72e2c0c316743695b7cd0

SHA1
c93bf2de82958073a23b3a495356118ef718cecf

SHA256
f5680671f5dc330f962eb3de4164654e2c17284ac3a109f687ddabf104e25ce4

SHA512
d0e11f42a046682805d18a0a133df1c8c4272b94117de503dd4992c34f93e516b7decbf77496f45768aeb1a95f1493f74f5ff732e9b42efa6bff1b47e9b0c1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
754KB

MD5
a4c85b6bcc31263cd7dc7be3d6dbef22

SHA1
a2e872c395eb0ce75fff8713176dfa28d89c5daa

SHA256
0511565bfa67d617d8cc904135ac0ae7d108211b22538ec4fcffb1bd35ab968f

SHA512
e7a507c4ad33bb00699d595e8aa03a6fb0010ff69e260536cfd615f296ea08f13fdd362106adef0204b8555d71afc8ffa347f1c72abb93442fd0cd432e7e4a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
32KB

MD5
b52a6714d8f826dfb95bbce8b6133118

SHA1
d379be1fa86367a570d4ca16aee342561ad25d67

SHA256
5f35a91b6bfb1dab5043b904531f8705d7c116273b178995688a4492c20fc295

SHA512
79eff5d17020beecbd294d777001d9612bd9923868406a6f5d45c93ce5930de059ab4c86b0fb7a884d123c91512bb385eab7b70a3bcf857a4ecbc6c5e7261d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
32KB

MD5
18998e738c0c21101de9ce5779d456d1

SHA1
87d1d4eaf022f27302d96b47a36e44dd2bd0cca2

SHA256
9bb5dcf2c959d41f60fc1f6b710611726878e7519d5ee8016d10fa0267a13290

SHA512
a54fd2cf45d06132d6b60e4358aeb77ee32217d7b74a1defe752e3c8b2458af198caeddc596d0dffd6027f827564ef044c1485a45df857e6bc8b3f75f9f6e518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
610a8292c4431bfe6e1ab28a08aae01b

SHA1
655547a854ae1d52c2957b3230b8af63696e4fee

SHA256
0b1a936b1796d6da41af22e6a8f81e65481ada4c0217e2aa26331213345ad05e

SHA512
ab30d3842a121a0dfcecd8bc707117cbcf6cd06f3734b09e120b604e1b3d515b782486d4d8de11680c43ba3060091b93617d7312011b456dad2648fe140f5be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d2b34af79d753ef2776d6bb26248a6f3

SHA1
01f3038a57822e19ae5b20ca73e566849d405113

SHA256
4ec8dd90f7ce0b4fc81688177c10ffa2154a668267c5d6ca3459399c89fc9ee9

SHA512
f08f1b48aa832c853d83e3686d717d92083d6b9a34eb944bc61aad0166de01560bb98d53571fbe37d980e3f7d04a1cbea0a7a308889a6f4073e0fce6618ae6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
32KB

MD5
29aceba201c4328ef2d12cfd8d8d7b68

SHA1
4a775df08b422c4594d2550171b36f95b1c65f20

SHA256
dff0b91fd0fbfb0f63a3ce0cac107b86c86649f2391868b3062fc4f2299b1a98

SHA512
eaa66e220d60f4eeb6bf8f7c18bb7e3cfca89989c05f29fc5107c82f78c0588949183dce6aa2f81a4d4b50b0c71a066bb595f8148f6e9b527735084b24bf8066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000015.log

Filesize
597KB

MD5
fc47aeae67b0e2f2ce4c2e10bcc30643

SHA1
1e59b20617e6d1ad60796d2ad6d4aa506932c3ad

SHA256
09703bca8a7bf3f6acd15ec11010bf9872feea19f4e9e83d89b3ea477d9d86bb

SHA512
7bb8caa926f77489f5d2f11eec88c7037d5eb6854fd7a5cdf50107c380f7d2690b7c16b9586551f39bcdc3f624926159368cd57ba5bcf37c34862a24d529943e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0a15da8c2442e53348c4bb0aed8aa7eb

SHA1
dcdca0ab208287c00b45c3cbe57569f592e15134

SHA256
541520607e9e493ce6e5956202b86ad25ef111cf7d2f3e22cc41bb4702487888

SHA512
838ed5b3be694fa6424ab192b26090504acb92524605c1564bf53acda4bf8e089e2a6221e50071b16e3096f1e86856053de32e3ec73cf1801478c8189974145d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9d2db3a896fb2e98630523395e5723ff

SHA1
65483c1ff0d59c80726e2984b259719aa8833251

SHA256
598f284cf6f4df463090639d0c10e677bb925874a65eaf370474cf80e7cb785f

SHA512
a51dde52a0684cb827ff5619e518706973c42b9c8e98fe2905633ae3cc520f7d63c74324be241da569d5aea84b54e8a696093fb55cb9213baf987c926fb84d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b31a536bf80d93327093cde0615155fd

SHA1
c47dbc48e22e05b968f7bfc7943650219ada0a6b

SHA256
c350f6fb09825cf593e94106b8cd9e95b14324c8dacf5bbf58d2901250c91a1a

SHA512
9dde8adf1082d43283e0d18ac2457f210affa47383735593bb134b9492ee4f23ff9f4234773c78160d4a0572297ac01f989a3798fb5c988d291f6c73e0faa3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ca34ef0c0e97c8741013c254cf78c60

SHA1
b3790c00593a267ac4ee89f2474f731f67bd3f13

SHA256
2246a2b157d9727619d94cc0a5ad43adb951263eccbfe87941544157d72c265c

SHA512
fa890f6e7433522ccdbcee86189a408bf327da6a626b1e3213860071818c76b831bc9c9b7492ecb5a7c2f8bb2db037be22e1163edb5cef68006bc19d6d23a100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b42efd435a8665f21cb88dcd7c4d568

SHA1
33f6142b54dbc580e7c24917ecbce557c94c8d47

SHA256
60e806ac40a0171fc302d8c3b93402f3462329aeb37f106793501adfb9ec2485

SHA512
f15134e2ae5d9b394766be732f91a24fbe5ddef11232c3aaa337ee97ddbaee05312485139c46f0064d094d343af8c8c8e1dbfd115d5ef58534d02c00d9dbb20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
149154dad0729694fc8cbe86aae696dc

SHA1
f2b246ba4731dfcad1c3bcdb188e15c0ec61a9d5

SHA256
1cd93f1b7705edd8899a39ebc0aa22ac2af0d44969a29c509a9f926ac1decb94

SHA512
5f947c9a9b0c883ad7b8029f77ba2bd6767d1a0326e58501a756dd35dcc2d996f73177efdeb491381065a659eddad30613b448ce85b5e0fb02e656c1f8768e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
30c52e3cb76e30d85cb3b3e4f53fd0cf

SHA1
ce4578eb51f088cf3a3f7ac55fb0d4fd97504330

SHA256
b33787a28f5a8434fb952310d03c193d31121fad5e2a748c8bc8deb174bc44ec

SHA512
e246e8f25b1677e1245c370463102c070aa1a8de660d113652ba520606dada64d13d70e1deedca7424276011b2a147abdb858b9d4202d4e0beca865d1291ea64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee009508fa14083cb75f547c01a1ba9d

SHA1
99edb903d3a2417e9cfe6f7453e5a01a1851c92b

SHA256
6b8df1d7842d023670be4d80fbb38a55f2000c5dd6320d28887b6006e30f6ce2

SHA512
38cb3f6739e26712519f8a0dfd8f0756b00ddcc3c3bf26d57ecdfb6e8c1c12cc24ec37221755b07078aab77563fc5d4d53e3d94fc10434e4f40ac0a157ed2e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\506adc05-938c-46ea-9771-8b687856adce\index-dir\temp-index

Filesize
2KB

MD5
3a8f3939aaf60826fdcdcef9ccd21672

SHA1
7d1155a16e72ca384189cebe2eab63e7e4f53b5b

SHA256
5d06f24dd34fa427984e8575cbe1ef068d9ddd54ce91ec1f7070f4ee98e18c54

SHA512
32bb89bb6ce92c3fd980358bb9b88c5bd59225fc3a711352edd0a7204b8ed5e5c0d1f31216fd5c7bdab7a244b27d97d0691684e11fb8e1227b878c4bd2c4d686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\506adc05-938c-46ea-9771-8b687856adce\index-dir\the-real-index

Filesize
2KB

MD5
f5f7f7956c812167e786060dab73980e

SHA1
3a127e5173ff83847cdd71a97216d5e1588585c6

SHA256
5679d78b1a7a7d3a3470ab9f15b5ba9c641c80a7065a0ef6bc46d569475b2bda

SHA512
f97936f8d6b23f8c8b0151ae3edf78b0fb26baa2da5e0e7c9821f64978eb59929d166594b174c7be68ce0cddde898cb6d8575b0d785a6143bcbabbff6ba66409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\506adc05-938c-46ea-9771-8b687856adce\index-dir\the-real-index

Filesize
48B

MD5
6355dc5e69b894e87f93109f9a54d13e

SHA1
5afceb43f3df228eee76e2c113c572d82bbfab13

SHA256
bb1a1e8cefbba7fd83e6ac4874aef5b4d665b1a315ab4618dacc56581328535a

SHA512
231305cc378bbc7900a6d2fab35c929f0c6dd1f6c839da818986861372739bd7407a6e32c3fef436ef7b95fae00aa2567fb70670ce2351892569b23154018af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\506adc05-938c-46ea-9771-8b687856adce\index-dir\the-real-index

Filesize
2KB

MD5
0cf352727574102616a5ce94a729a200

SHA1
ccc4ff24cb002d8282b2fae13cda1ea989a71d3f

SHA256
9408f91fe0c2be1576d8d3197cbea99a4ec2236dcbf6f5b89f45418a48fdfa7c

SHA512
a212556f74ffa9fa1a2b4423e9b9cea892282acf66347a920f1be791880179c54193cc16b67ba5eac798e8f17d41373281dd1dfee0d3956135c332b83b3c9690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9bbe236a-b92f-46d4-8c17-414ced165ec9\9450a0c41969d1a6_0

Filesize
2KB

MD5
fc7fad356434b53d971134c0585e2e2a

SHA1
b26c6c100906b1a401a9536905bb60c3b8875a08

SHA256
59ca9dcad59e6071887eb3ae4b3749d4bee64ce838abce83d3ed939f954d1939

SHA512
33d19b596a2de24ec77b558d387c6f968053103ff86a561891c82a0bd84e0e45c8d162bde697fd5b8b225bbfd7a61b6c85a9f249ff0ddb60cded54fa7eb3ad0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9bbe236a-b92f-46d4-8c17-414ced165ec9\index-dir\the-real-index

Filesize
624B

MD5
ca765a2a1fd4633def87bea47feaca2f

SHA1
e65b2b7ac672ee12775da9441c63aacdba96f88a

SHA256
aa7573a46918c24e443bb776067ca6ede782bf0e5aaacec994a08b2a56d114f3

SHA512
924a626ef64de10537e270b328da6f23a9febd6ca35ed33273e478e9de25fa16073a09dfa656f1f764e32568fd733c446e4c878182c6c3da8d103929072f9113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9bbe236a-b92f-46d4-8c17-414ced165ec9\index-dir\the-real-index~RFe586992.TMP

Filesize
48B

MD5
28140781313f14d06029a723e650f7d5

SHA1
2f91218b7b8e23205527835ba31d271cb8f163d3

SHA256
88f64f02dac83ae4e61aaed5f44830976a68dcbf9c255f866765f9007a1211ed

SHA512
332c125a8011ba7cb7d7cd8934c9f317fd1864989e50cb5af40da68baa94e9a9157c55d1fa9cc41f52b6ef0b29fec536484b65a8b5edb1cf11f34feae47df278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c85a7ad-29d6-480c-a426-0e4a5c61b700\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a883811226ca3cfd8df6b185077d48fd

SHA1
bb5e4498394fe0a1a5d06e9d5adfc66ed04f8010

SHA256
9c57588376b3080cfb3a810c2c3b8e258b5e91ccad631c045c2453649e626240

SHA512
2a8b0db43480fa2b46cf22bbf566f89985102ca5b52983cd23af3a51f280094749d516b618a8e32888ae6a93bf7cf1c80c72c9297c23035d111cdeeffca5a92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
dba9cd75063b913417d44f560a85bcdd

SHA1
200daa00330a8982cc660401423ba1dc9fdd6f46

SHA256
0e91c7fe0d463d7b0433171f5e0c4ea7354be920a8391a445048b08b2e808cb4

SHA512
785833ca297336a525d4f955f9e473dc42d3cc426fcec771a9b72175a74420853178ed95d06732373eef3ad975a202bb9b0e2187da9455a8478e760dd9c55eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
292bb65e0eaecf8d95de5ed652844587

SHA1
f1bf2716044b8f249e66fdd63b5d569c15678267

SHA256
a676833409bcec8f7a4f2160b1becbbbec2b98dd9a7b3d56a622731094d1d10e

SHA512
c065bb636384f6625766cff6a25567e4e33997cd9f3522108b0fc405f7657dfe828d3d454faebc394d3487cbc21148f657084e7bc0bd144d742107c9db66e159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
42a59da2b003fd79466f4c6878caf027

SHA1
9fdcc5af1aa708dc5371dc353f60bf1488492c74

SHA256
fc30142fa407b2b8d584180cd9f0a5e243567ce1f725fd60336b013c1c5c9d14

SHA512
1e3aa3c29ca7fedfe5aaa4ea2b88b06dda002e6f91f1412bac130819c6163ed777b525c1daad04849a9aef3060903ea53df0d4bda8c4988206d82d399f2993a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5171723dbbecfd75db5ee735fcb758a1

SHA1
464635b8624cd99c3e9fe00714ae18cb1dafe035

SHA256
17136a637633e8d73da227688003eec206fc13ed3b9b6e87ef2bf6c095a3b3de

SHA512
bab6b5020d2dcd5eafde39f0933258721b65af9faf6cdffb05b104e5ac0cc3902e225d1d062bcbb465ebc896334cdba5dadec2739dfcf71a81c8bde7892364e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
29d57d6a45b1069529993400367000e1

SHA1
a1f00e52bb7b813cdaf833e0786422fb370eb84e

SHA256
5ad2827b14642318729160cd4e2ecd6b2183b5a10d85c0bad5dbfd603aad4919

SHA512
6a1066d5f6cae8111d22c01ecbf30416915285abe2106275b92664abbf04859af4468d663aa4fc02441579137aae1f0e8faf82741d87559d0fcbed8d4e719e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
0c050397fa742dbe09cdc50bb241e330

SHA1
33b724d7d8e3ef5271b66f1ba3eeaf9b61f50091

SHA256
cde0bba954940e7da7ee275a78c4990f9d39c992527328bad04fbad68baafee9

SHA512
ea00a600a59e410275d7171dd93b88312397e43a25c7d5a9f9e9a98b029f3d7343f449a1c1e90d0027c0567e071f3d9506eb0fed31babfbbe355ebf0bc18fa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
49b557e9409bc86825e507b304c9f86e

SHA1
3beeb8029fb162d9b3a94644fa5d40bee351d1d1

SHA256
835a37088aa502fcea101210aa628517e72fd66f6d2b40a13a835afec4f2619d

SHA512
5cdaef5159fbb79206eb6817e2bd300fe89c5992f037a1ae74722fb5dd8c787af828aba60d6013f2fc0868b7dd6096e75d831f3e92ef490355ce7b1c76074c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8db2b3ddfceb594cf62e2b04a86281be

SHA1
cff117fd5392c8d676e10a29d2c2ad77148451a9

SHA256
8f9bab3fa92ac0fca03e8ec89c9187d1a9d0334241bf6bc56cb34373def021f5

SHA512
fd678193dcd8dc3a1e5a3bfaeb41989f71deef78f4f7be5ad17d495bd6c18c54c3af7437ad0d2623e4f3ed7b952b6a7d850d8ff08f66579c54944e3e76180b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58623f.TMP

Filesize
48B

MD5
a17bebe45d28795eb768dbd05e845ffe

SHA1
146d5a40a62e65232dab0178f243efa2edb9ffc1

SHA256
f52cb558078adef9c66a5cb5e8e67e4593c90342009eee7ce608271cdffad3df

SHA512
d7478cc0a856269164ecc46a34fef219530cc279742d8f222bb678f2f611b2e8248be66d89e9cc93ef1c6261a2dd19968f74d3aaa026b4fc6392027257eba26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d11cca97b10ab0df926b72d3420cc4b3

SHA1
ae978398aa748d419e3ad1b88726571c9c032270

SHA256
868987b36258cabe7442a010c3c8b4be91abb43040d4229db5596c00cf13cb2f

SHA512
4beba86e594595400b4925c708ef38a191af7e189f99c11c4b7831d8ba66188d0dc57e81384b41a2da5bd7d60500fc54dd32b22d3921a2686970adaeab06cf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4909b7f9472da32ec1d7f51bd050a565

SHA1
ac26320991779653069715c1c4bca6c018877c84

SHA256
abdaad4dcec46456cd4d8d3ed037514cfe92718484c9ab9624af8535fc8b57ea

SHA512
acd4d8fe0ce8b633d8b5aedeeae95f4d3f498e83d3e5b75e1cd9d0d178dd2e99f2fbe1632e6f89b3580c63a488e745230250bb2ba57bd775846d98d933db2484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f4d.TMP

Filesize
204B

MD5
61773d0b2bba64650005f8da34dddd8b

SHA1
0709882d92278bb220b5783204b0a0f41afcfb34

SHA256
23e189edea099721950e80c83dfb9969449d83a5fc3549bcdaf4aac41502d5a1

SHA512
dc1157bff8566ea100319ab1030ad39f90f539dc5af366ea9664dda1e7c820ca3e88fcf072e7b2cd4e9b0ae94e0acadd794f6d05d2dbea97c8079a3c83c362a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
a141ca1a4bf092d2e48c291dd7e27324

SHA1
6d1e2934bf211758f345a56f14a33a9015678502

SHA256
8aeaf4354c65e1a9a6c32b28e04f13dc41b3ae36a262d07f8079a6ec9d2992c4

SHA512
5d1fbea1dadae2fa5e11e71b920d174780b5379c48aa06f45af3cdb5449a5831ea88660cf3996f6a129e0e3e64ef4ce4ce72f60b4748e1f0e3075e07cd989516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8ea9a24e70275ca8f02d1eab4968eb2

SHA1
311eb55f01c2ba4f7d2be2a4718c2823e880ffc8

SHA256
3b87f66a1bef66f28611d3f192475a83cda5fe13b70f34b27d1364a8386c2b9c

SHA512
c238e20855bccb267d6a8f0eb8fd7a5a056bb8525b5b5323fb3d6c37124cc9650c2f409a3706e438a9f0c4d7612f4d1ec074eeb3d1bb83c2379b21eda6d33eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
010d2e0630255575c9d4f9aa11df7444

SHA1
fde8659b87e14888f00d38da4a974560fe43a2a9

SHA256
4a4a922cb1075f5161478b58a7d56042f510e600d33674bb10dae3f16c5a8448

SHA512
f5569f3a43fc3aeec57b6eefb2c55cba1679976f5ae48f9b88aa2c59bfe40c0d2764a89bccf2110b7b5603b8293745265f201af1d90065afc6376710326b2d8e

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
760KB

MD5
dacaa2e6c843526a37a51b508f3490f1

SHA1
6af321e60742d808e4a318d345be533e86c22e73

SHA256
e0c37189c61a38da90764f54345874b0ffde7c318b6a00c0169f8935941c5523

SHA512
02f128ac11dd090bb20b9641387694a1aca38f53807bf0b10ae3da4236cf3816bb36dba2155d590353252d305fcf8bbe4c2151b29316a450a49d27d80e8504db

Download Submit
memory/1372-1126-0x00000000093C0000-0x00000000093DE000-memory.dmp

Filesize
120KB

Download
memory/1372-1127-0x000000000A2C0000-0x000000000A482000-memory.dmp

Filesize
1.8MB

Download
memory/1372-1120-0x0000000008580000-0x0000000008592000-memory.dmp

Filesize
72KB

Download
memory/1372-1121-0x0000000008730000-0x000000000883A000-memory.dmp

Filesize
1.0MB

Download
memory/1372-1122-0x0000000008620000-0x000000000865C000-memory.dmp

Filesize
240KB

Download
memory/1372-1123-0x0000000008660000-0x00000000086AC000-memory.dmp

Filesize
304KB

Download
memory/1372-1124-0x0000000009410000-0x0000000009476000-memory.dmp

Filesize
408KB

Download
memory/1372-1125-0x0000000009700000-0x0000000009776000-memory.dmp

Filesize
472KB

Download
memory/1372-1118-0x0000000005440000-0x000000000544A000-memory.dmp

Filesize
40KB

Download
memory/1372-1119-0x0000000008C40000-0x0000000009258000-memory.dmp

Filesize
6.1MB

Download
memory/1372-1128-0x000000000A9C0000-0x000000000AEEC000-memory.dmp

Filesize
5.2MB

Download
memory/1372-1117-0x0000000005470000-0x0000000005502000-memory.dmp

Filesize
584KB

Download
memory/1372-1116-0x0000000005980000-0x0000000005F24000-memory.dmp

Filesize
5.6MB

Download
memory/1372-1114-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2920-1143-0x0000000008660000-0x00000000086AC000-memory.dmp

Filesize
304KB

Download
memory/3156-1107-0x00000000011E0000-0x00000000011E6000-memory.dmp

Filesize
24KB

Download
memory/3156-1106-0x00000000007A0000-0x000000000082C000-memory.dmp

Filesize
560KB

Download