Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 04:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/uuik7mp6rbxzekg/S0FTWARE.rar/file

Score
10/10
vidar346a77fbabba142b23c256004b5a7c5ddiscoverystealer

Malware Config

Extracted

Family

vidar

Version

11

Botnet

346a77fbabba142b23c256004b5a7c5d

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Signatures

  • Detect Vidar Stealer 20 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/uuik7mp6rbxzekg/S0FTWARE.rar/file
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e8a146f8,0x7ff8e8a14708,0x7ff8e8a14718
      2⤵
        PID:536
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        2⤵
          PID:3280
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1672
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:384
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2292
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:4844
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                2⤵
                  PID:4496
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                  2⤵
                    PID:1932
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                    2⤵
                      PID:1372
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
                      2⤵
                        PID:3732
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                        2⤵
                          PID:1420
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
                          2⤵
                            PID:4104
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                            2⤵
                              PID:3832
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
                              2⤵
                                PID:4836
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
                                2⤵
                                  PID:2848
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6996 /prefetch:8
                                  2⤵
                                    PID:2308
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
                                    2⤵
                                      PID:3272
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8
                                      2⤵
                                        PID:5204
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5484
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
                                        2⤵
                                          PID:5500
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
                                          2⤵
                                            PID:5508
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
                                            2⤵
                                              PID:5824
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
                                              2⤵
                                                PID:5832
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4516
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18148123203961541549,9669768897170317039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2212
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:2944
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:1632
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:5020
                                                  • C:\Program Files\7-Zip\7zG.exe
                                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\S0FTWARE\" -ad -an -ai#7zMap32430:78:7zEvent21432
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:6124
                                                  • C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE.exe
                                                    "C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    PID:6136
                                                    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                      2⤵
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Checks processor information in registry
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3996
                                                  • C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE.exe
                                                    "C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    PID:1816
                                                    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                      2⤵
                                                        PID:3920
                                                    • C:\Windows\system32\taskmgr.exe
                                                      "C:\Windows\system32\taskmgr.exe" /4
                                                      1⤵
                                                      • Checks SCSI registry key(s)
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of SendNotifyMessage
                                                      PID:3708
                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\S0FTWARE\Readme.txt
                                                      1⤵
                                                      • Opens file in notepad (likely ransom note)
                                                      PID:1376
                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\S0FTWARE\Readme.txt
                                                      1⤵
                                                      • Opens file in notepad (likely ransom note)
                                                      PID:2132

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\ProgramData\mozglue.dll
                                                      Filesize

                                                      593KB

                                                      MD5

                                                      c8fd9be83bc728cc04beffafc2907fe9

                                                      SHA1

                                                      95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                      SHA256

                                                      ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                      SHA512

                                                      fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                      Download Submit

                                                    • C:\ProgramData\nss3.dll
                                                      Filesize

                                                      2.0MB

                                                      MD5

                                                      1cc453cdf74f31e4d913ff9c10acdde2

                                                      SHA1

                                                      6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                      SHA256

                                                      ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                      SHA512

                                                      dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      111c361619c017b5d09a13a56938bd54

                                                      SHA1

                                                      e02b363a8ceb95751623f25025a9299a2c931e07

                                                      SHA256

                                                      d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

                                                      SHA512

                                                      fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      983cbc1f706a155d63496ebc4d66515e

                                                      SHA1

                                                      223d0071718b80cad9239e58c5e8e64df6e2a2fe

                                                      SHA256

                                                      cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

                                                      SHA512

                                                      d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      f9edae22c69f614b957d9cdb622b7454

                                                      SHA1

                                                      d9483709e22d404ca17e38da0866619275c8b134

                                                      SHA256

                                                      ae1dd25f103473105bf28d3ffec695081709784a8564b6b990c4e65497831f80

                                                      SHA512

                                                      3e0f0bfdf0d5018baa67ae1d48e4b8327a48670bda15955e828aeef34773fe439b9f7ffcfc862fa3607d00611ff3baa79c3c3c55829f4a70ca78f5e003d5e3b8

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
                                                      Filesize

                                                      36KB

                                                      MD5

                                                      b785330542d20af5c7839eacebdcfd1f

                                                      SHA1

                                                      399139699f12a3dd1789b18e90525bdc99df2af0

                                                      SHA256

                                                      bfa7729a8e61183fb800c8cd01e4dced82be535d8744a6f34fc9dc56c3cc031f

                                                      SHA512

                                                      cbc6c83b81b77ce4744c54963756100c98cb95949624d2e68b588aee2b5148633ebb7cfcac3f1af348ea962cd58086bd9c23027b47cf4dead1dae6e7f520252e

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                      Filesize

                                                      148KB

                                                      MD5

                                                      617ca34d99c98b8e9a15c35c49817f81

                                                      SHA1

                                                      d672596efd524e96f5ae0672cbcba046bd3ba54d

                                                      SHA256

                                                      ba22821cb51cb2c9a4f05af1b1d3db77ca36b4a80b2410af946ae417c7e725aa

                                                      SHA512

                                                      4f196d66f1c7dac90ca3994b4e3c10cbc12ae7dee6b6db3630b4d2f3e14762b1080b0c4ce9b85894935e7221ed8582108939377e92d8c12cee0149c6bdf4620d

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                      Filesize

                                                      9KB

                                                      MD5

                                                      67c80dbda02f46a0b8b4207dbac7596b

                                                      SHA1

                                                      b9eba0545ad4f1fda52c1daf95a0ea0592ed988d

                                                      SHA256

                                                      1fa2859eaa76bfd1db096c25130ea7a9487db21a8787532978d11c15ff7729a0

                                                      SHA512

                                                      a351e386afc3c3c55d8ec992ac0375b5f6f0c074b5513bf6aea530ee5876e9008f452014be0a9ee2fbdbfb96b8cc7381a06b4bb3b5044cb62a765e64ea63c353

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      844b211de0ca3a42b56f46d8cd61a294

                                                      SHA1

                                                      6cacc6e6ca154b17cd6495f38e4ff113df85fe5e

                                                      SHA256

                                                      e3f7d6897bd3abb86ed4a5a5e1e5537d7ea69c57ac619476a6db8e2269335f22

                                                      SHA512

                                                      2d74eb7f3a86f9fe445860ebbb2c4b785fefef47f14db856d043f1fcdb3b5589af9cc7380a20ae758ec5b4e29877de2128823200790333e59dae7640201fedf3

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      13KB

                                                      MD5

                                                      332769ba24cff3183fa7bf6c97261196

                                                      SHA1

                                                      a6b0eb7cb843296166e2f11a3187e22b73b377e2

                                                      SHA256

                                                      4dbedf47e48aa4c7ab41e8ae48809d27bd2111ddd0a0fcf9c328f2b21921cf0e

                                                      SHA512

                                                      805876e555c57845f2e6d015f2e2a0a47961721642647c27a600fee541d600144eae9c33fc8f5244059ce035f62a35f0d48b29f82b059ff2b5f7c0c6b6243fa3

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      16c8733c0220cadae683b6a927925b6d

                                                      SHA1

                                                      c9c20590b121e77cb009ce7c7af8199f004e5594

                                                      SHA256

                                                      f558ffb73989686850f40f71c89eb61fd6fad5cdab4cc407c463836766c6a9e1

                                                      SHA512

                                                      34fb99184f7e1fd06a4743caa75d6b7afbbe6de3ad8c7782dc1677eacefad35e211f1e4e97f7b575f5963421dca796e266733fe2a853e4ad5a35703e9909cf52

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      78d4e7c90d5e1842db6126130299c67e

                                                      SHA1

                                                      35354f91df33aaf040121aa53b08803721ac3566

                                                      SHA256

                                                      7a5f44d4f246781f593f26c3326949de32a4f311f3dc27572ab781c23e9bef1a

                                                      SHA512

                                                      00f20f709be3359f034d334fa94dbd82fb85f44a94d70c39e5b997be2564b42d289079f4f97b2ea319c211e9fe314bc963bb7c8b4a817b58183f9ff0f7569459

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e918.TMP
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      901eaa16dcddf718d83026845c5bf684

                                                      SHA1

                                                      49567d0692fe15a8d32a38280b639f90654f32ee

                                                      SHA256

                                                      39240aaf2e6fe720ffaf6af6e47e58c52aed32a8fbeae3241d5c7ced6d376306

                                                      SHA512

                                                      6fbe31a189e32c3bd0b6573db7fbee3dda05234852cb73c45828a2d8a459f28f7ccdaa3fcbfa3ba20dd7e6454dafc642b3b3d6012852d0a65f3e73beb9887ec7

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      64a722ffd29b996e95de0913b278dd84

                                                      SHA1

                                                      ba80efee061c1e241c62f6fa31595eb999485e9f

                                                      SHA256

                                                      cb5f5cb0005c5cc6900972872726d475696fbb87fb72c14e8bb666f9e62fc506

                                                      SHA512

                                                      79ddcb2f707dca5d2e7ee60b1adb0728eda6a53aa6453096ca1eef05881e06c7699a8de859e1520d1ad067045174e048034545252a3cedc9f6670cd52d65ee5c

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      e3bc37972b27335107444bfc4d67949c

                                                      SHA1

                                                      ad71b8df38c3263ad45b8fb8264867a5f39d07a5

                                                      SHA256

                                                      a8a2fdbb4eeedb0c8619e3d3b7bc11d4559ee8e26bde3e599cf273edd143c995

                                                      SHA512

                                                      fec20ab43239374dfdd09b75c9ae5654a577cc2e2638301d8d658277aa426e7564a299e9d03ccf85ce1a657060096867c3003111748729dd14c7570af3d2dd86

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      3fff2ff15135a8e0b9c445bece780a3b

                                                      SHA1

                                                      c88d115d3ff6d968ba4302ceb3ba0bcb37a7b72b

                                                      SHA256

                                                      5764181a1ae704bd2f18f54f341c5a5575ffec63919beeb38724d28707e16845

                                                      SHA512

                                                      54e1503682cc0cb86d7ac1d38ac59fcf7dc66f9466fcc31bef1f1280ecabbf9cfa194e93e8666539524d59ba3d43fbb4434e4c022928d35e27809b1977340d24

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\S0FTWARE.rar
                                                      Filesize

                                                      21.4MB

                                                      MD5

                                                      9e836a69e0bbdc74c826da13227f78b7

                                                      SHA1

                                                      ae7b5cba4cf8bd0baf276785d073fbc4cc84b1df

                                                      SHA256

                                                      4aaa1052ec1148f52506afe6087c885b979b2b4923df82b142eb007d160656d5

                                                      SHA512

                                                      10997f3544277d4e3db862fbef2e1a373ef0b700b53eef8de26452cf9facc60afbb12ade59c2783a7a1ca7d6cba5e4eceb46f58cad909f3c4f38168a61e6a886

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\S0FTWARE\Readme.txt
                                                      Filesize

                                                      244B

                                                      MD5

                                                      82d0a343d06f3aaa16c594284d6b1f6d

                                                      SHA1

                                                      9294bb014a3a8be3fc5c533f525ac7270b09bf51

                                                      SHA256

                                                      1a0655b5aa5b6d037e25893bd191323091025f1df92e6f8b4392b1889171da10

                                                      SHA512

                                                      de024359f7c3e247dfd61b3ef3be0f3bc65855e4863966345bfe99a9e7c21659e2d0e08ba50ee46cccd0e569633b4edf68e30050c8956005adb56500d263ad53

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE.exe
                                                      Filesize

                                                      18.0MB

                                                      MD5

                                                      a11bb3b18eba3f07561ca84c92c520cd

                                                      SHA1

                                                      c09ffdaa9b11747b07e88f669c70566a48134678

                                                      SHA256

                                                      7cfae4e35c049f4aad444cca84c5fcdd0f4da67b5a1846e821322a9f9757096b

                                                      SHA512

                                                      108e8153f76adfb5eb840a771b5af0c80396838363add14e05baf1b953ae19a684bed0648c2b4404d23d2a8f9a0ad2968b2f3e6d6a062c462a217a75dd9a85ac

                                                      Download Submit

                                                    • memory/1816-722-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/1816-637-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/1816-656-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/1816-639-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/3708-623-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-633-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-629-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-624-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-630-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-631-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-625-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-635-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-632-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3708-634-0x000001AAFF650000-0x000001AAFF651000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3920-723-0x0000000000CD0000-0x0000000000F45000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3920-721-0x0000000000CD0000-0x0000000000F45000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-711-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-704-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-683-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-684-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-659-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-658-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-695-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-755-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-698-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-703-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-706-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-669-0x0000000024B60000-0x0000000024DBF000-memory.dmp

                                                      Filesize

                                                      2.4MB

                                                      Download

                                                    • memory/3996-707-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-754-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-712-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-650-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-648-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-744-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/3996-743-0x0000000000EE0000-0x0000000001155000-memory.dmp

                                                      Filesize

                                                      2.5MB

                                                      Download

                                                    • memory/6136-621-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/6136-638-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/6136-647-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/6136-636-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download

                                                    • memory/6136-649-0x00007FF7FDF40000-0x00007FF7FF1E0000-memory.dmp

                                                      Filesize

                                                      18.6MB

                                                      Download