umbral | df837d571a8f552df3a44469366f7d6c37d433da7e6c7ca9becd765fc8ba0d96

Analysis

max time kernel
81s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2023 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ASyncInstaller.exe
Size

237KB
MD5

1f94b0726f9c4ccde5292a244e595c1e
SHA1

ee2db8938d1ac5592c6eacf365b1c120babb1322
SHA256

50a9e0e6b3593f062d99c960114ee9db03359c56f2c515a819a9b2d1f3826d24
SHA512

be5298ccae48eaaca14208d4de64683d50b4c0ce2ad41fff114e090f43e9ce42724fccc64cea09ae55dadf66dad96d367383c0680fabec271fbc409327be5bca
SSDEEP

6144:NloZMLXU9Zx0kt8X0/PSCsMPuzc9rI8jz67NokRShb8e1m+6il:PoZPf0kkP+uzc9rI8jz67NokRev

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/4788-133-0x00000234C7B30000-0x00000234C7B70000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Program crash 5 IoCs

pid	pid_target	Process	procid_target
2832	4584	WerFault.exe	91
5304	1596	WerFault.exe	102
5304	5436	WerFault.exe	123
5908	4820	WerFault.exe	133
892	5968	WerFault.exe	145

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
1800	msedge.exe
1800	msedge.exe
5932	msedge.exe
5932	msedge.exe
4392	msedge.exe
4392	msedge.exe
5332	msedge.exe
5332	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	4788	ASyncInstaller.exe
Token: SeIncreaseQuotaPrivilege	4276	wmic.exe
Token: SeSecurityPrivilege	4276	wmic.exe
Token: SeTakeOwnershipPrivilege	4276	wmic.exe
Token: SeLoadDriverPrivilege	4276	wmic.exe
Token: SeSystemProfilePrivilege	4276	wmic.exe
Token: SeSystemtimePrivilege	4276	wmic.exe
Token: SeProfSingleProcessPrivilege	4276	wmic.exe
Token: SeIncBasePriorityPrivilege	4276	wmic.exe
Token: SeCreatePagefilePrivilege	4276	wmic.exe
Token: SeBackupPrivilege	4276	wmic.exe
Token: SeRestorePrivilege	4276	wmic.exe
Token: SeShutdownPrivilege	4276	wmic.exe
Token: SeDebugPrivilege	4276	wmic.exe
Token: SeSystemEnvironmentPrivilege	4276	wmic.exe
Token: SeRemoteShutdownPrivilege	4276	wmic.exe
Token: SeUndockPrivilege	4276	wmic.exe
Token: SeManageVolumePrivilege	4276	wmic.exe
Token: 33	4276	wmic.exe
Token: 34	4276	wmic.exe
Token: 35	4276	wmic.exe
Token: 36	4276	wmic.exe
Token: SeIncreaseQuotaPrivilege	4276	wmic.exe
Token: SeSecurityPrivilege	4276	wmic.exe
Token: SeTakeOwnershipPrivilege	4276	wmic.exe
Token: SeLoadDriverPrivilege	4276	wmic.exe
Token: SeSystemProfilePrivilege	4276	wmic.exe
Token: SeSystemtimePrivilege	4276	wmic.exe
Token: SeProfSingleProcessPrivilege	4276	wmic.exe
Token: SeIncBasePriorityPrivilege	4276	wmic.exe
Token: SeCreatePagefilePrivilege	4276	wmic.exe
Token: SeBackupPrivilege	4276	wmic.exe
Token: SeRestorePrivilege	4276	wmic.exe
Token: SeShutdownPrivilege	4276	wmic.exe
Token: SeDebugPrivilege	4276	wmic.exe
Token: SeSystemEnvironmentPrivilege	4276	wmic.exe
Token: SeRemoteShutdownPrivilege	4276	wmic.exe
Token: SeUndockPrivilege	4276	wmic.exe
Token: SeManageVolumePrivilege	4276	wmic.exe
Token: 33	4276	wmic.exe
Token: 34	4276	wmic.exe
Token: 35	4276	wmic.exe
Token: 36	4276	wmic.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4276	4788	ASyncInstaller.exe	83
PID 4788 wrote to memory of 4276	4788	ASyncInstaller.exe	83
PID 3908 wrote to memory of 3148	3908	msedge.exe	107
PID 3908 wrote to memory of 3148	3908	msedge.exe	107
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 4748	3908	msedge.exe	108
PID 3908 wrote to memory of 464	3908	msedge.exe	109
PID 3908 wrote to memory of 464	3908	msedge.exe	109
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110
PID 3908 wrote to memory of 3760	3908	msedge.exe	110

C:\Users\Admin\AppData\Local\Temp\ASyncInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\ASyncInstaller.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4276

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 4584 -ip 4584
1⤵
PID:3104

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4584 -s 2920
1⤵
- Program crash
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultca37f3abhbe12h406fhbeedh854424db4d55
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8220246f8,0x7ff822024708,0x7ff822024718
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8063907942595681089,5884250192859299811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8063907942595681089,5884250192859299811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8063907942595681089,5884250192859299811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault95722638h8898h49achbf3fh6a636607af17
1⤵
PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8220246f8,0x7ff822024708,0x7ff822024718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12137406378493151884,5311253246216469653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12137406378493151884,5311253246216469653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12137406378493151884,5311253246216469653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 1596 -ip 1596
1⤵
PID:5284

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1596 -s 4648
1⤵
- Program crash
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault78253e6bh83c2h4a6aha113hf942bf11f0f4
1⤵
PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8220246f8,0x7ff822024708,0x7ff822024718
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16244287120958293178,1803539289462682541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,16244287120958293178,1803539289462682541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,16244287120958293178,1803539289462682541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:5952

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 5436 -ip 5436
1⤵
PID:5300

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5436 -s 3680
1⤵
- Program crash
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault8118ceaah68d1h421bhb496h2aae35dea4b2
1⤵
PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8220246f8,0x7ff822024708,0x7ff822024718
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3494575022066733023,3610744106249297342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3494575022066733023,3610744106249297342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3494575022066733023,3610744106249297342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:5412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6104

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 4820 -ip 4820
1⤵
PID:5792

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4820 -s 3680
1⤵
- Program crash
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulteb82bb83h2505h424dh8949hc1c07157fa6a
1⤵
PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8220246f8,0x7ff822024708,0x7ff822024718
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3033260651886204550,10437541276773510542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3033260651886204550,10437541276773510542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3033260651886204550,10437541276773510542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9ba1584dh86c2h488dhb466h64cfb6684c0b
1⤵
PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8220246f8,0x7ff822024708,0x7ff822024718
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,108316425808872127,16468884064932276334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,108316425808872127,16468884064932276334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,108316425808872127,16468884064932276334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:6136

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 5968 -ip 5968
1⤵
PID:4124

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5968 -s 3660
1⤵
- Program crash
PID:892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c032c944f0c68db2f9bc2541ba822212

SHA1
a829f6cf1e7f3f796eeb68ef3525d7f3d177a38a

SHA256
1b4b0d7b255a79089375c9c200df8f48c8536ec99752f877e9090af9dd8e4127

SHA512
cc22cf70c068f1b5c518a8d3302cbb5a79a66929488cd34939f7743aaa999cba091f182701cdda5872b6b93cf89d396b809b0b7f6f2d5f6e7ad1b5102623cf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0db402062b0af9ebbf6385372ca8d0b

SHA1
af778006b22dbafed0ffc708c2a08c75866173ef

SHA256
3496117f92c5f4f895aa007bdb10496eaf20edbc77be2abeef611fbc082c1827

SHA512
a38b4bcac17c451d7a34a90f3612436adf0d896e5c074de11af59fb1a8abe1bb4536b3efd3e00565fbfba296a59fa46415b7d0468ba6f00110ca605c9760eae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0db402062b0af9ebbf6385372ca8d0b

SHA1
af778006b22dbafed0ffc708c2a08c75866173ef

SHA256
3496117f92c5f4f895aa007bdb10496eaf20edbc77be2abeef611fbc082c1827

SHA512
a38b4bcac17c451d7a34a90f3612436adf0d896e5c074de11af59fb1a8abe1bb4536b3efd3e00565fbfba296a59fa46415b7d0468ba6f00110ca605c9760eae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
938b22048b42f3e18f7ae3b98f207a0c

SHA1
bcafe384827cedfd47bd50d6f812a7bad23be406

SHA256
92763938ea5bd7b08f12ff3b6f07298bd3f495a0d78a5dc2bd3aa9bba1c9fbfe

SHA512
c6271dc2fcb26b304f07ea55e17771a21949d2f65ab8204f6fb39ceed2f2b2ae2e4f6459766e1cf6679eb62e4115e19a223467ba9d1ef8a5993e4d3a9be2baa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
938b22048b42f3e18f7ae3b98f207a0c

SHA1
bcafe384827cedfd47bd50d6f812a7bad23be406

SHA256
92763938ea5bd7b08f12ff3b6f07298bd3f495a0d78a5dc2bd3aa9bba1c9fbfe

SHA512
c6271dc2fcb26b304f07ea55e17771a21949d2f65ab8204f6fb39ceed2f2b2ae2e4f6459766e1cf6679eb62e4115e19a223467ba9d1ef8a5993e4d3a9be2baa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e6d6fadb1c0c0d3e382e3817e429ce8

SHA1
a1784dc96113c2353ecb445fb4fe66d320f58df2

SHA256
8b14081995b34c6ebdfaaa4b3bff9216c3d693be16ab909e433741d40f90376a

SHA512
25c8733a6671375b1e4465a42b87912e4268613fbae6cb796702314548784c0678b62918dd29835a35ffdafcf8177ee54d3f56a48d1bc1d3af87b2dffe584a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e6d6fadb1c0c0d3e382e3817e429ce8

SHA1
a1784dc96113c2353ecb445fb4fe66d320f58df2

SHA256
8b14081995b34c6ebdfaaa4b3bff9216c3d693be16ab909e433741d40f90376a

SHA512
25c8733a6671375b1e4465a42b87912e4268613fbae6cb796702314548784c0678b62918dd29835a35ffdafcf8177ee54d3f56a48d1bc1d3af87b2dffe584a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c047036be94f59512c80efa281e262ec

SHA1
00835d91625258cf2886231cec5af0cad04dcb7a

SHA256
65a50ac700f7661d9ff987a8cd09d35653c5df1bb54be718ec603917c7ca32cb

SHA512
b18b6e9503a48945611a8f0105268ab13b8e108b5471a793a33088a0c4bc9703ed7399adc0952704cfef696d5aab3d82429cc8500175a5976263a187c48df51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c047036be94f59512c80efa281e262ec

SHA1
00835d91625258cf2886231cec5af0cad04dcb7a

SHA256
65a50ac700f7661d9ff987a8cd09d35653c5df1bb54be718ec603917c7ca32cb

SHA512
b18b6e9503a48945611a8f0105268ab13b8e108b5471a793a33088a0c4bc9703ed7399adc0952704cfef696d5aab3d82429cc8500175a5976263a187c48df51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa575d561c7a80db42837810c329ca10

SHA1
da99d5817bcc21aa344b62216542a14919a2b809

SHA256
feb60b1cb496f668dffe91ead1c46c21a2dc9aa108e2c1b49cc9cbefc81dff98

SHA512
fc44027084672a684cf7b03252d9a36e98cd5108382935e14a36e5c571a86043eaa1c0abaeb2fc035f24b70dd913c6295bef3b83a77ddfa0adb61be166fe13e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa575d561c7a80db42837810c329ca10

SHA1
da99d5817bcc21aa344b62216542a14919a2b809

SHA256
feb60b1cb496f668dffe91ead1c46c21a2dc9aa108e2c1b49cc9cbefc81dff98

SHA512
fc44027084672a684cf7b03252d9a36e98cd5108382935e14a36e5c571a86043eaa1c0abaeb2fc035f24b70dd913c6295bef3b83a77ddfa0adb61be166fe13e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\38f49daf-fda2-4365-a6dc-02bd59bc7e75.tmp

Filesize
4KB

MD5
9cf97630ff95870d80ade345d5e730ec

SHA1
0a7f0be44c8489a3978b2dbca3c51b5bbde4e320

SHA256
f9720a4a926bdd978299c1f314f5ce92ce7fe644275c95539356ddd31f78ae07

SHA512
08035148011f8896b6ecd73d60b8ac52c7f493506086d0c38a43dbbeba988b4cb0a844e664a10959892a181a910faebf16638bf8ca10219223579c0d0f95fb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
b8d7533b8eb3170db10aca1409e74373

SHA1
3ee70054a20611c8b51fd8fd49e7c1d0f997bb26

SHA256
d6fde9770dbb506b3a5cc541b715978314ab404824f6c279307f74fbb52eb27c

SHA512
75b7b49761aa9893b968499ba17ce2854e358b560d676fb8bf8d931f1cfd7d696a542e581054be7d065410bbd8a7ebce140c49e195cf3e74e836be66d467d0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1273c54a5a63bba3c32db0d597f25dcf

SHA1
94ec03b5fc029669d1a921f9112de125671d280d

SHA256
c6fd17641b0c7195be11da2f94c8067f452e3aeeb66ee87c7b43ce4c98e60bed

SHA512
019b9576a0e8cebb5c26c890c7458641c10d7fa288717be4ae02d78270fc9b0d1bde1b68e7edb9c31aa48df9dbc5aff38ec03f2725c91bdf9add127f49a2e853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1273c54a5a63bba3c32db0d597f25dcf

SHA1
94ec03b5fc029669d1a921f9112de125671d280d

SHA256
c6fd17641b0c7195be11da2f94c8067f452e3aeeb66ee87c7b43ce4c98e60bed

SHA512
019b9576a0e8cebb5c26c890c7458641c10d7fa288717be4ae02d78270fc9b0d1bde1b68e7edb9c31aa48df9dbc5aff38ec03f2725c91bdf9add127f49a2e853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
9c252dc46a457bacb82e958adf09edf8

SHA1
0032646f3c6350e2f72f4801e3f577929e18c42c

SHA256
6916baaf3a51daf23f75ad641aa49d27a4175eada2312bc18f458b180beba1cc

SHA512
770e20185a829d7faf3d124368650720af29ff7f47d911f3f40eded36fb0c92e90503f6839dc7020fb5aeec292b322b20b6af271a597fcd25301f089dddd4eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
9cf97630ff95870d80ade345d5e730ec

SHA1
0a7f0be44c8489a3978b2dbca3c51b5bbde4e320

SHA256
f9720a4a926bdd978299c1f314f5ce92ce7fe644275c95539356ddd31f78ae07

SHA512
08035148011f8896b6ecd73d60b8ac52c7f493506086d0c38a43dbbeba988b4cb0a844e664a10959892a181a910faebf16638bf8ca10219223579c0d0f95fb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
d23a01a25f2a3eb950c3a0a0e796f51c

SHA1
0718cdada1d74423b1088e2323a0da6d4af09c47

SHA256
db3b566d6be7391893192d498697efa205b7220eab4a58d3df12dfb20e11dd02

SHA512
e8955e7fb70a82105133576dbb282a7b6efde5d1a46631e8b962176ae638eda5705a5283a5c2cf73c1ab5c430a15750652df4cb79ce0d98a5d2bbfd50e0a6056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
d23a01a25f2a3eb950c3a0a0e796f51c

SHA1
0718cdada1d74423b1088e2323a0da6d4af09c47

SHA256
db3b566d6be7391893192d498697efa205b7220eab4a58d3df12dfb20e11dd02

SHA512
e8955e7fb70a82105133576dbb282a7b6efde5d1a46631e8b962176ae638eda5705a5283a5c2cf73c1ab5c430a15750652df4cb79ce0d98a5d2bbfd50e0a6056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
a1f6b7a68406df984d5d381a26ae0ade

SHA1
bbccf0be39a7977f8129e1069379a10df94988ce

SHA256
a80beb12cc697976dd09342fedb037adb92677c4b25803308519e6d747c795ab

SHA512
e2f188bcc0ffd8bfa853c711fd859b26a5b6ef6871b51145cc1790af4515e871cc16a88e6f5262046cd5c7e957d8f9169b367f03b15187b7930ad11608b277e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d925270d3b8e540e4d786a3091bfb800

SHA1
57f9cb91f8fc06df438a1747cd63e249ffb21e1b

SHA256
7221e94e754948f18817ffa11bcf2630b51e899b04d82f5446727eecd861ef88

SHA512
cda7af3935b884de173b95d8d5c9f1b096b0776fc0ada5792b7309f74910131adf34c1cf84bc706b574a09cda49ecdbd27896b7f485d9e09391a1075025783e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
955fbf8b2d897a77feac93fbd3757507

SHA1
efd50f2f9164ec49f1f97e333a3efa6f67a6b7b5

SHA256
d7e70599fff4c1f73fd60067bab2b9055e1153e6721b7c2b3b8c9ab4fae437dd

SHA512
ad7565bebf5b40da1a899c25205dfb8a2807e3a29fc5a06f6124d931fedaea6be7346b5287dc0e6155e6104cefd00238ae4c530304687afc06522571b9918858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d2bcf7a5320a9f0a4b969105d1a89a55

SHA1
ffccf8ca957134b0861b3554d42eb5d0b7d51032

SHA256
6dab0fe845bf470daf3dae1d3c513fe965ef425cd345de2eb3d7ee4188116114

SHA512
a80ca4c069d23a09f8fc48a40f668b7227ed826c34b9a48bbcc8fcfe9255daa3a48ba9a8a5e7e21cf468b4a8b5252b88f3707bee8a9a05072f5704a7bf27fd8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
8675a7079ab940cfdbd4bc812a97c241

SHA1
c9d05a089c47d474268a187dd9b6eb03c13b2ca9

SHA256
8d26bf9e8c2128b459d1fa8df07e70e64381a2301b4303fb9fc72413003e746b

SHA512
fab605c6de384d04eac96093b86b10e0e9246871ce9188dd574c7ccf2c40ba940270a151aee0b2d300a3131df9faad181a33786e1ce849fe985b4f966af2bf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
7f84b0954851219617243485b3ee9c83

SHA1
e91dc3c2ff72938b927e924401cdeb7a3e5d1dca

SHA256
b59bc961176e25984ba236e698e0b9363f1eccfb3d3fd9f0b068b270bc66496c

SHA512
b507465d66209643d4c4585851211e3a70bb96ac292e7efe38e06ccbc5c88f2ed1a4a9e06f91f684f7bb10ac768b60f4969231653b7c13e4ac0a2f0332f6fef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
250b1b2688f213d45b0079acafe2730f

SHA1
65f1a233917bcb1d1e4813b1ea17fb0742e402fd

SHA256
670f4f666d8c10801a06e486f4fb913463094a59c6ce3335c639ae4329faa81e

SHA512
a8a5add60ddd4f78c89dee66d7657ba84d1c8dc370aab195dcb86c76279bae9ae1623e92e4319e40547ea3618fcca708bd258c688e96321c3ebcc2b84fbd0545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
564ed557c244f594ac7da3a13d7eb6c3

SHA1
6eca1e4571cc8627d141d0e81f377d1036ac3144

SHA256
148e9cb79ae3847857bce8bfa21c16c5eecb1f54e22a461e235661c32a7d5c8c

SHA512
bf4c9d087044208bc9e96c98e0cc5174b4f3f6f6501f8dd0d7d030de35ad26e649f1e9265bb759fe08b76c4da34a4a38aa21d5408960e4b9013a085774548713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
920b2a4de6016209eeae91326f4e788b

SHA1
b54bb15b69da71695b5b71347ad0421ece5e6a15

SHA256
af50f84197448cb68a57b51444edf457d992328538ae48560a2d96043111d7fa

SHA512
f00eea4e89375cb984afb31efd4c404e0caadc548a43e74fb1fa174c3820f29d57307c562c66642efe5e85fd22e827ed3dd3c3117795da66b9d0926187e6d77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
dd89c903a4c344a3a27dfbf8916f7071

SHA1
3453aa5bb4f8b4c73bd3748e0ad1500ef11f73eb

SHA256
640f020a7ec7aa80bdd035ddc4e09558277284a038c8958d356791c5f1c639ff

SHA512
019c17336ab9513a3c9101cf4b864f01771e1c2cc401f0aa12b07bc756182811d6c3d4793d9d1450e3afab05593d9ec80e740b180d887b0c8e56495674c35bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d9033cdf6d61180efa8429975800a4c8

SHA1
24d12e387c62a6fd810f5fa822af08514e100c92

SHA256
f13e20408eeddd79c235aeae2cab45d3228e5bf3c6f746b98b0b93b2f0ca6da3

SHA512
b0cfdaf9dece8523b3a6f6b032c53a240aa6214666cc4eb1ed043b8c22cf649ba2d8fc617daf29af098acb355ce0c2c62219f6fd99a21db00b966cf856ee2816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a42cca03-ec6f-4960-8505-36ee6d0d5977.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
a62e65758874541486f87eaccb501ed8

SHA1
79865490d121e360acd0915aca1426b32074bc68

SHA256
5634644e685291ec6e8441f66db621439b69fc78a04d4434dec0b7cb434ca356

SHA512
9a2bb4d45c44c53076d4fa55a030e406c83dc26f801ac9c8831cc03e4d77cae93a575af66224ad805217ac4c0aa34777f69bba178afd57e5e837657eae91537a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
c766e1dde95b04ad8563014653d1c6f0

SHA1
b39fdec441678c6dcaf915125acd5d0472a1e27c

SHA256
7878371ffe9641d06c3f4c889e353a99f1a446872a6bb09cb12f0e75bdb1ab97

SHA512
890bd14666f1d4b98f8d8f4a3b6f058c775623a776c7fd9956fc03bb3e0c74d24efa16f4b7119b4e7c1577a85e020c4ccd1d3931b91625e02ff10f0650a03134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
a62e65758874541486f87eaccb501ed8

SHA1
79865490d121e360acd0915aca1426b32074bc68

SHA256
5634644e685291ec6e8441f66db621439b69fc78a04d4434dec0b7cb434ca356

SHA512
9a2bb4d45c44c53076d4fa55a030e406c83dc26f801ac9c8831cc03e4d77cae93a575af66224ad805217ac4c0aa34777f69bba178afd57e5e837657eae91537a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
c766e1dde95b04ad8563014653d1c6f0

SHA1
b39fdec441678c6dcaf915125acd5d0472a1e27c

SHA256
7878371ffe9641d06c3f4c889e353a99f1a446872a6bb09cb12f0e75bdb1ab97

SHA512
890bd14666f1d4b98f8d8f4a3b6f058c775623a776c7fd9956fc03bb3e0c74d24efa16f4b7119b4e7c1577a85e020c4ccd1d3931b91625e02ff10f0650a03134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
8432f2dfbddcbab361188321ce358b4e

SHA1
db8aef322e34c866bd39827b3179e7cf5b56712b

SHA256
e30f0504a9ea26ac6deb7b79a153f6bce31a82c25d028e65f3533420b9b34e2c

SHA512
f909927437a982710d43d64ed96528a9875cc41945cb6cf40249d6b8e434f2e6b53cb8d8dc621af863ee078bc002f5b84fc618e023219f005b0da3a7216ec5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
8432f2dfbddcbab361188321ce358b4e

SHA1
db8aef322e34c866bd39827b3179e7cf5b56712b

SHA256
e30f0504a9ea26ac6deb7b79a153f6bce31a82c25d028e65f3533420b9b34e2c

SHA512
f909927437a982710d43d64ed96528a9875cc41945cb6cf40249d6b8e434f2e6b53cb8d8dc621af863ee078bc002f5b84fc618e023219f005b0da3a7216ec5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
26d27334236d4b31f235382c4ea507d6

SHA1
3803911893f8ff6aa732965b747e3ffb390cc3e5

SHA256
03471aedaf510ab0a7bae1661868a166c6a6286f14871eccb065499fe01bce35

SHA512
bf37c206460440a46b9bd8c28f5f2bd7f90a6b5bab8caf0ed4cdbabea3da29215cacf4c790198aaf6f8851c7570100387ddd59bed53c7db14746a21257554b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
279d5d6a206049ade6b0a824ed857628

SHA1
615b7078769a178555529f2befb154d11cc79426

SHA256
88c5c2cdf8f5ae562a38b2cbccc5302b07fcd4783964bfd9ae81e11753ddc4ea

SHA512
69bab2743c9f0d1f1ad2a2cdef1ff6cddcfa3641c65fce752a26226f496ff65afd2ee0ec7f31129406ad66a4bdadcfa66687df8c70ce0cf9269824a7b4bc9590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
dad98f393e54b795b72cc0268239879c

SHA1
65010e8e24b829b53fc2d3061a4cb02bbd128639

SHA256
d555a7e13bf5b3c18d0c249a88a4d7a26507302b384e38ed8caee86af8dc5d14

SHA512
b93481f3c408805d25ba42d5f392dce1720c803f7eaee4c479579782090df044a515145b9a23a48e88b62b29f0395de74cb90ac21be63d3c819f6d4b3e41cd71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
26d27334236d4b31f235382c4ea507d6

SHA1
3803911893f8ff6aa732965b747e3ffb390cc3e5

SHA256
03471aedaf510ab0a7bae1661868a166c6a6286f14871eccb065499fe01bce35

SHA512
bf37c206460440a46b9bd8c28f5f2bd7f90a6b5bab8caf0ed4cdbabea3da29215cacf4c790198aaf6f8851c7570100387ddd59bed53c7db14746a21257554b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
279d5d6a206049ade6b0a824ed857628

SHA1
615b7078769a178555529f2befb154d11cc79426

SHA256
88c5c2cdf8f5ae562a38b2cbccc5302b07fcd4783964bfd9ae81e11753ddc4ea

SHA512
69bab2743c9f0d1f1ad2a2cdef1ff6cddcfa3641c65fce752a26226f496ff65afd2ee0ec7f31129406ad66a4bdadcfa66687df8c70ce0cf9269824a7b4bc9590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/4788-133-0x00000234C7B30000-0x00000234C7B70000-memory.dmp

Filesize
256KB

Download
memory/4788-134-0x00000234C97C0000-0x00000234C97D0000-memory.dmp

Filesize
64KB

Download