umbral | hxxps://oxy[.]st/d/rvIh

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/rvIh

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00080000000232ae-243.dat	family_umbral
behavioral1/memory/4296-263-0x00000258D6130000-0x00000258D6170000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
4296	Beta.exe
4852	Beta.exe
4512	Beta.exe
6012	Beta (1).exe
4100	Beta (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
5144	msedge.exe
5144	msedge.exe
4856	msedge.exe
4856	msedge.exe
5656	msedge.exe
5656	msedge.exe
3028	chrome.exe
3028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeDebugPrivilege	4296	Beta.exe
Token: SeIncreaseQuotaPrivilege	3960	wmic.exe
Token: SeSecurityPrivilege	3960	wmic.exe
Token: SeTakeOwnershipPrivilege	3960	wmic.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 4056	2116	chrome.exe	78
PID 2116 wrote to memory of 4056	2116	chrome.exe	78
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 4372	2116	chrome.exe	89
PID 2116 wrote to memory of 2920	2116	chrome.exe	88
PID 2116 wrote to memory of 2920	2116	chrome.exe	88
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90
PID 2116 wrote to memory of 1996	2116	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.st/d/rvIh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce9a09758,0x7ffce9a09768,0x7ffce9a09778
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4852 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4536 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3972 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1720 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5604 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6044 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Users\Admin\Downloads\Beta.exe
  "C:\Users\Admin\Downloads\Beta.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4296
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3960
- C:\Users\Admin\Downloads\Beta.exe
  "C:\Users\Admin\Downloads\Beta.exe"
  2⤵
  - Executes dropped EXE
  PID:4852
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:64
- C:\Users\Admin\Downloads\Beta.exe
  "C:\Users\Admin\Downloads\Beta.exe"
  2⤵
  - Executes dropped EXE
  PID:4512
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1012 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4720 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1704 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1884,i,10816761310457505937,15023295639592886004,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Users\Admin\Downloads\Beta (1).exe
  "C:\Users\Admin\Downloads\Beta (1).exe"
  2⤵
  - Executes dropped EXE
  PID:6012
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:1588
- C:\Users\Admin\Downloads\Beta (1).exe
  "C:\Users\Admin\Downloads\Beta (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4100
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9c826c5fh5a07h40a9hb544hd49e7117739b
1⤵
PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcd64546f8,0x7ffcd6454708,0x7ffcd6454718
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17619880292142639884,4399822401930991516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17619880292142639884,4399822401930991516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17619880292142639884,4399822401930991516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault68b70548h9beah4a34h844ch2232c74c6dd4
1⤵
PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd64546f8,0x7ffcd6454708,0x7ffcd6454718
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1075593360645265716,11493573302752778603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1075593360645265716,11493573302752778603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1075593360645265716,11493573302752778603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:5364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte4ff2324h61aeh4b84h9caahc3d16b6d0a9f
1⤵
PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd64546f8,0x7ffcd6454708,0x7ffcd6454718
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4198140085494117029,15451651371769121448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4198140085494117029,15451651371769121448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4198140085494117029,15451651371769121448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:5276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
b96a8921cdbd8bdc1ebbfa180cf6ca89

SHA1
8fb61a2f9214ae0042847a7f20a9626a05592028

SHA256
d9e7c6f201c205760c21569b689e8188674299925ea26d05176b8b8e30eb96ae

SHA512
72c81024528060b9e7d388e396dcd54ed8e6e60d13631aa3ed97bda3ff5f1779d9f45d3f3180f5cac0f50f9fba1d9cdb519a561c76569c41b364303dc93f0dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
56ffdedb367ddf3357da17fdd4539961

SHA1
8900e3e9db19a82877591e5ca96f3cc7de9dc093

SHA256
196f5ae4d4ed5b462e1ab8c92987f320385ac4724d7f47c1de60faafebf7d2c7

SHA512
cdd2ab8c715f052722feece4007fab41b73c3745cc462c5e487f9d80ce778e2addcd43c6dcf6e48397328cd082cac6b96fa5e57e1cf1f84d5223bad8bde8c416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2769bceb67d6e6136bf5b71b3e306b6e

SHA1
dcf05926dc7a1e2cf20f7f29026dff2bb93fad20

SHA256
3bcc0afaf8cdad42e4b6d63f2a9a0c53d6f09c12b6157b31b764947dbce05c75

SHA512
936c2a2092cbff7fd627912f797cd701db5f9e99d3c2295aca3211eef5a1008a7bf76a5857638a8b25d584f307b5d464f711b5e4d7bbd2f913494584d69725a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eecd8dc3bf78e8b048d8d6061871a22b

SHA1
1eb4240f63a98f3b34b2d5854a58d669e4d3ec8c

SHA256
422dea6fb5add5056d0d013cab83879d41f505407bdc5b06d3a22221daef0c85

SHA512
50092cc615e3f06e7998e20f844c1cd3f2b4c22cd91502300f24e045a108cbfcabfbdb7a99eab7a0ff565b2cc4552db2543945cd67b782c3bf207dba1680a3a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a9f8aa552137fb346b2ca6e453455d93

SHA1
96988b58f43d25adb0d181bbf4d376309655eefa

SHA256
3438c3a7a2801fe1f47af6d6fddca743c918f99d5bc849697161a98171daf098

SHA512
b606fc35a87817681c710bd092a8bea1f2f7d60da6490e53a3a15e9ad24d5c3564cdca3653bcb0ee97a6d326282f5abe2e10cb1f18aa5b4f5b3bc17960ee390d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
298ae49eac51241e914ec71d28852c90

SHA1
8f1d8f06cf02b25c4391eb2520de3b3592eeff49

SHA256
a8340f08e2591274b435a892a9acccb83e1465646ca3e64f71a4f2ebfe045097

SHA512
4679059e5db5e0eb178581a5887c00ff8550247558baf3f0f5f885e2419d0e7a0c11aedc6c63a464a6c6eea7464df8720fcd9532d924adda44bf1a35df9f7499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b070f78391cef1d667d33273923e25cb

SHA1
e4989e890ac81815951a7d1836735d32ea040166

SHA256
5d9a265d921986a70b4f3c01e0f52a602c8ef6fe20c46ce940fd0e44d3496fc2

SHA512
ee3993e4331baaedf00b2e42cb9b11ea51d40a81b45910a95dee08775d69e03ad6931d5ef8c17424b96099ad67b52ef14cffaec3cdb30b55ecc04c471b0ee08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
630ed1082308b4c87064217908551b55

SHA1
febbeb5ececc799b82db7492587c8ef625bf8c26

SHA256
e327099fd7859ee828ae09ed9aebdf95eb9617abbe9085c123ff0bee2faa6211

SHA512
ef58b2a601d6320d04a5978b2dc11b18b3df6aab8201dc765216592b88fca62fa5c70eca79a094b3c2e10daf2dec0e00ed70b68c18076269cfbb2549822b83e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
72b2930ac7fbc5a520fbe4579757dcf9

SHA1
66bca9a400f5173453d9c27767414e0d9fb62abf

SHA256
53b0e1a0e49463da390e8e54768fe63be0860757d3654288e9b98d8231bd34e6

SHA512
c48c2065105868b49f169915e3256e81dc76fb355585c775e57ae47f3372d6e9c621825ba9cf427d3a79b6876c2511af08c40954ab547d3ac54c23443424631c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e9bb48a9a5e8c38b2ea20e13dcbf2369

SHA1
0ee4ef71b09cfb998f00e0077aa403f60d1b9ba2

SHA256
50c111b2be0a9d2d786dee5456eb501a102a0caa0115384e2fbfac0476997399

SHA512
ea348474b4c9667228049cfe66a7f7dae1e2726c2dfa85216fc78ac988ff8f5afa396ce6e36d4069d70a8e6309e09c9240a07663e1eab21b8d98e5cae97a53b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
ef4a748cc1c8f7935ee5cb2fc4135513

SHA1
fe23a73e9ef40cba17cedae4131ea0e88e8d3053

SHA256
e76f4e3c8c5a8f6461659653669c97ab596478324f40ab725a901d80e8dfa23f

SHA512
1d4c5e179fb5e923629ae5412f027441b0e445aa5aa3b38343d0300438d02f1fe14c3957b8144653fe72066f70e46354117d682db846c1a3a3828052f3abc7cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d3ab.TMP

Filesize
101KB

MD5
af437378b9dc34e60734f0bb31c32ca4

SHA1
43ff1665d47614baf07a4d274a2b5195c329ecee

SHA256
f19cdb2ad235a60c0f2c90d2881de172584cfb30f9c9e5107332f2c95eda60c0

SHA512
c5ac1d16a79f2106c417dcb6ba14585791fda869c1326bd7f7e4269398108b1406cd2f2d0262d78a6e504f6b6404141703530512f1f7606867b651f4f527a287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Beta.exe.log

Filesize
1KB

MD5
8094b248fe3231e48995c2be32aeb08c

SHA1
2fe06e000ebec919bf982d033c5d1219c1f916b6

SHA256
136c30d964f4abbb5279bdc86d0e00578333782f15f05f0d2d050730dcb7a9bc

SHA512
bf27a3822008796370e2c506c910a40992b9240606ea1bc19f683b2fee86b81897660ac0cf8e746ca093dae9e408949e2e9002ded75678a69f020d3b0452801f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c957046ee7b993ad93952ae93df641c

SHA1
a5ce6ebd9e7f2e5aa6f75d4a03120f41f7fef619

SHA256
8eabd48faa018bfdf182be2480c3a495bb4cc797754d63d9003066965fbf122a

SHA512
5a100b636c6179b12349d3b1d2f01a7db7298fd5a2791b90507704f8320503f6ab06fba3ed32d0c15193a2f6b5efdf83b871e16ee564b5eaf86587fccdaa0840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf85b428047b05c2c2144e7a124f2a47

SHA1
596221c1f3e1d366f3568399b5750dc8c9156678

SHA256
9937efcd5b7a6c320315a934d765849e00637da9e21e4c95672fbd181c0e6152

SHA512
6160525d228c1a9c08232a26265992ce61fdb5f64fb2d501666930b142e6982163cdace6fd59c6b32fe66f6c1a7d51b79ff1c484b8a208cc8e33d9e4edf9f708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
557cd0d538456d2e94d797fc49f07650

SHA1
a6b3ef5e180ff5e0af90e10a6f517430099bffd0

SHA256
ffbacda350bc6746f67ad9ccf75f99f80a289d9e7e4fed0fd520d17a1dc75154

SHA512
cb32274d87e89f322e171e240efaebaa87291690fc0b2f88a2d977cf980b6049a4ebc303a6117de115771fc0908ed54d78f57552b05ae81682c0aa8dac63def7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
0c9a378fa04f8b94a6396ae9968a6cc3

SHA1
9910f5e31bc0a6f1902dd5f73bd0d7581fbeb148

SHA256
6308c1cfd3dda97889fe89c82e0d028685a505012d02a22b9cf3ac81d558ac5b

SHA512
c23314880cee361089fcb84ca1837b89b1e3acd8428d5ba6a53a55af25d7ebc6c1cc228cb702843a8eb92d04a6a9938fc2487eed3207a308362b35ee8c3dcd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
faa47a222c45cf0a7c522c19b76a8840

SHA1
be7302c7c318da0dc24dacc778d7a96e8d66e0f0

SHA256
31c2ac0df418e84df59cd456de046a32c8102ce11849c8d761fd254a35f93e6b

SHA512
e2da5c11abb5a50e7071228a8cf310686087e1a9f20f00d58027f9308039f08ea4132c64703ad5d2c556dd4214d1c8729098a40e7e52ea3a13ad7fd7ae0dfd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a437bab1a6087375ab537812de49f1c3

SHA1
7c78099e5603344bb1ac7a743f0776fc260f6c89

SHA256
653e83bf124b1bd68ad7a4bf833f4d510067f6e9dfcf5c72e7094cf74162ac8d

SHA512
22490b638a764bd4f634fc7035919b94dfe2e8acef92a85953573da2f3146fd64c705cf3d3c0c014724ff385dff4c0f55261b2486195133a92ba56bfde7bfdb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2a92c20563e3fa8379a32494e07922d0

SHA1
4838eba7d033afd759355ac47aedf9f88b1fcc60

SHA256
b145e46867f68454bc17a2a1e6585e65a74eef150d5b21e6cefc5b9b6bfcd5a0

SHA512
b5a6518fd21a69e5438a935513c72041cdfb1e7d6cf0ef5228c0e060c51d38ffb4859ab92f3cdb47364440def336d1dc99e1fbe690fbf646203f6cec35757f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7751fed-bacf-4611-bf17-c6fe7b0cf646.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9d9fc06680516de9701f13a9ef57e995

SHA1
d5a2f2a10c92af78ebd93c496e4fa94b4b3dcb5c

SHA256
889755b1d5efe583677f4a64375cd460144f27eb2b8b68c7ee89346196000704

SHA512
78f951cf21f1a50224971ab55835b444ec3febfcdf6d42abe5c0f69b661b8814788e796656bb678608791480d0841e8e00e84078aa4fe9a88b42f70d093a5ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
006c5c40dbb5d7500f335d2d2536ca85

SHA1
610a9f993e9e38aae320280f7389e5ea01a749e7

SHA256
361c41ffb85cd087cd70a4ebf494670fd5ed72a4480e191c32f28389b67fad99

SHA512
e90390b3945189ade5249ebfed788d852e769bfe6b299ab8e302e5b7dbce8b180be761848e0917545d3adae45cbb473e38afe377e20ac50b16ab59da056ebf59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\Beta.exe

Filesize
229KB

MD5
3b956b88a0133c96e9fb382e10f4fa8e

SHA1
a40499ecbefc83f1d0b7c1df5601067518e7774e

SHA256
09349ce9b7af88a5ffb6697ddaeebe69f439734473cc0e48385480d39454f16b

SHA512
1608e8e9a5e492fd140e63b7d525f4aee58ce07f2e9ff15b8cc3044b0443f965ae443b7ddf22edf40e8a28a2416b65a82f7866a5d000a8591544659c47796085

Download Submit
memory/4100-550-0x00007FFCD5850000-0x00007FFCD6311000-memory.dmp

Filesize
10.8MB

Download
memory/4100-551-0x00000289B8E20000-0x00000289B8E30000-memory.dmp

Filesize
64KB

Download
memory/4100-552-0x00007FFCD5850000-0x00007FFCD6311000-memory.dmp

Filesize
10.8MB

Download
memory/4296-265-0x00000258F06C0000-0x00000258F06D0000-memory.dmp

Filesize
64KB

Download
memory/4296-267-0x00007FFCD7780000-0x00007FFCD8241000-memory.dmp

Filesize
10.8MB

Download
memory/4296-264-0x00007FFCD7780000-0x00007FFCD8241000-memory.dmp

Filesize
10.8MB

Download
memory/4296-263-0x00000258D6130000-0x00000258D6170000-memory.dmp

Filesize
256KB

Download
memory/4512-310-0x00007FFCD7780000-0x00007FFCD8241000-memory.dmp

Filesize
10.8MB

Download
memory/4512-309-0x000001D5504D0000-0x000001D5504E0000-memory.dmp

Filesize
64KB

Download
memory/4512-308-0x00007FFCD7780000-0x00007FFCD8241000-memory.dmp

Filesize
10.8MB

Download
memory/4852-306-0x00007FFCD7780000-0x00007FFCD8241000-memory.dmp

Filesize
10.8MB

Download
memory/4852-305-0x0000026A4EB70000-0x0000026A4EB80000-memory.dmp

Filesize
64KB

Download
memory/4852-304-0x00007FFCD7780000-0x00007FFCD8241000-memory.dmp

Filesize
10.8MB

Download
memory/6012-535-0x00007FFCD5850000-0x00007FFCD6311000-memory.dmp

Filesize
10.8MB

Download
memory/6012-536-0x00000292FAD00000-0x00000292FAD10000-memory.dmp

Filesize
64KB

Download
memory/6012-538-0x00007FFCD5850000-0x00007FFCD6311000-memory.dmp

Filesize
10.8MB

Download