Overview

overview

10

Static

static

10

Bunifu.Licensing.dll

windows7-x64

1

Bunifu.Licensing.dll

windows10-2004-x64

1

Bunifu.UI.....3.dll

windows7-x64

1

Bunifu.UI.....3.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows7-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows7-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....ss.dll

windows7-x64

1

Bunifu.UI....ss.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows7-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

7

Bunifu.UI....ew.dll

windows7-x64

1

Bunifu.UI....ew.dll

windows10-2004-x64

1

Bunifu.UI....er.dll

windows7-x64

1

Bunifu.UI....er.dll

windows10-2004-x64

1

Bunifu.UI....wn.dll

windows7-x64

1

Bunifu.UI....wn.dll

windows10-2004-x64

1

Bunifu.UI....ck.dll

windows7-x64

1

Bunifu.UI....ck.dll

windows10-2004-x64

1

Bunifu.UI....ge.dll

windows7-x64

1

Bunifu.UI....ge.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows7-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows7-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows7-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows7-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....es.dll

windows7-x64

1

Bunifu.UI....es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2024 03:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bunifu.UI.WinForms.BunifuColorTransition.dll

  • Size

    38KB

  • MD5

    539d803013c0b1592d0e17a740d72687

  • SHA1

    b0ce15e0f096d027b1d1482afa9d93bafd160f7a

  • SHA256

    500adece1fba76dfb2fa628de9886a2661ed1a4e58a7717a5fee607206bb1d81

  • SHA512

    77d8ab7a949db41a79371cf2ebd5d67bd4a38dd040de0073c878f50b2a6409fae2dc5db7cbf375fbc1bc571838b0a6d4848bdecc1420d91633b878585c94b9dd

  • SSDEEP

    768:2SfWaEnnh2U2DaRIx0qVuQ/90iAzNIewCqyU659bTTvtM/3JhQTifZs:cs0qVb/95+6ewCqyZ9bfvk0TWZs

Score
7/10
agilenetdiscovery

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 8 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bunifu.UI.WinForms.BunifuColorTransition.dll,#1
    1⤵
      PID:2216
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4220
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdee1b46f8,0x7ffdee1b4708,0x7ffdee1b4718
        2⤵
          PID:2720
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
          2⤵
            PID:1484
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3920
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
            2⤵
              PID:4992
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:2952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                2⤵
                  PID:1408
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                  2⤵
                    PID:2324
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                    2⤵
                      PID:4596
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4892 /prefetch:8
                      2⤵
                        PID:3784
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
                        2⤵
                          PID:4928
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
                          2⤵
                            PID:1912
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                            2⤵
                              PID:2348
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                              2⤵
                                PID:4152
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
                                2⤵
                                  PID:2460
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 /prefetch:8
                                  2⤵
                                    PID:1716
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                    2⤵
                                      PID:1240
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                                      2⤵
                                        PID:3892
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                                        2⤵
                                          PID:3460
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3520
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                                          2⤵
                                            PID:2824
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:5088
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
                                            2⤵
                                              PID:4132
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                                              2⤵
                                                PID:3456
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
                                                2⤵
                                                  PID:5068
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7316046387666305236,15426548999771594059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
                                                  2⤵
                                                    PID:796
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2376
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:1912
                                                    • C:\Windows\system32\AUDIODG.EXE
                                                      C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f0
                                                      1⤵
                                                        PID:760
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:4596
                                                        • C:\Users\Admin\Downloads\Umbral.Stealer (1)\Umbral.builder.exe
                                                          "C:\Users\Admin\Downloads\Umbral.Stealer (1)\Umbral.builder.exe"
                                                          1⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:2392

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          b8880802fc2bb880a7a869faa01315b0

                                                          SHA1

                                                          51d1a3fa2c272f094515675d82150bfce08ee8d3

                                                          SHA256

                                                          467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                                                          SHA512

                                                          e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          ba6ef346187b40694d493da98d5da979

                                                          SHA1

                                                          643c15bec043f8673943885199bb06cd1652ee37

                                                          SHA256

                                                          d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                                                          SHA512

                                                          2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          3ea92bdc8ea2fa13d02c68c1d4f15127

                                                          SHA1

                                                          660d179f9d6174f201e0f2a39113718ddb4134c1

                                                          SHA256

                                                          6f87fdd93b8a2dc6b1ef76f97be40a903383da8d508e024dadaddc609ed9c1c6

                                                          SHA512

                                                          42e9994591a3b83e0c81e776e5f7b6c2d07139ebaea9d0a0f988ae64576a74d48e8248505285c2c29e031419070d88813fedc3547c4aa70332d69d6080ae0e9f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          779B

                                                          MD5

                                                          fbc20fce67b0e000d51b22589be90534

                                                          SHA1

                                                          54c764f6a82c35a7231ff94a4dce509d16d7c4ed

                                                          SHA256

                                                          4f893eadc5519433a39359a5093d5868331cde41608010b013bd98276b234b8d

                                                          SHA512

                                                          90fd2410a98732079275f893e0a8ae5b3aff7a17631b2945ee5bc03215cb6b3bffe4a175051c2bf0c3f32634649a824e90cf07108efc0f6e3d28c1b89365ec0e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          dee4ef7ba8850251ab2443e56681d395

                                                          SHA1

                                                          9bf3ddb8d272d0ab4c2e7faeecc76d9700f32713

                                                          SHA256

                                                          2d97f6b4a608d602dfbe8072fd34f3f3046c30949ae90d8ab86e32467024b7b7

                                                          SHA512

                                                          4c21ebf0f151a98b59e2ce9af782023a2abac81f00c0f5723309a6e5edcb80ecc966d3e69c8a43cc08c67ece624a7a895105bd358854ee8d635f8f558713ec32

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          55aa8f140dd676a9a91693f710334ed5

                                                          SHA1

                                                          ba74d862c2b7b4db3760a3874c1319afb3a1b25a

                                                          SHA256

                                                          949cb2859968f3fbd21e0462a7fd8807b2f1d23435333a81736305f0f4632ebb

                                                          SHA512

                                                          dbd22356de7f3d091196677f62c544cf1866dcea9af4a49c0d385869240efbce24fdbdf682d4088eb13bc691009b5dfc73668ea599fd3b975587b4a3065ea509

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          5f36cd08afb667daaa92e2584ad17d52

                                                          SHA1

                                                          77dd047c879d437ac88eb45222d016fdb4393ba1

                                                          SHA256

                                                          d55aeb20b6e68f59bac83196bf9837739a90f5cfdbef97bfbc8719675f647b74

                                                          SHA512

                                                          2e79cd337a0bf63efcadd6321ffb33562196f54a325bd388a9e7a0fb1159b07b2cd8df6ba1a2970682cb2536cbdbe3a839d31d9ec7255102a93c0bab2e927b4f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          2b64dc072c9ee2d7a68ac974716edecb

                                                          SHA1

                                                          c0375d4b2f45354c204c39f40c32fa30dbb836c6

                                                          SHA256

                                                          ee6302520a7cfb29d300544be30900fefb91ee0e7ac46ae242bf05cd21b94eee

                                                          SHA512

                                                          5eb19526865129016b00b21ce4d62f74a9926ad96950a0b2c90f45c07298d52e7f48352898ba02a4cf6dc601d06aabe4489a31840e210b837b74b1023a5be7c9

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          050dcac9c84478cf5e02e84a6c5aaa37

                                                          SHA1

                                                          cff205bb373c0432fea8110c7130ca21e8c9d374

                                                          SHA256

                                                          8e65f845f7e6c1b0dd2ff82375bfca4f1d80287c3849823e6c9950beef76a8ae

                                                          SHA512

                                                          4099f5d612cb5af6153ae5ece79f7189918805868813c74e0c771e3d093b2d9a7d15ef89f8382ac885ef7a5ca5081b07f3c63d72763d8e30a3bf2f0ea6dfb67a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f1cd.TMP
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          acfa79901599c6c18a4afe3a8a8873e4

                                                          SHA1

                                                          6908ce6217ecf36b416ab90b0be81b6324699b7e

                                                          SHA256

                                                          2f2b081f6402fbf8a5214f21370f7111686b89360ed5a7500dcd009fe51d0b5b

                                                          SHA512

                                                          96915b897b0a8fa40dfc3828f3b4d69f76d301230142d5a6dea1d5557f0071c44e7c51d9b09ac1a7b54f06a6897542edfe7593d6a7b1281b1dc39071b574f458

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          206702161f94c5cd39fadd03f4014d98

                                                          SHA1

                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                          SHA256

                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                          SHA512

                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          2137a25049d64774532ae847402befa0

                                                          SHA1

                                                          ee8ee0924148396d10e2df0e611a7d33bbc694bd

                                                          SHA256

                                                          67fb24510fcc864dc75b3b5bbc923d08a7c918162bdc992095f44da10957c7dd

                                                          SHA512

                                                          8d971a5eb05851e621e9946e88dd52523377e48e742c28b6e3ba36580b494d638b8dc57132843299e0bf3bdaff969481c26e0fcb425847882a34634ecd9759ac

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          ae7fda75e5755789a848de60209725cb

                                                          SHA1

                                                          5ffb4c0c38c60451f9be8e100a0fcbfbe72140ed

                                                          SHA256

                                                          73da6cc44d360e69417ef4d22109585af350e741a535421cb797cd225d1dab63

                                                          SHA512

                                                          1886a3e264c2f7629d2f0e05e2d69292f86ae8867877a2da4f46593c752fd62db0596345f37512b3a949786b2a039a6baeddaa3b084bd9b5e61cb1c72476177f

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\Umbral.Stealer.zip
                                                          Filesize

                                                          3.3MB

                                                          MD5

                                                          f355889db3ff6bae624f80f41a52e619

                                                          SHA1

                                                          47f7916272a81d313e70808270c3c351207b890f

                                                          SHA256

                                                          8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

                                                          SHA512

                                                          bff7636f6cc0fadfd6f027e2ebda9e80fd5c64d551b2c666929b2d990509af73b082d739f14bb1497be292eafe703ebd5d7188493e2cc34b73d249fe901820eb

                                                          Download Submit

                                                        • memory/2392-370-0x00000299CDF40000-0x00000299CDF4E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/2392-368-0x00000299E6860000-0x00000299E6880000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2392-369-0x00000299E69F0000-0x00000299E6A5E000-memory.dmp

                                                          Filesize

                                                          440KB

                                                          Download

                                                        • memory/2392-367-0x00000299E6840000-0x00000299E6860000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2392-372-0x00000299E6820000-0x00000299E6830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2392-371-0x00000299E6A60000-0x00000299E6ABA000-memory.dmp

                                                          Filesize

                                                          360KB

                                                          Download

                                                        • memory/2392-373-0x00000299E69A0000-0x00000299E69BE000-memory.dmp

                                                          Filesize

                                                          120KB

                                                          Download

                                                        • memory/2392-374-0x00000299E6C10000-0x00000299E6D5A000-memory.dmp

                                                          Filesize

                                                          1.3MB

                                                          Download

                                                        • memory/2392-375-0x00000299E6D60000-0x00000299E6E76000-memory.dmp

                                                          Filesize

                                                          1.1MB

                                                          Download

                                                        • memory/2392-376-0x00000299E69C0000-0x00000299E69F0000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/2392-366-0x00000299CC2F0000-0x00000299CC312000-memory.dmp

                                                          Filesize

                                                          136KB

                                                          Download