8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

Analysis

max time kernel
935s
max time network
1012s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bunifu.UI.WinForms.BunifuCheckBox.dll
Size

102KB
MD5

ef11f59a9381df17d7ab94434f79f260
SHA1

ec11e46a636fe3927fd5fa7c30be65b958853ef0
SHA256

390252aeb6fd76a954a03853c3d883e0360dc8b3f2cf8cfed5ba94e4e5a24da4
SHA512

612b1b0f9204c605ff5e9b91816e674cdaea71fa69f81a5a7f475bf1cc8d5e12687deb1b0118b07b3d7e4764adede0576f8fc799f8155a65a70e5dafff50f73d
SSDEEP

1536:JiQsfF22IDMxiQ9MOWnce1Cua4JfhwuKeWbZ6YlX52o3tWQFeOvTT:JifF22IoxChnv1CuhW1xCwdeOvX

Score

7^/10

agilenet discovery

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 8 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral10/memory/5740-325-0x0000022B473F0000-0x0000022B47410000-memory.dmp	agile_net
behavioral10/memory/5740-326-0x0000022B47410000-0x0000022B47430000-memory.dmp	agile_net
behavioral10/memory/5740-327-0x0000022B47550000-0x0000022B475BE000-memory.dmp	agile_net
behavioral10/memory/5740-329-0x0000022B474D0000-0x0000022B4752A000-memory.dmp	agile_net
behavioral10/memory/5740-328-0x0000022B2ECF0000-0x0000022B2ECFE000-memory.dmp	agile_net
behavioral10/memory/5740-330-0x0000022B473D0000-0x0000022B473E0000-memory.dmp	agile_net
behavioral10/memory/5740-331-0x0000022B47470000-0x0000022B4748E000-memory.dmp	agile_net
behavioral10/memory/5740-332-0x0000022B47910000-0x0000022B47A5A000-memory.dmp	agile_net

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
87	camo.githubusercontent.com
143	discord.com
146	discord.com
86	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{9B7C6F02-A308-43C6-BA7E-52EC7FDF76D6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
4796	msedge.exe
4796	msedge.exe
2404	identity_helper.exe
2404	identity_helper.exe
5820	msedge.exe
5820	msedge.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe
5740	Umbral.builder.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5740	Umbral.builder.exe
Token: 33	2324	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2324	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 2704	4796	msedge.exe	106
PID 4796 wrote to memory of 2704	4796	msedge.exe	106
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 3812	4796	msedge.exe	107
PID 4796 wrote to memory of 2756	4796	msedge.exe	108
PID 4796 wrote to memory of 2756	4796	msedge.exe	108
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109
PID 4796 wrote to memory of 4576	4796	msedge.exe	109

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bunifu.UI.WinForms.BunifuCheckBox.dll,#1
1⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8bddf46f8,0x7ff8bddf4708,0x7ff8bddf4718
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,184594001171456343,10133088183126584872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6376 /prefetch:2
  2⤵
  PID:1164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Temp1_Umbral.Stealer.zip\Umbral.builder.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Umbral.Stealer.zip\Umbral.builder.exe"
1⤵
PID:4980

C:\Users\Admin\Downloads\Umbral.Stealer\Umbral.builder.exe
"C:\Users\Admin\Downloads\Umbral.Stealer\Umbral.builder.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bddf46f8,0x7ff8bddf4708,0x7ff8bddf4718
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3364 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14891647912476163375,341544772456089676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6068

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x160
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
33c736647b3355b11b34afecd49f910c

SHA1
058f992b47e7c5f3fbd25a836383ad87e18dec16

SHA256
e848f313b7a712d2c6143ed59f93ca03f753c5dc7252feb7b63de991dc75029e

SHA512
40dfd354ecb2165f22655cb7230e58f0c0f0c8343368c1af8d91690d6e68e01b9c1fe255a493ed2291b41831117777914370ad4ad40c983b5fb1e5f8a88e1594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f7efc6992499d246d2a5aeec7fd72d0d

SHA1
7f5cfb0fdf9a6842002fd99c180fd89037f6909c

SHA256
49878b6da135f7e56923f9df275b0caa9b90dc8af6118137db403f416103bcca

SHA512
aeb70df17783d3a5bdbae1cc479f36b9059534cf5ede571fea614bcea832a984b417af065e60e3d886dcf16a2c593acc148d259a08dd5750df2a8046b6d1c2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
cb2fce611a778ad6ce5496209db1398b

SHA1
66d94befa8a8beee2541da11035831bdcf19b18e

SHA256
3d72e7b7afb56f907ec96ba6559b6b43e250230d1a810f7daacd9f285572b7f1

SHA512
de2a33ebd5746b6cf51ef7c9cb2dab00223ccc741b9ec1420f93cf17e0c235fe3fe0bc7dbd004613896678ab40cb91b4f5eda17977b7cf82ce1c3b6f5f335b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
81030716efa5bf7abb45fc25d019a056

SHA1
7faca516f8b07e1a38d5d5973af63f5a613f0f61

SHA256
9ceedc196dded94c97dba9d3bee0da757eb715bf69206eeea8d75dc928f62103

SHA512
3568cfd78f7649854d6d7659da600af58fe72fb0995d85587d802bc62351e67d6c7db6321c609af79a3bf0577ea172061f2577855ac0a4aeea0de1fb940465cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
ae909066a734514a46cbb38ab88eabd0

SHA1
bb3e76e60e17211611987d41ad604893d49fa535

SHA256
bcaa3a3b23374cb7051a85eda4cdbcc5c8f9861a840c266b9bfd1375b81af602

SHA512
c5a134f051de8170fdc831b39c9029038c76082e9e0efe4d23d20356599461a74d807383e7d738bc89c2efc5ea4b74d1c931d2062c08e29f847ec4e03a14eefb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
218a49c96b5e7b941e4f42b41c8c7f5e

SHA1
03144fb34fc75cedad1e4721b3fb27f23fbef9a0

SHA256
5ce21a37765c1335ea748a46d2338103fca3ca144afb0e0c8061dc052efe41d2

SHA512
b0bfb062d9f4f5370ff4a9d8efe2bd7c4378899be53039be41e8a00e0dc4cb681d3cd608a014d28c5c52a243ed9fc618864e012f0a275cb74ab617a0960fcc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
99KB

MD5
d1bde7464c9a942420758313d9fb9def

SHA1
bf77562b4f6fa8c80c5f9df77bc50019da1f5dfc

SHA256
03ba3cd696a47f38b93372695d1e4980bbb3576fcabfa304e8c484580e6973c6

SHA512
fd7ed457fb6b093a607f102349895a5c4f60fe1d4b3ec93f4bc23532def278757ed5701ba741017c87f52b867170af968b52f26c472d207c2a27b876e34b3987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
417KB

MD5
b584f1de0e2770de3c37634dc8114559

SHA1
9fcf6cfd2d2694116880dbd31fa2ed4e13e2834d

SHA256
710c548d07a88b90b44b75813dd9439db916ea311d4687caba1fbb3968155380

SHA512
6c38358a1b27c7d6e98846f3328041568e569adffc9ca565f09d0f9ee4c04a01994a8f391c04e1b18f3aace763538705795b407f7b8b9a85ee3711a37625e6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
32KB

MD5
e7eb40a17f017e7b0651dec263c01ffc

SHA1
26fea5c5c688b2ecf33bb6892c9905159b6d48d9

SHA256
afb8e284cacb33c4d52af3a501a871cf560e4ec94358761743c02f3a21cb1810

SHA512
d7af8ff7adb71dd5ed1620efd913673e108846e02a7775d012825357fa81ab28dde7bce06592256e9f9c2e91ede6a249a7e6bce91a392f6f7ac0b53ac3ca0123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
d58e980933f89abd114736fc3bc72fb1

SHA1
82704506126ced1d08c0b78add7e285535a7924f

SHA256
5bef51c9681a07f4ebf6219a199b479cb1bbd5d6be43239af4ec7ae3dc1191e8

SHA512
97b77ceafd9b0fea9e1a0e9aa6941062280904db3656f4aba516ee9e2adc99e1727bfef05133e16e6ec0b56737d7794c108c1adacb2aa58e5074293b86fa3c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1489e859b2910fd0c60e1ccd556da44d

SHA1
510399b1d87cb519d8b4b13608599c5d6f77e6a6

SHA256
dd96d8ca5a70355079ac9c128c4b647fc54f19e866c44c7617d34e43701ed107

SHA512
4d54eb9f7263f7d092041704386cd0772edd9f269575bcbf8ca2b7a6fbf9a418023a8463a80b7923d4278bca46ab388d6e5ef1da619a7c51da56914a08291819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
db89185681e5c496e7eb593ec2015f3b

SHA1
9659dafb3f3d4d9e32c5c918781b4602c1dbe445

SHA256
d4ac56243abd0fba9a593a87b7e194513391ffe837629718918d8f85c3b61d34

SHA512
46f7395bdbd7f2f612d345489d60dd296e628a1a7de628432ebd485891d215bf1b3e0faad62356935b1d23bb703c9b1e14da6a72acf61f0174a5c4beaec7d60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d3981cf275ff1c3f4131a35f1fa6210a

SHA1
b99c546ac81c5a89c31d12bdb1d182a19ab46b4e

SHA256
426d760d9dfd436464d454db2c7d63c30f1ab40d9cf61bf0853c81636506dddb

SHA512
d912275f54c89e954e20a62b203674653cfa36a272c0db1b0c9b210c0ab3b009863da23c8938fc15ea2373b3c16ad9307c8c3a0b5c602bebaf9e5566018b590b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5c870b7a4053b6b87de0eb90211e7c51

SHA1
f2123b613a4ab15119dae98213319dadf192f015

SHA256
28528da689e9a45a2f98da321eb308ea4a5e422c6a71f72a0ec0c59fe50988fb

SHA512
3644cc585a38e18fed00bedbd00cf7049cfb23896da9ab4b61c3ee0e3a8de95fce863eb9c50b0679d002f19602780595d0eb7f966e9bd222702b334111f16397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
c33eef143522bb8dde0dac660e40bc9f

SHA1
84b685b5ee99bfb1d21dbae66942bbd078471d96

SHA256
14f958e11dc846cc11fa642e2785a436c3d388f20c851939207b652ec89a32de

SHA512
8e4f0fec9dbf796bf57a0fcd91a5a3db0004bf78c00c322698de17c5b0a47128fb60d002228b5d5ba2681f3200120e3e2252403f99a21064518cc76006df368f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
dfdea9d01765bf553391780512f54107

SHA1
48e5df3932c5994984167a7730710da90904ec6f

SHA256
4526d196e90852781a0605a05fdb3c4495803d5afdaa98f60d9446623dbd1cc7

SHA512
0280d1f2e83b6c8701a2ee24c6313085ee269dbe6432032853d23bef51988eb33f1c2afd1ce859838c4adf8ae4549f8a87c7d7bb553ce9283d4f8e4f0c162678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
6bf9a9ea317450a73f713fb2b4b00ca7

SHA1
716af599fb3822f473fb9a0370ad76a6ab607801

SHA256
e0acb4f16fb5a88109958a22fcae6e5151312d34f30e2f3ca499657f9778a849

SHA512
d24a85b854de17abc44e6c14e5815fa0b67f94528dc3dd4db94394006c0ffadb55bb8b5163c3a2f09dd0c900e99a504a20937cffbc4ee4b7f18ec7f3111f0762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ce8a21c015efaf94114c9871442cdde3

SHA1
2e66ae0ec0ade8b76927c7cbb689a72f95ef4809

SHA256
8fe2420970f0b697d160b752802b0ba64d7bd96504eb0130773929d0e0fa2258

SHA512
ba68aa11d9ceb9cb3097f3d4779c14280e7e7abafe85f001a66cd224043cc1c95efd8e4cccd5b784e39b97ce51bd0582a3c8faf8fb9afa52a39d09cbe928e4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d58e3dbefb45d7c03bcb92fa453a480f

SHA1
db5fbc9e6c63b5f673608627f75b70917a9f8f76

SHA256
ee3bdf426859120796268b2fd97fe0d39ce1f004a32a2e4c8a166a5949df6baa

SHA512
67e74ae35257e1c74332d186c5196f1429dde0642df13235eac2057f3d409f9209bf8bf5f04afc153b1fdbc6ec45bf1d2ba44b1da05059e1c96cb92475b1e272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
ec66138c8ba5d6b093fba6bee87d0d58

SHA1
2386ee6a3471ed903693ac5f2a3a6d1a3fc56e76

SHA256
b36879e7da5fe65a13e017e8e003b80b42b863b991f0b9a723e3552c70cd6311

SHA512
bcb769dfc3f8722dc08bec839c2c36722a66c555e9f31cea6cd590b7e7ef981837666bc6f1d577c970d9a1d11f7e8af27b1f2c0d1ca573f0198e40ce699a1706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
13KB

MD5
6efd29da11f970ab0ded3b892915f468

SHA1
faf6c0192790b0492fb6717790e11efd41a5c961

SHA256
d67bd1b2442f0b6f145176897ddf659a76d48ff583a88ce6918a8bb6957e9abd

SHA512
3e650686b360723eb4e31652371fcd518a9ddb3395d0f669b13f6ae9feb11caef82b228d5ab56f7fcaca61c27337f47be42226d5731cdbc8335646bb21cc5d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
983a94f7fb0df7b8b3fc4de671343cb1

SHA1
015288ad602c75507a60342347e00968b4496622

SHA256
6f7e3b79d3e23db9b3eeaf4a2fd068630aa552cab7ec348e7e548a07e0e4200b

SHA512
6bb840163bdfae2277f581a36e64b563ee5c75cdc8314118ee49bfe07cf66ddc5bf7781255d7ad4c773e9fcb7fed3d864586f368ac2f3b72f8ea27c357a3b682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
789B

MD5
d583b8e6bf905fd9b3ea0206b5a72d84

SHA1
816c4684031fe6fac31f2560a40c6cab39a93e5a

SHA256
3738c4139870f2baf47544964ae2827aaf9da6178c0433a6bf239c0b3f9df507

SHA512
7cf1ce6666b00a1e037f392d12624d330fb90ca932156a9ae93aed42c27439b58f15c43a5f0450102313758e26ffb95ccac3527e4d22b749f9fb41052c79eb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
31947444667c568c414cca5d3c54d1c4

SHA1
c767b89fe4209e661092b2c53b48448d7def18dc

SHA256
b9e3290a8a476a7f44cce3bf6e99b3cea07e1c20c2a1ef25d7ecbe42e90dd584

SHA512
0044568410c1a40a614ffcd86e13f885329552a9546c0889ea08b8a514390488309c9c02b12c355e223727490a4e5abdc164115dc0d499d1aabc60f2fe497b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
dac3df7f500c775576f77d9d38168942

SHA1
e9bdee5d50c59ec97c1bdb1886b34eb71a7a03d9

SHA256
ded31497bd2c5e57676c9dd2911ebad6580d214b62622fc5d10533ceffead05b

SHA512
7a81eb6980f39e85615b744dca047c9a3269c423b7db363e8fd6b1bcd279cfc0d496619f83632580b115ee1fc1655a9dfd8f094c985c9812ee5d167a97d45d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d637f1893e1db1f1ac1477f67b6ec20

SHA1
eeca0cb38a8f9f7b2408fe2d5a843ace7f1dbff9

SHA256
7bf6411af2b04d4eadfc0fd6fc102c7ab8358619343b44a396f970c5ba3a40ab

SHA512
bdafde532cee62c5840daef1a4ff604d98b0f1688429d2f736ed8017bb030ee024d23265d2ada9fe124099c90afcaa603f046002bcb7daa201387523289747a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
789B

MD5
98ae6fbba018fc73053155fac123b1a9

SHA1
07eb57b3ad59bb8f09e7f99d4a7e13a3bcb718a9

SHA256
7cf4c72ebe298f17d24691eb8b2588c4fe01d22b657640e5c6c3f06828e068e5

SHA512
1cd912d7251b3e9b45620cc29b75e7518dcb97e125afa8b212814980737114f79eec2eac101f32944a81e691ff020353adfa099302c94640e5ccaa35328c0901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
08c68510786cf45fbc22c736cde32335

SHA1
ccd834226478f1992b7ff070e47222778c625e74

SHA256
78d2cde3d67cde8c186b231fa760790e2ee11e87b76bb26731e26cd5cdfbbba1

SHA512
6b392539cd51f44726cad548cf867f4c0aee50537c3282a4d6e48515f9a0a029045ed97ace7a1131df05fd921a2a3fe06857fe8f74bd5411433503c299e65e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb8582dc2c8c9bea8cdb52445e333ba9

SHA1
57b715059a9114b87b2fad588276226df45b24db

SHA256
32383e20b34673faa76d87efc1cc6653fa7fe03454d955b9bf07c6d6a4d29144

SHA512
5430ede16bafe3faa17c1f4184c3c5449c24a25f6e9de3791f9c4bd875d8dc64739e4b5f01e577442f61b8c852053262de603e78a64d9eed0518aa601af1485b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a645c5a7d5f3a140359da891bc36682

SHA1
f7dad342604eb34663b5f8b56896b300db4f3a74

SHA256
7b65fce8b1ad3dc7257f0c7bc2208f5c5e209ac7ba12a33347381924315686a5

SHA512
43a1c0d0a1333f287e777691599642a1ce46c3537e4544f8ab441242aca5de2f2263c2157e9697a17514d4edff66eb9c06ced8cc9ed6b81d218375b3f8eb25f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bf28ea3ee644d3785088194abe8bb4e

SHA1
c20bfdd17d7ad8f5ef160d6860079bac61361783

SHA256
ac82542315da7695c0ee880523c2ff623f8cb15da0e8dc7c8e1a271ad82082ca

SHA512
f15ebd9a0b3e8c65ee376d9016c11e46920a152e72b5a7f62388897e5a027685aeeeca9a88c1478a5607c5646ca3d4d5c01ed9fb47ee4d1516849a51d6c72744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd5780614ff1dae6bbe01303325e123a

SHA1
10db0d5d9d5e55cf4bfd3c175de82bfcb65e83a5

SHA256
e7252887da162fd25c618350c972b7054a97e9b9f858df581f1a25ff149545af

SHA512
34586e56d741e3d2a22297461cb20dfb99c03d8b6a738bf0992c22f4d729d1f854be08cf13b5c97538e86e0acfcb34ba56669fa20aa38bbd595cbbe139d88c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c5e91de8108f6d80e1350f8264345c9

SHA1
61a92e162085d6212998125259f0414c782ad6b4

SHA256
aa8f426b92f10710a4b77566987750bc8db52f2dfcc85e979366197dc8537059

SHA512
2c0c4f297f660e82542849b8c3f99d5de5642b4d0234a3d3c6bc403b0c23de770f4f26bf03372c1d390bb3218f23f378306d42980b720c5ebcbd94604b183aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a425af9cba29ed981660186d9066a8b

SHA1
7de7e00aad48133f227dcf684d25d39f2094ecc5

SHA256
d3f5de71a37ee7b2694ef1925810bc6e9aa08dace741b3dabb4aec275194265e

SHA512
5c343232f4a35eda4284b5a6d77ab62430f92dda9969ca4f6de3d50a7b041ad4e13d48d2a05e5a4c4400ab2aeef0806069e833f2cfc5d3263f02673b535b22fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d977b08028e3b7f24b48c92249cd144

SHA1
79ca2d579d423fd91edd3b0cf9804facc019e7c6

SHA256
b4fe270339b26a451431a8690916bda977c47160877a1d49a10ec060759eef71

SHA512
90f1473e189e02e8b5a1492f890f7a9ccfaff1ff50fcb84f495b361375aa11edd1a9a071fc27ff29eb6a0340240f7d878d1d4767922479745c2877d914dbeb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8f95f0a961acb0096767ada75c291f2

SHA1
b54f72a164ac25f45f0be614d9cb9d44d00e9cfb

SHA256
0ccb0c446f601020d5ee2b99f8f63e08ccff474c221c6208ba30c0cc44077b94

SHA512
d4d6483bac34696180cdd2b84fe009297b9235cc842b543d131fa2c3358d1b6cfde84a7c4b69262e9b902750e07cb497b9131796d769223fd29719f7c7534ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cb545643071fb27a3a11ac9f8feb388

SHA1
9748152b21031c7a6657708ab1e9a3076824c681

SHA256
1da179b42d6e2e0cad42459c16343db6702e3e749bb418193aeeab2f87d613ca

SHA512
e31ff5ea21b939e3479b960d48c8c29a3176ef106adc90e453433d80112695145ff7f336be8072b4732987d0e5059bf3911e992b107a86609efc0ebec4bd5f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6819e7744e0277ffe20a2c9a9b35199e

SHA1
d709d7d57432d95b3de688a4e460cd70bb76cd12

SHA256
487eef85794cde3fe7623578ac4ec02b0f854cff83f3e986f584e9037fcca1ea

SHA512
bdb1f45d6edff6c8e09700221350044a9d535cfae8e8fd07b6dd6960b1aef83210b17b1b40b32f27dd3c142d44362e9b9f4aa276aa56aa6c8c55784ae4df3343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9219a347d56238d3889c89b51459503e

SHA1
45a4a024c6b8a38f370d00d85cc2f5414138bb12

SHA256
61db379b4bf3927b27a84088c8c4320501713b592ed5c4d1054bea08466b78a8

SHA512
d31453ad9d970bc87952d9e9ae602950e6d9ff7e27c5a8ae845714a7e7ec8a1255bc28462b3bc820066a6cf8232cb0580e6ea9deeb1ec2f65663b980349ff245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
06059fea4b1a8e357b543f668e3d65d7

SHA1
4d2524b9b3306ba2557176fad1c5e7e52e0398a9

SHA256
2ab476cd31eaff8ff5a2bd4898da747eb1f33bb6501480685f2474b74656eb3f

SHA512
df3371e860e5c1401bdbdceb3a0b6c58a03af0356986fa4b5b9d4dda074b72613b35a5045f99b539b2d960f8c33af3cbce8c60de6f1c51bc3d065a7c5881e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
f3bdd232d1bce959ecba9b3385ed7033

SHA1
9541b018736f2bc622b0490e0a68c35ade680b8e

SHA256
afcb40fde2047179b0a5b83378a35297289c0bb6454d3ca69484cd5dfa9e2235

SHA512
45e4fde960510692a81e1efae7d109437c48eb469f02791a71c0d874a4bfd723497f03b04dc052a6702561b5bc8794356a9a73fb666d79e8b1f70e1aadaca074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374993009462079

Filesize
14KB

MD5
7fb3c8f1239b5ab04def891190c0350f

SHA1
d7f2517d207910dfd55c09ec5d666bc578a2f044

SHA256
0fc43f64adff46e09fb577ec3ec6b7b5f65df8bef78751c3cfac1c203b6c5159

SHA512
d22b075016d606ccb1b4e09bd37557b0f170eef463bf211a7325787b2649c391bd244cf093971f4d8135e33f5778d77e0a414fbd5a4eafb8c329637470cdc75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
187B

MD5
ab962bb52a49ab2c4724a53e0a9f556f

SHA1
794a8a2d56f12cad848165f5b8ce64bd01dff24f

SHA256
1d26eb5e2f65bb3618054e8fc83e88ea4d204f1fabb2937fa348c60771c3afef

SHA512
43926961d793a4bfe81b172f26b519da7ee13305d6a82fbce31d5b27123ab16b499df7a5b173fb3e5452cf9daa2a1e60b45cb9db964b67a13564bf01656379f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
26f994734da07cb84eb4999ab225ba84

SHA1
24d34d7d0ede6aad9a6f26b571d4276170f1483e

SHA256
3b1424e0af238c74c8bbca81d1d19ce679db5a938b21a763a6dd735dd9fa5ad7

SHA512
c72c67af54f3872343462e9774568c4a726f92682e7e8a71dc58e8c75aff3473b5f8ae2e42dec2575994674fae924f57042c5e79c254e04da3c499aa80123d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
96c44c3ccb458877f79dca0679b5392d

SHA1
5ba05ec4fbdc829c424d59ba686d01f211fc4622

SHA256
1051a0fda11edc532feb1275a84e5ed884aac6faf04a59bd6def6a8a639f9e10

SHA512
51d67c4765670eb58b0d7c5a393abea5a6872e3421230f845215a6d736d5640a4c55e9d7fbe40dcafe101bde7e01ccaf77bb4a2dbb012e926b39c07f67ed7fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92051cd14a8f08a3a4be2f8de8183335

SHA1
4a1b17143fa2a223be4ae284738b39d102e1a235

SHA256
3fff01338347640a08bc6ba60f6af60d52542dd0293e688be7a364b97ec9ec0d

SHA512
036c2cdf64f99815b283077386725967680f2350bfae9445d0b0987bdd2b9270161a89ed1e550f66823d74673ccd3cfcf5395da94ebe4fffbca3dd4f140e295d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8e0f19d6aaf3d8d3bf1c9cbeac390350

SHA1
f2a25257f39bdcd2e5e25f431da60f166fae6d81

SHA256
5177787700ea9ee7ead009c3832b53b41730a1dab03db400038a09fd0db4040f

SHA512
34448dd085c5fe004d3f45ee2812e7d7ea6a6770dfc922eb20ba4124662b2dd683f6368de63de1d44708353b3204e5f11c05e8fe1d7eb23b237fb98d348d08fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1799f36aec87f5d518e402a2045a2b77

SHA1
d6fde23aae423ba2574328f594667976ca11c2e0

SHA256
ce60e5bf52cf727c8623615d6ecbfab47253168a82ed2ff3a71952ed82680a15

SHA512
a43320557720b4038cbc271a16511211e8dc523af49e9ae4f4a9ef1c11eb4515f91f29234d1f14510f37c5235201f2e3436ff62dbc14ff2734353eb3f2bf8441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
804a88f9463ea0a5e12b9672a7f066ae

SHA1
115b4a7c520b397490f43ca63da1d75895978349

SHA256
d8a9cc0eadcbf6de24b255c7be59d004cbc683718d413a9c8fb3ec6176ff449e

SHA512
af0869c5cf3ba314baaa60f6aa3bc648bbdf47ec247e8e8187041373fe5f09eeaf81ebaf82f87cba43270821ed5d14a55452aa7f9b462242114cf73fa68761c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1dabf8dffb752caed8ac51b208c769f

SHA1
508278c02e09f6c047613aae67eb61d1cb4f5d88

SHA256
9d753b72ea2bca53f9e21d424741da7ccaa57c8ca16508b662e133c58f3a9030

SHA512
ad112e56c90bcbd062f700f622d63f00aa2da99f1f275178b7f531f0af3d47dd51b0d9c2c67fd740bc267679a8d4604f994a64098546c44866b84286c0436b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d296fc3bc0ca5d1169e0ffd144419cae

SHA1
d43598958feac6d84e8fb143224ed1a25c36fe52

SHA256
7874e7e3ac7dff87c42df0d9e0d581be40356b7ac5dce6e966efc28aaa91ff5b

SHA512
7be6585d29752a5dbf9c58806e270f9a6a0f9ac81cc073b1e19a05c1083a5dee15f99fc7cb1ea76aa3773db36609170aa620115871912972c51452252402629d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8db197821d6678c47270298c84914c3e

SHA1
43566adf1bc1b4d83ad968b2f325968c2e824d68

SHA256
8e8b38834d4741845d3d85c48f7ec3940a773817099427f0e635391a21bace2e

SHA512
cbda8f7bb874c28e4117e12eec20fb2f334986b06157aacce5e6064dbe041f8e9037038c59fea86e977fd536755cb81260af8c4436e8bbcb24ef0733cc486ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07d662d9b69a7db6177c44ddedd26579

SHA1
f2bf8031aa7c1511bf89922a251efd0381fb50c0

SHA256
40bde6928180c700bdaefe07a6c251663d2e87f534712d5a1edf0a48feb6ccac

SHA512
5f9a2d1c905e59c8da05737d0c207c6d54494075e4c931a9304c28642ee7727d3924cab11929f7b66784a8d435f74174dfc08a2076f08ed413812bb807785ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aaecd5dc58d8b7e371219522d24aa379

SHA1
1251388795457448b497aa4251c4db9f72bf4fd7

SHA256
a360df0623de1ec5ff5d0bc74d43b8c1149b5f34373fff5e252363658c76ec6a

SHA512
e6f03b3b08a52fcd56703acca95b0b55ac6b87116160081077f08d01fd323e0ca9059236001ba5ae6a07dc23c01887717bbc7f2b6821869ebf67845734508839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0093d6c2bb02b1aa1ed8425928f5c06a

SHA1
8bfb76a969f029c790e02ff9ce7e4bb72617a6e7

SHA256
71178aecca6eb27477a8da47bf6ee9d8fa485e91950aa4d4cb0c0ddaa345bb52

SHA512
5c05a2a6673fe3e93e3409c7c5cfdff906f80c7c6ea244efa08fd658e4ac4764dd94d7b567581da8a1b9a8aa9569fc6430f4964afc8b5f7cb341e4c8ad088723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c06808a572e1fab0cd4c7d575a83a63a

SHA1
bd8a71679e90030c9b104df7e5e165512447655e

SHA256
9e199f3e6c95528d72e2a8b9539ff95feec02856bfc9953e3e54140547df7f3f

SHA512
ee35cd50d9c1c626d5078500bf144d0813a7557f779da1c63884baf824d7161c5f2ce2a04f42dbd20b9737838e4134caef300201ab4e774bc661ad19c08cf988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587105.TMP

Filesize
1KB

MD5
b3d5b0b73cacedd809c215bf99ab60c6

SHA1
240f06e30a2a70ef91cf421bbe0934fce405a085

SHA256
d3878cd4cb7c9efe4547d1e6e5bea61b8f5bb654699efd62cd62dfe2faa8e9c9

SHA512
b6e7b65a3a9671068e45f00837fc99c34f3477d12c90ca2372ed7174d15e016ab8076c7a8ee802d56921e16f602b5c1614c07a40228b3f049243dd0bf1a1da2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7799e00e2c462117f044ba8cb14b861b

SHA1
f042c940cd6c529e6597c027b5786799137f7822

SHA256
c16bb24b49ce3c03a227a875224f80f04a4b022003775f17c44f7bcb6c4b75c0

SHA512
27bc72016f0c0c6191b2661d4c0f9f606977d68d154da909339e8f60bcce3dc48b8cdba3b08542a22bd18a70ac6edce2d099ce5c7c487a7a12535efb7e94ecbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
4dfa1d5a56b6d3a201ff9feac7b751a7

SHA1
e5028a0f9237d078f0148c5117d8ee6b4e612144

SHA256
0fdca9a23fe88a4a7859d3bf5bc4d29539338e5663e3a66fc30a1666f0a8d50a

SHA512
4f5f1e05eee58e4c2bd71acab433ff74fc20e03d79ef17c2cf0f1c544effccb444113a8f0feadecc30fd7179af5a1bb5325d77a669ff23a82727ce6dc4c9c126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
fc108e928505f21070d5d3f6d29e33e0

SHA1
cce0f11c34c70eeea6d257b4c78eb5fe0e6d478e

SHA256
f343f8019967fcbe60bbe5c3c1f6ca6a885eb8047c8573514e1039ffb7c87808

SHA512
2a181931ec88b4534599b2912f5a2a331f306a9b3aa5a8f6c2a4c7ac620b58a99e86c5f5bbf8f8be1845a3b1750e0fee76c9f893db9f7e6d1fd5ff455ddb9b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
52b35d5eddebe6889f1626a849a99915

SHA1
01ce4de34e5a80ac4b8a10e68b029d4e745291fa

SHA256
8e48775292e980a79a4fa3028bd5d29302863f590dda12973f3913d4428c4a13

SHA512
65ddc07efeccf6d8cbab11249339468f14731e13a692f14062dc6dbeafaf841cf4c86af1b1c3e9ff0ae034bae35e56e6f4560315ab9ad37e6427ba0d790df8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e903285e8d7224d87140287442acac3f

SHA1
30e12e6641ff7b28bc098e7beec71bce2e92eee5

SHA256
ad834b490f5ba2c686704055f6a6d11c9e390e470c3e5a9f171fb0b608ec2e0a

SHA512
1a6cd7874cd4a6c86d75339489bcbfa4cab3e99be44a545fda9552b9c048f1ddf378fb090d8b71c31bf00af1237fec341ddd45c9f4761b1d36ef20d9300649fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
ff788109468a3917e6e3d9c7fb83e710

SHA1
75a6da00b2bf6e961e6c7d95c82153b109be421c

SHA256
83baf10cb9b0a26440f5b4365ba03d321745eb7a502a7c371eaa8300ae8c59d3

SHA512
62a0e43bb5be410a77923da433d0905576f9d2271ba51255a28f03563cf6220da9b879cebc4d4a32da905464f78a2e6750a6825218c44ea95fd0f2a775426208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
4149c400fce640846b414895cc78171a

SHA1
d4d75517eee05c9482fc1224b9c0a430a6c832f6

SHA256
8c7e1785d1412ea51369b7d0486216bfd710151d8b0148803dd37b2116434d63

SHA512
00c7951f924b887a3694767524d1e66a4781633124ae599fc7e6abef3147519e7b89768941465d3ae39934f4b4949a4d809d541b1b7b54a87173df8585618af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
36828ef9da16dc7de0bca6a30c3b2109

SHA1
f189f8b1ed69c937f854e02f8d523db2be0fc908

SHA256
1f65e899d970e464f4ff4c5afad43ba4b97a701e8457fe214e7a4bbe94403c94

SHA512
08372c75941dcda361e1cd5d4660da42f757b0dc16741fbc43103e549753d666088df4b2ac484860c2ec9cb03009c26b84604b7198908fa10fde6139552c288a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c39701e2a80d47e09874e7ecb62be1b4

SHA1
98468fa6031ff7ee2ff0de6f25332fdb4f0191eb

SHA256
e51fdfd169940004660eb286afe3da9cd58fc337bac94d003becaef9251bbf18

SHA512
a5540147fee6adcb342125ea798d74bff7827ae986e8d69716a4986cbe7ca41354c8e45689578a2d10de0e8b24e4d9b260e7196979d89aa26391004c0c220909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
229a891853cc4827ce5a094c4d34a681

SHA1
f66701f8ca664a024fac03cb06c7b271cc09a2d8

SHA256
76f3ba3e8a0d517cb64d8038901a2ab5ff7ae208015150b7b43507e975bf2f17

SHA512
02eddc7531b93cffe4800a96ef671dd47f6e8b3d1dcfd62453d3fbb8ed6832d7a88157b884129e7b5150f954dc652249613fefc9995d3dd11e374741539d6a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aedafe5ae5bf04ce244bd2874ed079a

SHA1
8294a38701a330111a75e6cf12f3e0ac14286c8a

SHA256
34d97e7d269836ad4d38ecba06337ec030cac8ecd3ea44b8f959bdae1402cc06

SHA512
a972510c851224524e12f518900fce8cc39ae38f85f9c5cf4998e7852f16c36099bb9d05f9dea6893641a08c8a241d7c3b8fce3cac889b759265b28714ba7be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa430ffc2d1ee73c27decc297dbfad2e

SHA1
fe2e21f4d71f0482c77e4320cef0b8543ef1a15d

SHA256
a5eb1c51f70e182a93f4591c873b81eb2f7e365d9dae67016e84f37573906980

SHA512
bf00d1845d865f625855fc58ec771156808f4834bde98a7dd2d974684d1a1903dbdd051eecdaf5ca1cf2fe24b6799bab65ab1462f7a40ab706df4082c3d31aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ef8be0cc01d02253abf4e42cd6e33b76

SHA1
db311af94bb06663404052493b16f4e51f4b0973

SHA256
17a7c263d9088d37f57f2114bd9f92ff8be513b64d2004ba7b1df6b3f8fd4916

SHA512
a0ad2258bcf68299719bdda286618d4e6b382543440290a5fcd6c7d4ab3fb7a380d86fd7e1970b56e3360d4bfa04055734dc0384fde308dc6c5b3120ef9e7d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d75e7dcac57004062d753e5fb860b040

SHA1
ffb9a724ac83235f0f732d55ccda958333ebad99

SHA256
d2ffa3916bc2bb890730e8e621d76f2695f6f8213ddbe0a90a2d256b3fb61d44

SHA512
614d9070db5130d57d74e54183cde40398bba8eadef5ebb59a03c7b672a2a39215146e699efff90f00993e7d45e8a7e521329f8c73e32f59f92e61ed8ac0fb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9606dc9285b85a018c80aecc2ef85690

SHA1
6ee92f86742d1e02a99f36cc98d1b0bd0ea52694

SHA256
d79557930c28482d46cbaaa4c4dc7105196a4e21d2f73de28c77afd31e188ef6

SHA512
33a08f9a739d9fffc75e1860515748e44b34660a1e360b08db1625bf9b9d768ceb7f19fcce927b88609d8d991e7a6a7c528d61fe5fc8a48e51505706ecd4e477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
53c2b585638f0d045d0d477b3354e3a6

SHA1
0eecc66796ec75039044e9dc80aa994f4bd15b27

SHA256
02bd19a7779deb3a8b68e92c1c209a7cd20b027f7a797e7bf395a9479f76c75f

SHA512
56752681bfb8ef9d7aeaec050bc7bc35489d3230668ae4a11e638da77fe226f21dced8094a21418b3db12c35acd4b13394048b88b2af5f52bd2573aaa57d7422

Download Submit
C:\Users\Admin\Downloads\Umbral.Stealer.zip

Filesize
3.3MB

MD5
f355889db3ff6bae624f80f41a52e619

SHA1
47f7916272a81d313e70808270c3c351207b890f

SHA256
8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

SHA512
bff7636f6cc0fadfd6f027e2ebda9e80fd5c64d551b2c666929b2d990509af73b082d739f14bb1497be292eafe703ebd5d7188493e2cc34b73d249fe901820eb

Download Submit
memory/4980-292-0x00000214C2BB0000-0x00000214C2BD2000-memory.dmp

Filesize
136KB

Download
memory/5740-334-0x0000022B47430000-0x0000022B47460000-memory.dmp

Filesize
192KB

Download
memory/5740-327-0x0000022B47550000-0x0000022B475BE000-memory.dmp

Filesize
440KB

Download
memory/5740-326-0x0000022B47410000-0x0000022B47430000-memory.dmp

Filesize
128KB

Download
memory/5740-325-0x0000022B473F0000-0x0000022B47410000-memory.dmp

Filesize
128KB

Download
memory/5740-329-0x0000022B474D0000-0x0000022B4752A000-memory.dmp

Filesize
360KB

Download
memory/5740-328-0x0000022B2ECF0000-0x0000022B2ECFE000-memory.dmp

Filesize
56KB

Download
memory/5740-330-0x0000022B473D0000-0x0000022B473E0000-memory.dmp

Filesize
64KB

Download
memory/5740-331-0x0000022B47470000-0x0000022B4748E000-memory.dmp

Filesize
120KB

Download
memory/5740-332-0x0000022B47910000-0x0000022B47A5A000-memory.dmp

Filesize
1.3MB

Download
memory/5740-333-0x0000022B47A60000-0x0000022B47B76000-memory.dmp

Filesize
1.1MB

Download