3b19486b4e14b206ec8ab2602ec6a430f9fce7ef40247b1e1f4c6f004ee468b4

Resubmissions

28/03/2025, 23:17

250328-29x9yavqv9 9

28/03/2025, 23:15

250328-28pw6stvc1 9

Analysis

max time kernel
2s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Swift.exe
Size

20.1MB
MD5

532e28bfd55208ef66d609a48a65cf91
SHA1

5da3a7f1a437cae4109b4c052b7de697bc58a674
SHA256

3b19486b4e14b206ec8ab2602ec6a430f9fce7ef40247b1e1f4c6f004ee468b4
SHA512

10c57c4bd1c18242405bb7ac89361121b6169f3444122dbef246e4605b0f793f205a9fb36f5a8d820e9c8617bddb9df65b9590acbaada19a89ac7a064a23a0f1
SSDEEP

393216:V8JNpovBLKnLuJxQBqYuIavH5Cmq+Je5tmCTtu32syZ1k3hqdE7w:VMpWNW0mBqfvH5SZtlTtuGZgxqdcw

Score

9^/10

defense_evasion discovery execution themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Swift.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4488	powershell.exe
1872	powershell.exe
4692	powershell.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Swift.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Swift.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/5076-0-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-2-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-3-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-4-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-5-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-228-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-250-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-272-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-334-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral2/memory/5076-748-0x0000000140000000-0x00000001437AD000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Swift.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
5076	Swift.exe

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral2/files/0x000700000002433f-235.dat	embeds_openssl

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4488	powershell.exe
4488	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4488	powershell.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4488	5076	Swift.exe	90
PID 5076 wrote to memory of 4488	5076	Swift.exe	90

C:\Users\Admin\AppData\Local\Temp\Swift.exe
"C:\Users\Admin\AppData\Local\Temp\Swift.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\AppData\Local\Temp\Scripts.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\Scripts'; $Shortcut.Save()"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4488
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\AppData\Local\Temp\Workspace.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\Workspace'; $Shortcut.Save()"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1872
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\AppData\Local\Temp\AutoExec.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\AutoExec'; $Shortcut.Save()"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4692
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=5076.4132.14075107263301561724
  2⤵
  PID:3872
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\swift\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdad0eb078,0x7ffdad0eb084,0x7ffdad0eb090
    3⤵
    PID:968
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1720,i,1035618056001761489,7230619465328775609,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1716 /prefetch:2
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2036,i,1035618056001761489,7230619465328775609,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2360,i,1035618056001761489,7230619465328775609,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:8
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3568,i,1035618056001761489,7230619465328775609,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
    3⤵
    PID:4424
- C:\Windows\system32\cmd.exe
  "cmd" /c start "" "msedge" "https://key.getswift.gg/ks/checkpoint/1/wZYuMbgGlJltbwOCoFzYhGbTIxZodjExwWntNJGGqOlVHHztuw"
  2⤵
  PID:4832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://key.getswift.gg/ks/checkpoint/1/wZYuMbgGlJltbwOCoFzYhGbTIxZodjExwWntNJGGqOlVHHztuw"
    3⤵
    PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch https://key.getswift.gg/ks/checkpoint/1/wZYuMbgGlJltbwOCoFzYhGbTIxZodjExwWntNJGGqOlVHHztuw
      4⤵
      PID:1376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffdaabef208,0x7ffdaabef214,0x7ffdaabef220
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1756,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
        5⤵
        
        PID:4988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2008,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=2000 /prefetch:2
        5⤵
        
        PID:2964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2596,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:8
        5⤵
        
        PID:2100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
        5⤵
        
        PID:5376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
        5⤵
        
        PID:3280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4312,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:8
        5⤵
        
        PID:5504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4268,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8
        5⤵
        
        PID:1996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
        5⤵
        
        PID:2172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
        5⤵
        
        PID:4816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
        5⤵
        
        PID:1816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8
        5⤵
        
        PID:2112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
        5⤵
        
        PID:408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5668,i,13844889346788282085,12110083058578172530,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1
        5⤵
        
        PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\388bebc6-7223-4937-a080-1b0fc59c3129.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
6714868fbca836f2dadcd20b1ca25c2b

SHA1
620435405aa18eb3e1c6ad45771b71df49a0ad58

SHA256
254fe9f1229e5f221cfba46625ade64529633c5aad85c31641cf4af22c05c386

SHA512
2fe082c0bd852b3864669b4b28b1441cbf9552eadfdb56d140b5d64f10e9b2844ae982e5c93113aa23dbd4a5d61d29cfaab24b31bff6ab2493dfddbcaf0863b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
b22882438cded802dbddf69963989dbf

SHA1
2475cb07d50ff82dc796bff5450cecbde4dc03fc

SHA256
972812d0cbcccb81cba1377ef00d5d516b79712b660d5306708ae7a1547929a1

SHA512
599bad144cfd49c5edaeca05c520955384a67763e3ed2bbedf7f5a373df484b596e43ee44c176c8f92ab6f3de73e6179de24cde3a279f9b8e780a9365581a7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
43d55d843be703e57ace44bf53e3c526

SHA1
6df2a8e60e7cd07bb3fa369190184dbd2cdfade9

SHA256
7b63b4e03628742bf5281091b261a1a543f21cceb2393d75b6fdf1dff2424c50

SHA512
8ec809c140385b1c821ccb6f154b14ae699198000eaf202d8eb688352c9738977313a3ca526348250f919967820b800fe8dfe58e420c17574718d4e7a3940c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
60d03b29b650a9da0a0fa3a8c67e7cce

SHA1
f0c3e86df54914f3acb935d6f12049504dbf66f3

SHA256
41545ba949138d55fac8d23cb50ac651c534ed42e737f3e275e537665280aaf1

SHA512
6f9bb8f465fc4e459c040b4d200dccc77e4ac795c6988232af9e90ec3f0b9eb0982c1bf9e5b36245d1ef43dfb797cb352dfddbf3f2bf77f8e73fb24d7c888fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
2c9382b4cf6b591274e425b63d732b0e

SHA1
7a348fe7ea894ef7a8c8b6927b8c3d944cddf2a6

SHA256
db683e3a98e07a4d49d01c13601da53d4b47eba58d162cc4a4612b5d7bd11c5d

SHA512
4f6511181940ed9966fe1a06856dbd29b9979a84c8f89c9b6edce39174ffeaa747dcee14dbc8a7765a76c3a46d76c58670b0bf4305c4a0d477515d04ea660ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
2834ddae905b087997c873e90421c97b

SHA1
9401ab194a8206c08121999d439ecfda1662a713

SHA256
e77d4aaed04040aa184d4a4ef2e1fe2b2841e80c37ffc6943b1b6b0eed81301c

SHA512
49cb4929159dbc5fec62bdde425e1bfc88592ade23cc68c8adffb450594cfc117349cb9bf366aecf01d733f446f9d7665686039ceeca5a9616e1ccabc8e86982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0b79bc6232a914c2ba294de712764436

SHA1
31dc4741e4106c45a98f9af876c44a53ca7f0e0b

SHA256
13af55025afb94ad7a655da50a5d90a27493e95cd801905295498dc66d54bccf

SHA512
0b3fa0312f26699c3f16dc7ed389f86c2135e1afcf346c99b7b9de6f3b512423ee8ebc1461ed586ed1f74204dc45b92aa9f9232ff2ca8c6fc096cdb8e3fc7c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3df110e480ee96b0eb33e2a49b6e9c38

SHA1
ab63f7e1cae2e3c353480cf9649ed003f297f02c

SHA256
6e681c03c4803b75a721a4439acf24c12b774dea7c652f6feffe57466e3d056c

SHA512
37287132e7a1cf3ee34d12db777fe1c067f79bc82dda78a9bca31880fa1937a9230d309b7dd04a541c33c8523063c038ef943673bffd36d3e276cc157383fcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Swift-Module.dll

Filesize
22.5MB

MD5
c568dbc5fd90067a6712055023a18568

SHA1
1546683eb7ed167b54b9e4fb0a8ae72374f688e8

SHA256
ed927320654bccb0164b7c1e8835975ec9f680d607cfea982c7a0a103684d188

SHA512
72da4af29fd9aeda9851fc0a0a4ffc8a5b35f260074f2203381a760c94e4b836fe28b11186a6d3cca4d01de65893c0063edfcf355268b689330915ab66339816

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ren1fkk1.vpw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
98de318620f76d8205ce6f083fadc233

SHA1
29057d6c45384896a9f85a96fc1da093aa31cbca

SHA256
e34d549002a57dd4c78833b55d1434afefd35af34c30e11841eb423f7c718309

SHA512
2c41c01b02474cd59e1928be68e05b308d78cdad89a17d76848542e2281db93c537809a5112b053dcec2429b7f72400c31362ad33c2146a5d3ed7ec963e70a9a

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
bf132363f83c75f2f61d27e7fd338711

SHA1
9480429f5d3d6941a6b5d94a6a089575c5842ff8

SHA256
fec1bfada2b8664723316a6d6963c13dd4f5331e5596b6216abc5994686cea85

SHA512
38f9eb6881cb064c365b5eb8e7e1f937f83e33573bcbaff71d26f38ad4492d01be39bf2ccab9819b191fe23fe3b1b30ea612de0cf8d65360272a7e970e23489d

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3b33db02d64b8a0104254d183894026c

SHA1
381a2bedd39c040d592ab027471a0be1de1573df

SHA256
b064204f043f39f1c24c6381c89823d7ba9126d7a3a275a862eff3614aa50496

SHA512
811a81326c128df7db11d94f52fbb444888f3eb87bd08ed22e54c340d93408a393f0672d9c6d52f9f0b51e201fb4ece1d065d9e77cdcb993f3a8a6fae9013fba

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe580c7e.TMP

Filesize
48B

MD5
e8f9f593ab1f59f4b1d6f4b6b334901c

SHA1
3c8f7b23a885d7828a14d3b70d9d02e5f784d34d

SHA256
381e0d19c4fbf9dab7ee6360c5bd704b02d9072a13208d72913ffadf1cbc1f2e

SHA512
6cc7e67c78a768dc2e9951e83b093364d5a4a11dcf69112b8028f96c97cf3fcf7a819c5f73a09830a7162f1cc23d5a023309e81d2e08fd23d00a74081ea1eb99

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Preferences

Filesize
6KB

MD5
2417d91967ad08fa046b1b4d4e7b5f10

SHA1
aced08e3716bf985a8978976b3c3f79028c2d1ac

SHA256
0c2e20ab2918240e1648ba91a1c5b3dc4613915fffc27592f1f3ebd76555dc21

SHA512
fdf783cb82660018b97daeb8bab9b1f8d345176e2116fabf130fad58a8e0da20269bcce33b39d4649ceb2c2b441d879afb12422347f121e66b2685b25d0b595e

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Preferences~RFe584acf.TMP

Filesize
6KB

MD5
42b99a9327f29646c4bb473c8ebe55ec

SHA1
4d7d80fab05ca2d0afaa3318c0c87661b6cef15b

SHA256
dd864c40536b22ce3c63ef0fd00fd22601a6774bf7942b2f70f7a2d52250b905

SHA512
b7f4de02f597a418c10207c82b76abc21d37b29a1cf9d1e0619da9b19cf56585a77fc2c7b131a769f4e928e8c5cac27cb4f43057be9ee52348c91e4852f44564

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
2KB

MD5
241dee4afbd01c1ccd356353aa4856db

SHA1
2bc8771260b52ce7d47376189e453fc98c13c3d9

SHA256
6b5c9f87e24ea2d11b12eef11fc92784c734ec60b901a61bb5a5f53a0e8a9458

SHA512
3679d0749040ce5e812f268cd2ab997b38026e9ebd1153a5f360adf38c82f85ef0e8bcd1b46d13a88c24b8501dde754ff1b0fc6a429d4b1aaf12fca1fa84fb03

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
3KB

MD5
ca12dd30032230cc871cf78dbe59ab87

SHA1
bf45ef9890e86a53108dd219e5d63d3cbbc9ff98

SHA256
fb8e6b8238e3cda9f31e043de677b31b020d26105678961102a8ce6420249d74

SHA512
6b6e7ee05488dfb4573557070dcc09504e382b3e13cbd17261f79ec4bcf81e3d2cb981ffe19f7f87f32920ccec538058c727a456721f2a0a94d6302874b26f12

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
16KB

MD5
e0cecbec96603060d6f0646795c86349

SHA1
afe1e56522fa8d4955b51dfb1ffeb083e260c46b

SHA256
5b4f571fba4015040b1bfa7c25d83e51fdb6ae30a0ecc01f15dcab1701d04a92

SHA512
b7486f6407b6d8fb8103c888d3c21a835e13689f012d9fd5b816df4a912afcd757377a1e6e84f38f26f1d0e27598cce6499a649c1d4db25bd0630e0d8c98ac0f

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
1KB

MD5
80dab29bb6d6eb69e85eaa4ef252b4a2

SHA1
a46d391b69f4d0fbfd8968034200346b4f32befd

SHA256
fccae1f13e5208b4857933f98a34984132bf378945d738829ca9ad9ba04798e3

SHA512
6b1a95d947de4512dfb8bc615cec9082b8153f4e8e661a2d126a31eb8670d55026c7f75a23f88da2cb9f20beb7d716e63dcf0453bddd8257852768ac88610716

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
16KB

MD5
48d36edd8156a82f798d3d41452a0e48

SHA1
7304b9889656383fe9b7437899fc7078ff13b55b

SHA256
70e26b2b99dc967ada96c33edf39503a25c4d88fa6b958494d2c01fbd7687fa6

SHA512
575959518dcf0d4d3b1c7f3838a7c6f847f508565a4d94a64be4779b06a1aee23f4f0ed06ddd761e562e767442c0596387a02b28b66b3c075a68637bf3d3e545

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State~RFe57b90f.TMP

Filesize
1KB

MD5
aa7fea3cf61587d4c462595c81b4c89c

SHA1
d81c06a852b20aebc8ab346f1cba44af0d55977b

SHA256
9010c55280644b25e436eac9a469995821bf78b3681d386c4405d34c5d6e5989

SHA512
12c15bb9640c4459244af0448eafbce574404d54a7a44613c8a14e30eba9eed9c54eeb828d4594b7919d86af521555a384db2b8a2d9259af8c8b25d412e32e06

Download Submit
memory/1948-268-0x000001AE6D000000-0x000001AE6D0CD000-memory.dmp

Filesize
820KB

Download
memory/1948-74-0x00007FFDCA910000-0x00007FFDCA911000-memory.dmp

Filesize
4KB

Download
memory/4424-269-0x0000023ED9AD0000-0x0000023ED9B9D000-memory.dmp

Filesize
820KB

Download
memory/4424-191-0x00007FFDCA910000-0x00007FFDCA911000-memory.dmp

Filesize
4KB

Download
memory/4488-8-0x00007FFDCB470000-0x00007FFDCB665000-memory.dmp

Filesize
2.0MB

Download
memory/4488-7-0x00007FFDCB470000-0x00007FFDCB665000-memory.dmp

Filesize
2.0MB

Download
memory/4488-22-0x00007FFDCB470000-0x00007FFDCB665000-memory.dmp

Filesize
2.0MB

Download
memory/4488-14-0x000001CDF4130000-0x000001CDF4152000-memory.dmp

Filesize
136KB

Download
memory/4488-6-0x00007FFDCB470000-0x00007FFDCB665000-memory.dmp

Filesize
2.0MB

Download
memory/4656-97-0x00007FFDC9FC0000-0x00007FFDC9FC1000-memory.dmp

Filesize
4KB

Download
memory/4656-96-0x00007FFDCA9E0000-0x00007FFDCA9E1000-memory.dmp

Filesize
4KB

Download
memory/5076-4-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-250-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-272-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-5-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-3-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-0-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-2-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-1-0x00007FFDCB510000-0x00007FFDCB512000-memory.dmp

Filesize
8KB

Download
memory/5076-748-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-334-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/5076-228-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download