Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Star.exe

windows7-x64

10

Star.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Star.exe

  • Size

    266KB

  • MD5

    4f2d0374f93b4079599cd3be7293c68c

  • SHA1

    28e6d128300a2a25203d39f492503b0391932f51

  • SHA256

    7e5a131d6b76fd964d4947b9c060fa0ff827162cb5047a9aa7edbe4dc5a91f66

  • SHA512

    7d3b853d1bbfdcbbfb7d5aff8e595590a0f1866459b80ca7822c5fbab1e5043c99e70b87f71cef4033dc4e1fcdc864b0fe0c3e3b84ad595a445092cff35fbfcb

  • SSDEEP

    3072:k2Jog9kK82e+i392qYpQZCi+oynzDQjj5JWCnWdZN7/VmtgzExXB+btwBtIxY8eM:jJo29yXZYmCnzDQjjLWNRmTd98e1Zl

Score
10/10
umbralstealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Star.exe
    "C:\Users\Admin\AppData\Local\Temp\Star.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1028
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4172
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff834df46f8,0x7ff834df4708,0x7ff834df4718
      2⤵
        PID:5088
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1652
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        2⤵
          PID:912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:2548
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
            2⤵
              PID:1464
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
              2⤵
                PID:4300
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
                2⤵
                  PID:4344
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                  2⤵
                    PID:5012
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                    2⤵
                      PID:4904
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1944
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                      2⤵
                        PID:1028
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                        2⤵
                          PID:4508
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
                          2⤵
                            PID:5016
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
                            2⤵
                              PID:4868
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                              2⤵
                                PID:3512
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                                2⤵
                                  PID:1348
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                                  2⤵
                                    PID:1460
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 /prefetch:8
                                    2⤵
                                      PID:4740
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
                                      2⤵
                                        PID:3856
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
                                        2⤵
                                          PID:3716
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                                          2⤵
                                            PID:4264
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                                            2⤵
                                              PID:1504
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                                              2⤵
                                                PID:3900
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 /prefetch:8
                                                2⤵
                                                  PID:400
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6564 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3412
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3192
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:1460
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2f8
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3372

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    3e71d66ce903fcba6050e4b99b624fa7

                                                    SHA1

                                                    139d274762405b422eab698da8cc85f405922de5

                                                    SHA256

                                                    53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

                                                    SHA512

                                                    17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                    Filesize

                                                    78KB

                                                    MD5

                                                    f3e6697902773ca97e32a62ab8b8b3e8

                                                    SHA1

                                                    d1fd8ba462ca2689c042180c312208616b630c32

                                                    SHA256

                                                    38f727f0f31d62c93d482ca209551103df8a842709d1b31c8332f08fdf22a186

                                                    SHA512

                                                    355be915fa1b5b4aaf8bd5754cff21a560df19c3a1a8325151244d004f793f0bb853fe858db7e382926fad32ad3061a347fff1f40fc305a26a43482cac7e083d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                    Filesize

                                                    19KB

                                                    MD5

                                                    138da7bd71a4ac24cb796615b49907b8

                                                    SHA1

                                                    097a9d62b8774383e2a34ea2894be5ec35a74c20

                                                    SHA256

                                                    7b06941157e843ea2e2b80f132110af09f72b143d65a78c44c36556174d91b89

                                                    SHA512

                                                    d186fef1b52a2d03b226c9645116631daef86906f5c5c74a611325682fbcfdd412eab14d8912b87e5a1630fb3b9d127eb4d3fa4fe425d1ce011210640fcfea0b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    408B

                                                    MD5

                                                    811b9c1b9e1f1f587acf7ad325e666f0

                                                    SHA1

                                                    3fb44ded3b7959759720fd7ee016a14070a6c38e

                                                    SHA256

                                                    c60d64b523680d30cad2e6537f3f4b0c0e26f82bd5b936dacfb24992ea89331c

                                                    SHA512

                                                    b2f56b1c74abfde00fe37bb82b03838b0e991732ca14baf551d413f32010ae946f084b622a239fee10d04c21cf94a1f0f7487e653dfcfd20ee85d1fbd91bc2f2

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    816B

                                                    MD5

                                                    645cec04c4b23025dd2b8d87783214c4

                                                    SHA1

                                                    8b3648946c1c391da3c1c2a8276fb24b12c2dc9e

                                                    SHA256

                                                    601b02bb1faeda4087564546f52f71ef82dc063f920cb9c7650fd4e227e21e30

                                                    SHA512

                                                    9dad4231ae60d7dafe098e142aaa3f83de334cf3efa3ea0f35824e41a3d122f68af8b9f11ddc352be4ad575e3f23f5faf55fe7e4c179907995acd2179fd0ff67

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    9eb9f5b67ac6fdfb9489a160b364f35d

                                                    SHA1

                                                    8b6bdbfd4ecedbdc1364e6f94a74159e073ed3c8

                                                    SHA256

                                                    34989e4dcdbd1720600bd9ab47fa51417f74647aa2d9a86133a098a0055b8df1

                                                    SHA512

                                                    74bf294699c4c62af575160cb7bbf8f8bf7ca1f12359ad75f44fb63554193b3a36fd503d20f2ff9d653a238c809ae99f186b4da708216a31830b83fb59bb5c5e

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    3aae1d0c5065a447b188f42e730c6253

                                                    SHA1

                                                    05ee85f711117cce52c01339fc439084bd3108b5

                                                    SHA256

                                                    c2f296e76a8c7ce2ed773619a85cb37a6e88686dd2497b1c57644ec1ebd97d42

                                                    SHA512

                                                    fe1badd47db39bb0f00f1616e99c2dc5c77b3e9aa01e1f276f4b827002b17c2a827d10d02dcc6de49a811a7f103c3968283a111914059cf62b17eb445002f529

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    0bba96e12e3659788a1be284553de941

                                                    SHA1

                                                    050d59123f969d72364bb56deec2504e6dc95a48

                                                    SHA256

                                                    1d8334367fc7583c4b6477a6970e4b540a691e455e716e707a872d9800fc565b

                                                    SHA512

                                                    376400e93a42476d7f2c146602daa45f2a58977b49138a0a69999f551f8d06ae1adcfb4297d1ac7378bf26105be7d019080832cff8ee9b6c5a29178d8ed83d06

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    634658cc5dde16a11b87fd5dbec7fa5d

                                                    SHA1

                                                    a6fa96cae7bb83bf79b9d40f7633bf69b0b05fbb

                                                    SHA256

                                                    dfac3ee2e80ca54791a8a9f7162e44ccf22aff03337b70e84efd353c1ecdfa08

                                                    SHA512

                                                    18b25c17597d0e8f488dcfcb40f740f4b6b4034ff9894ee0c0693637b9ac55135c8de91db733c7a0ba530bcc68ae0dab39772979f763d2926e18988d54c622ca

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    4a146418ef8c0f579b2a8d39f4aa5891

                                                    SHA1

                                                    96efae12c718c49af80b41dc65a2487c4a139803

                                                    SHA256

                                                    986e9b402900ab6d946be8f46c45420d8d17c330b8115a102c3b016c3fe3482a

                                                    SHA512

                                                    49468135c94d031c66fc991f57b3ed8cd11780b8c86a3bbd2e3c56e6812e1d6656acc7dae204f2d2afc02677cb25c3d315aa2fefe4585a0c286d814b57aeefee

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    d6dd3af21e305a6039338b13d2d315e4

                                                    SHA1

                                                    45b2d85e5cd5c93615698153a427831130aa625b

                                                    SHA256

                                                    486ba3d66cb137b827dd5b175cfa1416a1de634135dddd4ee1912c0cdda236b8

                                                    SHA512

                                                    062f4f27af3d7b4f06bb04bcc89a293ca64becb101e6351b052226283812c18004078ce3193628fb3e57dda72e5ddefeb0b799d93ac97a01ec5e83462ac7575b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    1355fb079cab98ad23fb7022e0e516e7

                                                    SHA1

                                                    16e4045c88afb746acc2002f97cd53c815868115

                                                    SHA256

                                                    6b610e18148ff276b7a47d66d9dd5f386dbd9879ff444583b439334c265f52e2

                                                    SHA512

                                                    1b3743c68b6be2551641d11f3b51867afe4504ae822cfb85b9e589ec2e91eb95255637f5488644a76f60ab2fca2f3d3f19c9db7d2aa5a0a943164108b9964c48

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                    Filesize

                                                    24KB

                                                    MD5

                                                    1b1b142e24215f033793d1311e24f6e6

                                                    SHA1

                                                    74e23cffbf03f3f0c430e6f4481e740c55a48587

                                                    SHA256

                                                    3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

                                                    SHA512

                                                    a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    875B

                                                    MD5

                                                    19eb381b7d30ff0792231e5a44cc6e16

                                                    SHA1

                                                    b303dd8df20232bd5056cc0318600447f696c168

                                                    SHA256

                                                    ed43e9485eb68e5969196a7886b2dab7745a913f4a8fdc8405496742617e87ae

                                                    SHA512

                                                    983d956459c15db2ea3a96a3e89df75042ba1c8b9b5fc9c44898fd681962d1fad69b2e875be3ed3107a6ac3fb35425af70b1b236c169e6f461deeabd88dc211f

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    4709bb2a1a244d4de8fced3a233b4993

                                                    SHA1

                                                    4bfd1af55b92016853372b4380dba9a04ef6c9d7

                                                    SHA256

                                                    b2d02ea7e6c4563143fa78ce70e138d8a33e4955328981a80565bad89959407b

                                                    SHA512

                                                    3b5a01603335af9d1047745dc773d9303e3600759cdf09fc830c6e82719985a76da790c0887908b3a59e5811c04e00280e2a004c718f15040d80123f8913f379

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d27e.TMP
                                                    Filesize

                                                    875B

                                                    MD5

                                                    095381e90b2f33a1b7724ea321a561c1

                                                    SHA1

                                                    347aceff16754afa44bbc3641356252a71f72fbc

                                                    SHA256

                                                    84aaa2542ebdd086507f49582c9d116e59a70d054bc73a9785699c34a62ab878

                                                    SHA512

                                                    c0760eb439f007f49443098996c091b018ec4eeba5863f30f1bdb5840e7bc9f884b2089b55543574591801b321736aa3359daab4fd3d23b14ba6146957f2679e

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    33bee0e1013bd82606e11f06a5a2d570

                                                    SHA1

                                                    386c641a8e4ffb7fd8e2fd8bb1f62df97a1c6479

                                                    SHA256

                                                    f289f53b8b57e87e18934e57565bbf0d93c854dc6858be284d0638b9e8f8a9b2

                                                    SHA512

                                                    8e3af1fe057fc270eee8e3ea9959fb04406c33b520667f82fd6abab9c38b229264c0aa247283e600aae2d4177f5671d2e75c8447c6b96224741484c9a37dfc02

                                                    Download Submit

                                                  • memory/1028-3-0x00007FF826000000-0x00007FF826AC1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/1028-0-0x000001D3F26E0000-0x000001D3F2728000-memory.dmp

                                                    Filesize

                                                    288KB

                                                    Download

                                                  • memory/1028-1-0x00007FF826000000-0x00007FF826AC1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download