agenttesla | 57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80

Analysis

max time kernel
188s
max time network
191s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DeathCrypter-0.7.0.exe
Size

9.8MB
MD5

e5b1ff36f9fca02f63e3de2fe4861b55
SHA1

36e275dcf39a1a963ee0113af3e9f60e2a1a40f7
SHA256

57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80
SHA512

bf43a7e5c839de792e756dc3ec75a9be8e779f57f7ab84f7e157aa796f7569045166e1fc889d014b0411501a4f3a4656a037fba78cf44d39b4b03b965bd8e09f
SSDEEP

196608:t41mNygKiOPY+ZozEhjRS5jlFUMEEk1n9V4rdkACYnksmj4bsDgbC8VN0:t4Oy+OjkEhjQlFFha9WrmAmwbzCN

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
AgentTesla payload 1 IoCs

Processes:

resource yara_rule

behavioral1/memory/4724-5-0x0000022CBA6B0000-0x0000022CBA8C2000-memory.dmp family_agenttesla
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

DeathCrypter-0.7.0.exe

pid process

4724 DeathCrypter-0.7.0.exe
4724 DeathCrypter-0.7.0.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

resource	yara_rule
behavioral1/memory/4724-5-0x0000022CBA6B0000-0x0000022CBA8C2000-memory.dmp	family_agenttesla

pid	process
4724	DeathCrypter-0.7.0.exe
4724	DeathCrypter-0.7.0.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

DeathCrypter-0.7.0.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	DeathCrypter-0.7.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	DeathCrypter-0.7.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	DeathCrypter-0.7.0.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

1184 msedge.exe
1184 msedge.exe
564 msedge.exe
564 msedge.exe
1628 msedge.exe
1628 msedge.exe
3996 identity_helper.exe
3996 identity_helper.exe
2484 msedge.exe
2484 msedge.exe
2484 msedge.exe
2484 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid process

564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DeathCrypter-0.7.0.exe

description pid process

Token: SeDebugPrivilege 4724 DeathCrypter-0.7.0.exe

pid	process
1184	msedge.exe
1184	msedge.exe
564	msedge.exe
564	msedge.exe
1628	msedge.exe
1628	msedge.exe
3996	identity_helper.exe
3996	identity_helper.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4724	DeathCrypter-0.7.0.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid process

564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe
564 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DeathCrypter-0.7.0.exemsedge.exe

description	pid	process	target process
PID 4724 wrote to memory of 564	4724	DeathCrypter-0.7.0.exe	msedge.exe
PID 4724 wrote to memory of 564	4724	DeathCrypter-0.7.0.exe	msedge.exe
PID 564 wrote to memory of 2972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 2972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 4684	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 1184	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 1184	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe
PID 564 wrote to memory of 3972	564	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\DeathCrypter-0.7.0.exe
"C:\Users\Admin\AppData\Local\Temp\DeathCrypter-0.7.0.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hackforums.net/member.php?action=profile&uid=5420967
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff944383cb8,0x7ff944383cc8,0x7ff944383cd8
3⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
3⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
3⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
3⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
3⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
3⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
3⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
3⤵
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
3⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
3⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
3⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
3⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
3⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
3⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,16507180418850090834,9195438309965429974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5900 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
eefe396b8da5a984bd9e9d98f0d29383

SHA1
2b2496a566a42d1dc11b764936d04400e06ecb0e

SHA256
f93c1034d6d7479fbf4320f895838f5eea20787ceb1dbd88baffbca23badca44

SHA512
a7c66e6f61603b2228303e7eb5c2907890cb09680ee06d011bde6aecf3006999fa553955f40715caa84d0e642886d37e4faf9c39ede47eb597b60aa09c5ade84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
d7610be82a9422098675e0588b2d5c83

SHA1
23c82d7cfe738fb1ea103535e6c34499e0621d54

SHA256
dadf750e54d12829113035d8b453cb67eea1203c81dd54cf946c0559e28d5795

SHA512
11d7a674dc570b80e5dbc68d61b791155df95d716f75a27b535467703f5412a5f95acd4892ef791e58919c539ad3caf4bfa790aa3acb533c59173130beac12e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
ec1c13778502bbd800cf2c5bd2f2b1d5

SHA1
759405f7c2a8a2ed31c5bff3d9d3bcbaec661d12

SHA256
300d74eb39cdc0706836ba75982d4c8efc98445a3e061a9fa07b09ca8337a206

SHA512
30d79c12ecda2941ba2ea3b63a70bb0fd2fdff6c0b676db93a001e59e8038d92d0e7a99a7019a32a305a62d139c3dd51989c4e89cd0eea55eaf58970778af074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
aa95683143d0a99003f573f2b6126ddc

SHA1
af99d62939eec72e5dd9beaeedd3eff8c40f334d

SHA256
6a1a8eb5e21105b4bbc48aa8b9f4375e511ea48eb342f2ed3bbcb6afab806b18

SHA512
3d0269ac77b6e27fad6c8218c7dbf7d23d88da8ea904d7925e55c87439739df3b1109305dfd26d774c87267bec0848a16875740fdface4cb3ec3135b754251f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5e4c6bf17cdbf264316baa747e20059c

SHA1
de9ddf5dafa9e740e1a6f4bccb5d436416bfd816

SHA256
b78273dcd2815b44b1b45a325e4bccbecf8be661001b84ae9064022d64015a47

SHA512
9d46215a971e7235ce9743bbaa3ceaddb619521c80daad5115425bb83a75a6ca63b1d41b2b217d2b9e5ef31180cfac75c4476fcd6585ebaf1d511b1a576b83a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fc8b0692d1f53ba8aba4479592cad24f

SHA1
7dcfc120bdd03cc3d7ba3402d0f68b576944c105

SHA256
33c20b7c61c2c99675adc05a61e01045f59804a0225ac96456fce8bdd1733bab

SHA512
46274b492f827b9efdcb833caa505d6184211aa01402231ae0e7929529263ac59f814b38ad4ed9b8e888c91d60514c6e32b56a0492bf5edabc343795752dd20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b0c728799fd29bae1eea2f40ff986215

SHA1
29ad6a4c95fe1cfc99f30a3915e30800a6edd3df

SHA256
d5fcf3115b8c9a5a38deceb7f8c54407fa40682f6301c61416df4f20f978f517

SHA512
17d8ba2d757d5acf9323692d4bdd811bb9a98deade54e93b5b5efe56f48d4e44ed6a67e4147c26ddb31db32362fa5eab4db100882998fb727241e1479f07117f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c30f9b799f7fd2ec083298086a97cd1d

SHA1
f94ea300540804620acf49de34ec6fe0c02dbdcc

SHA256
8a418dd39d472d5adfacbe9f64bdc610d28669c3e76f71d64a86b49ba7d25bf4

SHA512
00ce865c6db50cba4ca7450ddced36c70ab4d81bd48889771206179e88c3a1c2aab1646b5bcdb7ccc87a9bdacc75b939e80610702690fd1d1875567a4391d009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
930aa0b022d8ab80a4e6ca2de25a7372

SHA1
0d9cd0d4e0c4f109769fd3ff530caf99e3014d21

SHA256
f4e14aa5b934fc7bc9b8e10f4083e6293607b66b3c01d80d0d5ea3d03d2ca0de

SHA512
ebf42ed45d74b5b8953ff85eab2a8c52175489442af3fdcda34922324d5f5a961ecd02d9aee315180580654f3519ed58c47c9d1128dcaf34b7522ff96ba87191

Download Submit
\??\pipe\LOCAL\crashpad_564_BPLVIVCNVQLTMGBP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4724-8-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-133-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-30-0x0000022CBBC70000-0x0000022CBBF7C000-memory.dmp

Filesize
3.0MB

Download
memory/4724-10-0x0000022CBA670000-0x0000022CBA692000-memory.dmp

Filesize
136KB

Download
memory/4724-36-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-9-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-0-0x00007FF949803000-0x00007FF949805000-memory.dmp

Filesize
8KB

Download
memory/4724-7-0x0000022CA1AA0000-0x0000022CA1AB2000-memory.dmp

Filesize
72KB

Download
memory/4724-132-0x00007FF949803000-0x00007FF949805000-memory.dmp

Filesize
8KB

Download
memory/4724-12-0x0000022CBAA50000-0x0000022CBAA8C000-memory.dmp

Filesize
240KB

Download
memory/4724-152-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-153-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-154-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-6-0x0000022CA1AF0000-0x0000022CA1BA0000-memory.dmp

Filesize
704KB

Download
memory/4724-5-0x0000022CBA6B0000-0x0000022CBA8C2000-memory.dmp

Filesize
2.1MB

Download
memory/4724-4-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-222-0x00007FF949800000-0x00007FF94A2C2000-memory.dmp

Filesize
10.8MB

Download
memory/4724-3-0x0000022CBA500000-0x0000022CBA672000-memory.dmp

Filesize
1.4MB

Download
memory/4724-2-0x0000022CA01F0000-0x0000022CA01F1000-memory.dmp

Filesize
4KB

Download
memory/4724-1-0x0000022C9E8E0000-0x0000022C9FDE2000-memory.dmp

Filesize
21.0MB

Download