agenttesla | 57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80

Analysis

max time kernel
147s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DeathCrypter-0.7.0.exe
Size

9.8MB
MD5

e5b1ff36f9fca02f63e3de2fe4861b55
SHA1

36e275dcf39a1a963ee0113af3e9f60e2a1a40f7
SHA256

57ec4122db9efd9fb97b27b6844d2026fcb25333ef18f4f2a44d63ad301c7a80
SHA512

bf43a7e5c839de792e756dc3ec75a9be8e779f57f7ab84f7e157aa796f7569045166e1fc889d014b0411501a4f3a4656a037fba78cf44d39b4b03b965bd8e09f
SSDEEP

196608:t41mNygKiOPY+ZozEhjRS5jlFUMEEk1n9V4rdkACYnksmj4bsDgbC8VN0:t4Oy+OjkEhjQlFFha9WrmAmwbzCN

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
AgentTesla payload 1 IoCs

Processes:

resource yara_rule

behavioral4/memory/4048-5-0x000002C2F9FA0000-0x000002C2FA1B2000-memory.dmp family_agenttesla
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

DeathCrypter-0.7.0.exe

pid process

4048 DeathCrypter-0.7.0.exe
4048 DeathCrypter-0.7.0.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

resource	yara_rule
behavioral4/memory/4048-5-0x000002C2F9FA0000-0x000002C2FA1B2000-memory.dmp	family_agenttesla

pid	process
4048	DeathCrypter-0.7.0.exe
4048	DeathCrypter-0.7.0.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

DeathCrypter-0.7.0.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	DeathCrypter-0.7.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	DeathCrypter-0.7.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	DeathCrypter-0.7.0.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

5108 msedge.exe
5108 msedge.exe
2972 msedge.exe
2972 msedge.exe
3744 msedge.exe
3744 msedge.exe
4856 identity_helper.exe
4856 identity_helper.exe
2416 msedge.exe
2416 msedge.exe
2416 msedge.exe
2416 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid process

2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DeathCrypter-0.7.0.exe

description pid process

Token: SeDebugPrivilege 4048 DeathCrypter-0.7.0.exe

pid	process
5108	msedge.exe
5108	msedge.exe
2972	msedge.exe
2972	msedge.exe
3744	msedge.exe
3744	msedge.exe
4856	identity_helper.exe
4856	identity_helper.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4048	DeathCrypter-0.7.0.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid process

2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DeathCrypter-0.7.0.exemsedge.exe

description	pid	process	target process
PID 4048 wrote to memory of 2972	4048	DeathCrypter-0.7.0.exe	msedge.exe
PID 4048 wrote to memory of 2972	4048	DeathCrypter-0.7.0.exe	msedge.exe
PID 2972 wrote to memory of 4896	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4896	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4316	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 5108	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 5108	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4644	2972	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\DeathCrypter-0.7.0.exe
"C:\Users\Admin\AppData\Local\Temp\DeathCrypter-0.7.0.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hackforums.net/member.php?action=profile&uid=5420967
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe17663cb8,0x7ffe17663cc8,0x7ffe17663cd8
3⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
3⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
3⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
3⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
3⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
3⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
3⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
3⤵
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
3⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
3⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
3⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
3⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
3⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
3⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10044005447923769828,18179922516768579301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4316 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
f47cbc3a0a5ee0023187c63aadc067f3

SHA1
a9920e7510f0f434afe472bb457935c77efb4170

SHA256
0217c5eee036946db539bce1ea3ed51a3708f85c7c6d9d3a89fa20c3ed4765e9

SHA512
eb93c2d561754388f38a72bf84c3c40aab456b3261149c0264e9fb42160bb6bebd6ea41c0844d4e805728a5359e0ef7c65cb74b8fce5bc9c1f2abe1ca41a0b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
99e69aa2580b46ad7f6f2e5aa21a152e

SHA1
792e557f836d7e5ef1fa0c96a8ca34cfc6baa5a0

SHA256
ea78594c266091dd7f2f2d3fcba177c0cca14907d594715c03427bbe11766e50

SHA512
d5eb14dd0f8a056311584eb76fa3aa66cdff6f59fb4e7a45a721ba132550d5655767579472deedf186619609bec0b21d89495f315d11e49b7d10523ee2b74703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
98d8afc41b7a5c8c42310d7a53a22ac7

SHA1
01535679063b97ca2f0da459c629f67f13a0caa3

SHA256
5fbcb078e7be213b2b2d8b161354080bc57a424f070d4d3448893262c1ff54a3

SHA512
96c91815b9415376c58faddb888021aa5584e59e5a7b34364f171aae01a1f2b3383449ccf3191d831d8aaa2ee954098c4c0307beeebf9405e5d931d1cd2d49ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e72f61faaa75eb98933f4b5cbd5f93a1

SHA1
71f9bc50b7fb75aa27c48acecb0cfeef597d5c15

SHA256
27efa1953fbc13d6e62b96ed93bb83df63734c6737cc5078c5320349f3ddc8f4

SHA512
c8734f8369bc6ee2bbc47678fd7c55be52b96c376d8caa0dd651e339a6cc21dcaf42b46fa8cc2df1908b7921fc1482087a3eb69133f83ac7c6fc60833cba9415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a6183f7107afb086887fce24417d9a01

SHA1
93b0a68a0673ccf364493b1d619aab0df6a9eb18

SHA256
3f799f92f3ca619203d98d06ba225cc3914201fd652e3d90abf6ba8b3e26d49f

SHA512
a2e5e6c897ba6f3f5cc09ff97c2cbe91108a90b501337add85d36ebfe99857a41705f5bc67e1b68edd41da77106da0d890d6fe927a4434a16a42b4341de93c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bbbd1ce8ec4da29c538c2fad708c2176

SHA1
51b30c3c8af758fddb216ffcbe4a7bd77aaf8f15

SHA256
ab043be0a149bd0e7161a43e495c304fe2cf29ae4d014372b944dfba4cc53e01

SHA512
aa3d2c04233d10528d94d043b7f5d1a24dc6a74a20956792dc3da4dba5605969c63d97b7301f465fc2efc9a635b8762ffca41c5bc3f8012efb0d9d454d03382c

Download Submit
\??\pipe\LOCAL\crashpad_2972_KOUOFQNJXRMUILAW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4048-25-0x000002C2FC0E0000-0x000002C2FC3EC000-memory.dmp

Filesize
3.0MB

Download
memory/4048-5-0x000002C2F9FA0000-0x000002C2FA1B2000-memory.dmp

Filesize
2.1MB

Download
memory/4048-10-0x000002C2FA410000-0x000002C2FA432000-memory.dmp

Filesize
136KB

Download
memory/4048-9-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-0-0x00007FFE0ABB3000-0x00007FFE0ABB5000-memory.dmp

Filesize
8KB

Download
memory/4048-8-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-36-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-7-0x000002C2E14E0000-0x000002C2E14F2000-memory.dmp

Filesize
72KB

Download
memory/4048-6-0x000002C2FA1B0000-0x000002C2FA260000-memory.dmp

Filesize
704KB

Download
memory/4048-12-0x000002C2FADC0000-0x000002C2FADFC000-memory.dmp

Filesize
240KB

Download
memory/4048-4-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-132-0x00007FFE0ABB3000-0x00007FFE0ABB5000-memory.dmp

Filesize
8KB

Download
memory/4048-133-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-143-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-144-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-145-0x00007FFE0ABB0000-0x00007FFE0B672000-memory.dmp

Filesize
10.8MB

Download
memory/4048-3-0x000002C2F9E30000-0x000002C2F9FA2000-memory.dmp

Filesize
1.4MB

Download
memory/4048-2-0x000002C2DFC40000-0x000002C2DFC41000-memory.dmp

Filesize
4KB

Download
memory/4048-1-0x000002C2DE320000-0x000002C2DF822000-memory.dmp

Filesize
21.0MB

Download