Overview

overview

10

Static

static

5

ARRV_00011...df.exe

windows7_x64

10

ARRV_00011...df.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ARRV_00011004_CGS4250506pdf.exe

  • Size

    1.9MB

  • MD5

    ab058ec451bac8a417468aa9bd7b5fc0

  • SHA1

    623dc4c4af0f882939cca44117395e965c58c6ca

  • SHA256

    3d03d3d5e9188be6389f0a9cf58e0436a9c9ea800a355a2249867fd3400350b6

  • SHA512

    15fe082844d0b9ec4008318e258ad8ce6cb0302bc6458a7f2ff4d6cb45bbca07c1429ec688cc6e8b126b6049645bb071cc6b43bc51634dd4c25c9c5fa23dba78

Score
10/10
agentteslamicrosoftkeyloggerpersistencephishingspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.karmachalets.co.in
  • Port:
    587
  • Username:
    akshya@karmachalets.co.in
  • Password:
    Akshya@123

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla Payload 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ARRV_00011004_CGS4250506pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\ARRV_00011004_CGS4250506pdf.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\SysWOW64\dllhost.exe
      "C:\Windows\SysWOW64\dllhost.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=dllhost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
        3⤵
        • Adds Run key to start application
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:8
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdd46846f8,0x7ffdd4684708,0x7ffdd4684718
          4⤵
            PID:3344
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
            4⤵
              PID:460
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:856
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
              4⤵
                PID:3612
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                4⤵
                  PID:4804
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                  4⤵
                    PID:952
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
                    4⤵
                      PID:1856
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 /prefetch:8
                      4⤵
                        PID:4824
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                        4⤵
                          PID:5112
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                          4⤵
                            PID:1440
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2548 /prefetch:8
                            4⤵
                              PID:1120
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
                              4⤵
                                PID:708
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
                                4⤵
                                  PID:3320
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
                                  4⤵
                                    PID:4640
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                    4⤵
                                    • Drops file in Program Files directory
                                    PID:4932
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff61af45460,0x7ff61af45470,0x7ff61af45480
                                      5⤵
                                        PID:2100
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18061324040140140576,7085813177639432445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
                                      4⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1292
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=dllhost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                    3⤵
                                    • Suspicious use of WriteProcessMemory
                                    PID:4396
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd46846f8,0x7ffdd4684708,0x7ffdd4684718
                                      4⤵
                                        PID:3772
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8518033301041735740,2523050865743056658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
                                        4⤵
                                          PID:780
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8518033301041735740,2523050865743056658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
                                          4⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4864
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3332
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
                                      1⤵
                                        PID:4104

                                      Network

                                      MITRE ATT&CK Matrix ATT&CK v6

                                      Initial Access

                                      Execution

                                      Persistence

                                      Registry Run Keys / Startup Folder

                                      1
                                      T1060

                                      Privilege Escalation

                                      Defense Evasion

                                      Modify Registry

                                      1
                                      T1112

                                      Credential Access

                                      Discovery

                                      Query Registry

                                      1
                                      T1012

                                      System Information Discovery

                                      1
                                      T1082

                                      Lateral Movement

                                      Collection

                                      Exfiltration

                                      Command and Control

                                      Impact

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
                                        Filesize

                                        471B

                                        MD5

                                        136ba521784a8ce47a3850452207b885

                                        SHA1

                                        b654f686e5c96c5d4300bc81822c22c0928fe1cd

                                        SHA256

                                        8fb5921945889e17a35d67a61a81a767323f57fe0edd07a1fa6dadbd62669117

                                        SHA512

                                        619f1e14e419c77e511e27d55116b66a934ba550893a794d274a35c02d0d0e9a177eef2b7ec5f40a821a5c501bb000872822fd5a41d71d209a6dc23ed88e11bf

                                        Download Submit
                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
                                        Filesize

                                        446B

                                        MD5

                                        5c564f339cd04db865bfd380fe5eb3ff

                                        SHA1

                                        92a39e49a70ec8f83be15e914762a5b757978043

                                        SHA256

                                        620510b1d58e640ce77415dc0b838b8aee9176c1148fe38fda7a7184d4f84e5d

                                        SHA512

                                        78d73ba793b4ce731178c89b792573c7fae22279e813dfc0bd495de58b0f87e55bbfe9bd19797908de0c26faa670e514df0cfd9db003e851efca63afd568451c

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        01d13441ea7758a7ef00283af3c5196f

                                        SHA1

                                        8740631f90858060f1beb03af8b6c014ae2f0cc5

                                        SHA256

                                        e8dd7cb61efbc6189bce1757dd82382dd64983932f0634b026ad06a95f314a55

                                        SHA512

                                        a27fd5656ffc9a0fe70d1a21f4f7224daa3841790143d779a15f09806b40ce621b61d5b41e111387a3472290780193539d86932e9c056a733447bfe10fbce4c4

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        01d13441ea7758a7ef00283af3c5196f

                                        SHA1

                                        8740631f90858060f1beb03af8b6c014ae2f0cc5

                                        SHA256

                                        e8dd7cb61efbc6189bce1757dd82382dd64983932f0634b026ad06a95f314a55

                                        SHA512

                                        a27fd5656ffc9a0fe70d1a21f4f7224daa3841790143d779a15f09806b40ce621b61d5b41e111387a3472290780193539d86932e9c056a733447bfe10fbce4c4

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        01d13441ea7758a7ef00283af3c5196f

                                        SHA1

                                        8740631f90858060f1beb03af8b6c014ae2f0cc5

                                        SHA256

                                        e8dd7cb61efbc6189bce1757dd82382dd64983932f0634b026ad06a95f314a55

                                        SHA512

                                        a27fd5656ffc9a0fe70d1a21f4f7224daa3841790143d779a15f09806b40ce621b61d5b41e111387a3472290780193539d86932e9c056a733447bfe10fbce4c4

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        57df4904eea85aeb7b4d9b9d9130ecad

                                        SHA1

                                        f6b26bbbf2a5f6645e1a400b49a8bb1c346a0cc4

                                        SHA256

                                        ad7f7e5f652cca952b91effac780ae3f46aa02eb9de5f18340d8f55efd8a4c68

                                        SHA512

                                        9ee0ab6f4e4a55f748e0177bbdac33c824c2b02cd3110fd3a0545f5885a6e4da6da3eb61f30880e5a30b29eb33274cd518f548b527f9da9cd74c8413bec57f4f

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        57df4904eea85aeb7b4d9b9d9130ecad

                                        SHA1

                                        f6b26bbbf2a5f6645e1a400b49a8bb1c346a0cc4

                                        SHA256

                                        ad7f7e5f652cca952b91effac780ae3f46aa02eb9de5f18340d8f55efd8a4c68

                                        SHA512

                                        9ee0ab6f4e4a55f748e0177bbdac33c824c2b02cd3110fd3a0545f5885a6e4da6da3eb61f30880e5a30b29eb33274cd518f548b527f9da9cd74c8413bec57f4f

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        57df4904eea85aeb7b4d9b9d9130ecad

                                        SHA1

                                        f6b26bbbf2a5f6645e1a400b49a8bb1c346a0cc4

                                        SHA256

                                        ad7f7e5f652cca952b91effac780ae3f46aa02eb9de5f18340d8f55efd8a4c68

                                        SHA512

                                        9ee0ab6f4e4a55f748e0177bbdac33c824c2b02cd3110fd3a0545f5885a6e4da6da3eb61f30880e5a30b29eb33274cd518f548b527f9da9cd74c8413bec57f4f

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        2KB

                                        MD5

                                        d58ac2a179ff1bfde88b2146f7029216

                                        SHA1

                                        cb14af82e9b7aaf8122123424dfc9f2d3ec793be

                                        SHA256

                                        a381ad1aee5d9d2ff9ceaebfa3c7c8b21604ac47658362a86fa130e744528e4c

                                        SHA512

                                        d44ac0698e3ac516464af25e4d1b819d049f558f859d9c08ab0351abd630dd6b5a9e0cc57e59363dd7e836072d457b8afc00dc319f4b9fa55f6957ec233c46e4

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        9KB

                                        MD5

                                        2d48a07bbce73eb72d5c2c5c93ed8bf4

                                        SHA1

                                        156da5629921ef59c52f11edf935dc0d48ab6510

                                        SHA256

                                        186649502994228c7d9ad6b72ec677cb9368c979710bcc965876b371f22aec13

                                        SHA512

                                        0a7dbe7cf20abeaf392e96ca21785ae6c400c69be8707bcd84bc7d2769748b59787fb74d8ac573bdb5ad139caa9d234ef57314f82d50a21cfe183b7286957c4c

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        2KB

                                        MD5

                                        d58ac2a179ff1bfde88b2146f7029216

                                        SHA1

                                        cb14af82e9b7aaf8122123424dfc9f2d3ec793be

                                        SHA256

                                        a381ad1aee5d9d2ff9ceaebfa3c7c8b21604ac47658362a86fa130e744528e4c

                                        SHA512

                                        d44ac0698e3ac516464af25e4d1b819d049f558f859d9c08ab0351abd630dd6b5a9e0cc57e59363dd7e836072d457b8afc00dc319f4b9fa55f6957ec233c46e4

                                        Download Submit
                                      • \??\pipe\LOCAL\crashpad_4396_AUBPQGIXSJFIMHEM
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit
                                      • \??\pipe\LOCAL\crashpad_8_SMAWTVIFJNELUTHX
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit
                                      • memory/8-138-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/460-152-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/708-179-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/780-146-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/856-153-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/952-162-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/1120-177-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/1292-184-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/1440-171-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/1856-164-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/2100-183-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/3320-181-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/3344-139-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/3368-131-0x0000000076610000-0x00000000766A7000-memory.dmp
                                        Filesize

                                        604KB

                                        Download
                                      • memory/3368-130-0x0000000055E50000-0x0000000055EE7000-memory.dmp
                                        Filesize

                                        604KB

                                        Download
                                      • memory/3612-157-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/3772-141-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/3996-133-0x0000000000400000-0x0000000000452000-memory.dmp
                                        Filesize

                                        328KB

                                        Download
                                      • memory/3996-132-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/4396-140-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/4804-160-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/4824-166-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/4864-150-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/4932-182-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/5112-169-0x0000000000000000-mapping.dmp
                                        Download