agenttesla | hxxps://www[.]mediafire[.]com/file/7iv0nvs45yws1w6/Request+for+Quote[.]tgz/file

Analysis

max time kernel
148s
max time network
221s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
26-03-2024 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/7iv0nvs45yws1w6/Request+for+Quote.tgz/file

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

https://api.telegram.org/bot7039723551:AAFxH1K4wDT1e_hnNFQy8ZWZ18ejwddYex8/

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Executes dropped EXE 3 IoCs

Processes:

Request for Quote.exeRequest for Quote.exeRequest for Quote.exe

pid process

2104 Request for Quote.exe
4336 Request for Quote.exe
3584 Request for Quote.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Request for Quote.exe

description pid process target process

PID 2104 set thread context of 3584 2104 Request for Quote.exe Request for Quote.exe

pid	process
2104	Request for Quote.exe
4336	Request for Quote.exe
3584	Request for Quote.exe

description	pid	process	target process
PID 2104 set thread context of 3584	2104	Request for Quote.exe	Request for Quote.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559186775117675"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exeRequest for Quote.exechrome.exeRequest for Quote.exe

pid	process
4184	chrome.exe
4184	chrome.exe
2104	Request for Quote.exe
2104	Request for Quote.exe
4484	chrome.exe
4484	chrome.exe
3584	Request for Quote.exe
3584	Request for Quote.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

4644 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4184 chrome.exe
4184 chrome.exe

pid	process
4644	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4184 wrote to memory of 2836	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2836	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 3060	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 4652	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 4652	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe
PID 4184 wrote to memory of 2996	4184	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/7iv0nvs45yws1w6/Request+for+Quote.tgz/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaad909758,0x7ffaad909768,0x7ffaad909778
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:2
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:8
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:8
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:1
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:1
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:8
2⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:8
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:8
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4512 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=1840,i,6688884803784366989,17803886689578541566,131072 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3556

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Request for Quote.tgz"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4644

C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe
"C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:2104

C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe
"C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe"
3⤵
- Executes dropped EXE
PID:4336

C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe
"C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
707B

MD5
46abf27e42b73dc9ae7b1d8cbbcebb4d

SHA1
5e6b5596e3d42638da9147df237658842abbfd05

SHA256
942ed51b77e0277bb2ab22fc9d9734598c9c64b5c87a9572edf04540ac30bd9c

SHA512
78465ccd9949d54a405ace853593a35a0b682846a548e4ce189c504d973a2ca09fbf34400b7388381b5f090f8280a407b0c726daede57562a811c82ccfa091a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
676B

MD5
6935e8d10764448630f08462de890b0a

SHA1
43465bf8733a92f33f62643ef3eea8e1db4548eb

SHA256
ea546ab33416badc87a896fb11d5c494626e92b772a034a6fbc1cefceef67a05

SHA512
f1d93f0d8e5269643d3411efea14edf883b40e61db31ed2fd1353d9f3deb64b05ad84ff33351fcd9406ecd7820fff40599f8e5f68a68987c7cb495fce9d792cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
676B

MD5
a4469bb66c44e71f61e3bc98935686ac

SHA1
661af1693e9c0e533936dd9cdcdfe84e07aeafcf

SHA256
a9d97afaff171ffe5a6c0a3ccec92b143d9f473ba4cf21c135684a55da66061f

SHA512
dfab02f0e656daf4cf03a9ec7d882cc3f8c9eb10d2f17b0f475c2e73a6a9b6cc0086bb37beddf0bbcbbdb8b25fe65e025be47e28c6787c552349d4938579a6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
f544fb5fdf7b4d8c3bf9de0a8a7ad4d0

SHA1
bd3e4adc13cc7341062ebe2def26115f48e7c565

SHA256
9b94f4ee62850c3f39b3275d79bc20300061417d1a70f1f5229d4257a023441d

SHA512
86e0bfabd2d9626a12d3dd2efe330bf0aa2778ffb4d81debef6fa13d23645171f70a725276295de0d4571ac49162c5863b54b34f64e620e532d765dbbcdb0faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
ace5bac24506f4a73b6cbc922ae38325

SHA1
8eaafb158acb0150e522d35446e1bfa4735b3a75

SHA256
80ae10be2c60604803f4bb080bedc24ff044d32c60140352d769eb25271c875a

SHA512
69926a50ef2d878fe2b97da467bae224721334d3ec7dc79846a1ba516a2502940451b6c4e90fbc00b9b7241e46771d85d0d997ca13b2f5a80a354dd39a1c86a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60a23202c1e8375e45a3e9f965dac260

SHA1
166106ebba7937a6dffb1c7db50a3175436d959c

SHA256
458453689ddd3971841ab056aa263128097ff3ab83ba9200d96f970d9d30efc5

SHA512
e4b776fda069a11bd954c56ff399cee9c424218acec87c0db7428fea11473e58f0670cfbda364b524605b770cf39cc47a0fbbd9ac4a165b12197ede6ae38113b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5b539ac85c98fda3145ff8ce09c587c

SHA1
df48b4423a9042e0e239e9b0ae1ebb18f97d7920

SHA256
8561251e25970f4fdc6b058eaea9799d0d787df9cf54e79985b52c08cba927f9

SHA512
7f4db62ef255781f4f92b860dd855555e251cd739f85b84eacfed02d0bcae3c4089e714e00bf9a126a614a9c8b4c164cc726f013733fb35a92ba095993728bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef75984082c67f2ee6a069a1b021beb1

SHA1
558f2f2549ceeb6985199bcc6c4cd1955da72bb9

SHA256
99461825c357199c9d8642e5cb0e673cc6d88077710f15cf193128583600eae1

SHA512
7cfe9f2355c9fa3f1003e4271d5e003217cb13d75d0c3693a6dc66932b7fcb431b898a2b8fef9c872675eb8ba33f4ea33c2d951282dda19270083731af0f148f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4b9be645f5369bfcda158c4eb10c579e

SHA1
7bd6ecd116e559a06447701b06d4078e67ab03eb

SHA256
d3f40ab00ed06a511a828dcde46a68a4cb6804583640074385fcd5afd928ec42

SHA512
ef50fb6705c182ecb43049ebce763b96ad0d06af354d75beb57a95b14469f8adc67f66ebf16fe03321b4a563c0bf0e17b26c439ae00f86c46d185cbb2534a246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
266e2f472d23bbd64561688487fa352e

SHA1
06299ca48496084891474f9e96fae18dd58f9513

SHA256
f6ba68379a8d3783e7a799cad5aaeed9f8e9b593360e45da31fef610a2072710

SHA512
8cae92a58a8fe9e5f48e39ca4cf190c6edba79a7859b2ce3d45a8f2bb52fa5992f694a01a24ec7ac7770c3079682531ad697fe826f4ac9a885c8de1c1a3431e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
60a582b1c147c70aae25fa824515ecc8

SHA1
1d65c7514e7564767d3c34de5f67e19d880dacc5

SHA256
ffe5b3a1e1eb9c222855c7500b8d3507167a1866d5e36813b7ff1fd1d46ce22a

SHA512
3f319edab08f46d3155614d2763f4e8c3b4bc4785427f0a1dd15486afc07909bafdb14d871651353b74871fc519fe449164f0fb1e04c9bbe9c8310fcfb2e9754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
acf67ea0766b255fd48799c9c58c8f61

SHA1
0771ed0c30c15d8a6cd29361fd5fcdce3e937e50

SHA256
9d3d52ada886dbd93a16d373f007cc56d77976bfd9bed0cab003af509a05d548

SHA512
f639a6e8b63bc77cdbe360f48d368e41ff6e72ba638602a8d72578bd231b6d5cf4d2fbb80af6433a5fde1ecbdd7fa2e205bf0d068f6645bd7804bf58335f3d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b2b45a2b435c0af48946d0af9627e4f5

SHA1
a4deca7285072194741ec131a9f8c4910a2bc987

SHA256
1996bdfe080d2f95ee11d560620effb55e52844ea2fe02590c102f6b85ccc751

SHA512
4905e9941a412b47f79ae574302863c573443fc581073d35593ae37a12d8bf437558a02c5186cec1b388279f7bc7934899896ace4d1b172ff38b80ee2fddaf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Request for Quote.exe.log

Filesize
1KB

MD5
0c2899d7c6746f42d5bbe088c777f94c

SHA1
622f66c5f7a3c91b28a9f43ce7c6cabadbf514f1

SHA256
5b0b99740cadaeff7b9891136644b396941547e20cc7eea646560d0dad5a5458

SHA512
ab7a3409ed4b6ca00358330a3aa4ef6de7d81eb21a5e24bb629ef6a7c7c4e2a70ca3accfbc989ed6e495fdb8eb6203a26d6f2a37b2a5809af4276af375b49078

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe

Filesize
5.4MB

MD5
40ba44b7c8d29bb0f9c455ec26713291

SHA1
dd373d794f2e08f1f311f5d4e728d75c570d775c

SHA256
7f0548c08e4443c543809a81930e8e8857ccfdacdcb702483ed82c0280cf1f2f

SHA512
75bc1770dcf06c527851054db6c7845a9137318e0bb8b07851a158c8807a9e82c6e3ab7015707f83cb7e64421444781b5f367d3182365fa23e006b603f0087b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe

Filesize
5.0MB

MD5
0fa4f97d97bf251a6b32ae59fe099b71

SHA1
9784c273eae73eff0c892791744eafc8f709a6c2

SHA256
bda174588f743a0b7d68248ad15b5fb9bfa5e3f67effa84483d62131a77ef648

SHA512
d2fe9e4f5e6db4759f6829613bc7786a94d96372409ca60eaf0ddd4bea06b966e5c021d7dcf0d7f74092984c3384632b44f58a04325d6885c79afba31dcfeaa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe

Filesize
7.0MB

MD5
b3b76fe3b4d8c7d0b5bfb2bd80f69b96

SHA1
ff0a64dee3dc775415653b09a6fc43d88bfd629b

SHA256
fdcdf9c583318b4a96fd19ba1709446b3b48c925b81f1b5a8d19e4b6f5ea62ef

SHA512
b6cae63a9bfaa969e77868d15080a582f658c9f8529730a34b2893ed4cc1d99353c3ad9ceae99d4ce329ee117d61f821ee98e75228cc4d1a60ec429fbfa3a3a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO42244988\Request for Quote.exe

Filesize
8.1MB

MD5
a3d8e565b8ed7862d07dfcac7ea960bd

SHA1
4a01eb24475886fa90eb92c1c44a6e9270f433e9

SHA256
961138c0332a67af8c7a5535e53baed06cacb82fa2220fba695b233893e05206

SHA512
eab18f9edb305ea297a7573aeb1b9ab2a457a5c31b3cd93b943b67c8e789fdd5ef7c27c6a44fedfd1a6f8e1d43726eda7b16676649315cfac2e3408f5bc693bd

Download Submit
C:\Users\Admin\Downloads\Request for Quote (1).tgz.crdownload

Filesize
704KB

MD5
04b2a2eecfa21ae4850771c8c02e80b9

SHA1
c286e5b4f03039f9663d6eae60625badea3ed113

SHA256
9c6cce7cccdb9f284d0c38331bded6191f2b28ac47a1aa3114458a92ba5eddb2

SHA512
0688323e786a6e185af49175e91b56cc02aeed0554183c50a197ba154dabea229b09e2077e631fa4cc4a14a2cf74c8b6445a502cb8f07f2f597f28df52c4cbea

Download Submit
C:\Users\Admin\Downloads\Request for Quote.tgz

Filesize
1.4MB

MD5
a3559bed560b8c145bcd9c911aa3034e

SHA1
5458d65148392a6d3b62936690162eb79b7c1af1

SHA256
47de293ad37e16caadb0507830268633e4b9d5a2a814db6b33f2cd7a705acdd8

SHA512
709bc42dec230e9da99ebaf069b5763f8aa0520d5b6de23ae257111472eeb84113ebf101584f6bca99532cb1427525ca4a8fafa504a1a977528eb521d7aa59ac

Download Submit
\??\pipe\crashpad_4184_FDNMRZAPKJJSDGZS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2104-101-0x0000000004CD0000-0x0000000004CDA000-memory.dmp

Filesize
40KB

Download
memory/2104-97-0x0000000000340000-0x00000000003DE000-memory.dmp

Filesize
632KB

Download
memory/2104-102-0x0000000005200000-0x0000000005212000-memory.dmp

Filesize
72KB

Download
memory/2104-104-0x0000000006700000-0x0000000006784000-memory.dmp

Filesize
528KB

Download
memory/2104-110-0x0000000073C10000-0x00000000742FE000-memory.dmp

Filesize
6.9MB

Download
memory/2104-105-0x0000000008DA0000-0x0000000008E3C000-memory.dmp

Filesize
624KB

Download
memory/2104-96-0x0000000073C10000-0x00000000742FE000-memory.dmp

Filesize
6.9MB

Download
memory/2104-98-0x0000000005240000-0x000000000573E000-memory.dmp

Filesize
5.0MB

Download
memory/2104-103-0x0000000005220000-0x000000000522C000-memory.dmp

Filesize
48KB

Download
memory/2104-100-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2104-99-0x0000000004C30000-0x0000000004CC2000-memory.dmp

Filesize
584KB

Download
memory/3584-141-0x00000000065F0000-0x0000000006640000-memory.dmp

Filesize
320KB

Download
memory/3584-116-0x0000000005890000-0x00000000058F6000-memory.dmp

Filesize
408KB

Download
memory/3584-107-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3584-114-0x0000000005610000-0x0000000005620000-memory.dmp

Filesize
64KB

Download
memory/3584-112-0x0000000073C10000-0x00000000742FE000-memory.dmp

Filesize
6.9MB

Download
memory/3584-239-0x0000000073C10000-0x00000000742FE000-memory.dmp

Filesize
6.9MB

Download
memory/3584-240-0x0000000005610000-0x0000000005620000-memory.dmp

Filesize
64KB

Download