agenttesla | hxxps://cdn[.]discordapp[.]com/attachments/1227447189110784041/1232356151153266739/Driverfn_x64[.]rar?ex=6629289a&is=6627d71a&hm=76541a23924903902aa14eaaa9b3d782f1fad86a7ed7b7321d8a4ab11b61f13d&

Analysis

max time kernel
300s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1227447189110784041/1232356151153266739/Driverfn_x64.rar?ex=6629289a&is=6627d71a&hm=76541a23924903902aa14eaaa9b3d782f1fad86a7ed7b7321d8a4ab11b61f13d&

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\Guna.UI2.dll	family_agenttesla

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WinFormsApp1.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation	WinFormsApp1.exe

Executes dropped EXE 1 IoCs

Processes:

WinFormsApp1.exe

pid process

2020 WinFormsApp1.exe

pid	process
2020	WinFormsApp1.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeWinFormsApp1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	WinFormsApp1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	WinFormsApp1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	WinFormsApp1.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583607875098550"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3980 chrome.exe
3980 chrome.exe
216 chrome.exe
216 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3980 chrome.exe
3980 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7zG.exe7zG.exeWinFormsApp1.exe

description	pid	process
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeRestorePrivilege	4708	7zG.exe
Token: 35	4708	7zG.exe
Token: SeSecurityPrivilege	4708	7zG.exe
Token: SeSecurityPrivilege	4708	7zG.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeRestorePrivilege	840	7zG.exe
Token: 35	840	7zG.exe
Token: SeSecurityPrivilege	840	7zG.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeSecurityPrivilege	840	7zG.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeDebugPrivilege	2020	WinFormsApp1.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe
Token: SeCreatePagefilePrivilege	3980	chrome.exe
Token: SeShutdownPrivilege	3980	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe7zG.exe7zG.exe

pid	process
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
4708	7zG.exe
840	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

WinFormsApp1.exe

pid process

2020 WinFormsApp1.exe

pid	process
2020	WinFormsApp1.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3980 wrote to memory of 3944	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3944	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 3312	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 2632	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 2632	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe
PID 3980 wrote to memory of 1064	3980	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1227447189110784041/1232356151153266739/Driverfn_x64.rar?ex=6629289a&is=6627d71a&hm=76541a23924903902aa14eaaa9b3d782f1fad86a7ed7b7321d8a4ab11b61f13d&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9db54ab58,0x7ff9db54ab68,0x7ff9db54ab78
2⤵
PID:3944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:2
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:8
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:8
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:8
2⤵
PID:1276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:8
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1904,i,9903943913796533829,2745021696320928001,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4552

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap4133:86:7zEvent9054
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4708

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Driverfn_x64\" -ad -an -ai#7zMap23827:86:7zEvent17589
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:840

C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\WinFormsApp1.exe
"C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\WinFormsApp1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
971b55e0bb64351edd65c246ea5fddc9

SHA1
6e7b7b0dfbe7fb15e7a89c99acdf09c5f4de3806

SHA256
2e7f4af4257221c0865c267eb3883bf8c93d75ff0319750ce96a6409d4d26b40

SHA512
6de94cccef7f14c32f421b690093be96f3be7279463c399a2fab77770df0c491e7030cc8ee1c72ee769bdc8eb9c3d270d66a44236f521f2f802c4ce45787e348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4cc1da51b3f7e067995a60b0bf56d060

SHA1
c4941c8da7c438f1d424fff1c0ab0506f97d9156

SHA256
c3836b37473a0ecb3469729d06c33394a7847bb08adc16fa9ca67d9eebf0a3d6

SHA512
4dc20b7d9a81d1c31722076211f2bf220eb7122f950de46353d74dff1aa70ac4abec582fc46ca2696094ca6e4894a968a0e5184c91cc4b6e753156fb5926ab9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f752552edf58e402c072780a52779220

SHA1
f1de31fb653187a89a0c03a149adbac93c257d6f

SHA256
cc720fade215dac84a2dec9495a6d3089a954e6b2a5092456f4758aecb3200b2

SHA512
c5aa44d8a05a3d748b3db2941c7e8737bb813d0047118470d4a1c1179f6e568ca9e7030b2c7ca6cb06214a20c42b3e42f9b0ad1faadd8e301b39b08d43ef9a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
5f2815cd9465bfa4aacdcb562f1b35cc

SHA1
d445773728852f7fac1d2b17584d809993ca3f19

SHA256
8ee4c493e523731c5f4c12c1651b08094cb70a6ee104948f05b0d1f43296b11d

SHA512
4bc765ca021bbf1c94a6b214087824bddea0f9012e9e94dbbed59a5bfd2d5898c30d511a10a849e75d4f2bdf1c0721bca71b6fa4c7f37ca2824a183e99659f01

Download Submit
C:\Users\Admin\Downloads\Driverfn_x64.rar
Filesize
1.6MB

MD5
99d4c37cb1352dcca698361dfe56da94

SHA1
bb6f514804d0cdac956038b55ffb9d5127261cd9

SHA256
819439ee910e9b4c991755e2a7592abc90e7dcb939a80af4bf853e48f3b9cadd

SHA512
514c929009cfbf37473a5a441cf6fe1cb7e81e79abc0b9aaee0a8847b7b499651dbc1674bc2a5a51aab95b0bae4a3109d0ffaf7f6fd3fd1518095b85bd258dea

Download Submit
C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\Guna.UI2.dll
Filesize
2.1MB

MD5
b429ae86c5be521bc8ca3b164cec3acb

SHA1
387560073ff5a1f2191abc6f75fc34532bbb6dd2

SHA256
3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579

SHA512
eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1

Download Submit
C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\WinFormsApp1.dll
Filesize
1.3MB

MD5
e82a1b0955a6f89cfd6f5f39dc23cdba

SHA1
72dd760a64894a06dd5042de2a38d10ff7252e45

SHA256
53726a851169f6b886e842071b38be2b101e377879096df4f337bd6e12d11015

SHA512
beea31f46e3d3ab9d95abb59fe489eb21a0977ee916739db6a6a4c23a8d7652a1a634f7bd751d213913f7f2ef9f8dc39649d4a66d09fea1392570ac309b63566

Download Submit
C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\WinFormsApp1.exe
Filesize
142KB

MD5
7dc2ca160a7537195556a851440e0d73

SHA1
9164dd3abfaf0d7bcd9a74c93ee4a7df170622e8

SHA256
7b261f11a2592db39f28e1811cba5477cd1bbc5084e4f8dcefcdc987f54589fd

SHA512
8699e5c3b0952695b3d23fcf3b51d48e088036d24c2d883d057c86725d88771dc7d49410e5d06db5d222ccdba9fbd1f32a2050e7570b6acbc1b087fade042297

Download Submit
C:\Users\Admin\Downloads\Driverfn_x64\Driverfn x64\WinFormsApp1.runtimeconfig.json
Filesize
386B

MD5
186a65581e2f29258f54d396660409fa

SHA1
6f998d3be2e85cb5419205f867135874f27c0a3a

SHA256
e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844

SHA512
7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896

Download Submit
\??\pipe\crashpad_3980_WCPVCLTSVJNHOHOW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2020-72-0x0000022CDAC70000-0x0000022CDAC71000-memory.dmp

Filesize
4KB

Download