7b1a364830330f33ab9dca140dedd6db7e2e238f1fc06eb75a0bd3b391bc021f

Analysis

max time kernel
600s
max time network
583s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2023 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hfs.exe
Size

2.1MB
MD5

9e8557e98ed1269372ff0ace91d63477
SHA1

d0c4192b65e36553f6fd2b83f3123f6ae8380dac
SHA256

e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c
SHA512

c1a338c0414ac68d7ce24df06f3b665a56feae15063332324fea3250f1e77c19209ea3d89fe3a06d48974cce70bd9c65d59b7e2fbaf27c3f01ac2e898057e9ec
SSDEEP

49152:UR0LvNmmh9otEKMx9XSNVBOw+V4UvEbAThhiqvyo98ZcW7SZ:UR0xmmh9GEKgpSNVBr72QN

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 16 IoCs

Processes:

hfs.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Add to HFS	hfs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vfs\ = "HFS file system"	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vfs\shell\Open\command	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vfs\shell	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Add to HFS	hfs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Add to HFS\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\hfs.exe\" \"%1\""	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Add to HFS\command	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder	hfs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\Add to HFS\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\hfs.exe\" \"%1\""	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vfs	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vfs\shell\Open	hfs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vfs\shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\hfs.exe\" \"%1\""	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Add to HFS\command	hfs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell	hfs.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2240	msedge.exe
2240	msedge.exe
2864	identity_helper.exe
2864	identity_helper.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

hfs.exe

pid process

4112 hfs.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2240 msedge.exe
2240 msedge.exe
2240 msedge.exe
2240 msedge.exe
2240 msedge.exe
2240 msedge.exe

pid	process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

hfs.exe

pid	process
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

hfs.exe

pid	process
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe
4112	hfs.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

hfs.exemsedge.exe

description	pid	process	target process
PID 4112 wrote to memory of 2240	4112	hfs.exe	msedge.exe
PID 4112 wrote to memory of 2240	4112	hfs.exe	msedge.exe
PID 2240 wrote to memory of 2744	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 2744	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 5116	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 2424	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 2424	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe
PID 2240 wrote to memory of 560	2240	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\hfs.exe
"C:\Users\Admin\AppData\Local\Temp\hfs.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.rejetto.com/hfs/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff991d846f8,0x7ff991d84708,0x7ff991d84718
3⤵
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
3⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
3⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
3⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
3⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
3⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
3⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
3⤵
PID:444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
3⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
3⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,16818546098603520850,7748301283585460997,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bf009481892dd0d1c49db97428428ede

SHA1
aee4e7e213f6332c1629a701b42335eb1a035c66

SHA256
18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

SHA512
d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
3135acbd75d0c3284faf248e2b0e577f

SHA1
365b14848817a4d0733f50fdec751db08e06c47d

SHA256
4fa3c5fa1bc4bbe75fd0a19bdc3ea22b7722b7783c54e903b741b59468043472

SHA512
07c130d6e47d1a2f386701b2434242c76b9809c95859bcb685df5b250876cdf9cd915983cf1eec3f7a0ba04efd61bd1c9320f7dd81179285fb83e88fcb7824dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
585B

MD5
512a87bfb94320625626f7942045f62a

SHA1
3cb5b98ed44f72961dd040587517780abf7676d5

SHA256
9513f63da84b1337bd7d54d6c8d498abad406618f71f9cc15fc8e105c7b0fc59

SHA512
ab7b2f8256c48409db2e239c2616aba9ed8b43859ab46ccfd492271a6bf76d0d959325d790ab7246d4f0ee86104f0cd4c82aeb92da3d926d5d36818b684be673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
13fb8fd8e340fc01fa5c8b06e55d862d

SHA1
233fba8fed8895f59a91332acb731b20dd41b80f

SHA256
e06ef976a50b6b77d094edc425258013668e05f0940d608913008cd99cbc5dca

SHA512
e6df803f11aa9d7ea64ee71f643fa4b4ce0138a817fdc5d8156e324363ddf44e2dbdf1f2a3ea0cad46df2a521e7fdc00e1f97aed115ff518aad41b48e63193d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a75c286cc6e0fac7d5965747a2d2cd49

SHA1
cf3fa2312dfff7d2229a1b249754f5a2af03a89a

SHA256
a4b9a2ad34960ff137c3e001978dc0b395f9c790d808caafd20ff131019cba03

SHA512
39ac8751013e9eb9dc4151906dfa841a70d4c1ef1ce3fdce8ea0231675600102a3f125b7c622ebedccf6c8404548d276cc282be753dd3545f9813149aaa20954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
25ac77f8c7c7b76b93c8346e41b89a95

SHA1
5a8f769162bab0a75b1014fb8b94f9bb1fb7970a

SHA256
8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b

SHA512
df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
db6a5d362a2e1af6338e6d4d3c5b9494

SHA1
6cc9b7093cb6d8ebaa736f55eda8352f280898d2

SHA256
3e35d4ad9c1344bb5f3546f7de304c34f878fe01c4c3376ded79ec44b8c1570e

SHA512
53c84f90f49343b3c39e192c653ec002d1241aa5c38e77a80bc7a9bd055b29b5b0c192a8813815b08be59ad0b016c57dcfb9e2ece8e20a275bb785eafde44a53

Download Submit
\??\pipe\LOCAL\crashpad_2240_CYIWZKDZDXNSUKEX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4112-178-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-192-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-20-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-14-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-13-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-12-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-11-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-73-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-10-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-9-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-7-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-6-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4112-104-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-5-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-119-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-120-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-121-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-131-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-136-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-1-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-164-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-165-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-166-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-167-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-168-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-175-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-0-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4112-188-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-189-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-190-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-191-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-15-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-193-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-194-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-195-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-196-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-197-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-198-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-199-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-200-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-201-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-202-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-203-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-204-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-214-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-215-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-216-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-217-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-218-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-219-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-220-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-221-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-222-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-223-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-224-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-225-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-226-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-227-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-228-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-229-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-230-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-231-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/4112-232-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download