9ddd2984852b80fb41546e96a1c3414a55415050761a47633d28a4faeef7a3d1

Analysis

max time kernel
1795s
max time network
1693s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-12-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fiddler.exe
Size

3.5MB
MD5

87bc17f56e744e74408e6ae8bb28b724
SHA1

3aa572388083ff00a95405d34d1189c99c7ff5be
SHA256

ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057
SHA512

cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d
SSDEEP

49152:cbvLSgf+VOdx3Vw5+mbSgwJKI0Qpvs3c2KTn4Xj9Bh:cTmgf+VOdc5vbSgwJKDP24Rf

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\37e162b1-f654-42b2-8892-29ffc34ddc46.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241211170134.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 61 IoCs

pid	Process
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3376	msedge.exe
3376	msedge.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
5104	msedge.exe
5104	msedge.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
2076	identity_helper.exe
2076	identity_helper.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe
3596	Fiddler.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	Fiddler.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 5104	3596	Fiddler.exe	79
PID 3596 wrote to memory of 5104	3596	Fiddler.exe	79
PID 5104 wrote to memory of 672	5104	msedge.exe	80
PID 5104 wrote to memory of 672	5104	msedge.exe	80
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 1784	5104	msedge.exe	81
PID 5104 wrote to memory of 3376	5104	msedge.exe	82
PID 5104 wrote to memory of 3376	5104	msedge.exe	82
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83
PID 5104 wrote to memory of 3588	5104	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.getfiddler.com/r/?Win8EL
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc176d46f8,0x7ffc176d4708,0x7ffc176d4718
    3⤵
    PID:672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
    3⤵
    PID:3940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff668ba5460,0x7ff668ba5470,0x7ff668ba5480
      4⤵
      PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
    3⤵
    PID:3336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3831280849306806040,11378646331171916946,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23fa82e121d8f73e1416906076e9a963

SHA1
b4666301311a7ccaabbad363cd1dec06f8541da4

SHA256
5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

SHA512
64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b19b7ecb6ee133c2ff01f7888eae612

SHA1
a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

SHA256
972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

SHA512
16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0f19e30b83cf8c29b001dc92a64aad75

SHA1
1c421d839b06b9b8cbeb6b8ef21de8200368d328

SHA256
e60fa3d07c1e262401d90866fc1d6440643331832d8b11ea6de06f3af296ccbd

SHA512
9d97ca9a42e88621484b9a5f12baf963e27ddbc48dc1f2d10553740aa8fc78958b2b235dc2623f15186ad6731455b6c143554db85881d754e66062b6a64eac51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ceb8447599fd0a20ae7fed01f1e38a07

SHA1
c837911f524c171b3e4bdcbb54a6e53b1c5e12f4

SHA256
749ed538dd54e1f2edc0341e16d1847cc425588ce319917f1fa572eb56a91e68

SHA512
5e17f5b0e3011b78584546cebd29dbb8025c120ece84fb4d99e50f0478d05a3481995f219c5186ad6a95195516290a6fe104c67110f371ea24826a1b52a485d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
71cebabc1e80c4739046127b6a2e93a1

SHA1
10f10fa243012807248b3c6bfa832439de4e3126

SHA256
be9e174e336200b5249c9cd19b05fe3b38f4e2888b5727c6204a8f7c017df6b6

SHA512
e9c9749978dbbccf3ca071f7754170380826d02ab0f6bd89b5c87f37fe0d29175a7998f3c82dda773643b91596ccc55d8045a8d077de790c844dbfa8e3b95823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe589da2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
381a4e27e2a9f1d49365960902353201

SHA1
2fabe3d10fd5e11ac102809f75ea378453d55208

SHA256
08c2f3831f1fc0a3513ebd80622d01169d899c7a6f6c35db6668d0c19d931b4b

SHA512
571823a251c997c6bcf0dc8e9e8feeedb0f6a4bab12ea3a3bb3aff5ffca73c2ea55fa59a155d6fbe6b4f48aae2bb0cdca4f64ae5fa118dcaccf5a95c44167e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17d1c102667b6ffe51e939a9dbf6855d

SHA1
fc9bc9c99790a0552eafc5c73d83256a49ef5a9b

SHA256
58d8fe2f7a40d8d9908c60aaa51443122abb569859cec28c338bbc55feb6e5a6

SHA512
d4aed4fa1124ea1b34e5e6bfe846a019a0236d682b1940e20cc55d2e7f8c86cc2f305f0de1f31a4228234e87a896c2b46703d786b4a28d1026e06fdd559bb123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bed1d75bb30791823efac5740b6dce37

SHA1
df98909801f29d9842a8680294293b64850c60e4

SHA256
1074600e704b35986612409ea369e111e2878ef5ae2d3f5fcff781ae4de39588

SHA512
31c8e9bb7f43d429f657a6831024c31ba004e5ad281522d9fabe14e892ee1af9cd5934d2faf2e6a278d6401c7a94d5d5a612a3359fa653482a0089ce23af2f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8cd513127214e252edf0454f329bc002

SHA1
6f47fac6be8e7331e54203a7865e86b32cddf16b

SHA256
3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

SHA512
0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
371edf34cc4edfe5fc16d906571e1a49

SHA1
2b0f160569aff513f7ac25a16adf02758cca07fc

SHA256
ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

SHA512
9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
779eade0869585b44c70e77cb5c701b0

SHA1
59548af0bc599544127b762e3bfc08ac5c09083e

SHA256
f47217cf9d9a1347bd82139c77158d899adbe2ab9235ad030b8c39db7c51faaa

SHA512
33a42cd00d4ae5d53a0f020435db33132b48bf6f03ef9e86969647030bed6e604072a2e3345e379666a5432ccf81d3631be6781c0f6010cac2afd1e75c6d2c70

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\ml32pkod.newcfg

Filesize
1KB

MD5
3e48f95acb96ab0fba8f97a80f6468b6

SHA1
bd944c27ed7ec564b8cdf6b84e4504f5c470ca38

SHA256
6d352939c427340bd733e67ab1a744c60b0e45d31e772b63e5172f6efd9578af

SHA512
f37b63d21892b0ebbb204a6a1e5c796cbbef8bfc6eb2afb920089c2b03ce95626e09f3b4806e90285cd652ffbf32fe112847acecb60ca687a3dd6d31c3d41036

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\user.config

Filesize
966B

MD5
7ae67ffc5c318184b6de4a89b75a5e60

SHA1
c5f8281515fcc442d87584a9e3f4574790da71e6

SHA256
6d389faf7b751faacc9b8617b9ab494e957fac5f70f4d8880a5b9f70a077d6eb

SHA512
5f1b8e46b0932e9c6a1920062b070ad171adfb2c4e56db794d71465b5bc85b1b82079c34345b896402b42eb9e9d92c413afe390cbc7d3f8e155dd180e0778c05

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\zuinwhzw.newcfg

Filesize
1KB

MD5
e0108de1c26f013470cffdb894be9d57

SHA1
119c2fb954c3a432adc424fac668e9b961a3502f

SHA256
8bf2cc555759d7ae9e593cb6ac8570c640712c4226ff76c09354e51fda1ffccf

SHA512
2b0cb17ca5291692b9d345a44833f14299460e1d784ffb4a3f171c5a016f74377f821c66fe88c646528cc216c091e473d798eda835aeaa2371494678a0131889

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b247781c960de3774d026a5a25a3c0e4

SHA1
1402d4f8b09d2abab04c1a2ae5d7056cb6dbb19a

SHA256
b45210ed4da12b4b33a22fe9454f1e63dc0328be4a31ba927f6871cc75058690

SHA512
75021fde3415d09e71a2e25d4151574a7ec75c2e32923735631881a94c168b91ab93d28c3bdd8ca378073c6ab391079ecf076d9ee5d3799f10ba292cf2edf0fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2a6bf34ab41e32f2b238e7a5279bfbb4

SHA1
9cbf19a4902d1b7a6b41d586d76eb1862daadc63

SHA256
09825f5c806765425e7cadaea632219000f462463fc23e95d1e5c5487c7a72f8

SHA512
41676e53bdca35fa3aea15785162e6f41afb39ea6dba7d392c24f25b939b343b567d40c238886b79c242157e3595a20c3855fa05b107748e1bf5e02f6b585448

Download Submit
memory/3596-13-0x000001ED7FC60000-0x000001ED7FE3A000-memory.dmp

Filesize
1.9MB

Download
memory/3596-0-0x00007FFC1C4D3000-0x00007FFC1C4D5000-memory.dmp

Filesize
8KB

Download
memory/3596-29-0x000001ED7FFC0000-0x000001ED80072000-memory.dmp

Filesize
712KB

Download
memory/3596-22-0x000001ED7FA90000-0x000001ED7FA98000-memory.dmp

Filesize
32KB

Download
memory/3596-21-0x000001ED804B0000-0x000001ED80A56000-memory.dmp

Filesize
5.6MB

Download
memory/3596-20-0x000001ED7FE40000-0x000001ED7FEFA000-memory.dmp

Filesize
744KB

Download
memory/3596-19-0x000001ED7FA80000-0x000001ED7FA8E000-memory.dmp

Filesize
56KB

Download
memory/3596-18-0x000001ED7FAF0000-0x000001ED7FB16000-memory.dmp

Filesize
152KB

Download
memory/3596-16-0x000001ED7F9B0000-0x000001ED7F9B8000-memory.dmp

Filesize
32KB

Download
memory/3596-17-0x000001ED7FA10000-0x000001ED7FA1C000-memory.dmp

Filesize
48KB

Download
memory/3596-95-0x00007FFC1C4D3000-0x00007FFC1C4D5000-memory.dmp

Filesize
8KB

Download
memory/3596-15-0x000001ED7F980000-0x000001ED7F98A000-memory.dmp

Filesize
40KB

Download
memory/3596-14-0x000001ED7FAA0000-0x000001ED7FABA000-memory.dmp

Filesize
104KB

Download
memory/3596-119-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-131-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-152-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-160-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-26-0x000001ED7FB70000-0x000001ED7FBC0000-memory.dmp

Filesize
320KB

Download
memory/3596-176-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-177-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-12-0x000001ED7F970000-0x000001ED7F980000-memory.dmp

Filesize
64KB

Download
memory/3596-11-0x000001ED7F990000-0x000001ED7F9A2000-memory.dmp

Filesize
72KB

Download
memory/3596-10-0x000001ED7FA30000-0x000001ED7FA72000-memory.dmp

Filesize
264KB

Download
memory/3596-9-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-8-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-7-0x000001ED7F950000-0x000001ED7F95C000-memory.dmp

Filesize
48KB

Download
memory/3596-6-0x000001ED7F9C0000-0x000001ED7FA0A000-memory.dmp

Filesize
296KB

Download
memory/3596-265-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-5-0x000001ED7F940000-0x000001ED7F94C000-memory.dmp

Filesize
48KB

Download
memory/3596-4-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-3-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-2-0x00007FFC1C4D0000-0x00007FFC1CF92000-memory.dmp

Filesize
10.8MB

Download
memory/3596-1-0x000001ED7F290000-0x000001ED7F614000-memory.dmp

Filesize
3.5MB

Download