9ddd2984852b80fb41546e96a1c3414a55415050761a47633d28a4faeef7a3d1

Resubmissions

11/12/2024, 18:37

241211-w9f3rstpez 10

11/12/2024, 18:28

241211-w4jayatnat 10

Analysis

max time kernel
149s
max time network
142s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11/12/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fiddler.exe
Size

3.5MB
MD5

87bc17f56e744e74408e6ae8bb28b724
SHA1

3aa572388083ff00a95405d34d1189c99c7ff5be
SHA256

ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057
SHA512

cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d
SSDEEP

49152:cbvLSgf+VOdx3Vw5+mbSgwJKI0Qpvs3c2KTn4Xj9Bh:cTmgf+VOdc5vbSgwJKDP24Rf

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c06fc582-7515-4981-ba3f-2ed89e9c5a18.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241211182922.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
2688	msedge.exe
2688	msedge.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
4972	msedge.exe
4972	msedge.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
404	identity_helper.exe
404	identity_helper.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
1808	Fiddler.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1808	Fiddler.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4972	1808	Fiddler.exe	84
PID 1808 wrote to memory of 4972	1808	Fiddler.exe	84
PID 4972 wrote to memory of 4124	4972	msedge.exe	85
PID 4972 wrote to memory of 4124	4972	msedge.exe	85
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 5116	4972	msedge.exe	86
PID 4972 wrote to memory of 2688	4972	msedge.exe	87
PID 4972 wrote to memory of 2688	4972	msedge.exe	87
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88
PID 4972 wrote to memory of 1964	4972	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.getfiddler.com/r/?Win8EL
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffea68c46f8,0x7ffea68c4708,0x7ffea68c4718
    3⤵
    PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:5116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
    3⤵
    PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
    3⤵
    PID:1136
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7da185460,0x7ff7da185470,0x7ff7da185480
      4⤵
      PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
    3⤵
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
    3⤵
    PID:1528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
    3⤵
    PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14772146515165666839,11815922498488463059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3484 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:568

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b712a4c83dfb3c522d032cf900e863a

SHA1
4f5bec4be6f4ebfa959e899ceafc62309bb1f141

SHA256
31da2a41a051db11559c47feb923d4baad32a384f530013a435fa884dad64493

SHA512
03b24d9307623b3a341230805f3ea662b0107c314650a51ae7e89d901cb3ad212d4219bab4d763d0aa8d50831aa0e6d4e3379573cc2f724873804578e8642898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24dada8956438ead89d9727022bac03a

SHA1
09b4fb1dba48ec8e47350131ae6113edd0fdecf0

SHA256
bf1e5c7828e4672982b16451b5a201e65e812e98a97b87c9f2f7c22677cb4ec1

SHA512
03f092a4b20a4d8cc111220b35fbf5470878b7723faeddee65b1d9cf327167053792c77864103b4530b9b9f819e32a5721b44189291dfdb5832769835ea5dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
056c437bd83da327014801c5198c3128

SHA1
e202107c1f4505e0f693efbac0d660e69c343569

SHA256
aabc97a82da7d6d29663b3f31210e85b6f4bab01b8ef46451bf255d37bf4d1b5

SHA512
a57e8d005e31c45f44052d30a0cd2305683ef883b9f0ae6a515c63c18d66df3a516aef7153179486d327440df92e64057ae09eeaed83cae83bca1d836aabeb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b9e2a235be64c7089faf88925c180449

SHA1
8a74e5c683e6af6d06d702bddaf9110abbfbad81

SHA256
7bf34975d656adc0e5ed6a18295a99e6613e6f4ca565a4dc532d0176d78edd77

SHA512
cea171425b556bd5bb151eb3a2b2b0ab2b7e7838bee3e67dedf0ffcf72c495eb7a892d3e52148f492f400d9481f92fc47e4d34734bac2b409d5273db99b0ee05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58f930.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91e5ac540f01cc8912028edbb4732970

SHA1
4edee0ffad5e0790a82412c5312e0c253565093a

SHA256
be25801d5e78fd0b91dc55e820e99a323456cd1360ad840a4e8c773ac3d5c816

SHA512
b52b584f8c7249dd54a4ed731646d26f74217071f87fc99ffbc8f2daefdfcc4ab4ef5d07c0da8782c27d16ae88bd54f21a05b55992e9dd9ba9e001b06a7a6636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
ad33955808201221fb6497ce1766f053

SHA1
3d3101e8643f2a31ea83000917edd643521195df

SHA256
1fc819de862d18cd07af5229ce29554c6779d8a6905a7dbf7347666fb5959f51

SHA512
78f3827e69a3a7b072b97c977b0ac024939a813955d940cce02cdb67c68303ca4176ba9ee94c6a12e1047c4bc78a4a0dea64b40821323f8e19ce101f18666404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2154fc616f03dcc90dd848247eb03547

SHA1
b88c16eae5854f2fcc45ecb0c1bf6b22b493e389

SHA256
30579b5ab87373b359443c5745aed917cbbfb27b56ed32c4f965c3a0da24176d

SHA512
f5004659735dbb1192f6827f3932058a2e96352cbbf70c7ef96be1f465a096ff211e87c6442fef0b05d8607f9314438684d2daca8e34dc4d4064c8b8e943bd20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
99a7edf9124dba808b6d025b14aea278

SHA1
f1de2fdd81ea87ee78e8afdc1a7cdffcf62a92ef

SHA256
9d38a8d193a503b9be7b39be5d150bcf22038c84fbf3d53979e2f075a35b9089

SHA512
fc371b7ad5606a9948ba4a315e40a0a93592f57103be4a3712020977b43e4277d95d74ff35e490239dbce1cc475fe1d1746764f5970d2e9f04483c985268f5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b47535ca-469f-45e4-ae9f-3e7e915778ac.tmp

Filesize
595B

MD5
c543b48bfc8ad06e143fdba17c2e0692

SHA1
1e63057b6ede3cf5c3989f21e5c822711f3cd5f2

SHA256
4be4a56965ef9fbe1b71e5ab6a1389b9b7ad012fb6553ef5dd71fd94af795e31

SHA512
28ced5277f78250a3b50deee66c3102942da7fd2efb7892045ada1a9514c34961414e0a4f5e4acbe8319caf85bd47b28ddf16074a9d6eb514521f646bb9e1b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1fbf972-9500-4ad3-8488-76d4bdfb9141.tmp

Filesize
24KB

MD5
85eca930a791cbcb1373f5fdaf17857b

SHA1
ffea7d54e9803374a484f1e4c124766e80024efc

SHA256
fbc990061790350f00dc28f2dda277aac81bb8385a6e92e90a20101436c3312c

SHA512
2ffe0de3f80ac60f2ffa55f334026979e6be328b7c69f4603aa3c5d1bfa6c3b3744d86ac2a34ecf904d0a41b36bc485392ece58f6cc89d7ffca293d02efe5bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
75dfd61b6644d20f382fa932376a7884

SHA1
4b14b04df4fda4b59e70672537435d59150ac684

SHA256
4ef74a3178eae15774c04c89880d939088d250cd966abbe175430bebe22375eb

SHA512
79aeda2fdbe7d6e71075854d0a13a00f7a9fded0b0c0d9a1fd391efb049c89c2981b858c3bf5baa8e35bea7ab9a4c33c992bc5b6962e8b3b7ee343c4be731f54

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\user.config

Filesize
966B

MD5
8482f2905de9ea6643164caf63040ad7

SHA1
834d731b3aae80b0ac1d001bb2ca76e3c76e1993

SHA256
b5b84748dcf4bfd1eaf2c7b03fab2178c914794f773ac3b781ac3941bf6f6be2

SHA512
7c8c3cd3937078e13a80b24f28a0056351479ecd34819e4422bfb1d45dd83977c0456b1a80d2dfa585a59c6796305eec4184b77246248a05b9877743f5143249

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\user.config

Filesize
1KB

MD5
19a4d2c11c29e1904b03edc325674e54

SHA1
3d11425bea276edbd9121454bbc9751330fe5f87

SHA256
e4bd6a33928c66fa6df5a1ab856cfebfeef984cd0ca3422ba86b2fac62401db4

SHA512
40c514429c525c930794d0f5cef6a377fd855f55ef30d07b27c0970e0719b3fb5a08ba9fafb6998383560d459c2188bd3196429f270eafc26baf881eb3caf313

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\user.config

Filesize
1KB

MD5
5fa8d267f32f3611c56227ce77bf3f09

SHA1
0221f916fa51e847a886563299e83c8bd0defda3

SHA256
efee091a4f36f3793b5f789edcb6f28a325ce46d1258e17262ac48381a8ff060

SHA512
977188e23a0724c978aaa2d1a16719f5d35ce61ff403abb66b1e710d6e1778efac13e9bb06ac85d6e3ac7f9ca5c5d7166c600046f84f527f89fd0427934684d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
176032804eb611c94264637f30ec6518

SHA1
e7d917d335d27db844cf558914189ff4e20404ac

SHA256
eab854a55a82b62a45f4a8f3b6c2d9f8b122deb338d87194549aa63120ed700a

SHA512
99e117946b34b568d71b3576f8e48a6a8f8d0b687df3783453b8e0e55ddc9cb88817a498ec03b9e2d47c58b354e3b2acab93cc564ef55aed7296a62c8c3218a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b90e8c44f6d8fe444d5f9e2e3106f2f0

SHA1
f815344557e975523ec1777b6adacf28a97dc427

SHA256
340269689f39fdeb9ec74afdf70a628872bcd67eca5ee11409c02ee1866fd72b

SHA512
c21696711a5089668773ebdda3ad4ac4f628883b5740b5def8e62f47db21f50e0e2aecc6c786b1ccf3b10852416c0d51a234309aa64d1e602516b3ba0cbc418c

Download Submit
memory/1808-150-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-158-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-27-0x00007FFEAB903000-0x00007FFEAB905000-memory.dmp

Filesize
8KB

Download
memory/1808-30-0x0000021A513A0000-0x0000021A51452000-memory.dmp

Filesize
712KB

Download
memory/1808-19-0x0000021A512F0000-0x0000021A512FE000-memory.dmp

Filesize
56KB

Download
memory/1808-18-0x0000021A51320000-0x0000021A51346000-memory.dmp

Filesize
152KB

Download
memory/1808-22-0x0000021A51300000-0x0000021A51308000-memory.dmp

Filesize
32KB

Download
memory/1808-17-0x0000021A512E0000-0x0000021A512EC000-memory.dmp

Filesize
48KB

Download
memory/1808-16-0x0000021A51110000-0x0000021A51118000-memory.dmp

Filesize
32KB

Download
memory/1808-15-0x0000021A51100000-0x0000021A5110A000-memory.dmp

Filesize
40KB

Download
memory/1808-90-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-14-0x0000021A51120000-0x0000021A5113A000-memory.dmp

Filesize
104KB

Download
memory/1808-13-0x0000021A514C0000-0x0000021A5169A000-memory.dmp

Filesize
1.9MB

Download
memory/1808-12-0x0000021A510D0000-0x0000021A510E0000-memory.dmp

Filesize
64KB

Download
memory/1808-130-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-149-0x0000021A4D8B0000-0x0000021A4DA57000-memory.dmp

Filesize
1.7MB

Download
memory/1808-26-0x0000021A51350000-0x0000021A513A0000-memory.dmp

Filesize
320KB

Download
memory/1808-20-0x0000021A516A0000-0x0000021A5175A000-memory.dmp

Filesize
744KB

Download
memory/1808-11-0x0000021A510E0000-0x0000021A510F2000-memory.dmp

Filesize
72KB

Download
memory/1808-170-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-10-0x0000021A51290000-0x0000021A512D2000-memory.dmp

Filesize
264KB

Download
memory/1808-0-0x00007FFEAB903000-0x00007FFEAB905000-memory.dmp

Filesize
8KB

Download
memory/1808-21-0x0000021A51D10000-0x0000021A522B6000-memory.dmp

Filesize
5.6MB

Download
memory/1808-9-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-8-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-7-0x0000021A506D0000-0x0000021A506DC000-memory.dmp

Filesize
48KB

Download
memory/1808-6-0x0000021A51010000-0x0000021A5105A000-memory.dmp

Filesize
296KB

Download
memory/1808-258-0x0000021A4D8B0000-0x0000021A4DA57000-memory.dmp

Filesize
1.7MB

Download
memory/1808-5-0x0000021A506C0000-0x0000021A506CC000-memory.dmp

Filesize
48KB

Download
memory/1808-4-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-395-0x0000021A4D8B0000-0x0000021A4DA57000-memory.dmp

Filesize
1.7MB

Download
memory/1808-3-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-2-0x00007FFEAB900000-0x00007FFEAC3C2000-memory.dmp

Filesize
10.8MB

Download
memory/1808-1-0x0000021A322D0000-0x0000021A32654000-memory.dmp

Filesize
3.5MB

Download
memory/1808-434-0x0000021A4D8B0000-0x0000021A4DA57000-memory.dmp

Filesize
1.7MB

Download