9ddd2984852b80fb41546e96a1c3414a55415050761a47633d28a4faeef7a3d1

Analysis

max time kernel
1796s
max time network
1695s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-12-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fiddler.exe
Size

3.5MB
MD5

87bc17f56e744e74408e6ae8bb28b724
SHA1

3aa572388083ff00a95405d34d1189c99c7ff5be
SHA256

ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057
SHA512

cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d
SSDEEP

49152:cbvLSgf+VOdx3Vw5+mbSgwJKI0Qpvs3c2KTn4Xj9Bh:cTmgf+VOdc5vbSgwJKDP24Rf

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6b6a6a06-787e-4723-ad14-45d39abff680.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241211183546.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
4668	msedge.exe
4668	msedge.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2080	msedge.exe
2080	msedge.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2556	identity_helper.exe
2556	identity_helper.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
2292	Fiddler.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
2292	Fiddler.exe
2292	Fiddler.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	Fiddler.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2080	2292	Fiddler.exe	81
PID 2292 wrote to memory of 2080	2292	Fiddler.exe	81
PID 2080 wrote to memory of 3420	2080	msedge.exe	82
PID 2080 wrote to memory of 3420	2080	msedge.exe	82
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4436	2080	msedge.exe	84
PID 2080 wrote to memory of 4668	2080	msedge.exe	85
PID 2080 wrote to memory of 4668	2080	msedge.exe	85
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86
PID 2080 wrote to memory of 1948	2080	msedge.exe	86

C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.getfiddler.com/r/?Win8EL
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffda96c46f8,0x7ffda96c4708,0x7ffda96c4718
    3⤵
    PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
    3⤵
    PID:1408
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff770c65460,0x7ff770c65470,0x7ff770c65480
      4⤵
      PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=64 /prefetch:1
    3⤵
    PID:2356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16811573804323217597,10660970129362069340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3532

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\system32\usoclient.exe
"C:\Windows\system32\usoclient.exe" StartScan
1⤵
PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
821b1728a915eae981ab4a4a3e4ce0d1

SHA1
8ba13520c913e33462c653614aece1b6e3c660a2

SHA256
36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

SHA512
b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aee441ff140ecb5de1df316f0a7338cd

SHA1
82f998907a111d858c67644e9f61d3b32b4cd009

SHA256
5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

SHA512
54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ca50ef0ca5b96ccc57b7e13cf6835103

SHA1
1f15f73fac362651a9c64846c385e3d340e8a941

SHA256
c9142648e471c52f4e3fd250bcee4e7264fdb9a0e382c5ea974cf78fb57823e6

SHA512
7f80a856ad1c7a6d86a8f66f8f541aa9a203830f80c2a2d416854e8ec9143da0a309471d960d147085ba74decc4c0a8bd53ba6788bdcfce0c7a96438820a4312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581e80.TMP

Filesize
48B

MD5
4b77181d48cc4a8a97db6d27ecb57d46

SHA1
086fed330c55693a9af0bab79e67769824459a40

SHA256
17f2a1ab46c1988f83cfaf02742b124daf8d1d8444be55e39ede824a4240ab01

SHA512
580c40fbf927fd49944f93637733d8028c7d75cc3b8518d613548fc2affb18c8580f6a280a0b5cfa438e95715bacfdf5f4075dcb49348f766bee8940303266f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
c543b48bfc8ad06e143fdba17c2e0692

SHA1
1e63057b6ede3cf5c3989f21e5c822711f3cd5f2

SHA256
4be4a56965ef9fbe1b71e5ab6a1389b9b7ad012fb6553ef5dd71fd94af795e31

SHA512
28ced5277f78250a3b50deee66c3102942da7fd2efb7892045ada1a9514c34961414e0a4f5e4acbe8319caf85bd47b28ddf16074a9d6eb514521f646bb9e1b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58d53d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
2a7c2bac75badb3ea2a42f9815914aa1

SHA1
6ceaba9bb09d9f3f73cff07311e054213130083a

SHA256
3ebdec5fa01e362e78ad11bdfd3456b068aecd048f2b620c0872e7b2b53a5303

SHA512
410ab28a3eae2b4c69b655a2cfb92173bb5510db729b0bcafecd5e1110aba038b70a4fbeedeb19eb56a218eff7819c402d3568d594ed8e60190167084b4349ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6eb90c63ea6f3f67c8b9c0d44ca91d26

SHA1
2d0224a120aca807396d4221874c2ff2e0844588

SHA256
5a26e7f5dec23dc11c1de10ea3ca5fdfe72c51c8de4820e1a8e37067ecd0488c

SHA512
2f25b108bf6540e9cbc83908e4f4917f010d6b4f3d89faf2197ea82941ff1b975f5fe4922274f66946a7213af0fd8a8d02ccd1c15e6c215476cbe6e2abaa679e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4eade2763d3d72e7bb8d102574e4ba96

SHA1
7e30d27c4d4596f6b8c2015e3690a8a553b4c999

SHA256
c9db0a1f3ce02d258831ead1d43392939043902c5b6b211f5806861e089b222e

SHA512
2300490578a975828c96e42e74887226d582faafe18ea58ae2ab5fd375a7ae15541b9a60694bb61f3ae92ad5792a254795fa36503905f25b7e4e98e64e3a74d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
40054cb73dd68fcf513186a36e7b28b1

SHA1
782f64c46affe72bd6b334c69aae88aa32216b2d

SHA256
136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

SHA512
8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
729df10a7e0b722edf6673d36f2040a3

SHA1
d082d92cb6eb8c0d79c9ea7e67e8b4828c5ea02b

SHA256
e2c498352af617d6d1106ea4d53c59fadc993a1f432068307250cdd0be68f7c0

SHA512
1619048945ed9b48ab2568dc546adf5173f2c60d03ee74f4616c3ffafe7182052b760feea19ce288799448c0f613b5e5592e5c547417fd7705997663439e3270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b4698edce1ce8789117ec3846cc93f78

SHA1
068985b2969c099b80506481d094a5705a81cc9b

SHA256
0e9d87dcfe6720f997ff52d67fa605b06d353ca9c05aec8bb57bcb01830313ee

SHA512
94a2916a9f56b2ca5847432525def22ee19810d93ed097508361632e5a5404c99f56d8db731c1aa7d40b2c7aa8a9b3d6b81a7479e27b81f5dd7f0b9e06440ab9

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\otwcu3jl.newcfg

Filesize
1KB

MD5
878b9cd857a1a7ad2ffa59df8c8fca99

SHA1
7fae5617890b6faaa53729fc74c28cb704fb8b5f

SHA256
8b67dd8d929dadcd1eb71634d95ce03b3698772e558745e97389ca09759aa8b6

SHA512
52556a18d637a8b40ddbe936843905bb879c09431558b20b5cb07a58036a6a36630f8b939f64528cff35f96b050ff8d2bb56f7b6cc85c38256d99c84edec06d3

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\user.config

Filesize
966B

MD5
eeecc7f21596818ed5166787f82a3bd1

SHA1
1d3fad95f2c575e8465c08bae18ed49a57947d81

SHA256
d3f2bbddb7494da332c186520370a06718c22435fbf36486787c45b1d8ec2fe5

SHA512
7f2994d9aef0a7cec6d625ac830084fd812bf4a2341e1aedcd9d2f066dc9e48a4afc4156e33b9e16e7d41f5f684c30935e74a4ae39c5e3b8dceba988a91e4a4d

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\uxvjmj5s.newcfg

Filesize
1KB

MD5
8be45e90dd4a37e53688f31acb9fb7a4

SHA1
9d09f4e689d443ee7dc7774fdd9b2e2bf35015b3

SHA256
5cbbbc7b7f27e082a77318e4ff6e276ab0185b3cab765c9859955c05e0317483

SHA512
2ccf680d02873f1f5700329eeed5564675347f06f8b0c370aecaf3da546e7ddd8b08cfb37829aa0596b3a3095bcf807b57a9b53dd7a5edcbb694d60bd60309bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
08106459b78008775089c6876b6026e9

SHA1
826b470943d1e1702be388b5a5a756a84efb64c8

SHA256
21dc4af8a1ebffcf9afb87b4f0753f880a1bb057856d43a25f6486b2cb713e3a

SHA512
58ade83fe01f48afbfef93f0b6f2e751393bf493ff25e37be81659f148e57baf7d7c37c44e69d583cf8f4fcb1a27a0324a8c48109c24123f98e863b9ba1380f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a8ba2949c217031b4547fd8dc2f5da29

SHA1
dd7f5ee1feb8deae2fb552a32c6eac7ce8fa2de6

SHA256
909bbe6052de6d4590db765143dd9130439b9db1a76586dd8af9b8226d42f21c

SHA512
88f60771f3a23bebc83e0c477eac1f03c45ecedc83946155c9273fc6aa0345113ef178d5d75060613455591560d1075390023220dd7ab1be15276131769a98a4

Download Submit
memory/2292-13-0x0000023B71780000-0x0000023B7195A000-memory.dmp

Filesize
1.9MB

Download
memory/2292-147-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-29-0x0000023B71BC0000-0x0000023B71C72000-memory.dmp

Filesize
712KB

Download
memory/2292-22-0x0000023B715E0000-0x0000023B715E8000-memory.dmp

Filesize
32KB

Download
memory/2292-34-0x00007FFDAE413000-0x00007FFDAE415000-memory.dmp

Filesize
8KB

Download
memory/2292-21-0x0000023B71FD0000-0x0000023B72576000-memory.dmp

Filesize
5.6MB

Download
memory/2292-20-0x0000023B71960000-0x0000023B71A1A000-memory.dmp

Filesize
744KB

Download
memory/2292-19-0x0000023B715D0000-0x0000023B715DE000-memory.dmp

Filesize
56KB

Download
memory/2292-18-0x0000023B71600000-0x0000023B71626000-memory.dmp

Filesize
152KB

Download
memory/2292-17-0x0000023B715C0000-0x0000023B715CC000-memory.dmp

Filesize
48KB

Download
memory/2292-16-0x0000023B70FF0000-0x0000023B70FF8000-memory.dmp

Filesize
32KB

Download
memory/2292-15-0x0000023B70FE0000-0x0000023B70FEA000-memory.dmp

Filesize
40KB

Download
memory/2292-14-0x0000023B715A0000-0x0000023B715BA000-memory.dmp

Filesize
104KB

Download
memory/2292-124-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-138-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-26-0x0000023B716C0000-0x0000023B71710000-memory.dmp

Filesize
320KB

Download
memory/2292-154-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-0-0x00007FFDAE413000-0x00007FFDAE415000-memory.dmp

Filesize
8KB

Download
memory/2292-174-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-12-0x0000023B70FB0000-0x0000023B70FC0000-memory.dmp

Filesize
64KB

Download
memory/2292-11-0x0000023B70FC0000-0x0000023B70FD2000-memory.dmp

Filesize
72KB

Download
memory/2292-10-0x0000023B71150000-0x0000023B71192000-memory.dmp

Filesize
264KB

Download
memory/2292-9-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-8-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-7-0x0000023B705C0000-0x0000023B705CC000-memory.dmp

Filesize
48KB

Download
memory/2292-6-0x0000023B70EF0000-0x0000023B70F3A000-memory.dmp

Filesize
296KB

Download
memory/2292-5-0x0000023B705A0000-0x0000023B705AC000-memory.dmp

Filesize
48KB

Download
memory/2292-4-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-3-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-2-0x00007FFDAE410000-0x00007FFDAEED2000-memory.dmp

Filesize
10.8MB

Download
memory/2292-1-0x0000023B6A360000-0x0000023B6A6E4000-memory.dmp

Filesize
3.5MB

Download