5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8

Analysis

max time kernel
1501s
max time network
1493s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2023 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FiddlerSetup.exe
Size

6.5MB
MD5

7fd1119b5f29e4094228dabf57e65a9d
SHA1

1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
SHA256

5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
SHA512

20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
SSDEEP

196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s

Score

9^/10

discovery evasion

Malware Config

Signatures

Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
evasion

Software Discovery
T1518
Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exe

pid process

3760 netsh.exe
4080 netsh.exe

pid	process
3760	netsh.exe
4080	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

FiddlerSetup.exeFiddler.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	FiddlerSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	Fiddler.exe

Executes dropped EXE 6 IoCs

Processes:

FiddlerSetup.exeSetupHelperFiddler.exeFiddler.exeFSE2.exeFSE2.exe

pid process

4852 FiddlerSetup.exe
2232 SetupHelper
1612 Fiddler.exe
4948 Fiddler.exe
2728 FSE2.exe
1212 FSE2.exe

Loads dropped DLL 64 IoCs

Processes:

FiddlerSetup.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exeFiddler.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exeFiddler.exe

pid	process
4852	FiddlerSetup.exe
1524	mscorsvw.exe
3440	mscorsvw.exe
4916	mscorsvw.exe
2196	mscorsvw.exe
4916	mscorsvw.exe
4596	mscorsvw.exe
4924	mscorsvw.exe
4596	mscorsvw.exe
5484	mscorsvw.exe
5484	mscorsvw.exe
5484	mscorsvw.exe
5484	mscorsvw.exe
5484	mscorsvw.exe
3844	mscorsvw.exe
4112	mscorsvw.exe
3328	mscorsvw.exe
3844	mscorsvw.exe
5972	mscorsvw.exe
1456	mscorsvw.exe
4348	mscorsvw.exe
928	mscorsvw.exe
5492	mscorsvw.exe
5560	mscorsvw.exe
4688	mscorsvw.exe
4688	mscorsvw.exe
1612	Fiddler.exe
4484	mscorsvw.exe
6120	mscorsvw.exe
6120	mscorsvw.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
928	mscorsvw.exe
6120	mscorsvw.exe
1612	Fiddler.exe
5168	mscorsvw.exe
1612	Fiddler.exe
1612	Fiddler.exe
5464	mscorsvw.exe
5464	mscorsvw.exe
6120	mscorsvw.exe
5268	mscorsvw.exe
5268	mscorsvw.exe
1612	Fiddler.exe
1612	Fiddler.exe
2340	mscorsvw.exe
3408	mscorsvw.exe
3736	mscorsvw.exe
5464	mscorsvw.exe
5144	mscorsvw.exe
1720	mscorsvw.exe
4376	mscorsvw.exe
5132	mscorsvw.exe
5132	mscorsvw.exe
5132	mscorsvw.exe
5132	mscorsvw.exe
3612	mscorsvw.exe
5132	mscorsvw.exe
4948	Fiddler.exe
4948	Fiddler.exe
4948	Fiddler.exe
4948	Fiddler.exe
4948	Fiddler.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 55 IoCs

Processes:

mscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exe

description	ioc	process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\7e76b1fb4198734d8af8f5d806b99864\SMDiagnostics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\17e8-0\System.Web.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1118-0\Microsoft.Build.Utilities.v4.0.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1334-0\System.Security.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1574-0\GA.Analytics.Monitor.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\15b8-0\System.ServiceModel.Internals.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1418-0\System.DirectoryServices.Protocols.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt19c51595#\6f69c2900b13ef16144a4dd218db8baf\System.Runtime.Caching.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\3b5383dd37da6f390d4d4ad42fcb5b32\Microsoft.JScript.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\a4659c51384187894a071aa2b9d900e7\System.EnterpriseServices.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\44d302d3062a00a6bd5a39f743bdb4ef\System.Web.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\37b9991e77d6c4ee257ca8b2c1f585ad\System.Data.OracleClient.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.8dc504e4#\f95cdc313801411ba86580e09a790db8\System.Web.ApplicationServices.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10fc-0\System.ComponentModel.Composition.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1430-0\System.Web.RegularExpressions.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\894-0\System.Numerics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Design\27f97b5687f7139425a49f9cbafaf6e2\System.Design.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\147ecaf76a082c0dd04c1e2ae632921d\EnableLoopback.ni.exe.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d00-0\DotNetZip.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\DotNetZip\b3a383423b05afda73d5befea52df23f\DotNetZip.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\1a856cd8b4506b84f967fb416431e03d\System.ComponentModel.DataAnnotations.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\140c-0\Microsoft.Build.Tasks.v4.0.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\GA.Analytics.Monitor\581f591747009a39a799777655cec912\GA.Analytics.Monitor.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\3a0-0\Newtonsoft.Json.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1494-0\System.Data.OracleClient.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e1c-0\System.Runtime.Caching.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Draw0a54d252#\3d5342ebcdfac2e48f2cbb87316da000\System.Drawing.Design.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5f4-0\EnableLoopback.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1754-0\Telerik.NetworkConnections.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Compba577418#\d5ea54b023997de3a48807f3b15ff588\System.ComponentModel.Composition.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1184-0\System.EnterpriseServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5b0-0\Analytics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d50-0\System.Web.ApplicationServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1010-0\Microsoft.JScript.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Fiddler\0246347168440311f67418ce72a25f0e\Fiddler.ni.exe.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Telerik.Net8bf66678#\a58ff39c1803c8009577b8aa07f4401d\Telerik.NetworkConnections.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d70-0\System.Data.SqlXml.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11f4-0\System.Deployment.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.82d5542b#\3248866fdc0058e6a1a5d64c5019ee84\System.Web.RegularExpressions.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\133c-0\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\b7d3fce6d77b982cd4538b089805df8d\System.ServiceModel.Internals.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1250-0\SMDiagnostics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1558-0\System.Design.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e98-0\System.ComponentModel.DataAnnotations.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\dae28270785fd6a19fb72c8c675c81a8\System.DirectoryServices.Protocols.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\f04-0\Fiddler.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Analytics\9422cdf8836e5af7e68e6c7719083b46\Analytics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1184-0\System.EnterpriseServices.Wrapper.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\c9d532d5040768732fdbb078eb294563\Newtonsoft.Json.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\924-0\System.Drawing.Design.dll	mscorsvw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe	nsis_installer_1
C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe	nsis_installer_2
C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe	nsis_installer_1
C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe	nsis_installer_2

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

FiddlerSetup.exeFiddler.exeFiddler.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	FiddlerSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "0"	FiddlerSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "9999"	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TypedURLs	Fiddler.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TypedURLs	Fiddler.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

Fiddler.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Fiddler.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133222439305894445"	Fiddler.exe

Modifies registry class 17 IoCs

Processes:

FiddlerSetup.exemsedge.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.saz	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.saz\ = "Fiddler.ArchiveZip"	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Content Type = "application/vnd.telerik-fiddler.SessionArchive"	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -noattach \"%1\""	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\ = "Fiddler Session Archive"	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\DefaultIcon	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -viewer \"%1\""	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\PerceivedType = "compressed"	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\SAZ.ico"	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Fiddler.ArchiveZip\Shell\Open	FiddlerSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Fiddler.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\SystemCertificates\REQUEST	Fiddler.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\E9376158E189331631C50C480FB5A5371609D464	Fiddler.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\E9376158E189331631C50C480FB5A5371609D464\Blob = 04000000010000001000000031ea1750494cc9e38461c6288cad19d80f000000010000002000000003b77e369da4898c79a269a455bf281726ff7cbe3313fed3d8ec8e41c24ccae514000000010000001400000023ab01099d3f6c720d48935d8c523bb00f6ba09119000000010000001000000058ed28c28b99204485bc02c120362c0b030000000100000014000000e9376158e189331631c50c480fb5a5371609d4645c0000000100000004000000000800002000000001000000b6030000308203b23082029aa003020102021011cf25ea2bf6a88c4c83576f6bc1ad5e300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3233303232333135313835305a170d3235303532333135313835305a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a02820101009827cc0270a5665d4df1d464970e037b38493f117842ac798f2a933c5a539781441910e1fdf78f9620de406ae9f3be31a7d163c3106ea147de20493254645f1e2226a2280ddcbc0e8e845a0d38ddbcaf213a5e5a54a102686fd69a7c92891be46c03c4d5a51cc244d6398c2ea4a01ce6e7ef1f56fd109c4691bc5a8307b50503b248b44e86e3c59b2fa632254c5c2253751bc18f7e88136b5d93aed28eeb568ee385d31948b8d6c4510d2720ff29bcd3e6aaa54829ee1b165f74f54705c9244eb8e7cba31430146cd4506cac99b277b9dd7529cd92236070931931e312705b46b19003752998d9f25ed540410e3dbb9e898f42065bcdb5352c86ea6abdccb16d0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e0416041423ab01099d3f6c720d48935d8c523bb00f6ba091300e0603551d0f0101ff040403020106300d06092a864886f70d01010b0500038201010010affc337ee1378674db778c2af252828f6a6f0726e54667112d612e2441c7f97308a7a29dc6bcd4cc2c9a25ae45e9540f1b588359a9ad9683d855ab86d957e7184ce6896a7201011d38fa90284c49af353fcae74fca44946cec88349a8b97cb6cba214476d263bdc8bcc0eb7488327ec63e9224ed38f2088eaac9d07df0b2ae7c4a3a837f331f8a9e6e9d1c2cfb1121221954ef5e5308adef463a643051a18ddbf4ff4fbc661c437be487f423cb8dd286f23be0b8152b7d995b9cb252fe5dc4579d0330784dd78b4e176877c7c0395cc0315fb2870ea284defacc0e98a4797c201fa57ca0bf7059a11541a63d1b11a2083fd6cc6ff24b7584929216b208b55b	Fiddler.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

5580 regedit.exe

pid	process
5580	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

FiddlerSetup.exemsedge.exemsedge.exeFiddler.exeFiddler.exe

pid	process
4852	FiddlerSetup.exe
4852	FiddlerSetup.exe
3324	msedge.exe
3324	msedge.exe
3964	msedge.exe
3964	msedge.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
1612	Fiddler.exe
4948	Fiddler.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

FiddlerSetup.exeFiddler.exeFiddler.exeFSE2.exeregedit.exe

pid process

4852 FiddlerSetup.exe
1612 Fiddler.exe
4948 Fiddler.exe
1212 FSE2.exe
5580 regedit.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

3964 msedge.exe
3964 msedge.exe
3964 msedge.exe

pid	process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

Fiddler.exeFiddler.exefirefox.exeAUDIODG.EXEFSE2.exeFSE2.exe

description	pid	process
Token: SeDebugPrivilege	1612	Fiddler.exe
Token: SeDebugPrivilege	4948	Fiddler.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: 33	3956	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3956	AUDIODG.EXE
Token: SeDebugPrivilege	2728	FSE2.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	1212	FSE2.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

msedge.exefirefox.exeregedit.exe

pid process

3964 msedge.exe
3964 msedge.exe
3964 msedge.exe
4936 firefox.exe
4936 firefox.exe
4936 firefox.exe
4936 firefox.exe
5580 regedit.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4936 firefox.exe
4936 firefox.exe
4936 firefox.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

Fiddler.exeFiddler.exefirefox.exe

pid process

1612 Fiddler.exe
1612 Fiddler.exe
4948 Fiddler.exe
4948 Fiddler.exe
4936 firefox.exe

pid	process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
5580	regedit.exe

pid	process
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe

pid	process
1612	Fiddler.exe
1612	Fiddler.exe
4948	Fiddler.exe
4948	Fiddler.exe
4936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FiddlerSetup.exeFiddlerSetup.exemsedge.exe

description	pid	process	target process
PID 1228 wrote to memory of 4852	1228	FiddlerSetup.exe	FiddlerSetup.exe
PID 1228 wrote to memory of 4852	1228	FiddlerSetup.exe	FiddlerSetup.exe
PID 1228 wrote to memory of 4852	1228	FiddlerSetup.exe	FiddlerSetup.exe
PID 4852 wrote to memory of 3760	4852	FiddlerSetup.exe	netsh.exe
PID 4852 wrote to memory of 3760	4852	FiddlerSetup.exe	netsh.exe
PID 4852 wrote to memory of 3760	4852	FiddlerSetup.exe	netsh.exe
PID 4852 wrote to memory of 4080	4852	FiddlerSetup.exe	netsh.exe
PID 4852 wrote to memory of 4080	4852	FiddlerSetup.exe	netsh.exe
PID 4852 wrote to memory of 4080	4852	FiddlerSetup.exe	netsh.exe
PID 4852 wrote to memory of 4636	4852	FiddlerSetup.exe	ngen.exe
PID 4852 wrote to memory of 4636	4852	FiddlerSetup.exe	ngen.exe
PID 4852 wrote to memory of 696	4852	FiddlerSetup.exe	ngen.exe
PID 4852 wrote to memory of 696	4852	FiddlerSetup.exe	ngen.exe
PID 4852 wrote to memory of 2232	4852	FiddlerSetup.exe	SetupHelper
PID 4852 wrote to memory of 2232	4852	FiddlerSetup.exe	SetupHelper
PID 4852 wrote to memory of 3964	4852	FiddlerSetup.exe	msedge.exe
PID 4852 wrote to memory of 3964	4852	FiddlerSetup.exe	msedge.exe
PID 3964 wrote to memory of 5084	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 5084	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3656	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3324	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 3324	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 2804	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 2804	3964	msedge.exe	msedge.exe
PID 3964 wrote to memory of 2804	3964	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\FiddlerSetup.exe
"C:\Users\Admin\AppData\Local\Temp\FiddlerSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe" /D=
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:4852
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
    3⤵
    - Modifies Windows Firewall
    PID:3760
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
    3⤵
    - Modifies Windows Firewall
    PID:4080
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
    3⤵
    PID:4636
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 0 -NGENProcess 1c0 -Pipe 1cc -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      PID:5484
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 258 -Pipe 260 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:3844
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 274 -Pipe 288 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4112
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2c4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:3328
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2cc -Pipe 2c0 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5972
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 258 -Pipe 2b4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4348
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 27c -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:1456
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 2cc -Pipe 258 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5492
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 2d4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:928
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2f4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5560
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 274 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 28c -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4688
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2ac -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4484
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 0 -NGENProcess 27c -Pipe 2d8 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:6120
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2a8 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5168
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 274 -InterruptEvent 0 -NGENProcess 2a4 -Pipe 2d0 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5464
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5268
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 304 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:2340
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 0 -NGENProcess 2e8 -Pipe 2f8 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:3408
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2f0 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:3736
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 274 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5144
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 27c -Pipe 2a4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4376
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 2fc -Pipe 2cc -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      PID:1720
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 258 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:3612
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 314 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:5132
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
    3⤵
    PID:696
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1bc -Pipe 1c8 -Comment "NGen Worker Process"
      4⤵
      PID:1236
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 274 -InterruptEvent 0 -NGENProcess 1bc -Pipe 260 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:1524
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 278 -Pipe 280 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:3440
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 184 -Pipe 2dc -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4916
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 1f4 -Pipe 2f4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:2196
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 1f4 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4596
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 0 -NGENProcess 2fc -Pipe 2e8 -Comment "NGen Worker Process"
      4⤵
      Loads dropped DLL
      Drops file in Windows directory
      PID:4924
- - C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
    "C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"
    3⤵
    - Executes dropped EXE
    PID:2232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc02846f8,0x7ffbc0284708,0x7ffbc0284718
      4⤵
      PID:5084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,479059815410460695,4110172737344789246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
      4⤵
      PID:3656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,479059815410460695,4110172737344789246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,479059815410460695,4110172737344789246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
      4⤵
      PID:2804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,479059815410460695,4110172737344789246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
      4⤵
      PID:2692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,479059815410460695,4110172737344789246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
      4⤵
      PID:4176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,479059815410460695,4110172737344789246,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
      4⤵
      PID:5288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5884

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4948
- C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe
  "C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe" "C:\Users\Admin\Documents\Fiddler2\Scripts\CustomRules.js"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2728
- C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe
  "C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\FSE2.exe" "C:\Users\Admin\Documents\Fiddler2\Scripts\CustomRules.js"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1212

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6084
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.0.1677820440\743842487" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f15ac659-0ee3-4a12-95fb-bc58bd792994} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 1924 186474ea558 gpu
    3⤵
    PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.1.1422198199\704381249" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d13804f1-c0ba-42fa-960f-87ab2425e490} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2316 1863a572b58 socket
    3⤵
    PID:2508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.2.1141199266\1195509157" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3032 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7365f5f7-503f-4b2e-be90-78690d8f5806} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3048 1864b1b8f58 tab
    3⤵
    PID:2068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.3.1456626915\1129679042" -childID 2 -isForBrowser -prefsHandle 2348 -prefMapHandle 2360 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c058c533-1311-4d78-b537-c54595ecb63f} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 1276 1863a56fe58 tab
    3⤵
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.4.1128808388\240757575" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d7f8981-8cdf-4977-bce3-4efb10b78146} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4132 1864c0efb58 tab
    3⤵
    PID:6072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.5.82798484\25649823" -childID 4 -isForBrowser -prefsHandle 4460 -prefMapHandle 4464 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9c3635-06d4-48fb-a54d-c5721c5e1086} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4484 1864b622758 tab
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.6.1223800934\524382069" -childID 5 -isForBrowser -prefsHandle 4736 -prefMapHandle 4752 -prefsLen 26844 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51eb0e7e-21cb-49b0-99de-e255518771f7} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3248 1864cb9f558 tab
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.7.798729508\1821073901" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 5076 -prefsLen 26844 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6265068f-e7c6-40de-b9f4-ca78a654ff7b} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5112 1864d7cc058 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.8.1823588038\1747427833" -childID 7 -isForBrowser -prefsHandle 5104 -prefMapHandle 5100 -prefsLen 26844 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {282fe8bf-5e6a-45e5-9311-4b61bf4b4858} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4992 1864d7cde58 tab
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.9.1631339048\1404204197" -childID 8 -isForBrowser -prefsHandle 5016 -prefMapHandle 4952 -prefsLen 30160 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a43cbce6-cf27-4e40-afe6-997c086d02af} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5268 1865672af58 tab
    3⤵
    PID:5136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:968

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5580

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
87408db9b40608507e938c0a505da8b5

SHA1
6b801e4e4a0aa3099c348253f00c0629710ce544

SHA256
8c15432f9a3e12d14fdd970ca7fa65bc38bd761390be4c41f519206cb808011a

SHA512
e438d68603c63caf575902549ea785c5610516d62852043e971ea1601790d97eea62ef9a8d0ff669eba1ac6ab4748bfe95e3a7b880b721a21bff288f15a2a360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cb5e.TMP

Filesize
48B

MD5
a5a740836f101929722197ddf90022eb

SHA1
21f0dcfb47ddb5ac0f0c91e49fd53ed2aecb3837

SHA256
b00096c15abddcee91882d99c18ddd77e178285e856ffffb62f6a47368252978

SHA512
3b83f3b2664526e02d7d75ec9e4ca8f5ae8ae43bdc34747cc1861a9402ed1360a81326d579a8492f6b3f886b357d6701f242a9991bb30ff47b5c83f3335b6708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
ffc86f846ce0c7ceedcef4afec2791cc

SHA1
f439acbe640b0176de3e2b300b4ca239f53adb3a

SHA256
01c4289d12b05157205ef61f1aa668d93118fb3e6c4fcfa622d343843027470a

SHA512
65e799c16f658d404ab36f8aa412e1be25b1f60662c03b445a62244246efa56234d1409b4a1671042c598cda430908904cf72294b6fa225fa2b14364763c085f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e18808ee627d82a50d38da101598027f

SHA1
bb47ffce8cb44468eec2d6c8a39324907096d424

SHA256
b1b131b481dd568ae21949857fc20908e0c0a372bd45aec3bd93976b1b7e191e

SHA512
f20a4f95ef86ce22dced0483385739d10945793c29e5c70b73a1e14097a5e4a31e9eacc6a1101809a0b7468c101af75ac1928c144de1e25eb1a7c236fe417ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
dadda8e5239423d96cbcb16f4bed1ea2

SHA1
cd99af6a3ae30883fe1ecd4ecd8a862da4a3450e

SHA256
10ea2b606ba87b5b58e518caa357b27370d55813f521989421447f37234d4a41

SHA512
f288c265d778f4b96778bd48b356577e8fa5fb935590e682ec59e358cab0c90c465856b3a1f0363f079be9991eb03f21db7794e32c3184929662a8a9200c866a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b42f78c27ad35da45b4d93b77841696

SHA1
d5d5080586e7682896973de685507b960d8faee7

SHA256
04e739a81bd89041fb82ad445a4806a91b885527585219e279819b9b5bf5043f

SHA512
2a08daf2fc7cd87c1596693b6d9ecd5b6c60d6431aaeecff39dd78063195325545763d6d96cfcb023a3d184b573f7b4da75d251838190003776efa630a2e5f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
51ad886faedcb7c7cb22a5980d0d009b

SHA1
22dce739356bf2c7a54f46611cc2b4e5858faf26

SHA256
9e79b22169cbfd0f7c24bd726a17162b9107de326b1fb36fb87220f4f1448613

SHA512
41d6b05226e067117ffe7ef4874b0f3ddc26421be19f03f041c3958a216ad5dbad35e7e1540676cea698949a1041ef11fe18ceb36639490a566f441555a3ddc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
fba3c2ea6647eb9205a4f6480aa649b3

SHA1
97454bc9cd262f9c658ccb07810573b3b9b569bc

SHA256
13f150ea898da72fb674ce96b93ef947081a463685ab3aa91d621639322861aa

SHA512
b9db9efa012a2d072130621a92661fe6b41435092b0608f256c6ce5f08a5d69be97b4dba6a600db1d8dc3df2b5ff987fb7c8f9606f0a3414b5c3fa5196f3eeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
782fa3258ab1d01eee97861bd0862ad9

SHA1
d14d8575d96cb4906639d3a07c2af0c0c677ba0d

SHA256
750a1c64da8845e9d0e8f43f2bf77f608d7d25db7554f05c130d0590e72ff694

SHA512
1d2a57047bfc88be8a85305f093d954d8a3fe345e02ebd94cb342fd52f522c740dd76517e687c4d50acbcec84cb73371364c63c8b62e0188bd4d5c250fcd7099

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

Filesize
145KB

MD5
77ee6d8c3b03b7599dd8110a68929cff

SHA1
37ee3009daa20d2a60f9077a243f8e3c88bb2cce

SHA256
45777dc0981f65b2c22a5ab3d31d02e6a149c8f947b394b3e72cf484579b1694

SHA512
352f26453a55cc953efcb023c4ee65452f8c907c42002d8ff04d5d467d6a7270ab6cdb941a5e97efd8bf099ca3009833051a06f60300b4e4452237152d049d3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\11793

Filesize
9KB

MD5
de87d10cc59859c1c806e520de30e186

SHA1
3423887b6c713a77435e441d811621903abdef8e

SHA256
0576612688fffea8594d76beae739ced527fd74d363343d7ae3fd350a36891ce

SHA512
a76e6bb1d01ad174760b83fd4f1a6bdcce0fe30025dc4b7eec0c66a3436fc633d344a819603e59d6746ad479fc8dac0ea735f50b964e20bcd0c1bcd527da6969

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\22182

Filesize
9KB

MD5
07cbd25894adfcc14a6757c108eeed65

SHA1
b82905940d87f7014b85598324b141559a618067

SHA256
8997fd2894c36eb16969f1f7d126d8ab525b838a23ea07cc2ca4f66e30e02c38

SHA512
4eeae02caba4957d886788758800b97ef3aab4f0a2f01ec18abdf0db34e312869832a784965f88a37cdf1b45dd516fd245d71d78cae9fd651008da87c3be0952

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\27908

Filesize
9KB

MD5
560cea847099a406f5291ca11db19dc1

SHA1
92ee329d3842a4f54281d88b7543f6a80d7bed93

SHA256
c2e77be729a29b19e6cfb759ebd3f59fd0770c87f91a400bd061ea48f725d25a

SHA512
fb3b07d4bf8af7edc6609526d6f1301cc93faaedb5d57f025bb2b775f9de965d66fc8e88ef9802d7bf5d5a6d909b906f533bddc23407f107397e1e4b9d0e79f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\184C843EA0B8CD10730CA2564A233632E40FEF45

Filesize
14KB

MD5
ca978510029f765506abcf709792437b

SHA1
908ad00a5b1b5a1ca87673d9d9cb654474824cef

SHA256
539a11bac83a04beba01e8380c2a71b8276922d2cb362d4f7c790240302327a8

SHA512
fabfd4f0a4801e44bc2c1fd58f603a5edb24aa2d58c952377526a26dfa431fa3ee667300a934e2696d1d16430dd589cd20d4828f4305e2e5279f66e5e0eb0001

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dll

Filesize
32KB

MD5
1c2bd080b0e972a3ee1579895ea17b42

SHA1
a09454bc976b4af549a6347618f846d4c93b769b

SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dll

Filesize
449KB

MD5
11bbdf80d756b3a877af483195c60619

SHA1
99aca4f325d559487abc51b0d2ebd4dca62c9462

SHA256
698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1

SHA512
ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe

Filesize
95KB

MD5
5d16400084f534535c922180c562bd70

SHA1
20444c63a2e6ff17a1970f8af0744c0ccfdbb659

SHA256
0ccf6f4b2f6e89ddb50b3075fd6b604ef7c0d6b13ce377781d898dcd8f9c91d7

SHA512
b9dc50aac871ff81c54e000adb1de11c17aeea75fbc80afa5f025d1efe6c79acbfd05b5de6066f084ed0e26d4287c354984195e7aa134545846d371f84063bd0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe

Filesize
1.5MB

MD5
a5b8c0f51898e9d55e4b3aa7904adf32

SHA1
5eaff276409670f3e8ce4cbb17086f1362d18868

SHA256
5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3

SHA512
6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe

Filesize
1.5MB

MD5
a5b8c0f51898e9d55e4b3aa7904adf32

SHA1
5eaff276409670f3e8ce4cbb17086f1362d18868

SHA256
5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3

SHA512
6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.config

Filesize
252B

MD5
38a7379a4b36fc661c69a3e299373a05

SHA1
1b0de45ad7fe759499c57cc1aa9c1da441d9167a

SHA256
70107440ed3e5ce934b947a85669a963ed0370d1d34c27e8f3bd2a8f5f670342

SHA512
5c91d3ebae7a1d0fc068303632cdd7f789bfc3f5158c338d253ef0ba584bde2346e86287dd56f8dd266494ecf1307fb091e548b5cb795a80e5969f09f7507f02

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll

Filesize
52KB

MD5
6f9e5c4b5662c7f8d1159edcba6e7429

SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6

SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll

Filesize
647KB

MD5
5afda7c7d4f7085e744c2e7599279db3

SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261

SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll

Filesize
192KB

MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a

SHA1
593077c0d921df0819d48b627d4a140967a6b9e0

SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll

Filesize
816KB

MD5
eaa268802c633f27fcfc90fd0f986e10

SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll

Filesize
228KB

MD5
3be64186e6e8ad19dc3559ee3c307070

SHA1
2f9e70e04189f6c736a3b9d0642f46208c60380a

SHA256
79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

SHA512
7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper

Filesize
31KB

MD5
45a29924b29cd5881da857104c5554fe

SHA1
75716bfcb46aa02adc1e74369ec60f1c27e309b9

SHA256
b31d4c6a86bad9eaffaa543476261aaa95705fffaaf367a6ab67133c6af5fcfe

SHA512
0ee65dc21bfb5be949a8d96f0d5c04dba70c83988ddf460e9ce18e32eeb27fcb350e85b1ed5951ec2b5b2ad6506fa117fbe5495eabf58756fc66111f52b1b631

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper

Filesize
31KB

MD5
45a29924b29cd5881da857104c5554fe

SHA1
75716bfcb46aa02adc1e74369ec60f1c27e309b9

SHA256
b31d4c6a86bad9eaffaa543476261aaa95705fffaaf367a6ab67133c6af5fcfe

SHA512
0ee65dc21bfb5be949a8d96f0d5c04dba70c83988ddf460e9ce18e32eeb27fcb350e85b1ed5951ec2b5b2ad6506fa117fbe5495eabf58756fc66111f52b1b631

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll

Filesize
34KB

MD5
798d6938ceab9271cdc532c0943e19dc

SHA1
5f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3

SHA256
fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2

SHA512
644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20211.51073\user.config

Filesize
966B

MD5
042d82c8663a70390ae36ee401126410

SHA1
5994a380e40bc88ce18d4da4877990b81b0f3a37

SHA256
3b95628428ee156acd2d786fba239e13c3894a635d99952e9e2e394b33c6f526

SHA512
6bc6b55c99fa57c2103249361996026930c27c1657f393efba663877e51088701889d33ca38e04d6192b4dc8aef0cae8543ca56fa9bebc49e37c13a0b668cb0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp3D65.tmp

Filesize
2KB

MD5
9bb1128aa7985105e8cc21714d29d740

SHA1
bf7154c2b2685ca8fb4ce046c039a5f6cbc15091

SHA256
5d2828b40b4829d081437a040d7848269d1ee494098cf83b2ff2218333f5c8b4

SHA512
332890f52c10d9a1573c401d85efa457d5d817deadb555808103b9e5d075c254c59a53018eb537c4362816605ec6173265595fd34b98781546ab8cb90fb9f2b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6C15.tmp

Filesize
2KB

MD5
31fe64ed98968a2aef1f7b838a96ec7b

SHA1
855471b5fc24bb6a29cb0afd77733eac539426de

SHA256
041ee73429f1e69feb6d074cc453d313b56ce667b6d044c7cb7f30ae41e972cd

SHA512
1ea944cb69fff8d1f754df932c23aa9f2a72ebc5ca4a380670008a65846dbc04580449fedd00e08a90b2ad4d6fca2f3da0af0531f3d9b3d486f749b84c9699de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6D9E.tmp

Filesize
2KB

MD5
2b8424391feaeebee86ec73f1d0fd27d

SHA1
af838ab59fb1ba66905e5d15da892ae7d3309b1b

SHA256
1d1fd494b0ad5786e06f0143967fb1a463b52dcf543657973d8e5c1a50958412

SHA512
b0ce2bc12cd55003f803e0e49937184d00efe1d8110f05662b2191787e327749b042729c3d13a3a821e4c4408881c47d09118958fc74bb636b38602b4100a97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpFED4.tmp

Filesize
2KB

MD5
4f9e97ac94a9394381763662198d4fec

SHA1
93db33d1464dcea3cb31615c7d98b59c5128ac8b

SHA256
6e3b50e722ea2a8064ceb70c9813aa3e4a3e3da8254b46acf48a07b4bb6f692b

SHA512
c83cd49ef2c9298afd91fdc65bef9e45cce5fdff2ca3b3eb5c196e8759fd837882fc231ffd050377bdcaeeefea1276eb35146719a9c804e72b20880106b39d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssDB82.tmp\System.dll

Filesize
11KB

MD5
b8992e497d57001ddf100f9c397fcef5

SHA1
e26ddf101a2ec5027975d2909306457c6f61cfbd

SHA256
98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b

SHA512
8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe

Filesize
3.2MB

MD5
092879b4ec0b7a59be6273035da99e27

SHA1
282f2602469017d4d8401e84e248a6c138b7de97

SHA256
87d5fd5bfadffa31f6b72923be4d4a46335b3e32a4f6e306f90d04d4aed49c50

SHA512
dde4050f6a26dc0feecb7a7f2563f33db5615c15c0dd1f3e6bf8ff8aa3a4ced68a53ae66c179f56dda5a50185b5053460e63c5a0489b141d11372aacfcea4cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvAED4.tmp\FiddlerSetup.exe

Filesize
3.2MB

MD5
092879b4ec0b7a59be6273035da99e27

SHA1
282f2602469017d4d8401e84e248a6c138b7de97

SHA256
87d5fd5bfadffa31f6b72923be4d4a46335b3e32a4f6e306f90d04d4aed49c50

SHA512
dde4050f6a26dc0feecb7a7f2563f33db5615c15c0dd1f3e6bf8ff8aa3a4ced68a53ae66c179f56dda5a50185b5053460e63c5a0489b141d11372aacfcea4cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4238149048-355649189-894321705-1000\0019d5a9832634460af5d8b4d66cb24b_2fa110fe-bc31-469f-9e23-67a5476488af

Filesize
2KB

MD5
9bf5b7ef4c86de4faa0635766a56ff3f

SHA1
f63a38286133e3f30c4122df576d027ef29dfc7c

SHA256
5c303df7db470c4576e5d491c5541c02466db1a5bc471d547652c0b0bcb20856

SHA512
124101db37fb4f1838eef9da7ab8fe314a9dc3a2924c3599528d9cefe1b4ad815b7e2ea1732800184fb8e2a3a6d0e2d9664057b8dc2b59c3a109614b1aa03f16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4238149048-355649189-894321705-1000\32e2f0bb84347e49a64cd0eaf78a0274_2fa110fe-bc31-469f-9e23-67a5476488af

Filesize
2KB

MD5
634df9af52d3b50dbfb653e2c9f9d50d

SHA1
2d94b9f4777524ec14a13b335d5ada1d795c28bf

SHA256
765708f71f8a6f352d078bbc892d84e71b979c133127b6f1de9c7d68fee82d8a

SHA512
ff9946041f1e5de4386550dabe3536e9ef9e5b3011714ec4e3c048ac038199c103e3bb1548c0721a27cc8d96b9e680b4d99e640b6a595260b0fed92aa0e674b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\01FCE62B802D293BA23C83A911EBAEC555C89E98

Filesize
1KB

MD5
109965b3f78caae9d2ebd9483a824dfa

SHA1
d35e087453a9bbce3b8fa1f41529b655d0b34333

SHA256
3f3b69066fb5fa18ce6e49e46611c347f9c5be0ce73140916e41c7d56c45e381

SHA512
d179aa211be37027155aa7dcc46d7a941c0a06703a1ff18b0d9b7fac8c5ed73d5008bc26e2550281c35862fbec6474d3ed4b436f078785ced3abe71b7351e0a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\87EBED6A0F9802FC7990F25CEE3E2D9A5798F33F

Filesize
1KB

MD5
3fdb07182ce57c1a6c4078166da7d2a9

SHA1
beb1133628d637cb249c6a37551dba3458b5e086

SHA256
b1d2dfb06206c17f521445015b729f9a06d549432b49bc103b6eea63992c1dd7

SHA512
bf0fc04aef36e8039ac48e98b18dfadabf3f55c33977e3f135ff115782dc7e19a19c2de1c1c88b6ec0b4f31342f74f50e6d166928756c795e2e3d1db9448a0c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E9376158E189331631C50C480FB5A5371609D464

Filesize
1KB

MD5
3635567be810d55473b7a6bc6c114702

SHA1
672e2256c4e2574aa21d203707d275492e2cf86b

SHA256
aa2bc6b992623dab81c6d725838d612b988943915d1c43e17905a3508253c7b9

SHA512
1c2683ba10f35e8d6c908ebd5b92d139495efe997d41cf1370e6eed47700247eaa2f13173a5e9c494aa1b64ba64e20e86ce0f0ad243f32d73bb2ea1a3f193b09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
439594ad872393e307fb5b9814038d24

SHA1
f13d2b21501d66f8bac9b898195ffa51ce429c79

SHA256
665575ab0e53b1f064da12db18f475cf385967cabbdfa4bd15cada3b090c238c

SHA512
b54a15688ff7b14e7cdae6681373c94b385be0c73cc00cec7e61adeab91c639f101f57ac8e965d8a51dafdd15a63a2d7ab477474d5f304844f35fe850ca8fcd1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
23b6207e12433f5c4bbca257602547b8

SHA1
fa1793c16468b6bb56bba08ddea9c1981f84b1b4

SHA256
38d9a01019515d5e0821a2bf1a5fa7e404a92b37fb8f994fb0f021025876b99b

SHA512
769edceced9e685d1644df4bc354ed8a5dc79740d0e211a342204f989e542f10764d7ce06dfb2626f70d67b578cb4caf84d644489b810581471f5b7d0646b89c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\SiteSecurityServiceState.txt

Filesize
372B

MD5
d2538e51e51d4c53a46259e1554479db

SHA1
ffbf6b436fe03f864d82e41710b8e7dc153cac09

SHA256
c88917cc0a6264497438428646eda2bce60ddcc0b2cc053fcd0167d9436b70ef

SHA512
cb3c94b3e5dcc7777b8fb77b3225248785aa2419e14c4916ecc0bcf43659c2727ce6ddbd30c61ca5460bc0ba169e04c757f8a09e45e8dc5582ab7814f60f4574

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\bookmarkbackups\bookmarks-2023-03-02_11_DJLJN4g7gFJZmW99eiU+6w==.jsonlz4

Filesize
945B

MD5
1a92369e16a42c36813bef4db5189a6a

SHA1
c4d0617458e8aea8c17ab9d95ce90d735043c536

SHA256
58a65b8f779b5fe50313fdd287ab16b0a5dbc13abaf659126ba8f86281d91ab3

SHA512
211de12c24742a96785f866f0cb6eebd780dc47f97fb89da97d97d94bc2bdc39b43c7cabdfcf967e3254b2d7d7385162f95b6671917f37822c33fedefe4c75c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\extensions.json

Filesize
41KB

MD5
58ba857a3945442fd2093c404b01a1cb

SHA1
142d79fa3189903c32436403dfb2d16d87e966c2

SHA256
e5cc1e712da043d2b9391886d5406cac80ac76b244fddf1faec31400d048c624

SHA512
2ad9f11788027f4545474003839cd4ff4bce5c12441bab6b2739d4ac1ad35797a8e4081ff600b4874bbd637de3749d57e0e1f876797561c528ccf1518ff96c79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
54de0e7762cccb3202746bf475b09c2b

SHA1
612bc13aae26d686e736ef07325ed41a59b03184

SHA256
e0577388003decaf526f7b41501dbae068718dac9fbabdd563b8c2cd21a9085a

SHA512
3dc6ba7531e667daac3ae090b55ca4d3589a78c9ca836fd3cd2e39511ab827ed0c720a2179c7b805f150bede829ac8ee9d44059b16a363849ec0daad1ec25e71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
477c8727790e15dfc754a0f74272ecba

SHA1
aea7b3c2bc43d7b9e1039e28253c8d277bf03cd4

SHA256
de5f7f50a13487b58710249167b732e9ceb915577c991325d4e27ec3ae5c61bb

SHA512
4ec56cf4b64796c0603bde523c54689b5d1c529c68b261824d2ff95f0d5c50c07fe2d0e51cc2288bc377414dc031d85707de85738684d8c69fa489b19aca7b86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
1de5cb86d3ce7679ced3a9becdbf87ab

SHA1
c98f2f0e88845225acff9a7fb6cd933edebc9a4f

SHA256
c3561a9c2657c9eab6dde5950090c2f9476c41ff5124ee512a13fd7927aa0f5f

SHA512
f7017baec77c78859902df62ec8620b8919deed3796c111d82bcc99abebf81a6eaf2d91764b4b6657b62bce05736ea0964421032f2538209a024c88744993e8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
0478f77809d386d7bf44122e352cda97

SHA1
8ee829e3f7227d10520893e75ad4acb282772deb

SHA256
48f0cc1cd167a0ec3f79561fdda8b56559a3df851795537c6a648233d93c4e87

SHA512
fbb29e91cdc5351cd9fa9898822c3f7130c4d29bce87258b2daacf27be1f94bfe5900dc08a46c492cc49d4142ccabbd46fe837f4050b7eb95cce284aff0ce479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
d4a3d38e09c29c35312a4fa0be3b80f3

SHA1
1d2e724e9392ba84dbb4f7d05d6350256684df1f

SHA256
9c7245124fd5e8b2326c64b72696a8f718dba2bba0fa1eb9a72aad82bd1e6f07

SHA512
f46ba691d49cc2dde28787b1c25ff77ed685b538eefa19187c995180759c840214cddc92a0ed70ee7ead8f9c75d4bf3b670abf2bb8ae266453c2c08ce7a15ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
39d6ec185d6aefdf4e06d076aad7fe85

SHA1
84a10dc94a7920de28a50cff025eed2e1d13a06e

SHA256
84d9f68d13f39bb1a6c7d2d64c175853da97add1888ef31e690490e9b2304eeb

SHA512
013d248774f73c63429387f60e431efbb4ea0da168758932e7a3822a2af7199645b59ab36d778bb825fa5b861dda85ba06c4cbab48f0a9824539db516e2aa6ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
62fae045e67756b12fd02ae53145f4bf

SHA1
e8150f6c6e8f6f97280f9f185069f43e1c6554c2

SHA256
ca58f6bd9e998a998f03d63bf689dd560741636c3ad8f70df2f424505cd9afb2

SHA512
44013bbe49e7f0d0c4d92c911a8ba1a09ef3e23f3338cd73a275a1469b5146ab73d6eff05e1d4baefc63953a92f87d7bafc09934acca53a7e41798b2b14f94ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
f4c73cdbb8318564bb286bfb3046e727

SHA1
9e81e48d0bc1376c620af9f99441b9b6afc05abb

SHA256
c06afb25f581d91d86564e9d8a727dfc9fe07d901c7fc81274670eac9805e331

SHA512
93e65fee0531cabedd550e75db2750943a9ea557ae40e72a89f5e16a5275062333b7436bbe60741f079bc6ed3485169add7535633cf106ce97c7036ebb4a4d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
72f5728ca53aac68a682ea785f58a64a

SHA1
cf9adb38b7f76d8a95dac8fa8860eb2846b4ab6b

SHA256
e2b5ffec7672f038ba5018fdd225d7796c70946b25b5f57763f195f413d24313

SHA512
cb10469d4c708bb716c1c34f72dd498363c857aa741539f73596d8e1f63a1333e57355ac00c31254cb89fbde975ad3b7e407bb5e610ffbd406328a2458c3a42d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
511c76871a9e431784e4f6b8fa201829

SHA1
977906f80942c0e3e3cc99c4d44d58993658f919

SHA256
e6aeae3ef6c5da89dde924e1666f62bbc10a5a7070ec3b36221c372025b3f203

SHA512
c84019971ec1fd0d77bd7b57c2ba334652a929867c8392ad4e221960c681dce44ecbf7dffd977fbced128e8879d03292d3ce326171eefa337e94d231a1192648

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
c7b703015e5f0378cd14816834fc59cd

SHA1
b92ef58a02789151dbda3030cc4cf96f55bd95f1

SHA256
6a023836bda727e4bd436403ee8aa3a542db2453a0be3b9a9ab6408203987992

SHA512
9d312fef87eef455de3eeef30af335d962274dd1f02c68560caaa9b65c2fae476cdc44bd0d47c844e48867b27d58e3b24d03ad5f3e6deeb2ca9dbf7e4d62fd78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
57c348236eb025a9223a25a9f5d06429

SHA1
e1980d935524ff62cc5adfbb76019670b27495e9

SHA256
65d7a873bc8550b13620280c58846aad13a50c3113c06e17fbe76c6fca55feb4

SHA512
08ef217ee5b9c5ff66a648b18c3eba5533ea90e53a3d27435e87adedd2b6bb24f42babc443ef361bb32882a41a5f0a2d7d034d74cc14d8d7f8aa45ab2684b60a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bb7cd5595cf00a890d4b958db08b5b25

SHA1
95d0b25696d1770e5b09ed9ca1a779cd59c2e3e1

SHA256
36e9e7fa0d9d4a9b483ef6e69bff3bcaa5d7c284719e570170b1dfe7aa2afe0c

SHA512
6237c73779ddda4dcc969a613d2e5fcc3fea009b555b438194c33877816e8ad5def71af1e6f02bbc422a6be3f12e861c9b7e5cf0a063fd084846d3fa4f461b12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5ee7fcb38b62d8c24dfe55324624f6b1

SHA1
0604d35c651bece36b17960579c6ea1d8ddc7dae

SHA256
b33377b7af6f1c10eb494071525cfb8eccc9ec2ed28281fe4846eddf7f6b996b

SHA512
0c8ca56f15f03b0ddc346536883d5387ecafd7f09764228705c2bf6fb203bebf8e2392b24068b4748a94db4252e5ffb1d5b10989659f59513826c7573c23af79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
2e975e82ada40dbebc51f977f3616c79

SHA1
b91f81d1047ea8dad33832fad15ad4f9fe2239fa

SHA256
06c1a34cb6f1409a5d859a666cd640b96e6f656bef51f47979c6be81f6bc099e

SHA512
5233eb66a52893990afe334063e799c735f2dbca06428f05545d4cae2e9344e61b34b11fd62eaebb138245a2e09919a42868450efe026acb1ce1e862ec628086

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\targeting.snapshot.json

Filesize
3KB

MD5
1f8313918ab934fe7f343ea1a59c4af3

SHA1
a3a8334d1eca29729bd687936598c56f46345798

SHA256
d24c1b368694643154cccd80cdb61ff24509abd95cf8e8242e7d8a1252fee8b4

SHA512
476312eaf476957b26e9517eb95dbf55631e2ebc2654489a72618d44e6814fd8b52b48ab488229d12be67a0315fc7f31ef30d1e57d7f6b2065d15247da4630a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\xulstore.json

Filesize
194B

MD5
edf42cb3821390f6bc6902e6672e030f

SHA1
804ffd6689a52c7be1810144a24a1ace5289360a

SHA256
f91fecdb673dad8eba10b3786a2386576384fa4810ceebfbfa9f378d5fabf9f8

SHA512
fcde5b0aa0f88e3bee0eac08d33d3be08f3610aafc220070eabf42883e3cc81ca4ba7cf937be02712f7083d0326ce27c953cd3be8a98889cdadce5d35cdb84cd

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Analytics\9422cdf8836e5af7e68e6c7719083b46\Analytics.ni.dll

Filesize
153KB

MD5
c20e3fe00cf0f4e09294751a67dc50d8

SHA1
14ed469f18dfaa6832c6b82ccaf69c5af198fa12

SHA256
37553c2197d007b659be700cfd9df1900a245ec41bc5b31d5aee4e0593598b8d

SHA512
10202cb440a7644aa1793c95207dab1c03fb5784fea676223882b33231de0cbebccc4c8be11936667569bee2d14e84c4c9d6d8557a413f63353f45f4bc431ce0

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\DotNetZip\b3a383423b05afda73d5befea52df23f\DotNetZip.ni.dll

Filesize
1.0MB

MD5
c558f7c1f309e967a9219a4ff654b757

SHA1
cc8e02f557d8c7392cd2d0e2bbd3c2e4c857ed4b

SHA256
0dad05610e5ce4b2ce98304b248d4bdc96ad4e62a59169d9f7841f9d70e0e1dd

SHA512
31afaa54cf2054dd5babad5a320a349ea551ca8527c950557ad030d4d9bcef5ec1b66ffa6e7c902c7ba745dd4a55cfc877cb5fa3924c49a416533a4aa91616b7

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\147ecaf76a082c0dd04c1e2ae632921d\EnableLoopback.ni.exe

Filesize
161KB

MD5
24c44053061c2b04cf46e53efe53b3da

SHA1
8b9fe480172218a18619deac74d90368bb74caa1

SHA256
4fc4f26e6aac03d47eb59272697fab439c360dc3725d425f00690898ba620bab

SHA512
5e44722444cd4bb9598c7b703ddef1a469a93f6d5a6f112675a745a121d49a08a7fa508b21356efb709581d5bdf13fdec516e8f58fa518a59ba90d4968c2ae17

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Fiddler\0246347168440311f67418ce72a25f0e\Fiddler.ni.exe

Filesize
4.8MB

MD5
c5b289224745e363002c192ef7f362c7

SHA1
e61811b056a4574dc1f729cbeda472ef458f5488

SHA256
68d274018038d4a68f3d28a2c04e09ce2ef211daf38167ef54ff971ddd0d8285

SHA512
ca79e68c3d96c888c3928251f05ea551e995375c19ea8b99d3bafe84a018ddecbcddd58f197a8918389c3c438b6ea24e280618649143232f411a31b81687bc37

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Fiddler\0246347168440311f67418ce72a25f0e\Fiddler.ni.exe

Filesize
4.8MB

MD5
c5b289224745e363002c192ef7f362c7

SHA1
e61811b056a4574dc1f729cbeda472ef458f5488

SHA256
68d274018038d4a68f3d28a2c04e09ce2ef211daf38167ef54ff971ddd0d8285

SHA512
ca79e68c3d96c888c3928251f05ea551e995375c19ea8b99d3bafe84a018ddecbcddd58f197a8918389c3c438b6ea24e280618649143232f411a31b81687bc37

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Fiddler\0246347168440311f67418ce72a25f0e\Fiddler.ni.exe

Filesize
4.8MB

MD5
c5b289224745e363002c192ef7f362c7

SHA1
e61811b056a4574dc1f729cbeda472ef458f5488

SHA256
68d274018038d4a68f3d28a2c04e09ce2ef211daf38167ef54ff971ddd0d8285

SHA512
ca79e68c3d96c888c3928251f05ea551e995375c19ea8b99d3bafe84a018ddecbcddd58f197a8918389c3c438b6ea24e280618649143232f411a31b81687bc37

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Fiddler\0246347168440311f67418ce72a25f0e\Fiddler.ni.exe.aux

Filesize
2KB

MD5
00e2d5fd4f67fdf9b54019f987103e29

SHA1
7492c20e956ad4aef5aea50109e55517d924f300

SHA256
7c4dd70c75da175d1f1dff7250dc323940b727a24c5425d9798c58ee60304384

SHA512
3253d1cc9e4098360fa5b0dfb80f0a23e2d0d377a4f2ade8e69694d713b9fef8bba07fd352ae95e41aed297345d943299a8a0c75331a37889c28bf9c5fb0e894

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\GA.Analytics.Monitor\581f591747009a39a799777655cec912\GA.Analytics.Monitor.ni.dll

Filesize
162KB

MD5
8a9d553a6470411d97b80dd5919b08ca

SHA1
e09a602029024b2ad39bcb5aac181308511f7fcc

SHA256
86ba3a5e754066a01231de83e669cdfd92c18d62c1cec34a3c4fe6dad2adb077

SHA512
61f6faeac2b6ce347310ae27b950beb78c905a930bc395dd19fcde506903b102c4e84b7ada333c2a1a9bdfe5f1d0e508b9f5879559b5a100e58de552f185be4e

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\3b5383dd37da6f390d4d4ad42fcb5b32\Microsoft.JScript.ni.dll

Filesize
2.7MB

MD5
89bedf9727f90a9f8e15826df509d7b9

SHA1
f0c590abc08815c38aa522afee4438d69a78c490

SHA256
224851ed49ed39bd526910bd252a6f53cc32c0067d80066a30f84329500ba929

SHA512
4d300c96062d5853e644675059afb4687246a610d5c86cfe1aa7380e4d69da255e743009339d59b4d00e79991cd8251330a99064447cde28f08821c3dbe448b9

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\7e76b1fb4198734d8af8f5d806b99864\SMDiagnostics.ni.dll

Filesize
142KB

MD5
ee791496cf3d4d9c47e410faf2ce6513

SHA1
db05319fee5f2ee451701ac7059caf52a1780b8a

SHA256
7725443ac7cb92308a71c71ab91218abdf2393d96ada57a56a53a03312fd4011

SHA512
19e12c301a514e291a779b2e054a71d20350cabbf468b1a4c1c26eded36053c5dcc373db758bc2d283aa4fa4e5a5406e9c892bb208be3d8c2eaef8c0d724fabb

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Compba577418#\d5ea54b023997de3a48807f3b15ff588\System.ComponentModel.Composition.ni.dll

Filesize
1.4MB

MD5
8e42a7675e2ce9730f36ee1e1b71c21c

SHA1
900a3986c0f3edd6fe726b57b8dadf4a6d204b57

SHA256
abeb92db614b2750084b361dce3169b72c314538e897255017b847f618bf2283

SHA512
21a0c5e0d9ee1088db62cda1ea971f9cd86064911a901924ecc0850c357c23852e08bb3d76c8e66974e45244910f566ceb6591a73862aaba4d46323201b5d40c

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll

Filesize
3.0MB

MD5
b0bd1b2c367441f420d9cc270cf7fab6

SHA1
bdd65767f9c8047125a86b66b5678d8d72a76911

SHA256
447bfc33e8f3bc3d661200891933fed1bb28c402d1063e6838f55096ec9833aa

SHA512
551becf8035964921fca26458e46cd32fadf1703e66724df5cc868447bb0b0c181f87eba1c3df1bece2a9a127aea78bcc2f00ad38ecd05d438119cd1a9ce8324

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll

Filesize
3.0MB

MD5
b0bd1b2c367441f420d9cc270cf7fab6

SHA1
bdd65767f9c8047125a86b66b5678d8d72a76911

SHA256
447bfc33e8f3bc3d661200891933fed1bb28c402d1063e6838f55096ec9833aa

SHA512
551becf8035964921fca26458e46cd32fadf1703e66724df5cc868447bb0b0c181f87eba1c3df1bece2a9a127aea78bcc2f00ad38ecd05d438119cd1a9ce8324

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll

Filesize
3.0MB

MD5
b0bd1b2c367441f420d9cc270cf7fab6

SHA1
bdd65767f9c8047125a86b66b5678d8d72a76911

SHA256
447bfc33e8f3bc3d661200891933fed1bb28c402d1063e6838f55096ec9833aa

SHA512
551becf8035964921fca26458e46cd32fadf1703e66724df5cc868447bb0b0c181f87eba1c3df1bece2a9a127aea78bcc2f00ad38ecd05d438119cd1a9ce8324

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll

Filesize
3.0MB

MD5
b0bd1b2c367441f420d9cc270cf7fab6

SHA1
bdd65767f9c8047125a86b66b5678d8d72a76911

SHA256
447bfc33e8f3bc3d661200891933fed1bb28c402d1063e6838f55096ec9833aa

SHA512
551becf8035964921fca26458e46cd32fadf1703e66724df5cc868447bb0b0c181f87eba1c3df1bece2a9a127aea78bcc2f00ad38ecd05d438119cd1a9ce8324

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.aux

Filesize
708B

MD5
688ac15ac387cbac93d705be85b08492

SHA1
a4fabce08bbe0fee991a8a1a8e8e62230f360ff2

SHA256
ce64b26c005cfc1bcf6ac0153f1dbcae07f25934eab3363ff05a72a754992470

SHA512
a756ea603d86a66b67163e3aa5d2325174a2748caf6b0eaa9f0600d42c297daa35aa5bfaf4962a1dedbae9437308d19571818cbd3e1542d7a7a26a4d20796074

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll

Filesize
3.0MB

MD5
3385fdacfda1fc77da651550a705936d

SHA1
207023bf3b3ff2c93e9368ba018d32bb11e47a8a

SHA256
44a217d721c0fb7de3f52123ace1eeaf62f48f40f55bd816bb32c422d0939eec

SHA512
bb8f38dc08b1983a5b5b1b6dac069364cec4f3a9a88fcf277cfdefac376a8c6207078938f064aacef1032f9a15cf9d21174aef4b94a89513fd65a2cfaaab5174

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll

Filesize
3.0MB

MD5
3385fdacfda1fc77da651550a705936d

SHA1
207023bf3b3ff2c93e9368ba018d32bb11e47a8a

SHA256
44a217d721c0fb7de3f52123ace1eeaf62f48f40f55bd816bb32c422d0939eec

SHA512
bb8f38dc08b1983a5b5b1b6dac069364cec4f3a9a88fcf277cfdefac376a8c6207078938f064aacef1032f9a15cf9d21174aef4b94a89513fd65a2cfaaab5174

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll

Filesize
3.0MB

MD5
3385fdacfda1fc77da651550a705936d

SHA1
207023bf3b3ff2c93e9368ba018d32bb11e47a8a

SHA256
44a217d721c0fb7de3f52123ace1eeaf62f48f40f55bd816bb32c422d0939eec

SHA512
bb8f38dc08b1983a5b5b1b6dac069364cec4f3a9a88fcf277cfdefac376a8c6207078938f064aacef1032f9a15cf9d21174aef4b94a89513fd65a2cfaaab5174

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\18271de25c06b49b2aaa391461de2df6\System.Deployment.ni.dll.aux

Filesize
1KB

MD5
b019b58a1fc23042c21fa5518b2c18d5

SHA1
a594de6ae6ef0a22c44a5cfacb8e35891f5e557b

SHA256
2014e4b8b8183db7940c5dbb1e27fbe3a3993d13b90c04f6286dbe17174e1a1e

SHA512
26f9e8ace5821ae91f8a72ad0df19b9dc45f2b6028421f0fbaa7e8de8c65651792bc75d475d8098dde8150440ce14201aa418c91b1c4ad172286f93716d23837

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\a4659c51384187894a071aa2b9d900e7\System.EnterpriseServices.ni.dll

Filesize
993KB

MD5
f9746e198135ad1434e8a4d7a61011d7

SHA1
380246326d619f4ab314dd5166630909633b6e71

SHA256
be1475efa60535392e503a89eee5f1f4eea59f9ea577505e81bbee89e7d05d77

SHA512
ba91cb2ddfc0f416444761e74580633a86453a7814d3b3c2dd81d61e4b2d24a8dee916a9870bc297aa4a3be7e03ccd3d3570908afc724548ac01314e7e5a5cea

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\a4659c51384187894a071aa2b9d900e7\System.EnterpriseServices.ni.dll

Filesize
993KB

MD5
f9746e198135ad1434e8a4d7a61011d7

SHA1
380246326d619f4ab314dd5166630909633b6e71

SHA256
be1475efa60535392e503a89eee5f1f4eea59f9ea577505e81bbee89e7d05d77

SHA512
ba91cb2ddfc0f416444761e74580633a86453a7814d3b3c2dd81d61e4b2d24a8dee916a9870bc297aa4a3be7e03ccd3d3570908afc724548ac01314e7e5a5cea

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\a4659c51384187894a071aa2b9d900e7\System.EnterpriseServices.ni.dll

Filesize
993KB

MD5
f9746e198135ad1434e8a4d7a61011d7

SHA1
380246326d619f4ab314dd5166630909633b6e71

SHA256
be1475efa60535392e503a89eee5f1f4eea59f9ea577505e81bbee89e7d05d77

SHA512
ba91cb2ddfc0f416444761e74580633a86453a7814d3b3c2dd81d61e4b2d24a8dee916a9870bc297aa4a3be7e03ccd3d3570908afc724548ac01314e7e5a5cea

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\a4659c51384187894a071aa2b9d900e7\System.EnterpriseServices.ni.dll.aux

Filesize
1KB

MD5
b1edfb0f90275e57d81bd749c5b36420

SHA1
b4be8552e2860fe1f29538fe33d3148eca9ce990

SHA256
125d12e8845191be13b0ba398c4e846f74ed90133c9c019818c58c3191e0a5c2

SHA512
4cb16ecf733a4d8ca6fc221517c36cf8093a8a79dc34998f5e1a3b40c587533f9a4bf0396b0dbf2a9e9ffcdc4fea7e8973583bd63ae67d08f3fb6836c84687eb

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll

Filesize
314KB

MD5
50b28be2b84f9dd1258a346525f8c2e5

SHA1
203abebaa5c22c9f6ac099d020711669e6655ed8

SHA256
6c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac

SHA512
d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll

Filesize
314KB

MD5
50b28be2b84f9dd1258a346525f8c2e5

SHA1
203abebaa5c22c9f6ac099d020711669e6655ed8

SHA256
6c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac

SHA512
d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll

Filesize
314KB

MD5
50b28be2b84f9dd1258a346525f8c2e5

SHA1
203abebaa5c22c9f6ac099d020711669e6655ed8

SHA256
6c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac

SHA512
d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll

Filesize
314KB

MD5
50b28be2b84f9dd1258a346525f8c2e5

SHA1
203abebaa5c22c9f6ac099d020711669e6655ed8

SHA256
6c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac

SHA512
d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll

Filesize
314KB

MD5
50b28be2b84f9dd1258a346525f8c2e5

SHA1
203abebaa5c22c9f6ac099d020711669e6655ed8

SHA256
6c51e5a928f227bb64a7eb9e48089bca5e9bbef0d0329b971ebbf918335ee1ac

SHA512
d5336827cdb202ab51583c32a45960ae43c56499dbe149ec0edb907f8f33e12800c7aa187a52a3c93e3f2ebcb677bed4e7e829e1df3fee05fe3fdc21948f571d

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll.aux

Filesize
300B

MD5
5052a26ae1334e99f9c993f0ac477f5b

SHA1
941e82d2397f79faf7707569927bb3dbea9ea34c

SHA256
ec432d36bb95dcdb1876836b09ba1829c03a83c9b53afbb195c6fa0d7d91375f

SHA512
eb5dce71049b099c5764fe449f529b5813aab3d86150331ae384c08973f0487f9a25e1f11498203baa0a093dc2961f6bb0f5d03a86ff9c39f050524c9d32ede2

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
345KB

MD5
35738b026183e92c1f7a6344cfa189fd

SHA1
ccc1510ef4a88a010087321b8af89f0c0c29b6d8

SHA256
4075d88d2ba1cff2a8ab9be66176045628d24cae370428e0128f8af3a77639fb

SHA512
ab7100c26f60ae30a84ba3de31ca96c530e86e052ffc997fd7fd3144e2049fc0d188a3d075a123b6f728dc882beee3d6a35a086d19d7dad4d385e101382fc436

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
345KB

MD5
35738b026183e92c1f7a6344cfa189fd

SHA1
ccc1510ef4a88a010087321b8af89f0c0c29b6d8

SHA256
4075d88d2ba1cff2a8ab9be66176045628d24cae370428e0128f8af3a77639fb

SHA512
ab7100c26f60ae30a84ba3de31ca96c530e86e052ffc997fd7fd3144e2049fc0d188a3d075a123b6f728dc882beee3d6a35a086d19d7dad4d385e101382fc436

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
345KB

MD5
35738b026183e92c1f7a6344cfa189fd

SHA1
ccc1510ef4a88a010087321b8af89f0c0c29b6d8

SHA256
4075d88d2ba1cff2a8ab9be66176045628d24cae370428e0128f8af3a77639fb

SHA512
ab7100c26f60ae30a84ba3de31ca96c530e86e052ffc997fd7fd3144e2049fc0d188a3d075a123b6f728dc882beee3d6a35a086d19d7dad4d385e101382fc436

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux

Filesize
644B

MD5
caba9e7248016ec410e8346b3cf4f51b

SHA1
f9e23982f25f1977b0f668090c92cedc783efc89

SHA256
638feb99f77dec41e6acd96a76d0b48bbd710a3c25df09d20e226730517c5149

SHA512
4577677bd631c76d33521a45de97f4d3e51badb6f859525f91f93abf8bdc86de9b1e27736636aaa5d1bbe677cc98b6d3aac93f873aaf6621fcf186c1274691e4

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll

Filesize
986KB

MD5
e4b53e736786edcfbfc70f87c5ef4aad

SHA1
62cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5

SHA256
9ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46

SHA512
42a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll

Filesize
986KB

MD5
e4b53e736786edcfbfc70f87c5ef4aad

SHA1
62cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5

SHA256
9ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46

SHA512
42a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll

Filesize
986KB

MD5
e4b53e736786edcfbfc70f87c5ef4aad

SHA1
62cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5

SHA256
9ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46

SHA512
42a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll

Filesize
986KB

MD5
e4b53e736786edcfbfc70f87c5ef4aad

SHA1
62cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5

SHA256
9ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46

SHA512
42a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll

Filesize
986KB

MD5
e4b53e736786edcfbfc70f87c5ef4aad

SHA1
62cdd43c2d1f8ae9b28c484344e3fb7135a4e4d5

SHA256
9ac6d5445caaacae6813243c787e8d67c974988acd1a4a5f564503fd36e91e46

SHA512
42a3b1cc0b805674f48a8d7891ab5ecae33d5a2205059317ca5441e7de52f26eabb32e79a3040d7aa0e0333b19f80d93d25e1faa1dfe5cfb0ea39efba5767fde

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\7355af105ad86679d6c9070a9b4dc0c3\System.Security.ni.dll.aux

Filesize
912B

MD5
255a843ca54e88fd16d2befcc1bafb7a

SHA1
aee7882de50a5cea1e4c2c2ddfaa4476f20a9be9

SHA256
8cd849585fe99e63f28b49f1dae2d1b47a406268dcc5a161e58331a6a3cba3ed

SHA512
666866c0d25d61dc04341cf95eb61969698cfafce232097e60cb0537ea2a35635e1e4986036e413fb51927187183aa2e64ecac7fbc26bac46998c0bd84f69e45

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\b7d3fce6d77b982cd4538b089805df8d\System.ServiceModel.Internals.ni.dll

Filesize
979KB

MD5
f867096b7d349af76728412feb1885af

SHA1
14d2cd438c2704e480c4d793fae6f9c4eee1ead9

SHA256
981aa78b0eeed437e94f2be357f2816919631277b6ac4593729d1a81d776fd7a

SHA512
a419df8204b029c0a2e0a7c547f2b7ee73dc7ad3aea91c490592a5e127986232c755fe83941fece13705ffc9723e084d3ef92692d6493f4028d88f5836d6edef

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\b7d3fce6d77b982cd4538b089805df8d\System.ServiceModel.Internals.ni.dll

Filesize
979KB

MD5
f867096b7d349af76728412feb1885af

SHA1
14d2cd438c2704e480c4d793fae6f9c4eee1ead9

SHA256
981aa78b0eeed437e94f2be357f2816919631277b6ac4593729d1a81d776fd7a

SHA512
a419df8204b029c0a2e0a7c547f2b7ee73dc7ad3aea91c490592a5e127986232c755fe83941fece13705ffc9723e084d3ef92692d6493f4028d88f5836d6edef

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\b7d3fce6d77b982cd4538b089805df8d\System.ServiceModel.Internals.ni.dll

Filesize
979KB

MD5
f867096b7d349af76728412feb1885af

SHA1
14d2cd438c2704e480c4d793fae6f9c4eee1ead9

SHA256
981aa78b0eeed437e94f2be357f2816919631277b6ac4593729d1a81d776fd7a

SHA512
a419df8204b029c0a2e0a7c547f2b7ee73dc7ad3aea91c490592a5e127986232c755fe83941fece13705ffc9723e084d3ef92692d6493f4028d88f5836d6edef

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\b7d3fce6d77b982cd4538b089805df8d\System.ServiceModel.Internals.ni.dll.aux

Filesize
592B

MD5
4d66b5a16886059c72f02695373b73fd

SHA1
67d9d961352b044ad141d3682154b61ef33a7a58

SHA256
865dabb09f0de89a3658227b2e16d285dc7338d2acab99d46963918d9b9667d2

SHA512
59da03ccc4be8351a22c4db76613f0ee9a268d4a22bfe8a88ba520d1173d3236d9a658a285e6496d9b778b1bfe2d97b77a3d18942963acc07b4a3bc4f254df91

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Telerik.Net8bf66678#\a58ff39c1803c8009577b8aa07f4401d\Telerik.NetworkConnections.ni.dll

Filesize
95KB

MD5
06c752fe567dd4366682cc47557ed4d3

SHA1
74c1f82a91fdd31c4892c5fcd62a0cbb5c4a91f3

SHA256
0353e43cee872188975775c1e2314fc5178febef54ac5b5a5561c6b6ce075d4a

SHA512
e60fb625ab1000eea1eea8bd8527e50e7c739d062f52b1513e057233ddfae0e0980dc1813b375731eec9b67002eeb83bcda567744dbf39531d7604fd83a65f2c

Download Submit
\??\pipe\LOCAL\crashpad_3964_RZZFRSMATZUUWYWJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1236-333-0x0000023C23610000-0x0000023C23632000-memory.dmp

Filesize
136KB

Download
memory/1236-269-0x0000023C09C70000-0x0000023C09C88000-memory.dmp

Filesize
96KB

Download
memory/1236-329-0x0000023C23490000-0x0000023C234E0000-memory.dmp

Filesize
320KB

Download
memory/1236-330-0x0000023C23770000-0x0000023C238F6000-memory.dmp

Filesize
1.5MB

Download
memory/1236-331-0x0000023C235E0000-0x0000023C23602000-memory.dmp

Filesize
136KB

Download
memory/1236-332-0x0000023C23900000-0x0000023C239B2000-memory.dmp

Filesize
712KB

Download
memory/1524-334-0x0000064488000000-0x000006448802B000-memory.dmp

Filesize
172KB

Download
memory/1612-992-0x0000000021AF0000-0x0000000021B16000-memory.dmp

Filesize
152KB

Download
memory/1612-994-0x0000000021510000-0x000000002151E000-memory.dmp

Filesize
56KB

Download
memory/1612-950-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1002-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-963-0x000000001D5B0000-0x000000001D5BC000-memory.dmp

Filesize
48KB

Download
memory/1612-965-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-967-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-970-0x0000000021340000-0x0000000021382000-memory.dmp

Filesize
264KB

Download
memory/1612-980-0x00000000213B0000-0x00000000213CA000-memory.dmp

Filesize
104KB

Download
memory/1612-971-0x0000000021310000-0x0000000021322000-memory.dmp

Filesize
72KB

Download
memory/1612-1005-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1004-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1011-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1014-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1013-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1020-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-973-0x0000000021540000-0x00000000216EE000-memory.dmp

Filesize
1.7MB

Download
memory/1612-997-0x0000000021520000-0x0000000021528000-memory.dmp

Filesize
32KB

Download
memory/1612-974-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-972-0x0000000021300000-0x0000000021310000-memory.dmp

Filesize
64KB

Download
memory/1612-996-0x0000000022260000-0x0000000022804000-memory.dmp

Filesize
5.6MB

Download
memory/1612-951-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-1080-0x00000000264F0000-0x0000000026C96000-memory.dmp

Filesize
7.6MB

Download
memory/1612-924-0x0000000000AC0000-0x0000000000C3E000-memory.dmp

Filesize
1.5MB

Download
memory/1612-928-0x000000001D460000-0x000000001D470000-memory.dmp

Filesize
64KB

Download
memory/1612-986-0x00000000214F0000-0x00000000214F8000-memory.dmp

Filesize
32KB

Download
memory/1612-990-0x0000000021500000-0x000000002150C000-memory.dmp

Filesize
48KB

Download
memory/1612-984-0x00000000214E0000-0x00000000214E8000-memory.dmp

Filesize
32KB

Download
memory/2196-379-0x0000064443EC0000-0x0000064443F11000-memory.dmp

Filesize
324KB

Download
memory/2232-237-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download
memory/2804-393-0x00007FFBDDB70000-0x00007FFBDDB71000-memory.dmp

Filesize
4KB

Download
memory/3440-337-0x00000644451A0000-0x00000644454A4000-memory.dmp

Filesize
3.0MB

Download
memory/4112-753-0x000006443CC40000-0x000006443CEF8000-memory.dmp

Filesize
2.7MB

Download
memory/4596-526-0x0000064445320000-0x000006444561E000-memory.dmp

Filesize
3.0MB

Download
memory/4916-409-0x0000064449A20000-0x0000064449B18000-memory.dmp

Filesize
992KB

Download
memory/4924-481-0x0000064449980000-0x00000644499D8000-memory.dmp

Filesize
352KB

Download
memory/4948-1657-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/4948-1656-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/4948-1583-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/4948-1183-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/4948-1182-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/4948-1180-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/4948-1181-0x000000001D470000-0x000000001D480000-memory.dmp

Filesize
64KB

Download
memory/5484-643-0x000002395DDB0000-0x000002395DDCA000-memory.dmp

Filesize
104KB

Download
memory/5484-563-0x000002395D950000-0x000002395DACE000-memory.dmp

Filesize
1.5MB

Download
memory/5484-565-0x000002395D890000-0x000002395D94A000-memory.dmp

Filesize
744KB

Download
memory/5484-568-0x000002395DBD0000-0x000002395DC46000-memory.dmp

Filesize
472KB

Download
memory/5484-570-0x0000023943C60000-0x0000023943C6C000-memory.dmp

Filesize
48KB

Download
memory/5484-572-0x000002395D7D0000-0x000002395D81A000-memory.dmp

Filesize
296KB

Download
memory/5484-574-0x0000023943C80000-0x0000023943C8C000-memory.dmp

Filesize
48KB

Download
memory/5484-576-0x000002395DD00000-0x000002395DDA8000-memory.dmp

Filesize
672KB

Download
memory/5484-580-0x000002395E2E0000-0x000002395E808000-memory.dmp

Filesize
5.2MB

Download
memory/5484-598-0x0000023943C90000-0x0000023943CA0000-memory.dmp

Filesize
64KB

Download
memory/5484-611-0x000002395D820000-0x000002395D85C000-memory.dmp

Filesize
240KB

Download
memory/5484-612-0x0000023944080000-0x0000023944092000-memory.dmp

Filesize
72KB

Download
memory/5484-613-0x000002395D860000-0x000002395D87E000-memory.dmp

Filesize
120KB

Download
memory/5484-614-0x000002395DC90000-0x000002395DCCA000-memory.dmp

Filesize
232KB

Download
memory/5484-616-0x000002395DC50000-0x000002395DC6C000-memory.dmp

Filesize
112KB

Download
memory/5484-620-0x000002395E810000-0x000002395ECDC000-memory.dmp

Filesize
4.8MB

Download
memory/5484-625-0x000002395DC70000-0x000002395DC82000-memory.dmp

Filesize
72KB

Download
memory/5484-626-0x000002395DCD0000-0x000002395DCF0000-memory.dmp

Filesize
128KB

Download
memory/5484-635-0x000002395DDF0000-0x000002395DE22000-memory.dmp

Filesize
200KB

Download
memory/5484-642-0x000002395DE80000-0x000002395DEC4000-memory.dmp

Filesize
272KB

Download
memory/5484-644-0x000002395E000000-0x000002395E122000-memory.dmp

Filesize
1.1MB

Download
memory/5484-645-0x000002395DDD0000-0x000002395DDF0000-memory.dmp

Filesize
128KB

Download

pid	process
4852	FiddlerSetup.exe
2232	SetupHelper
1612	Fiddler.exe
4948	Fiddler.exe
2728	FSE2.exe
1212	FSE2.exe