Overview
overview
9Static
static
3FiddlerSetup.exe
windows7-x64
4FiddlerSetup.exe
windows10-2004-x64
9$PLUGINSDI...up.exe
windows7-x64
3$PLUGINSDI...up.exe
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analytics.dll
windows7-x64
1Analytics.dll
windows10-2004-x64
1Be.Windows...ox.dll
windows7-x64
1Be.Windows...ox.dll
windows10-2004-x64
1EnableLoopback.exe
windows7-x64
1EnableLoopback.exe
windows10-2004-x64
5ExecAction.exe
windows7-x64
1ExecAction.exe
windows10-2004-x64
1FSE2.exe
windows7-x64
3FSE2.exe
windows10-2004-x64
3Fiddler.exe
windows7-x64
1Fiddler.exe
windows10-2004-x64
3ForceCPU.exe
windows7-x64
1ForceCPU.exe
windows10-2004-x64
1GA.Analyti...or.dll
windows7-x64
1GA.Analyti...or.dll
windows10-2004-x64
1ImportExpo...ts.dll
windows7-x64
1ImportExpo...ts.dll
windows10-2004-x64
1ImportExpo...rt.dll
windows7-x64
1ImportExpo...rt.dll
windows10-2004-x64
1Inspectors...on.dll
windows7-x64
1Inspectors...on.dll
windows10-2004-x64
1Inspectors...or.dll
windows7-x64
1Inspectors...or.dll
windows10-2004-x64
1Inspectors...es.dll
windows7-x64
1Inspectors...es.dll
windows10-2004-x64
1Analysis
-
max time kernel
17s -
max time network
82s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26-02-2024 18:30
Static task
static1
Behavioral task
behavioral1
Sample
FiddlerSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FiddlerSetup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Analytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Analytics.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Be.Windows.Forms.HexBox.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Be.Windows.Forms.HexBox.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
EnableLoopback.exe
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
EnableLoopback.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
ExecAction.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
ExecAction.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
FSE2.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
FSE2.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Fiddler.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
Fiddler.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
ForceCPU.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
ForceCPU.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
GA.Analytics.Monitor.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
GA.Analytics.Monitor.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
ImportExport/BasicFormats.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
ImportExport/BasicFormats.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
ImportExport/VSWebTestExport.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
ImportExport/VSWebTestExport.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Inspectors/QWhale.Common.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Inspectors/QWhale.Common.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Inspectors/QWhale.Editor.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Inspectors/QWhale.Editor.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Inspectors/QWhale.Syntax.Schemes.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Inspectors/QWhale.Syntax.Schemes.dll
Resource
win10v2004-20240226-en
General
-
Target
FiddlerSetup.exe
-
Size
6.3MB
-
MD5
77a80b10028f9c800c5cbb5a80fde929
-
SHA1
7e8a8ce83bba6bec7b62cca06ae7680ef5c5ddec
-
SHA256
207e1a39c74a03ae535ad04fe74bc435baa777ecefaec95abe78664cd2b34690
-
SHA512
883600cb4d5114cef47dba6d7fde929c02f0f4d2baafa9dbb746fccfee92ebb6bfb02602e64dfb2c93b773abfdf8b49ac780b0c02414107761dd66e6999480bc
-
SSDEEP
98304:mIouszMd5OYRxqFu5rMnb8ELGUHjvYEarhIPAT99taafHOwRcxzv77Nd6fKnCKbX:FqzMSx3oohYTXt5WwREv77cKCKkBbYOY
Malware Config
Signatures
-
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Modifies Windows Firewall 2 TTPs 2 IoCs
Processes:
netsh.exenetsh.exepid process 2332 netsh.exe 4440 netsh.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
FiddlerSetup.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation FiddlerSetup.exe -
Executes dropped EXE 2 IoCs
Processes:
FiddlerSetup.exeSetupHelperpid process 2964 FiddlerSetup.exe 2248 SetupHelper -
Loads dropped DLL 1 IoCs
Processes:
FiddlerSetup.exepid process 2964 FiddlerSetup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\nsp53BE.tmp\FiddlerSetup.exe nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\nsp53BE.tmp\FiddlerSetup.exe nsis_installer_2 -
Processes:
FiddlerSetup.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION FiddlerSetup.exe Set value (int) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "0" FiddlerSetup.exe Set value (int) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "9999" FiddlerSetup.exe -
Modifies registry class 15 IoCs
Processes:
FiddlerSetup.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Content Type = "application/vnd.telerik-fiddler.SessionArchive" FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\DefaultIcon FiddlerSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\ = "Fiddler Session Archive" FiddlerSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\PerceivedType = "compressed" FiddlerSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\SAZ.ico" FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command FiddlerSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -viewer \"%1\"" FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\.saz FiddlerSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\.saz\ = "Fiddler.ArchiveZip" FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip FiddlerSetup.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell\Open FiddlerSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -noattach \"%1\"" FiddlerSetup.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
FiddlerSetup.exeFiddlerSetup.exedescription pid process target process PID 216 wrote to memory of 2964 216 FiddlerSetup.exe FiddlerSetup.exe PID 216 wrote to memory of 2964 216 FiddlerSetup.exe FiddlerSetup.exe PID 216 wrote to memory of 2964 216 FiddlerSetup.exe FiddlerSetup.exe PID 2964 wrote to memory of 2332 2964 FiddlerSetup.exe netsh.exe PID 2964 wrote to memory of 2332 2964 FiddlerSetup.exe netsh.exe PID 2964 wrote to memory of 2332 2964 FiddlerSetup.exe netsh.exe PID 2964 wrote to memory of 4440 2964 FiddlerSetup.exe netsh.exe PID 2964 wrote to memory of 4440 2964 FiddlerSetup.exe netsh.exe PID 2964 wrote to memory of 4440 2964 FiddlerSetup.exe netsh.exe PID 2964 wrote to memory of 4868 2964 FiddlerSetup.exe ngen.exe PID 2964 wrote to memory of 4868 2964 FiddlerSetup.exe ngen.exe PID 2964 wrote to memory of 1228 2964 FiddlerSetup.exe ngen.exe PID 2964 wrote to memory of 1228 2964 FiddlerSetup.exe ngen.exe PID 2964 wrote to memory of 2248 2964 FiddlerSetup.exe SetupHelper PID 2964 wrote to memory of 2248 2964 FiddlerSetup.exe SetupHelper
Processes
-
C:\Users\Admin\AppData\Local\Temp\FiddlerSetup.exe"C:\Users\Admin\AppData\Local\Temp\FiddlerSetup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nsp53BE.tmp\FiddlerSetup.exe"C:\Users\Admin\AppData\Local\Temp\nsp53BE.tmp\FiddlerSetup.exe" /D=2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"3⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"3⤵
- Modifies Windows Firewall
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 1c8 -Pipe 16c -Comment "NGen Worker Process"4⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 0 -NGENProcess 1e0 -Pipe 1cc -Comment "NGen Worker Process"4⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 28c -Pipe 29c -Comment "NGen Worker Process"4⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2a8 -Comment "NGen Worker Process"4⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1e0 -InterruptEvent 0 -NGENProcess 2ac -Pipe 2c4 -Comment "NGen Worker Process"4⤵
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper"C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc18ba46f8,0x7ffc18ba4708,0x7ffc18ba47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16009504584057836832,13120655218750670654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16009504584057836832,13120655218750670654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16009504584057836832,13120655218750670654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16009504584057836832,13120655218750670654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16009504584057836832,13120655218750670654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16009504584057836832,13120655218750670654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:14⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD541558b90d1b687f0246309afeb13e867
SHA1aa9697f4fa2e196a47fbd1d68bb74db73b4a54f4
SHA25675ba4e26c32d05ba9315c1492348c08a93669e7f06090a1c8108205b3b5e1f2e
SHA5128891c6458fd4a8227d90854551a77bb39e5ff6ac609418cb1430a3fa910fd190e48afce7a9805ed7c218e4b9137ec564724341af038b7ad1efc33aa88f63a2a1
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exeFilesize
87KB
MD513072c3b2a5a405b32a60d8cf1631bbc
SHA16996ab027fe913cccb9f8e26ad0e9491d4a609b1
SHA256f8ed4cb272e52b7ef2b1c2672dbc6ace9f3ef752a38ce535265cfab891c9cbff
SHA512337311e0b2c0a22b749930f7212b5040d27c2b997404dc8cecfbbf89c86f2f5d5077d6157090078a8421acaa23850b24f963ba1b984b0600e9b80505bdb125c5
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dllFilesize
192KB
MD5ac80e3ca5ec3ed77ef7f1a5648fd605a
SHA1593077c0d921df0819d48b627d4a140967a6b9e0
SHA25693b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
SHA5123ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dllFilesize
816KB
MD5eaa268802c633f27fcfc90fd0f986e10
SHA121f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
SHA256fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
SHA512c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dllFilesize
228KB
MD53be64186e6e8ad19dc3559ee3c307070
SHA12f9e70e04189f6c736a3b9d0642f46208c60380a
SHA25679a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
SHA5127d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78
-
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelperFilesize
23KB
MD5103e70888d3168b462da35876f150add
SHA10cadf863c5650da80f44f82dbf05a51cb7183cc0
SHA256a942a48680eae2a6641c41d4ade9cc947dc02678d76f8fd81a6cece64260a2d2
SHA512ff3f882ad05b3f988bf4f2a1fd3573e0a3f793a606f12f2cb5992bb47e16d2e93840d791f3d495b3cda9abce93b0f0110d296da346663c4db8b55f90a16b00d9
-
C:\Users\Admin\AppData\Local\Temp\nsk9230.tmp\System.dllFilesize
11KB
MD5b8992e497d57001ddf100f9c397fcef5
SHA1e26ddf101a2ec5027975d2909306457c6f61cfbd
SHA25698bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
SHA5128823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
-
C:\Users\Admin\AppData\Local\Temp\nsp53BE.tmp\FiddlerSetup.exeFilesize
3.1MB
MD57e3090e237b9f252efc88d097f71ed47
SHA18a1cae86f421c4c74f7f543609826cfc472e5fa8
SHA25691547aa10f5b4d1be95c7bfa289499ded2b65d1070ec6fce0208e61771df5318
SHA512378d29ca00b73ff5b729d6bc39e63b61f833f7baad9d806db77ee7acab993b3b567f7e533aae2178bf8a9391bc8d205aadd72d75a29a71c0f2827196ff040afa
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\de63264ccb25432b0b7b719d4fbddebe\EnableLoopback.ni.exeFilesize
161KB
MD55c71cad12b659c914d9252b83c29ef25
SHA1a23c5057436718a7db757841c8fd020ff370cf60
SHA25686c9af4194ee1b59d536abb269838f9a813321428bd0c46e0b7354f9465cf6b9
SHA5127866d07b9f4546b29635d7117b04542735223fd6760724f7f7821eaee48c97bb4fc44a61528e937e56a7c8c710b866657753ad6eeefecfccbdc00b84ee1e0c26
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dllFilesize
1.1MB
MD54032f5a5ae76780c25c657bc5e24cf5a
SHA11cf25b940925b7ea86ad5ef89c6dc9aafc2a06ac
SHA256517c6ef7deaf64bde83307ac49c801c5f6c118ac53ee6db72f51cd25c2dae638
SHA5129a55bd2278603ad0c6cac4bcecffcf7620086a4351a7722fc276a1812ab829f178336636c97d04d06c4da68a02061bc76d82eb73fea04c8979b2fd1da37c8fca
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dllFilesize
64KB
MD54115ed781acbba897670821c6989c209
SHA19fff02623557f80128da311e6db7af72af51c0ec
SHA256ec9f00da3c9e3fd7790fb30f863f659c19190da3de1c10fbe46b393a322d7cbb
SHA51227bf9964702fba97cec06f5bfe692f49ff15aa099263c8ec10eb70a341f7447f71bca729da79d2676a2662028ce074217e2a54b466bd8f029c290cf0a3027567
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.auxFilesize
708B
MD5688ac15ac387cbac93d705be85b08492
SHA1a4fabce08bbe0fee991a8a1a8e8e62230f360ff2
SHA256ce64b26c005cfc1bcf6ac0153f1dbcae07f25934eab3363ff05a72a754992470
SHA512a756ea603d86a66b67163e3aa5d2325174a2748caf6b0eaa9f0600d42c297daa35aa5bfaf4962a1dedbae9437308d19571818cbd3e1542d7a7a26a4d20796074
-
\??\pipe\LOCAL\crashpad_788_DARDDGUXVEDPRTYGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1924-252-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/1924-214-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/1924-215-0x0000064488000000-0x000006448802B000-memory.dmpFilesize
172KB
-
memory/2248-106-0x00000000002B0000-0x00000000002B8000-memory.dmpFilesize
32KB
-
memory/2248-198-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/2640-203-0x000001E37D790000-0x000001E37D916000-memory.dmpFilesize
1.5MB
-
memory/2640-200-0x000001E3636E0000-0x000001E3636F8000-memory.dmpFilesize
96KB
-
memory/2640-206-0x000001E365390000-0x000001E3653B2000-memory.dmpFilesize
136KB
-
memory/2640-204-0x000001E3652F0000-0x000001E365312000-memory.dmpFilesize
136KB
-
memory/2640-208-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/2640-202-0x000001E365340000-0x000001E365390000-memory.dmpFilesize
320KB
-
memory/2640-201-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/2640-205-0x000001E37D6C0000-0x000001E37D772000-memory.dmpFilesize
712KB
-
memory/3284-263-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/3284-268-0x0000064449A20000-0x0000064449B18000-memory.dmpFilesize
992KB
-
memory/3452-269-0x0000064443EC0000-0x0000064443F11000-memory.dmpFilesize
324KB
-
memory/3452-272-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/4196-216-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB
-
memory/4196-231-0x00000644451A0000-0x00000644454A4000-memory.dmpFilesize
3.0MB
-
memory/4196-267-0x00007FFC1D6B0000-0x00007FFC1E171000-memory.dmpFilesize
10.8MB