zgrat | hxxp://bit[.]ly/3wsN0fA

Analysis

max time kernel
578s
max time network
560s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10-05-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bit.ly/3wsN0fA

Score

10^/10

zgrat discovery evasion rat

Malware Config

Signatures

Detect ZGRat V1 3 IoCs

resource	yara_rule
behavioral1/files/0x000100000002aab8-779.dat	family_zgrat_v1
behavioral1/memory/3144-780-0x00000239F1990000-0x00000239F1D12000-memory.dmp	family_zgrat_v1
behavioral1/memory/5224-1386-0x0000021C10FC0000-0x0000021C11342000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
evasion

Software Discovery
T1518
Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2084	netsh.exe
3512	netsh.exe

Executes dropped EXE 6 IoCs

pid	Process
1388	FiddlerSetup.5.0.20242.10753-latest.exe
4844	FiddlerSetup.exe
4324	SetupHelper
5224	Fiddler.exe
1352	Fiddler.exe
5624	Fiddler.exe

Loads dropped DLL 26 IoCs

pid	Process
4844	FiddlerSetup.exe
3636	mscorsvw.exe
4668	mscorsvw.exe
4668	mscorsvw.exe
2644	mscorsvw.exe
3016	mscorsvw.exe
4660	mscorsvw.exe
3016	mscorsvw.exe
3356	mscorsvw.exe
3636	mscorsvw.exe
1452	mscorsvw.exe
1452	mscorsvw.exe
1452	mscorsvw.exe
5140	mscorsvw.exe
5588	mscorsvw.exe
3608	mscorsvw.exe
2564	mscorsvw.exe
5148	mscorsvw.exe
2564	mscorsvw.exe
5720	mscorsvw.exe
5224	Fiddler.exe
5224	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
5624	Fiddler.exe
5624	Fiddler.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 37 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bc8-0\System.Deployment.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\349GZ4DW8D\System.Runtime.Serialization.Formatters.Soap.ni.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\349GZ4DW8D\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\IPK1NMIQ4U\System.Numerics.ni.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\408E86XCRE\System.Data.SqlXml.ni.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d1c-0\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\b5497fca4e4478881056c95fd8c01ee6\System.Web.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\UODRPK6V4J\System.Deployment.ni.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\ZAM8J2GLQL\System.Security.ni.dll.aux	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e18-0\System.Numerics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5ac-0\System.Web.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\141c-0\System.Data.SqlXml.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1658-0\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\3ZOMB2KNKJ\Microsoft.JScript.ni.dll.aux	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\UODRPK6V4J\System.Deployment.ni.dll.aux	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1414-0\EnableLoopback.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a54-0\System.Numerics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4345ad0cb22fa57a9281f1b35b0ca60f\Microsoft.JScript.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\IPK1NMIQ4U\System.Numerics.ni.dll.aux	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\EnableLoopback\b4fd8641bb8d4c4eb8a5dd96c5088073\EnableLoopback.ni.exe.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a04-0\System.Deployment.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e34-0\System.Data.SqlXml.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\123c-0\System.Security.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\15d4-0\System.Security.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\3ZOMB2KNKJ\Microsoft.JScript.ni.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\ZAM8J2GLQL\System.Security.ni.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\temp\408E86XCRE\System.Data.SqlXml.ni.dll.aux	mscorsvw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	FiddlerSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "0"	FiddlerSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fiddler.exe = "9999"	FiddlerSetup.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598309129687051"	chrome.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\ = "Fiddler Session Archive"	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\PerceivedType = "compressed"	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -viewer \"%1\""	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\.saz	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\.saz\ = "Fiddler.ArchiveZip"	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Content Type = "application/vnd.telerik-fiddler.SessionArchive"	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell\Open	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\DefaultIcon	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\Fiddler.exe\" -noattach \"%1\""	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer	FiddlerSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Fiddler\\SAZ.ico"	FiddlerSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Fiddler.ArchiveZip\Shell\Open &in Viewer\command	FiddlerSetup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nova-Decompiler.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\FiddlerSetup.5.0.20242.10753-latest.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
3864	chrome.exe
3864	chrome.exe
4844	FiddlerSetup.exe
4844	FiddlerSetup.exe
1184	msedge.exe
1184	msedge.exe
2604	msedge.exe
2604	msedge.exe
3920	msedge.exe
3920	msedge.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
5224	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
4032	chrome.exe
4032	chrome.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
5668	msedge.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
5240	MiniSearchHost.exe
5224	Fiddler.exe
5224	Fiddler.exe
1352	Fiddler.exe
1352	Fiddler.exe
5624	Fiddler.exe
5624	Fiddler.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4904	4032	chrome.exe	81
PID 4032 wrote to memory of 4904	4032	chrome.exe	81
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 724	4032	chrome.exe	82
PID 4032 wrote to memory of 1516	4032	chrome.exe	83
PID 4032 wrote to memory of 1516	4032	chrome.exe	83
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84
PID 4032 wrote to memory of 1216	4032	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bit.ly/3wsN0fA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1159ab58,0x7ffe1159ab68,0x7ffe1159ab78
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:2
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5068 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5376 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4856 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5712 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5912 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5140 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2316 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5716 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2316 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Users\Admin\Downloads\FiddlerSetup.5.0.20242.10753-latest.exe
  "C:\Users\Admin\Downloads\FiddlerSetup.5.0.20242.10753-latest.exe"
  2⤵
  - Executes dropped EXE
  PID:1388
- - C:\Users\Admin\AppData\Local\Temp\nseD17.tmp\FiddlerSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\nseD17.tmp\FiddlerSetup.exe" /D=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4844
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="FiddlerProxy"
      4⤵
      Modifies Windows Firewall
      PID:3512
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="FiddlerProxy" program="C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe" action=allow profile=any dir=in edge=deferuser protocol=tcp description="Permit inbound connections to Fiddler"
      4⤵
      Modifies Windows Firewall
      PID:2084
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
      4⤵
      PID:2796
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 0 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"
        5⤵
        
        PID:3144
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process"
        5⤵
        
        PID:3392
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3636
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 284 -Pipe 288 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:4668
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ac -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2bc -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2644
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 0 -NGENProcess 27c -Pipe 2b4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3016
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 0 -NGENProcess 2ac -Pipe 2d4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        
        PID:4660
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 2c4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3356
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2fc -Pipe 298 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3636
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 320 -Pipe 304 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1452
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 2f8 -Pipe 330 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:5996
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 294 -Pipe 2f8 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:6032
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 304 -Pipe 2fc -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:6072
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 31c -Pipe 27c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:6132
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a8 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 310 -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:3044
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 30c -Comment "NGen Worker Process"
        5⤵
        Drops file in Windows directory
        
        PID:2372
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Users\Admin\AppData\Local\Programs\Fiddler\EnableLoopback.exe"
      4⤵
      PID:3960
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1f4 -InterruptEvent 0 -NGENProcess 1e4 -Pipe 1f0 -Comment "NGen Worker Process"
        5⤵
        
        PID:652
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 27c -Pipe 298 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5140
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 2ac -Pipe 2bc -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5148
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2b0 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5588
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 0 -NGENProcess 288 -Pipe 2d8 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3608
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2ec -Pipe 27c -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2564
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 2e4 -Comment "NGen Worker Process"
        5⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper
      "C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper" /a "C:\Users\Admin\AppData\Local\Programs\Fiddler"
      4⤵
      Executes dropped EXE
      PID:4324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Fiddler2FirstRun
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdf80d3cb8,0x7ffdf80d3cc8,0x7ffdf80d3cd8
        5⤵
        
        PID:1456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
        5⤵
        
        PID:2320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
        5⤵
        
        PID:4412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
        5⤵
        
        PID:3480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
        5⤵
        
        PID:4804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
        5⤵
        
        PID:1164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1648,5443412464590979173,3933533489908386424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2972 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4188 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6156 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6332 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6460 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5556 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4936 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5828 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=2704 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6616 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5780 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6456 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4896 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4128 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=1468 --field-trial-handle=1800,i,15668633434525591611,4843394494477233362,131072 /prefetch:1
  2⤵
  PID:5736

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5240

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5224

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4860

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fiddler2.com/r/?Win8EL
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:5668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf80d3cb8,0x7ffdf80d3cc8,0x7ffdf80d3cd8
    3⤵
    PID:5600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:4180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 /prefetch:8
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2907003443151483667,13495149060966725854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
    3⤵
    PID:5988

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
"C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5624

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
58KB

MD5
188496839a8ec880e8955e85b5d98e48

SHA1
63c0f3876ad72a170ba618ad765132048acb970e

SHA256
875394931d73230a8688b89796970d4513c45bffad839b5e448ad48c9a3285e3

SHA512
8288040c3a97cca7528ae5ecbd6fc73ec389a492ecdb7443979297f50e324e86220b8beeb2ada80cd836cdf32046d2199afb4d81d3a62078559335cc0b1be162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
50KB

MD5
525b799518e7fb06461f7e20d84d353a

SHA1
659f599f48bbff00a6c384e7e281aa9f1d6fe78c

SHA256
6377573e78a6354a5d0ef20f83a82f1a2a7819cc41f076fa2eb0b39bb82a4cda

SHA512
f0250ff19e252bd4d1f1de0baaccb1cea3903c04ba1a4d81e042d52822fb51c91ad0f6a4c677e36e77cf4db30c86fd9027e2957f18b9a5aa8d55368574263150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
181KB

MD5
0d51b2936078c4d8df8a819350a6d630

SHA1
10b7a6441c144fce6b8ae1657db30d5c1c2e282e

SHA256
40b131c0d0f7e5242c7fd5adceb82a1e0f068a696f082ffa1bbd202e9d46c519

SHA512
b540465bf4e87d7cbd2191719b30c36ea1a4c7caa63a5fe57903961c96b6a0eb676059a12f4c231a10748b7cba3c8b33415410ab5b29f927bff2f6f533b4c1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
104KB

MD5
7a483288e82f48f8cdcdcc975544b5d5

SHA1
595824817ad3b180cf0500ba4e2cee0f28d43da7

SHA256
d2dec720512133d14bfe30b6327f55fec8d64a171f7c0156edf1ef1e4f5b9404

SHA512
cfb70f3ba88f84a8fb9631af70ce8ebe3f4316c002dc822a4eb821610e377939c0675e75526d8b3fc370a375d78b96600927d4d002f0c89c67b6b83bb93e1c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
41KB

MD5
ddc9f5dede068c5bb375b24839845592

SHA1
e54c02cf673cb2929d75876d559fceba65454afc

SHA256
a8ce7ca09c32523d3c0bc43ed3df8a6d20523ae55b1c8e7228b3ec3be6682ab0

SHA512
b0c806d8c03e6f27235be923f5a4482e3d04bbd2628b28f90c6865c692eaf57cf0d74ce27ed59bd8c75547062e480286164fa0508787e7edb8a8f61a519cc6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
37KB

MD5
414f8edb9e260a3d1667fcd484f0ba91

SHA1
d581cd22ed05a76d0ec885253e5c52e37ca62ca9

SHA256
9f008949167fc0481e6bf59fbcf63e9f8c5a8a1943f43cef7757344f32d63d44

SHA512
9ad5b16085b1812f65bacc3159fc0b7c137f13ea61df61aa2d356c886ab9fe2c720523cb6dfcdb8debeacd38a6c1350e1e147a33a27d550e35d8d06fb858b4ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
42KB

MD5
f385d36b9efbc3119ccda595f2151ced

SHA1
907fdf1c12b836ddd7aaa3798ae796347ace1ec0

SHA256
581fc7a99860118a3506c205db25279828889f9f3e00f862065695029b0a9373

SHA512
dc2d9f53c9bca3a1587728d9bff752c9b6c8c7fd67cf39c150cd0b0f1d537333bf61b9bd0b77833bb4292f1758e7e1b404ddf3eb1a31f9b6ac5bdd1c67b1c69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
38612064ca9e971d13afe548b898422d

SHA1
70ea42c3270bc1b6e64bfc339525cbb8e216ee97

SHA256
e0ff5c36e221cfdd211b89ccbed90ed0ae5326b935d129f82dc542913e50060b

SHA512
82f7d67a953e83da9a45e5f8db7cd0f2ebc220013fcba986d9a426ce4a057d3f1b6ffc2fc388c57602933e4f1dd223340342e16934993b6d376dd51b06ea9a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a6d1da4e1474f50664ef06af8c2098e6

SHA1
488a351f06546ba73a7e0e1a1a6e4d4c76b11c42

SHA256
067535c0689d55a56dfacb532b21e6cd04ba7e6527ab9e2ec07759db31d559f4

SHA512
f420fe68db4f237b4711cdfd0b7a9b836a0b89bdfa50284fd1299ad31a3ca3e1fae560318268ec870a34fa0e0c9dd95f8d1c21ccc0a4be0c1ef8f8e8fe4b111f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b69571b18018b45fee8150bee2a645b4

SHA1
fccdfebeeea522a4fd8fb63fe26e47e12a9e4587

SHA256
517b0f64e2345c5b16650a34ece03e6b37192dc654e2cd16f18493b6e49cb2a2

SHA512
4a3d7a8e98b89a41ac689db912420b700f79950ae0dbdc5ed94dedf43d9d7ec0e93a7de0709d23907c6a5d1aa8e389106a1fe2444b021343e773eef76ac6e5ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\723db3e2-042b-48eb-9842-dc31ca41b8d1.tmp

Filesize
2KB

MD5
9695af4af66a1cbcc5c43a80655eb678

SHA1
e272de8c9aeb80cef6fb7f85c91076b122b9a2d0

SHA256
536c0b1b9c5f502fef2843191cbca6c84179840f04aeef7ad48a7c5e19691a26

SHA512
b9b390b9fced5349ad9eb29fef04b0a7ba7d933222b704c48ecd7e8b84f842db99ffae8c6255601f68291005693a9d41bcfd6c6d0eabfcc555d35aca0fe2bb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\87979105-4081-40fe-a246-4f65cb0a4e7d.tmp

Filesize
1KB

MD5
12789d20dceb16956427dd05b5c1be2d

SHA1
79f2c1db38a1229b731e55308fc19e9b8b461e51

SHA256
487cce3684f584e57057b733692af3fbbdbc19c755224a1639bba7eb3c545503

SHA512
3a821511c102159acd5c10cafef47bd226b5e3e7aa66344bfef151bba16e36c98de890894006a24f4124fce66c72c47ce7a1b39970cf2959ed16bcd2cb238e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d73362b356c40f80066b2efa31199d37

SHA1
ab1c358e3b84c6b447157343c68e838f48bcaee2

SHA256
f36c87b30571fb7a27252b2bcca01930ab7663f55e219d5324a068bc52d86220

SHA512
0c730cb9fd75b66282568435cbca4ec7fdb509a56fb7bb909a2b7835b9cf0da72c3117584e7f90b2227ce48d99eef089d9436f54e8566fa489e70e0e014c4e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
380167b93eeac22f29d5b3494aee39d0

SHA1
9600817478903748dca4adf12f00a4e3e83bfaac

SHA256
ed86d43636c2f52035184cf3759e0f69f637079e7991dccb6d7b2cdff93599c6

SHA512
a3ff2834e5b4201198c07a1005c0a083d111291d41ae50cf3987fe66771f2cb37916c493e1af7b90fadf7aa1d2d75da8c2a1deb6277638a70bf7de4e4401df35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
796d4eeb1e3c1229b4e9a18af36662bb

SHA1
eb2b5e775f50dce1ce31607707f4de6b8c287dc1

SHA256
539d9c4e15c1916672b00b0ba7b578f6680f73365304b84d6c702054bef3b6c1

SHA512
4cc0943280b01e0b867ce737b03d62f3fc3df88eb2adc70a31f480ed04db3f7ddbf5c9e422d73e08a61808361a56aab9d8e64f80ed5d3dd7b4899272e19a7d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
619831857928c66f699e62c586e96408

SHA1
94c452cb970d467cd2baba8ecf44a92acd55c312

SHA256
907eab036bed2971d1a82b5d466873812a72c24595c1bd9739819d24786b4264

SHA512
a3be80835fd3148899ff3cf33539c04da96e89a3bfd221a6941993a059959c2920d73d6faa71e6d718db5608b9c63d80dcb22c5d8d314077a1bf417eace9e844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b110a37a110cc28496c51e7c6b04a976

SHA1
e62b2d4e7069e8d536291e2b1c4b61d30a28532b

SHA256
1386279aae7d6b12fde58ae99d16b257c6ddfd97e4f8e7e7ac9014047622fb9b

SHA512
39a65017af7f6bf44737951f2814bd0ff3a2e9599555d1e04c841c260fbf394f797701d5495e410fc6ae32d26ccc6a48a63f436b86757850d5fc005696d38e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b8342560b1fc75ab3e76d199d0286840

SHA1
e23fc1cc05bb99401c3e8da05ca4b4622c3ed9f7

SHA256
309dd1433f91b7749c9acfb6814c580812f81ee891e07fc987516e1befec1639

SHA512
efbe623183c1d78c751b98368166c2e36778c194d574a9819dc0a342feac8b5757b939ab257c2cd0ae1088e533436c37338981903cadccc79f719e949a15c90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3e1f833e496d5fc0f2fdf765662eea6a

SHA1
894335163b0e5419db8ec342a93f55a724ce4d4b

SHA256
7872d17664be8613a2cd53f362345ec2dc4d57946375be05d7024f97c1031934

SHA512
d38fa49b7e2e19a3af0ac8ee1958bb4a14e7cff65a2e0094040994f274a7543c050bef7add74c814dba864d9fbbe1bfdf509b0933a486425d32aaa7cf00109b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9dd1f583e08abc8774e5547fcbbf80be

SHA1
a02ecc223a4077e2413120f216c879d8949a3938

SHA256
52282bbdbf175e29ed485df5d07ec1a8fea57d2bf272019812ad01237035346e

SHA512
ff139269584e1e1f1dc1f7af0c43978ceb0060786e01306e86bcaa0652655f590a9bcfb0081e5860c53545f94893e6713b96483db20a035864c30ff575c052f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8ab622e773fd14425b5c02fa7abf1e4b

SHA1
b423086087c7d8be9f6055e864b304a6845e7874

SHA256
90a568fe90d47ed605a29d3deb75fb8f155af2014b4f318d2a87fa57941de93b

SHA512
f746ee69b7a0dda09ac44849a9530117801148930e94f9697270efe46b0c67d58058099d1986f3c28e3b4b73b9255971db4106f2921a9f8d68e4608d7e411566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ba094115b9193ef9e36fa7e2237228b7

SHA1
583a6132a9f49813991c1bde17450bbc41436e2b

SHA256
082ef21a36cba159d8976debd3eb90333d23b2a5a7cd8a7222d4c161bf1c4b7d

SHA512
e1235fc9f23b71ed8167155beac3dbc4ee505a5e7ddd3bf874dc92ca04b2521c8fb7c8a6dfe66efed78d0fc426a26b5e3d8c9ee8187b1a0e65f87f72ca171317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
28838df1c14613d4829dcc95ff9fc429

SHA1
b0a1414efe0c6b1869c5c874c2c22508ae25b5fb

SHA256
93b8e76212fd1565898202ea88f8c078b41c07710dfa6f640c174d05bc095d9a

SHA512
580d969d41e679075de19b91af51bddc7e303627c95aba193c6d7599e2e8a4fceb65d8f8f3aecd5e16379d5026eed5a83ec8c9df5e66815aac4026b8c531268d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1fc80f495e02f7388925df2072045d76

SHA1
0837f8248c28989a321be142c56fc9f4e88d79cc

SHA256
d101a12dc2b806f53a9aabf9dbf3ee8575c6532fd192e39151953200ef9be2b7

SHA512
12e804261d2a64646b67b768aad0ba8d2cb0393a99c44efd2b8e8a387fdd158321debce9bee9449e09912bb7fc68a06414dadff978baf71fb5d0ac9b1d339d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7b12243f740bc636f5603e170096bb4d

SHA1
22773cb900f9c668b0057159e049b918b82ae26a

SHA256
61627f340d54aa45f35216baa81d939c2aad6f1937da9c5e3b8119cbeb9287c3

SHA512
a3acdc53e3f33ff0b2bea85a7288209a6f40a8045934d4821c88256120968391bfb43f121890a3a7cdc980128099ea8194d9d48e32aeecaa306016c812225546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
49dceaf54560bd577da4452ead4ce915

SHA1
b14933c024eee0dd781c9ddd383d3f8b907e7313

SHA256
253df2a98d4e831387cf92abed27046753b3077682fb36c4c498138d342cd01d

SHA512
f2a32fd3a414b14615e8b91cd4c648704b33abf64ad170c2f68762e12495dc1fe45542daedef64e900af50f8bc49c0f83547f3481708a079923a5a7c06e66e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab4aaf955068e9822dded6182fef9296

SHA1
8bebdf5f5f84730349d01e888e7de2484be8037d

SHA256
6acc0b384556c82da7264be380e2473b3cc31be4050539b2a68ddfba41dcbf43

SHA512
43b92ff5a4db1c4fc4dd325d7076207f227092e6b5b2f4324dccf7f286b37fde6c48376e4f16e60dee746270158ce6ae4bcde52899ecf1364f196b3fe2dcab5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
41ebd56bcbe4a9770b43a76c1685c187

SHA1
747c270045aef8a9d3c53456eab18d5396dcc66c

SHA256
cf654ab098f7be4b9b63cbd77275cb3b0d461ee1270c14b93012bd3bdb89fcb4

SHA512
15828e6598f4a05cbd42f8e71b6c57bf75f3d328102a8c2388e94be62f30e77de652219c04d2c7c9e7299cb06cac25d1121ace656cfecc04574cd0341c8a72c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c0e667675e87efebdeb4f68d8edb2452

SHA1
d86ba814277b2e3cd3e2d928f409af906dd9603d

SHA256
cd1076a668034c57947929851bdf2e78e0e93625ac81462039d116c23358e726

SHA512
ea982c7b8d1b36da5898fad994532b5e9f2ab82458d2d94d2400ea6f5cb7b0b207d923578f7504403d5c0d0f3eff909291689a6d4c3324081bcd3b37238e2f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c9c81085f20432b1cd2fc6b4cf02049e

SHA1
a8133232c3e44dbc60b3fa7f258f92366518f3d7

SHA256
52f81fd4e81fbb8a47b0dadb7fcdf122e0fabf69427c4ae2911490055632b0c2

SHA512
f06dfaa258b0e21291ce5a78ce0666aed210eaffbbb9f015fa28634af9888eab81cc6bc41cd5908be021a3ee3df0055933971fb1d8aa43cfedffa1bdd2b3da13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
abd0e6883438925214300d3fef30251f

SHA1
ecd15474c1fe78cfd4b1b720d2017287d54cd83c

SHA256
c26b4b882a082529b142f4d69798b740a5874e18dacf0e396425aa792ccdaece

SHA512
a461161207331eab0553bcc987d7e7510836fa99b36355fdd67e4f1c3f6cba4553e3e6d8906b63ec9c03b1cc5f61aa997d5f6226d98cf913d0292ed1b2abae33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
63b6cf43352bf41aad1211fe69b9f4c7

SHA1
1c8181e3ca8bbabf6fceebaee1cff2effc1cccf1

SHA256
0c6b43329aa468093c025152a79b84da73a2260d96b12f512012551f2a913120

SHA512
15dddecea66dcdf850c27720d00a52ac7a5c450f53aaad4eec6b029e8e12d84db8cdf12982ef3bdc5bf86f23af1ad867b29fa44220a9ae6172319bc438ce417b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
34805263fbc5ff415ee7c221393c6bbc

SHA1
e74042ace7b600fa52c29fbdf1800400351c82ea

SHA256
44257ea6b8d6187cd5b6191998c88b09e5120329794559ba3feaf00e9dce1b52

SHA512
db56b15d28b387a5448a22e30f692f8a9b4d90c6a04820aab0cd6285d4ac8156b12186cfea2907ea47a4134a25e1af5709c81c9948e9be3d5b99021a1bb26754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c9d26e5511a0e941cf7b2ae1692078bd

SHA1
c32a91e1eaab67c691d7bc342ab4eb45b1af46f7

SHA256
7e9004da1202a19bacb01d848fdff341b5a4ce730b0d5f6f444aea967d460b42

SHA512
e81a34b7fdceb84d224b4926345264b6700734da3ad6dfcd9c5dc7be61ed5f0d3020409c5ebab80c18ae506adb6979af585e5b9feea68ecd034233319cddb20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
96f36877d4a7f19582a3bb9e7fef0f5a

SHA1
18b5eccc19460e46c87d82954c3bad9f3a171b42

SHA256
277e4f9226c0d79df36406cd63686f4dbbc42a1e0da9ed8967baeef1c22e4fde

SHA512
b78afbb98021960506bc0680d8f6cf9351d07a40899047600d8d130a3a2a8224ce18855a7fa669402e408da69b83d0094c3cc8e85d3240acdb5ad0ae0b0fbde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e1373a85f14dded4e42cec1752605e77

SHA1
88643d898a0cecc8a1d5a0c87687b3dcabd138da

SHA256
8def25751d9f89ddc58b4d273fbbaca248388acc67b8b6307628e32f0bd28022

SHA512
2cd8afdef4c6d8a1b070b9658228002abe42264183fd111f8b8864221eb227b676f693a572e8368aea6482c5c812d5f441da31e822e59dfbff3f32d7e94f0125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
5358750fc15d98cc5aecdd18ccdf34de

SHA1
33d212224c726d67afabf953fd40a51e0f6c5cd3

SHA256
d1d4469401747e429695c27bdec5d8371a4f3f708ccef11cc417436e241e0284

SHA512
7a40d6d5c8a86ca806b1469d0ff27a6c24b182b143febdbc916d9417e36cc358405b8690edc918cccf0fcdef4d669ba45b0dff484b953c297ef8d4842c2f5018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
533930777722fe7a8525ee6af0042b3b

SHA1
8b36fa7786fb21c18c3ab5b0c7bda6b4971c6c67

SHA256
f16f54efc94136cdf4f0396e94013cb27bb6581755d7befa9418c74d0380018c

SHA512
293e1b87f5e4c42731a8dfad8fb5d0e4944a61df813cc64e8efd5fde94adfecddb68d60abccde7107671556fbf2a3e2bc44f5850b3057bde9945667aac547c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
d588843eba5a225dc91febf0ea6e7e04

SHA1
dcdd87bae40520996ba1b746d79879ab480cd0bd

SHA256
5c842eff375186fcb04f5d1ad088d0f7c53582b663a70204173b57bf9e9ecb48

SHA512
2447f96503a30562edd163a73aba8e8c5165eb8096519b2e00afa7dc0851b53f7d51f134c538317f1377858520856668f199dadf211fb2e319d63e0fb0caefd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ac7c.TMP

Filesize
88KB

MD5
4083b79fbf708c9724b5d13225d444f3

SHA1
252d8736dcdb0dc863f0c6a8007f978249c953a0

SHA256
d4001a7c18205a7cf5c4b431d9670bfa695ba3dfb8683e6551dbe2ae287f3bee

SHA512
cff4e9abb4d77c8d222ef7c129cc699eb2eb20d9997cb5794d700e383a3262b997ed0c84a738946848ec6cc6340ff81555c688e6de3f3d01fe650c1f9db70ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
07b798b962748b01d76a032400a32407

SHA1
0fa1ead06e815d663f35221acacf6988e869ff53

SHA256
adaa88014bc0617f759d8aaa0b12675b5d65c912c8bec5543f30b9c54d31d8fc

SHA512
8c355e67260717b4afd4f6f8d2e64fcec9cd6e1c89fbb857191ca58cb34753a5eac845b6a06f0d1e74540f1c4373b66006e4f123acdc902d2eb58cc660c43f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\26c28c5f-b27d-4cb0-a3fa-ed5e7ddd8fa9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
26KB

MD5
69b550731f9a789a39d18eb917e43a4c

SHA1
20721285bcc8dfc47777e43b2d94a224469a0b50

SHA256
230bd4129d0d79dd196efcf6d9e8db962c5e750fa539dfb5b72ba43666485066

SHA512
0de48338b7108eb2b9206c57d382c69703f1424788f7c665f44e4ebf8fbc92da8f11d10416c03f37d62c0d72cf760b902ef52f8e41caeb89ec221f0fac76702b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
c8b62860d3e187860f9eb25ae4b5ea0e

SHA1
426f75fe868e4ed43556000fd2adb28c112114fe

SHA256
e8dfd28c31cd9887abf07a330c4066d42653792733222e1d7508b4f6ac25b446

SHA512
e97a9152952c4812c8c7e6c0d00fbe11b62fe849c565493c7353b9ea0861729e6290ae7ce4625800ab9a5db215405dc7019a8056f65d078a81cc9c04dd94a422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
33KB

MD5
249b877fdd0eb071e09df73645c12b71

SHA1
344cb223db5c230194d475800a9ddd02bacde734

SHA256
9642881515bd7496bc1ebb7bab132d109e109614e36d8acc6731633d03797050

SHA512
4a2604164dbeb42878da36e7d7eeafe8eb12678e8410983d36c9ca10bd259299b5262ea19d9aa47ea64986bcc6eb40e78754be434d0a595fe29acdaaf22d3780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
33KB

MD5
4562882014f7df38316d04c4d89475ea

SHA1
b56bd842693d3c17a9b09af5a89100144d1ce88a

SHA256
5d80735b48c0f39f70e37251a2861d5470b765fb662213da3a88d1c25867a440

SHA512
7d1ce83b4f217c8ff5c5b25d389c1475efd5264c01638ebd4899b90ac560f06e8beb3ffb962ea6c118ac5c819e7d74c97fd0f91ba43f2e03146401e5219d6124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
73KB

MD5
1447ee8dc022220c3d3cf80cce8b5160

SHA1
4ca77e5aee8b38aa58429d2a53e01707e8250ca2

SHA256
edf55cce476c16cd987ce4b4c0f5c6f8b52d66788c1915057ccb7560f3ce787c

SHA512
a02f55b919086ccdba44b090059be0c179021c9b217b4d492c48ac1c4ec0804f80e045dc2f753f6e0360f15fbcdbd4770c5b64304ec6fcbb398cc7e55794f849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
34KB

MD5
edbb294ce5bb567f873a96d00f1f8813

SHA1
3add27c280d1c5e3804d453acc1a5fd86d805094

SHA256
30c970eed7bc24dbd036ebf22b16fecf9e5dfffc1442c3379236c43d3797a596

SHA512
2b701736491e4fdb9308e5285c2fe279729579fa8ebace7baed3504a7023ef8aafa27caba5f89c14ef7380cda74973aa9a67f1512c5621ede9333a09ed695bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
76d9956bcfbb458939f72c78128c2b1f

SHA1
f2035948957bb21310e034793c3864edee3d7b5f

SHA256
2afd24209a6808cfeb59a04c38e6033100036cda834fc6eb561caf66cbd6f8e4

SHA512
44ae3dcb9e7c3029ddb000ba182e1db49240f8d3690faa79d300ff94fc484fbe6bf860e8b85b72db35de7f9c7a8b3a84a99c30c164aa77771c337757747654da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
610474058869c0b6cdf02d9392dc1315

SHA1
db0f258bf2fbabc56fe2d5116fab32d03f2c5f04

SHA256
d1afebedded309b34c235acac9e2dcad120e5d020cebcd2c2d9c10b7c02defac

SHA512
11cf949aa9b232d464ca994f1ebf7f08f5c6c51f7670d5d2b09f8fcbda2b8d450496fb3ad75666faf909e14b10ee7f2005e110cc835a92360918e0f5bb1315d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d6e3a0813599788c4635885390733f70

SHA1
ab32c7e52820af77b73896da089ed9f4cbe489d1

SHA256
821ef81daf9f295dba879d393da12b05410fbede69eeea62ad26eda08b37d7c9

SHA512
0ce34bd45b9b69e3fa8d4ea89469f2129a38706effa8efd9bb79c5f084fba7d87248fa79789a36f6e5aba1b93bba689e2e5928721ed50d08813a0666eb0d807a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
035f2166b1952dfa21f4af2ed7f36289

SHA1
5782e63b17bb47eb890afde49e4134539c789dc0

SHA256
19b3d94ca5c61205bd9c97e52c3436ba9c139cd4e9107ae88543c3a56d4d43c5

SHA512
a7ff8488d007c903486656d96fb7e586c96b26ba74ebf14a4914f8e13187b935787d96d40c6369f497d66f1cccf2b862f3a61394135087f4ede979804c692d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a14ef014f5ccc2c20f6f0e471e18f4e7

SHA1
da1b3123afaf460c397205c1e7788a6194ccc8c7

SHA256
3e28e87ab70a2f3633c51d4c8651cb8f2eccca6fdf84330a2ec62a0fd565c9ad

SHA512
8622cff398ab02b0dabd12fd78c7c64852fa9efcc9b44c2a55e589bf4773b8f19abbda58ded0e65a490bac4a219a73127b8c979f7b23cb242037b92848bb0e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc10a12cf8e17712eb0224ac2f1e92a6

SHA1
62d9405cee77d1b34b418d4f2d7575eaaba508d0

SHA256
2b8621408ad173abd8bac9dd2802a95a5b9604957df63c1791f3268173480864

SHA512
297cc5ca10b03bdb4ff902096d703c9a3d887e9e681fe0e730fea27f5e124399b00693b3c62a6e6ca363cf8ae5e70597e0b39d799c48b8b31d3d21cc70b871c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc205887aace6ea3a7db95f8a89c3b25

SHA1
b91af2c52699e7b5d1f8213d96d161541e1559bc

SHA256
281f1c2506548e9d2179f7bf9a3998c98ff736558df20370ecb4d7c5653f43c7

SHA512
e91abde88e246c0f1f0223c59dce1933473d45cf747793d6aae0a917a6a89b73c22ac445ca0ed47bd9c77e37aa8f043193bc9ebe125e197c76b75e61e84b73aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e95b88d60e9e5d57b405321ed832b5f

SHA1
c771bd7aa4e77c402e6a35b6767c37a6148ae302

SHA256
534d5ed712691ae6f62f9e33c1bf9ce973a47c1d6cea0c465823161f407b7552

SHA512
cbdc6e8b86dd34dbb2491ee693ad7c1417b5a3f4f7fbe91e52e659a9249bd29926c52de6201212a7118ad0fcc12cfd213b61813eeda4974d6fd7af05211aee03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6b25f49531d9d6ef5ec29644111aa01

SHA1
741d529b1ee668031dde665b243c5c4d7fa59e9f

SHA256
6afdb7606cb1b3712ef07ee8abc85e500e1c44645f50ade98d836bfabf77c0c4

SHA512
45f3b7de6348fad77cfa2a9dda2aa80de775a1228515fa3e77008fe9b4683c9b1306b1f39dcc11323484b8823f6b1f152b270e42da1ea11f8f799a76fcb48d05

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
25ae0515d58b47de464b82867f8ac9e8

SHA1
609ac37244f1258ed7711adde637bca67251e439

SHA256
23650eed4314dfec54785ced65d002fb4a6473198d028bbcce034464306386fb

SHA512
e62358d4fa39db97d00d8bfa530941514a224ace4d930e1dbc9b71c72c07e934b98a28b1aea533ceda81f7720076cd073fb9387f24b54e2e365f889cca536dc6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Analytics.dll

Filesize
32KB

MD5
1c2bd080b0e972a3ee1579895ea17b42

SHA1
a09454bc976b4af549a6347618f846d4c93b769b

SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\DotNetZip.dll

Filesize
449KB

MD5
11bbdf80d756b3a877af483195c60619

SHA1
99aca4f325d559487abc51b0d2ebd4dca62c9462

SHA256
698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1

SHA512
ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe

Filesize
3.5MB

MD5
32cf2e7c6ae825d5f7cb2a7d39c2ee24

SHA1
262176d879e7727375025cae4aafc90698adad26

SHA256
d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5

SHA512
a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe.config

Filesize
261B

MD5
c2edc7b631abce6db98b978995561e57

SHA1
5b1e7a3548763cb6c30145065cfa4b85ed68eb31

SHA256
e59afc2818ad61c1338197a112c936a811c5341614f4ad9ad33d35c8356c0b14

SHA512
5bef4b5487ecb4226544ef0f68d17309cf64bfe52d5c64732480a10f94259b69d2646e4c1b22aa5c80143a4057ee17b06239ec131d5fe0af6c4ab30e351faba2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\GA.Analytics.Monitor.dll

Filesize
52KB

MD5
6f9e5c4b5662c7f8d1159edcba6e7429

SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6

SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Newtonsoft.Json.dll

Filesize
647KB

MD5
5afda7c7d4f7085e744c2e7599279db3

SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261

SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Common.dll

Filesize
192KB

MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a

SHA1
593077c0d921df0819d48b627d4a140967a6b9e0

SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Editor.dll

Filesize
816KB

MD5
eaa268802c633f27fcfc90fd0f986e10

SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\ScriptEditor\QWhale.Syntax.dll

Filesize
228KB

MD5
3be64186e6e8ad19dc3559ee3c307070

SHA1
2f9e70e04189f6c736a3b9d0642f46208c60380a

SHA256
79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

SHA512
7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\SetupHelper

Filesize
18KB

MD5
1289dc21a51fb89e685fa4c91764c00e

SHA1
b24210c4e71ace272a1984e171d50380687f73fe

SHA256
3e6f9a8b9dbd8adb521ce02a1c34e20350b3df438deb5bc4ada33c8cca6d25b9

SHA512
9cf63f042197470e622b97bf11845722c6338e69f08932b2f11eca576162235ff82c2def13bf42cea4c3b583ebd0342ca10ca6e5f2a3c53e4a6db5ae7006a0f2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Fiddler\Telerik.NetworkConnections.dll

Filesize
34KB

MD5
798d6938ceab9271cdc532c0943e19dc

SHA1
5f86b4cd45d2f1ffae1153683ce50bc1fb0cd2e3

SHA256
fb90b6e76fdc617ec4ebf3544da668b1f6b06c1debdba369641c3950cab73dd2

SHA512
644fde362f032e6e479750696f62e535f3e712540840c4ca27e10bdfb79b2e5277c82a6d8f55f678e223e45f883776e7f39264c234bc6062fc1865af088c0c31

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_gn2suaigfhhkewccgutguryxxqm34vvg\5.0.20242.10753\user.config

Filesize
966B

MD5
585566de3dbd0b365912659881e0b2ff

SHA1
8eaba7e7badccaba3bed07ef960154bb42aec915

SHA256
9685905a1e16cecf7d06cfe5c421ba25b68e2cfd763b439b5455d14cfc4c8f8b

SHA512
7d25ed8a67a4556f99eebb8c3294ba7fa7c41c067f9b8552e4a5437f1cba271214e1f7ce8e2273417d88d94acd95e3ff75b8b5318a86afa960fea08d368948d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\datE34D.tmp

Filesize
87KB

MD5
6568ccaa17064ebeca64e197da017ab5

SHA1
f01e19276bd5a127eab009ed470a331603512358

SHA256
8c39555ba5f42faab2eb79d33933c7f45ff5c84142ab27a717c99c4cbb22e504

SHA512
531229324ada394b2eecb96c330946c77644a17b310bb78a4eb59924bf920664c8f025eef7e71d9e0d9d03fe8b9f2e59b8c7df96d84f47a89e5a8829f5a9fc52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseD17.tmp\FiddlerSetup.exe

Filesize
4.3MB

MD5
5d96b95b066d797c7c468d125882ddcf

SHA1
8a130db5e4f6207b70939c5007d6689c22378c7d

SHA256
7ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe

SHA512
fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf1D73.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Nova-Decompiler.zip.crdownload

Filesize
15.7MB

MD5
5b11eaa7a81414bb66e3fd107fbb595c

SHA1
04991099a3a0cf57c28ed4ae9d0f56a67c8c0b89

SHA256
c4ec24bfa071df98b46f849eb12d65e07878bd897f37b1d1e10c183f1549f243

SHA512
a0a854bd7f238267c4311146f9dbaddf95ec62364205eb9333e472a261fbfd5c23e254368b12d7228016fa0fe4b2616b37bdb37700ace3cfa546db478b9e3a9b

Download Submit
C:\Users\Admin\Downloads\Nova-Decompiler.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 264864.crdownload

Filesize
4.4MB

MD5
78537045a5e032d4ac93514f027c7a47

SHA1
5b6e705b20652c0cf39ee890013b9b8e8ad26b07

SHA256
06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

SHA512
8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4345ad0cb22fa57a9281f1b35b0ca60f\Microsoft.JScript.ni.dll

Filesize
2.7MB

MD5
fbf426ceb9dcf71f91b9c0e705c7887a

SHA1
da50100d4c2e743d49134540d848526ea008af40

SHA256
3aef7382577c7ef23f48a1332b415fd26b3d7fa6c9bbe5f0de383bef8e770efc

SHA512
de52e8feb3a6f67e5d4cfdcba5f62313a25efe13f331625e14d6bd48f59440f878ff5ee1dd6e18ea72947ded8612e56d2eee28a681dd8db4eccd2308479c9de8

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll

Filesize
3.0MB

MD5
5968702720c09d48fc7a0aae9f458a3e

SHA1
64ec4c0ee94a26fdd26f7f02892a313793ca3333

SHA256
1db11e73cdfebf485614216e227af712214049b909490e500bd0189a580a7eea

SHA512
107b18bb1f4d5441c015a657aab87581d4e37d72321ceac4208ff00f93e82d98f340dce8e6493e8f89a0104c3f71443455ab7f88433a173b5dc75e1274b21164

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\013dda0e1c13c8182e02719f12e71861\System.Data.SqlXml.ni.dll.aux

Filesize
708B

MD5
babee7fd2083dd07600dd5c55c7ccb19

SHA1
d60268525947cb482d08dc82bf8dbedc4153ecc7

SHA256
211f95dde18026099e727ea7dd3c59b2f44e4b8d6bc37a400b4e77dd35407fb8

SHA512
fb07b7940e0caa80c779f80a79c855f360a6032f4cfbc55d1d244070d638e2edc7969ebdbb1bc695b7a6e2a4ea8b9197287ee27acaf6e0ec3e7a2114c892034c

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\129af40f419d925ba9d07ca47a83708d\System.Deployment.ni.dll

Filesize
3.0MB

MD5
5ce272c443c76c6a0268b17307086373

SHA1
9da215c4f1fa2367b0abb062ae23c49c27e0cf6e

SHA256
1bda44e93fabab317c5d2768199ae87d47868e2ba1bd5c4eafbbc78fa3ae7414

SHA512
a6a66cc3a2b2080973edea313fc2f486c26c43280ffb1790c39f7e4983671abeb7c4b7e42c247823e2f30c284467e0848259d9d8bbbe50e3858bb5dc23a29d94

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll

Filesize
314KB

MD5
0ec738c1551385a6ab8287162ead2385

SHA1
576f4ac07fa966785607109902714f104c2b6fdb

SHA256
2be57b6de3fa61e65fab74f2911edeee2d0c4d3f0e2e0371bfca72498a4ac60e

SHA512
abfa6e2d47c55b65bf81a240c32bc7dbbdf739b23d4ddeb6b95d4c39eec7c0f59d3b788239b7ef4419d31176cd2a5338bda535c9241ba24ddecaaae36b57303a

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\429d1f533624b62ab398cd9238b6be2f\System.Numerics.ni.dll.aux

Filesize
300B

MD5
faeaf52985536c4d7a6fea9ebd88c910

SHA1
29332a0eea7cb852223164a4863f4843fe101ba3

SHA256
ae8066274c5b4a5cdfc469e39463a94233d614fe44af31ea431e36a3cfe61a9a

SHA512
c305626c0ae72c62eaa00bc9ca5b5377fc562a52b97020c360fb7f69386d3a09646a3843da7161c4693f32264d141f6e102fa70f2c5beae443d7b8e1d52e1f29

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\c3e367eff9875c967c92b75a8688c55b\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
345KB

MD5
9ca5ccbe1085d777dc220ad37e26d6d3

SHA1
7f63e7d7764a4dc13a8b9cbec50749229cb93bca

SHA256
f362820cf09248efe993990b005ae1cbc856a048f08d7e1b494d980bff8a2342

SHA512
bc5142e7741071dcbff36c8320d7b217ddfc95c43b3c2a422ff2439e0eb46669c23d1ceda2956735c9a5cf66f489de21eba9a85d3b8d50959d898a213be3c3ea

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll

Filesize
986KB

MD5
f7c61b3ccddcebf97d4f2fcd7d2fc298

SHA1
3d4149310ceafb8b989afda01ac47abd4b9eae32

SHA256
8effa08244a2d3dc6573065c372c8fc06e515f584d6f7760ffafc6fcd91b7957

SHA512
0fd5437a6f77375b930ae913f955ef5b25c1374ae0ac491e4873ba4e303a0e4542a312d82096cbd6c171b4ed81859f2ab8ef2e2dcb20d534e5a923eb5314fa4f

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\ed88e474eb5a0dec06f9de17e677f038\System.Security.ni.dll.aux

Filesize
912B

MD5
c7f1888df8d5f0cee44055889d7145a0

SHA1
2b38514613fdcf0bd151d72e1754f82c8600238f

SHA256
86a58da68258f409d91c6178502763d92d53d5a81a0c65ea0da5826aa95dced2

SHA512
a96ac1b47a8ddb9efcf4b1483c47ef8141b05e47c68e9357ffb239033434b9450ef562f5a1ebb0a741c401c384da95780482a647270fd39558a1d73990101670

Download Submit
memory/652-1238-0x0000014ED10A0000-0x0000014ED10B8000-memory.dmp

Filesize
96KB

Download
memory/1452-1224-0x00000644C00C0000-0x00000644C10EA000-memory.dmp

Filesize
16.2MB

Download
memory/1452-1170-0x0000026E964B0000-0x0000026E964D6000-memory.dmp

Filesize
152KB

Download
memory/2644-962-0x0000064443EC0000-0x0000064443F11000-memory.dmp

Filesize
324KB

Download
memory/3016-1003-0x0000064445320000-0x000006444561E000-memory.dmp

Filesize
3.0MB

Download
memory/3144-888-0x00000239F1D50000-0x00000239F1D8A000-memory.dmp

Filesize
232KB

Download
memory/3144-887-0x00000239F1D20000-0x00000239F1D42000-memory.dmp

Filesize
136KB

Download
memory/3144-901-0x00000239F2210000-0x00000239F2222000-memory.dmp

Filesize
72KB

Download
memory/3144-903-0x00000239F14C0000-0x00000239F14D0000-memory.dmp

Filesize
64KB

Download
memory/3144-899-0x00000239F21F0000-0x00000239F2210000-memory.dmp

Filesize
128KB

Download
memory/3144-900-0x00000239F2780000-0x00000239F27BC000-memory.dmp

Filesize
240KB

Download
memory/3144-897-0x00000239F28B0000-0x00000239F29D2000-memory.dmp

Filesize
1.1MB

Download
memory/3144-895-0x00000239F1D90000-0x00000239F1DAE000-memory.dmp

Filesize
120KB

Download
memory/3144-892-0x00000239F17A0000-0x00000239F17C0000-memory.dmp

Filesize
128KB

Download
memory/3144-896-0x00000239F1DB0000-0x00000239F1DCA000-memory.dmp

Filesize
104KB

Download
memory/3144-898-0x00000239F1EC0000-0x00000239F1F3E000-memory.dmp

Filesize
504KB

Download
memory/3144-877-0x00000239F1490000-0x00000239F149C000-memory.dmp

Filesize
48KB

Download
memory/3144-884-0x00000239F2010000-0x00000239F2198000-memory.dmp

Filesize
1.5MB

Download
memory/3144-878-0x00000239F1750000-0x00000239F179A000-memory.dmp

Filesize
296KB

Download
memory/3144-889-0x00000239F1700000-0x00000239F171C000-memory.dmp

Filesize
112KB

Download
memory/3144-885-0x00000239F1950000-0x00000239F1972000-memory.dmp

Filesize
136KB

Download
memory/3144-886-0x00000239F1F40000-0x00000239F1FF2000-memory.dmp

Filesize
712KB

Download
memory/3144-890-0x00000239F2C50000-0x00000239F311C000-memory.dmp

Filesize
4.8MB

Download
memory/3144-891-0x00000239F1720000-0x00000239F1732000-memory.dmp

Filesize
72KB

Download
memory/3144-893-0x00000239F1E80000-0x00000239F1EB2000-memory.dmp

Filesize
200KB

Download
memory/3144-894-0x00000239F21A0000-0x00000239F21E4000-memory.dmp

Filesize
272KB

Download
memory/3144-780-0x00000239F1990000-0x00000239F1D12000-memory.dmp

Filesize
3.5MB

Download
memory/3144-783-0x00000239F17C0000-0x00000239F187A000-memory.dmp

Filesize
744KB

Download
memory/3144-871-0x00000239F2250000-0x00000239F2778000-memory.dmp

Filesize
5.2MB

Download
memory/3144-873-0x00000239F1880000-0x00000239F18F6000-memory.dmp

Filesize
472KB

Download
memory/3144-880-0x00000239F1DD0000-0x00000239F1E78000-memory.dmp

Filesize
672KB

Download
memory/3144-882-0x00000239F14B0000-0x00000239F14BC000-memory.dmp

Filesize
48KB

Download
memory/3144-883-0x00000239F1900000-0x00000239F1950000-memory.dmp

Filesize
320KB

Download
memory/3356-1040-0x0000064449980000-0x00000644499D8000-memory.dmp

Filesize
352KB

Download
memory/3636-910-0x00000644451A0000-0x00000644454A4000-memory.dmp

Filesize
3.0MB

Download
memory/3636-1084-0x000006443CC40000-0x000006443CEF8000-memory.dmp

Filesize
2.7MB

Download
memory/4324-781-0x0000000000710000-0x0000000000718000-memory.dmp

Filesize
32KB

Download
memory/4668-947-0x0000064449A20000-0x0000064449B18000-memory.dmp

Filesize
992KB

Download
memory/5140-1239-0x0000064488000000-0x000006448802B000-memory.dmp

Filesize
172KB

Download
memory/5224-1392-0x0000021C2F0D0000-0x0000021C2F0EA000-memory.dmp

Filesize
104KB

Download
memory/5224-1391-0x0000021C2F300000-0x0000021C2F4DA000-memory.dmp

Filesize
1.9MB

Download
memory/5224-1397-0x0000021C2F070000-0x0000021C2F07E000-memory.dmp

Filesize
56KB

Download
memory/5224-1396-0x0000021C2F150000-0x0000021C2F176000-memory.dmp

Filesize
152KB

Download
memory/5224-1399-0x0000021C2F0F0000-0x0000021C2F0F8000-memory.dmp

Filesize
32KB

Download
memory/5224-1390-0x0000021C2EB50000-0x0000021C2EB60000-memory.dmp

Filesize
64KB

Download
memory/5224-1395-0x0000021C2F060000-0x0000021C2F06C000-memory.dmp

Filesize
48KB

Download
memory/5224-1393-0x0000021C2EB60000-0x0000021C2EB6A000-memory.dmp

Filesize
40KB

Download
memory/5224-1389-0x0000021C2F030000-0x0000021C2F042000-memory.dmp

Filesize
72KB

Download
memory/5224-1388-0x0000021C2F080000-0x0000021C2F0C2000-memory.dmp

Filesize
264KB

Download
memory/5224-1387-0x0000021C2E0C0000-0x0000021C2E0CC000-memory.dmp

Filesize
48KB

Download
memory/5224-1386-0x0000021C10FC0000-0x0000021C11342000-memory.dmp

Filesize
3.5MB

Download
memory/5224-1420-0x0000022431060000-0x0000022431806000-memory.dmp

Filesize
7.6MB

Download
memory/5224-1394-0x0000021C2F050000-0x0000021C2F058000-memory.dmp

Filesize
32KB

Download
memory/5224-1398-0x0000021C2FA90000-0x0000021C30036000-memory.dmp

Filesize
5.6MB

Download